Think You Know Sustainability? Think Again.

It’s no secret to engaged corporate boards that the
mainstream investor community is increasingly attuned to environmental, social,
and governance (ESG) matters. What may be less obvious is what that means, exactly.

Many directors are likely to think, “We already have a
corporate social responsibility program in place, so we’re covered.” If that
sounds like your board’s approach, everything you think you know about ESG
could be wrong.

Whereas corporate social responsibility (CSR) traditionally
involves a company’s foundation, its charitable work, employee volunteer and
recycling efforts and the like, ESG narrows the focus on business-critical
sustainability issues.

It may sound like splitting hairs, but consider the
difference between, say, a beverage company that donates time and money to
alleviate poverty in its local community and one that invests in water
efficiency initiatives at its facilities located in drought-prone regions. The first
company’s intentions may certainly be noble, and its actions may enhance its reputation.
But the second company’s investment in water efficiency is fundamentally linked
to its value-creation strategy, and thus is likely to have direct and indirect impacts
on the firm’s financial statements and market valuation.

The key to making this distinction is the lens of financial
materiality, which helps identify the subset of sustainability factors most
likely to have meaningful impacts on a company’s financial condition or
operating performance.

Indeed, research shows this focus is associated with significant outperformance in terms of sales, sales growth, return on assets, and return on equity, as well as risk-adjusted shareholder returns. These findings, in turn, explain why a large and growing number of investors—including 73 percent of analysts and portfolio managers—integrate ESG considerations into their work.

What does this mean for boards of directors? Quite simply, because financially material ESG matters constitute legitimate strategic and risk considerations, they have significant fiduciary implications. In other words, the shift from CSR to ESG has raised the bar for board oversight of how these issues are managed and reported. For example, if your company is like 85 percent of the S&P 500, you’re already putting ESG information out into the marketplace. How can you ensure this data is both relevant and reliable—the twin hallmarks of decision-useful information

Relevance: Narrowing
the Focus

For investors—and, by extension, for directors—not all
sustainability issues are created equal. So, it’s important that companies assess
ESG factors through the lens of financial materiality, which can help
streamline their sustainability efforts to measure, manage, and report the
issues that matter most to shareholders.

With its lens focused on materiality, a firm can more effectively integrate the resulting handful of key issues into its core business operations using standard approaches to strategic planning (such as balanced scorecards and strategy maps), enterprise risk management (or ERM, such as the COSO framework), and performance management (such as internal dashboards for monitoring progress). Such integration not only ensures crucial ESG factors are effectively managed, it enhances the ability of the board and its committees to administer appropriate oversight.

Of course, relevance is arguably in the eye of the beholder, and directors should also consider engaging with key investors to better understand which ESG risks and opportunities they care about most. These issues don’t always arise—or, more likely, get lost in translation—during earnings calls or discussions with buy-side analysts. To meaningfully explore and fully understand investor needs through engagement, a board may want to add or develop ESG-related expertise.

Boards of directors may find the following questions helpful
in facilitating sustainability reporting that is relevant to investors:

  • Is the company’s approach to sustainability well aligned with its strategy?
  • Is the risk committee satisfied that management’s approach to ERM incorporates strategically aligned ESG matters in the context of the organization’s risk appetite?
  • Have members of the board engaged with investors to better understand their ESG-related areas of concern and information needs?
  • Does the company’s disclosure committee apply a financially focused materiality assessment to key ESG performance data?
  • Does the board’s composition include sufficient fluency in the financially material ESG issues that face the company?

Supporting Decision-Makers

Of course, even relevant information may be of limited use if it lacks reliability, including timeliness and accuracy. Although some ESG data—such as utility bills and invoices—may already reside in a company’s enterprise resource planning system, much of it has traditionally been collected and managed in ad hoc spreadsheets—outside the rigor of the financial reporting process—which can result in information of less than desirable precision and limited verifiability. Companies can overcome this deficiency by designing, implementing, and maintaining a system of governance around financially material sustainability information that is substantially similar to what they use for financial reporting.

Such a system is likely to include an effective internal control environment and additional disclosure controls and procedures, as appropriate. In this context, internal audit can play a critical role in enhancing management’s and the board’s comfort over sustainability information. Some companies may also choose to engage an independent third party to provide assurance over key ESG data, which sends a signal of reliability to the investor community. Controls and assurance can thus strengthen the confidence of decision makers both inside and outside the firm while dramatically reducing the likelihood of restatements.

Directors can ask themselves the following questions to
assess the reliability of their company’s sustainability reporting:

  • Does the board or its key committees have
    regular access to sustainability performance indicators?
  • How can technology facilitate more reliable (and
    verifiable) ESG data?
  • How might the audit committee gain visibility
    into the effectiveness of ESG-related internal controls—particularly where
    significant deficiencies or material weaknesses have been identified?
  • Has the company’s disclosure committee
    established appropriate disclosure controls and procedures to ensure
    financially material ESG information is effectively recorded, processed,
    summarized, and reported?

Leveraging Practical

A company may not always be able to maximize both the
relevance and reliability of its financially material sustainability
information. In this sense, it is no different from traditional financial data,
which involves its own inherent trade-offs (e.g., historical costs are more
reliable but less relevant than fair values). However, as the evolution from
CSR to ESG continues, effective board oversight can help ensure a company achieves
its sustainability reporting objectives in a way that creates value for both
the enterprise and its investors.

Along with the questions presented here, the 77 industry-specific standards recently codified by the Sustainability Accounting Standards Board (SASB) can provide a useful starting point for boards to kick-start their ESG oversight. In large part, this is because the SASB standards are designed to achieve both relevance and reliability.

First, by observing the threshold of financial materiality,
the standards zero in on the subset of ESG factors that matters most to
investors (an average of six per industry). Second, by providing detailed
technical protocols, they ensure ESG data is prepared, compiled, and presented
in accordance with rigorous definitions, scope, and accounting guidance—which
can also serve as the basis for “suitable criteria” in an assurance engagement.

As the competitive landscape has evolved, so has our
understanding of sustainability and its impacts on business outcomes. Having
faced economic headwinds, technological disruption, and regulatory uncertainty
in recent years, boards of directors are well-versed in change management and
practiced at the art of adapting to new circumstances. These skills will remain
invaluable as sustainability and finance continue to converge.

Robert B. Hirth Jr. is
Senior Managing Director at Protiviti,
Chairman Emeritus of the Committee of Sponsoring Organizations of the Treadway
Commission (COSO), and Co-Vice Chair of the SASB Standards Board.

ESG Oversight Lessons from the PG&E Bankruptcy Filing

The recent
news that California utility PG&E Corp. filed bankruptcy should cause pause
in every corporate boardroom. On Monday January 14,2019, The Wall Street Journal (WSJ) reported
that analysts had pegged PG&E’s wildfire liability exposure to be as high
as $30 billion—roughly triple the company’s market value of $9.12 billion. By
Friday that week, WSJ called this “the first major corporate casualty of
climate change.” One week later, California investigators said
PG&E did not cause the major 2017 fire (Tubbs Fire), but although that
announcement caused a bump in stock price, it did not change the $30 billion
tab, which the company itself has estimated. The company filed for bankruptcy
on January 29, 2019.

judging its external environmental, social, and governance (ESG) ratings,
PG&E was doing fine. Clearly, this situation shines a spotlight on the
serious limitations of external ESG ratings. It also highlights the need for
companies across virtually all industry sectors to build robust ESG governance

by the praise voiced by external ESG ratings organizations, PG&E seemingly had
its ESG house in order. Sustainalytics, a leading provider of ESG and corporate governance research, ratings,
and analysis, named PG&E an “outperformer” (in 88th
percentile on environment and 82nd percentile on governance).
PG&E rated number one among utilities and twenty-second overall in Corporate Responsibility Magazine’s 100
Best Corporate Citizens. Newsweek
Green Rankings listed the company the best among electric and gas utilities and
fourth overall. And, PG&E was named to the Dow Jones Sustainability North
America Index for the eighth time. Certainly there were apparently good reasons
for high ratings.

  • The company’s recently-published 187-page 2018 Corporate Responsibility and Sustainability Report seems to “check all the boxes.” Sustainability is explicitly called out in the company’s mission, vision, and values. Board committees are in place, ESG materiality assessment has been done, ESG is incorporated in the company’s financial incentive plan, and the organization has a dedicated chief sustainability officer, along with an outside advisory group. PG&E has a long history of ESG disclosure, bold goals to cut greenhouse gas emissions, and a record of early delivery on rigid California compliance standards (three years ahead of schedule). The list goes on.
  • PG&E has $34.5 billion worth of renewable energy contracts.
  • The company has discussed the California wildfires, noting actions PG&E is taking to address the “new normal.”

So we have a situation of high external ratings and a company apparently in compliance. Yet a $30 billion environmental liability exposure happened anyway. Clearly, there is a disconnect somewhere. I noted in my earlier NACD blog “Scorecard Data Suggests Many Companies Are Not Future-Ready that “without getting governance right, it’s hard to get anything else right.” That is precisely the lesson companies can learn from the PG&E situation.

Were the ESG raters wrong?

PG&E has a long track record of important accomplishments in the areas of
environmental stewardship and social responsibility. But what can outsiders
know about the company’s internal governance processes? Did something go amiss

How can
other companies learn from this situation? It starts by avoiding two fatal

  • It’s often not about compliance. U.S. companies have a 50-year history of looking at environmental, safety, and societal issues as compliance. They often view ESG oversight and management through a compliance lens. That’s yesterday’s view. Managing the mega risks today (climate change, water shortages, etc.) is often not about compliance. You might comply with your water intake permit requirements, but what happens when the well runs dry, or when, like in Flint, Michigan, the water is contaminated?
  • Beware the 80/20 governance trap. Only a very small
    portion (let’s call it 20 percent) of what constitutes robust management and
    oversight of environmental and social risks can be measured from outside the
    company. The other 80 percent—what I call “the soft stuff” —is comprised of the internal company practices and business
    processes to manage risk. That 80 percent does not easily lend itself to
    being measured.

External ESG raters
look at “the hard stuff”—aspects of corporate governance and strategy that can
be measured. Examples include gender diversity of the board or executive ranks,
CEO compensation as a multiple of average worker pay, or the mere existence of
a board committee with ESG oversight. But while external ESG raters may measure
the existence of a board committee, it is almost impossible for them to measure
the effectiveness of C-suite and board deliberations about ESG risk.

line: a company may be in compliance today and may receive high marks from
external ESG raters; but directors should take all of that with a grain of
salt.They should insist on
measuring the other 80 percent of what constitutes robust governance.

The “soft stuff” actually can be measured

can measure the soft components of sustainability
governance. They can measure the effectiveness of C-suite and board
deliberations about ESG risk. More than 60 major U.S. corporations have used
the Corporate Sustainability Scorecard, a management tool for companies, built
over 20 years based on industry best practices. The Scorecard is
available to companies requesting access. And, the rating criteria are now
public, published by De|G PRESS (November
2018)in “Sustainability:
What It Is and How to Measure It

I do
not know what went amiss at PG&E. But we do know that, using the Scorecard,
eight peer utilities rated themselves fairly low on over a dozen key
sustainability indicators (KSIs) that aim squarely at the ESG risk oversight
issues highlighted in the PG&E situation. On those dozen KSIs, the peer
utilities rated themselves on average at about Stage 1.7 on a stage 1–4
maturity scale. In other words, they acknowledged they have a long way to go if
they deem those items material to their business.

challenge directors to check it out.

Hedstrom is a member of the NACD faculty, specializing in ESG. He runs his own
advisory firm, working with mostly large companies on oversight of ESG issues.
His earlier book
Sustainability–A Guide for Boards and C-Suites, is available on Amazon or from him at

Leading Businesses Embrace New Role: Creating Long-Term Value Through Purpose

Board members don’t need another tome outlining the
uncertain times in which their companies find themselves. What they need is a road
map to guide their companies in sustainable value creation, which, in a sense,
future proofs their business strategies.

Uneasy markets? Global political uncertainty? Environmental issues?
These are all mega trends, risks, and opportunities for boards to assess and monitor.
Are your company’s senior leaders developing a three- to seven-year plan
demonstrating how they are a step ahead of known issues? When long-term
business plans with forward-looking strategies for sustainable value creation are
made public, investors take notice and move markets.

On behalf of CECP and the Strategic Investor Initiative (SII), we support a coalition of leading companies and investors committed to reorienting capital markets toward the long term. SII does this in four ways:

  1. Convene CEO Investor Forums to provide a venue
    for CEOs to share their long-term strategic plans with audiences of long-term investors.
  2. Share research on insights from the Forums.
  3. Provide answers and perspective to boards
    engaging on these issues.
  4. Assist companies in developing and communicating
    long-term plans, based on cutting-edge research. 

What Information
Matters to Patient Capital Investors?

CECP’s guidance is rooted in the material issue areas that companies should share with investors, identified through investor feedback and CECP research, building toward consolidation and comparability. Through these long-term plan presentations, leading CEOs are setting examples for peer firms to follow.  

CECP provides long-term-plan support to the nearly 30 CEOs of
companies with a market cap of $2 trillion and beyond who are presenting at
SII’s CEO Investor Forums. They present to audiences of 200 institutional
investors representing $25 trillion in assets under management.

The hallmark of CECP guidance is their Investor Letter, signed by us and a coalition of investors, including CalSTRS, Vanguard, BlackRock, andState Street Corp., which builds on the related work of FCLTGlobal and the New Paradigm for corporate governance. The letter shares the collective agreement by these investors about what constitutes a long-term view, and what should be shared with investors in the areas of growth, strategy, and risk.

Each company responds to CECP guidance in different ways, but CECP and George Serafeim from Harvard Business School and KKS Advisors studied the economic significance of plans presented at the CEO Investor Forum to date and found that when specific information is shared in nine key areas, it moves markets:

  1. Financial
  2. Capital
  3. Trends
  4. Competitive
  5. Risks
    and Opportunities
  6. Corporate
  7. Corporate
  8. Human
  9. Long-Term
    Value Creation

For investors to get the most out of these
presentations, CEOs should disclose forward-looking metrics on these subjects,
rather than backward-looking data or boilerplate language. A key investor
expectation is meaningful, future-focused information about corporate
governance arrangements, particularly around the board’s involvement in setting
long-term strategy and the extent to which board composition and executive
compensation are aligned with that strategy. Such commentary can be a powerful
supplement to proxy statement disclosures, and it enables long-term investors
to have confidence that corporate governance arrangements are fit for future

the Role of the Board?

Is your company sharing economically significant information
with investors who are looking to invest in companies creating sustainable
value? Here are the actions you can take with your fellow board members and
senior leaders at your company to improve the quality of that communication:

  • develop a long-term plan and inform a new way to look at the company’s long-term, three-to-seven-year strategy.
  • long-term plan. CECP outlines the key questions through detailed, company-specific conversations and shares leading practices.
  • CEO Investor Forum. The event is at capacity for February 25, 2019, with the CEOs of AmerisourceBergen, APTIV, Equinix, JetBlue Airways, and Nestlé presenting, but CEOs are still being accepted for the May 8, 2019, event in Chicago. Or encourage the presentation of the company’s long-term plan in a way that fits your company’s cadence—investor day, annual letter, or a designated call.

Contact CECP to learn more.

McNabb is a former chair and CEO of Vanguard, and cochair of CECP’s Strategic Investor Initiative. Brewster is the CEO of CECP: The CEO Force for Good.

Roadmap For An Effective Management Risk Committee

Many companies have a
management risk committee (MRC) as part of their risk infrastructure. While not
part of the board, such committees, made up of the appropriate executives at
the company and reporting to the board, nonetheless can contribute to the
board’s risk oversight. How can your organization reap the benefits of this
added oversight tool and maximize their effectiveness?

Identify the Company’s Needs

Whether organized as a designated or de facto committee, MRCs have
increasingly been used in recent years, likely due to the growing complexity of
risks inherent to the organization’s strategy and business model and the increasing
sophistication of risk management infrastructure. Additionally, the agenda of
the executive committee may be too crowded to sufficiently cover these matters
and extenuating circumstances may exist (e.g., a history of surprises,
substantive improvements required in the company’s risk management capabilities,
a critical risk meriting special attention, or a need to strengthen risk

There are several merits to consider when evaluating whether
to organize an MRC—for example, ensuring successful implementation of the
organization’s approach to enterprise risk management focusing management
attention on specific risk areas (e.g., technology, litigation, or environmental
issues), identifying emerging risks, and helping the company anticipate and
react to disruptive events and trends. The committee’s deliberations can
enhance the risk dialogue in the C-suite and boardroom by sharpening the focus
on critical enterprise risks and emerging risks.[1]

When it comes to MRCs, the old cliché of one-size-fits-all does not apply. For example, in financial institutions, commodity-based businesses, or operations with hazardous activities, the MRC may focus on managing specific risks inherent to the enterprise’s business model that either are not managed by the business units or are more effectively managed enterprise wide, consistent with a portfolio view. Other MRCs may focus on the risk management process and assume no overall responsibility for mitigating risks.

Set Expectations

As both the board and executive team can benefit from an
effective management risk committee, here are six suggestions for forming and
operating such committees:

1. Clarify MRC responsibilities through the
The charter should specify the committee’s mission or
purpose, membership, duties and responsibilities, authorities (if any), and if
necessary, specific activities it is to perform. It should be approved by the
executive team and reviewed with the appropriate board committee. As directed
by the executive team, the MRC’s responsibilities may include identifying and
prioritizing risks; monitoring changes in the external environment for
strategic risk implications; periodically assessing the entity’s risk culture,
benchmarking peers, and best-of-class organizations; and ensuring the executive
team and the board are considering critical enterprise risks. An MRC offers the
board an opportunity to periodically review the committee charter to ensure it
addresses issues germane to the board’s risk oversight.

2. Include the right people. The
committee, depending on its scope, should combine a diverse range of strategic,
operational, and functional perspectives. The selection criteria might include
experience, knowledge of the business, specialized expertise, and fit. At least
one senior executive should be a member (e.g., an executive sponsor). It may
make sense for the general counsel and a representative from the disclosure
committee to be present. Some companies rotate MRC members to bring a fresh
perspective and create risk awareness across the entity. Size is also a factor;
too large of a group can inhibit dialogue.

3. Conduct effective meetings. Considerations
for meeting frequency include the nature and volatility of the organization’s
strategy, operations, and risks, as well as the scope of responsibilities outlined in the
committee charter. MRCs can meet quarterly, monthly, or more frequently as
necessary, and meeting agendas should be developed by the committee chair with
suggestions from committee members. They might include specific risk issues
(e.g., drill-downs on risks or evaluations of risk appetite), as well as open
discussions of new internal and external developments and other activities.
Briefing materials should be provided in advance of each meeting.

4. Focus the group dialogue on what executives
and directors may not know.
The management risk committee’s real
value comes from focused dialogue around what’s new, what’s changing, and the
implications regarding emerging opportunities and risks. Heads turn when the
committee escalates insights that aren’t on the radar of the organization’s
leaders. Meetings should be inclusive so that everyone is engaged. Cluttering
meetings with presentations is a mistake—if the right group is assembled, it
makes sense to hear what they have to say. While presentations by different
risk owners explaining how they are addressing risks for which they are
responsible are acceptable, sufficient time should be allowed for discussion
and input.

5. Don’t let the committee get stale.
Taking too broad of a focus and repeating the same activities can sap the
committee’s energy over time. Consider mixing things up and refocusing the
committee’s activities depending on the organization’s needs. For example, if
the economy is in recession, the focus might be on liquidity and monitoring the
impact of cost-cutting and terminations on the risk management process and
internal control structure. It is a good idea to revisit the committee’s
emphasis periodically—at least annually—given the company’s circumstances and
the current business environment.

6. Spot the warning signs of a deteriorating
risk culture.
The committee should watch for signs of a
dysfunctional culture and be sensitive to operating units taking risks
recklessly or forgoing attractive market opportunities through risk-averse
behavior. A pattern of limits violations, near misses, noncompliance incidents,
internal control deficiencies, and foot-dragging on issue remediation are other
signs of potential cultural issues that may warrant escalation.

It’s important to note these six points are illustrative and
are intended to be neither exhaustive nor prescriptive. The chief executive and
executive committee dictate the scope of the management risk committee,
delegating responsibilities consistent with the priorities of the business. The
board can provide input into this direction.

Jim DeLoach is managing director of Protiviti.

Succession Planning Best Practices from Kimberly-Clark

Founded in 1872, Kimberly-Clark Corp., the venerable
packaged goods company that sells brands like Kleenex and Huggies, has grown to
more than $18 billion in revenue, with 43,000 employees worldwide and a coveted
spot at number 163 on the Fortune 500
list. The company could not have made it there without strong leadership, and
part of its secret to growth is sound succession planning for their board.

Thomas Falk, chair and chief executive officer of
Kimberly-Clark, recently spoke at an NACD North Texas Chapter program, sharing
details of the company’s long-term succession planning process. This process
culminated in the announcement of Falk’s imminent move into the executive chair
role, with an internal successor taking the CEO position on January 1, 2019.

“The process of succession planning,” said Falk, “is like creating a sculpture out of clay.” It requires dedication and discipline. Falk suggests that other companies consider the quantitative and qualitative process that he and his board have followed over the years, which has five basic principles:

1. Start early. Falk was only the eighth CEO since Kimberly-Clark went public in 1929. So, with a sense of that history, he knew that starting the identification process for a successor would be at the top of his list. “I started planning for my successor when I started as CEO 16 years ago,” said Falk. He deliberately involved the board in that work. “Hiring the CEO is the most important decision a board can make,” he stressed. “Succession planning is not an individual sport.” As a new CEO, he also had to be secure enough that he could match or exceed any expectations developed as a framework for identifying his successor.

2. Go deep. The first step was to come up with a set of criteria, including attributes such as integrity, operating and international experience, innovation experience, financial acumen, and others. A sizable set of internal candidates was identified to be included in the process, recognizing that a candidate’s experience and growth would be measured over time before any decision would be made.

External scans (versus searches) were routinely completed to ensure that internal candidates were being benchmarked against skills found in the marketplace. Of course, Falk noted that the board had an inherent preference for internal candidates, because a transition to such a candidate would mean less risk for the company.

3. Keep at it. Each year throughout Falk’s tenure, the process continued in an iterative fashion. “I met with board leadership a couple of times a year,” he added. As the company evolved, the criteria might change or be adjusted to reflect what the company needed in coming years; however, the process remained constant. Succession planning was regularly included on executive session agendas. Falk also noted that he made a point to keep tabs on the status of his senior team, checking routinely in recent years on any departure plans to ensure that, if possible, key personnel would never depart at the same time. As it turned out, senior leadership departures ultimately were staggered, with new leaders slotted in over the last several years, ready to support the new CEO in 2019.

4. Keep score. Potential candidates were measured each year, with 360 degree reviews completed along the way. Both qualitative and quantitative measures were documented. The full reviews were shared with the candidates and also with two to three key board members such as the head of the nominating and governance committee. Candidates’ progress was tracked over time. An emphasis was placed on keeping accurate records of performance over time.

5. Separate emergency planning. Falk also ensured that crisis succession planning discussions happened at different times than discussions on the natural succession plan. “Emergency planning is not just a name in an envelope,” said Falk. “We looked at what each senior leader would have to do in an emergency. For example, the CFO would have to talk to investors. The human resources leader might have to start a new search.” This planning was updated every year, with an eye toward ensuring uninterrupted company operations. This work could also point out weak spots, which would benefit non-emergency operations.

Of course, activists can precipitate a management change, or, according to Falk, “If the CEO ever stagnates, then that person has to get out of the way.” In the case of Kimberly-Clark, after more than 24 years in the Fortune 500, smart succession planning did its job. In January, Michael D. Hsu took over the reigns as Chief Executive Officer of Kimberly-Clark Corporation. Before becoming CEO in January 2019, Hsu was chief operating officer, leading day-to-day operations of Kimberly-Clark’s business units, along with the global innovation, marketing and supply chain functions. He joined Kimberly-Clark in 2012 as group president of the company’s nearly $8 billion North American Consumer Products business.

NACD North Texas wishes to thank Mr. Falk for sharing his insights and experience. Offering programming in the areas of Dallas and Ft. Worth, NACD North Texas welcomes NACD members and visitors. More information can be found here.

Kimberly Simpson is an
NACD regional director, providing strategic support to NACD chapters. Simpson,
a former general counsel, was a U.S. Marshall Memorial Fellow to Europe in

The Role of the Executive Researcher

As drivers of transformation, executive researchers prove the integral and vital role they play in the profession. Rachel Roche, a leading authority in executive research training, shares an inside snapshot of the executive researcher role and how they serve as the ‘chief ambassador’ across multiple channels and stages of the search process.