A starting point might be a report released late last year. It was described by its publisher, the US National Association of Corporate Directors' (NACD), as a 'how-to for directors who are recommitting to corporate governance excellence.' The NACD's 2009 Blue Ribbon Commission Report was based on evidence from recent company failures and input from real boardrooms. It detailed solutions and practical advice for directors on risk oversight. (1) For example:
- Risk is a team sport. Various recommendations have been made over the years that boards develop risk committees. Many have done so, most often by extending the brief of existing audit committees. The report found that delegating to a committee is part of the problem. The whole board should take ownership of risk and provide collective oversight.
- The board needs to help set risk tolerance. The board as a whole should consider its appetite for risk taking the potential risk/reward equation into account. It should consider how much tolerance it has for variances from its risk appetite, depending on changing operating conditions.
- Boards must take control of information flow. Boards may have inadequate information to do their job properly. Boards need to consider if new or different information could result in changed conclusions about the company's risk profile or the adequacy of its systems.
Following publication the NACD's President Ken Daly identified six alarm bells that can alert directors to potential risk problems and that should never be ignored (2). These have relevance to not-for-profit boards as well as commercial entities.
- When financial results are unusual
These can be results that appear unusual - whether positive or negative. A sudden downturn or vast improvement in the financial performance of a company should prompt its directors to probe management about the reasons for it. Directors should make sure the answers they get are both plausible and acceptable.
- When 'stress tests' on accounting estimates don't hold up
Daly suggested that various accounting estimates are good places for boards to stress-test by looking at the underlying management assumptions. (We suggest that other, non-financial, performance metrics may be just as important). He used credit cards as an illustration. Credit-card losses/delinquencies may be tied to unemployment rates. If unemployment has jumped in a region from 7% to 9%, a credit card issuer should ask how this has affected its estimates of delinquencies and resources allocated to collections. Directors should be listening to management's explanations to see if they have adjusted the numbers - in a way that makes sense - or whether the underlying assumptions might be suspect.
- When rationalisations don't add up
This relates to circumstances where there is a significant discrepancy between what happened and what was expected and where explanations of the difference don't really make sense. When results are dramatically different from what the board has been led to believe, directors naturally begin to question whether management really has a handle on the business. Surprises should also cause directors to explore whether they have a good understanding themselves. Is there something going on that they haven't been told about?
- When there are conflicts of interest
Another red flag relates to a lack of director independence. Conflicts of interest need not be only about where a board member might stand to benefit personally. It may also be a conflict of loyalty such as can occur when a director might be swayed by an affiliation/commitment to another organisation. Both are pointers to reputational risk if nothing else.
- When there is a lack of knowledge about what others are doing
This primarily concerns a lack of knowledge about other entities in the same sector/industry. For example, when the company's results differ notably from those of others in the industry, what has caused it to be, for example, significantly better? Is it brilliant management, better products, or something else? For example, has the company been making much higher risk/reward trade-offs than competitors?
- When there is an apparent disconnect between strategy and risk
Daly asserts that most of the key risk factors affecting a company relate to its strategy. However, many directors seem not to fully understand the strategy, nor have they been sufficiently engaged in strategy development and review to give them a good understanding of some of the risks that may go with that strategy (3).
- Schedule a board discussion of the way it goes about risk management
In particular, discuss the NACD Blue Ribbon Commission's conclusions. For example, has your board delegated too much of its basic thinking about risk to a 'risk committee'?
- Conduct an annual discussion about risk
Schedule into your annual agenda a solid discussion of the risk factors facing the business - as seen from the board's perspective. While there may be a high degree of alignment between board and management we should expect the respective perspectives to be somewhat different. Remember, at the end of the day, it is the board's judgement that is on the line.
- Ask plenty of questions
Besides being alert to potential red flags of the type identified by Ken Daly, a director's best approach is to ask a lot of questions and keep going until he/she is genuinely satisfied with the answers. You should not jump to negative conclusions. There may be perfectly good (and acceptable) explanations for some of the issues that don't seem, at first glance, to add up.
- Keep an ear open for the 'sound' of the six alarm bells
And anything else that might not quite sound right. Boards need to be constantly tuned into the sound of their 'baby crying' (4).
- Seek independent verification
If answers from management don't seem to stack up it may be time to initiate an independent external review. Bringing someone in from the outside to look at the situation with a fresh perspective (and perhaps greater experience/knowledge/ understanding) is likely to help you (board and management alike) to conclude whether there is a real problem or not. Either way, you will be better off by knowing. It will also demonstrate to various stakeholder groups that your board is on its toes and looking after their interests.
(1)NACD (2009) Risk Governance: Balancing Risk and Reward. https://secure.nacdonline.org/source/meetings/presslist-detail.cfm?pressID=51
(2) Beverly Behan. 'Six Alarm Bells for Corporate Board Members.' Bloomberg Businessweek, April 9, 2010. http://www.businessweek.com/managing/content/apr2010/ca2010048_955780.htm
(3) In the 2009 NACD public company governance study, strategic planning and oversight was rated the top issue of importance to board governance, yet less than 20% of respondents ranked their boards as highly effective in this area (Behan, 2010, op cit.).
(4) The mother of a young child can sleep through the sounds of trucks, aeroplanes etc, yet will awake instantly when her baby cries (Note: my wife assures me that this does not apply to fathers!). It is not the noise level but the importance of the information that wakes her. The mother can tune out (i.e. not be distracted by) sounds that are insignificant to her (Colin Sworder, 'Hearing the baby's cry; it's all in the thinking.' In Bob Garratt (Ed.) Developing Strategic Thought. Maidenhead, McGraw-Hill, 1995).
Top of Article
Back to the Periodical