Bulletproof your defence


Bulletproof your defence Ethical BoardroomBy Sean Lyons, Principal at R.I.S.C. International, Ireland



21st century stakeholders have an expectation that their organisations will be capable of delivering long-term stakeholder value.

However, less than two decades into this century many stakeholder groups have already borne witness to a litany of corporate failures, incidents and scandals (Lehman Brothers, BP Deepwater Horizon and Volkswagen, etc), resulting in the reduction or destruction of their stakeholder value.

Post-mortem investigations into the causes of corporate failures typically identify deficiencies and weaknesses in the corporate defence programme of the organisation(s) concerned. As a result, many stakeholder groups are now questioning the adequacy of their organisations’ efforts to adequately preserve, safeguard and defend their stakeholder value. Consequently, 21st century stakeholders are now increasingly placing pressure on the boards of their organisations to focus on such obligations.

Scrutiny of corporate strategy and boardroom performance

Bulletproof your defence Ethical BoardroomCorporate strategy is generally regarded as the roadmap to be followed by an organisation and can impact on its corporate culture and behaviour. In formulating strategy, due consideration should be given to matching the organisation’s strategic activities to the organisation’s environment, its available resources (e.g. people, processes and technology) and the extent of its capabilities. Board members are expected to bring considerable professional experience and diversified business insight in this regard. Their sound judgement, specialist knowledge and leadership qualities are expected to be of particular benefit when deciding on the organisation’s strategic roadmap and on delivering value to their stakeholders over the short, medium and long term. The promise of delivering sustainable value is expected to be an integral part of any corporate strategy.

Stakeholder groups are now increasingly making their board members aware of their value expectations and are subjecting their boardrooms to a higher level of scrutiny in terms of their performance in meeting these expectations. This scrutiny includes a focus on their board’s obligations in relation to matters, such as corporate governance, risk management and compliance. Such scrutiny also coincides with increased demands for higher standards of boardroom behaviour, in terms of integrity, ethics and accountability. Increasing pressure on boardrooms in the form of proxy advisor demands and pressure from stakeholder activist groups has also prompted a rigorous search for an improved approach to corporate strategy, one which is intent on helping organisations to foster an era of sustainability.

Value creation and corporate strategy

Traditionally, the concept of value creation has been at the very heart of strategy formulation and, as such, an organisation’s strategy generally includes how the organisation intends to create value for its stakeholders. Typically, organisations face the dual challenge of creating value on an ongoing basis while simultaneously ensuring that they can also preserve the value that is being created. Therefore, a focus on value creation alone is not considered to be sufficient, it must also be accompanied by an appropriate focus on value preservation.

“While strategy tends to address the issue of how to create value… there’s a ‘value preservation’ deficit”

While corporate strategy tends to formally address the issue of how the organisation intends to create its value, the equally important issue of how the organisation intends to preserve its value generally does not form part of corporate strategy. Unfortunately, in far too many organisations there is what can be referred to as a ‘value preservation deficit’, whereby value preservation is more likely to be implied rather than being considered a core element of corporate strategy. Addressing this deficit is increasingly considered to be the responsibility of the board, as a growing number of stakeholders believe that once value has been created, this value then needs to be protected and defended. Such a view demands that a balanced corporate strategy should incorporate a healthy focus on both value creation and value preservation.

The focus on value preservation

The value preservation imperative represents an organisation’s responsibility to its stakeholders to take adequate steps to help preserve value and defend against value reduction or destruction. This responsibility should involve considering how value preservation fits into the organisation’s current strategy and the extent to which the organisation’s stated objectives incorporate its value preservation obligations. Logically, organisations that exhibit an ability to preserve the value they have created over an extended period of time tend to be successful, while organisations that are unable to preserve their value tend to fall by the wayside. Rationally, an inability to successfully preserve value will inevitably result in a decline in value or the destruction of value.

Bulletproof your defence Ethical BoardroomGenerally speaking, unsuccessful organisations will show little evidence of having given value preservation due consideration and, unfortunately, it would appear that the requirement to preserve value is often neglected during the strategy formulation process. Successful organisations, however, depend on their ability to both create and preserve value over the short, medium and long term and board members must learn to continuously monitor the dynamic between value creation and value preservation.

Safeguarding, protecting and defending against the loss of stakeholder value is the essence of the value preservation. While in the past an organisation’s obligation to fulfil this responsibility may have been perceived as somewhat implied, this is certainly no longer the case as stakeholders not only expect but increasingly demand higher levels of due diligence in this area. In practice, this due diligence represents the measures (formal or otherwise) taken by an organisation to defend itself and the interests of its stakeholders from a multitude of potential hazards (i.e. risks, threats and vulnerabilities), the occurrence of which could be detrimental to the achievement of the organisation’s objectives. This includes an obligation to take adequate steps to anticipate, prevent, detect and react to hazard events in order to avoid, mitigate and manage any potential exposure in a timely manner. Addressing value preservation, therefore, involves ensuring that the organisation has adequate and robust corporate defence measures in place at strategic, tactical and operational levels.

The board’s corporate defence responsibilities

As guardians of the organisation, board members have a duty of care to accept responsibility for addressing this corporate defence challenge. This means that the board has ultimate responsibility for setting the corporate defence agenda, for influencing the corporate defence culture and for providing direction and support in relation to the organisation’s corporate defence activities.

The board should remain accountable to the stakeholders for the quality of the organisation’s corporate defence structure and capabilities. The effectiveness of the board in its role as the last internal line of defence will be dependent on the board’s size, composition and qualifications. It will be dependent on the board having the appropriate balance of skills, experience, independence and knowledge. Board members need to be aware of their corporate defence responsibilities and accountabilities in relation to issues, such as board governance, board risk, board compliance, board intelligence, board security, board resilience, board controls and board assurance, etc.

From a stakeholder perspective, it is reasonable to expect that the board will be held accountable for the strategic oversight of corporate defence and for ensuring that there is a formal corporate defence programme in place, including an oversight framework to address this obligation. The board should therefore have responsibility for reviewing and approving the corporate defence programme on an ongoing basis, taking into consideration the organisation’s changing circumstances and the constantly mutating challenges it is faced with. Such a programme can obviously vary from one organisation to another, however  the existence of a formal programme helps to demonstrate that the board has at least given due consideration to the organisation’s precise requirements in relation to corporate defence.

The corporate defence programme

Corporate defence is synonymous with practices, such as corporate governance, risk management, compliance, organisational intelligence, corporate security, organisational resilience, internal controls and corporate assurance. These practices are regarded as constituting the critical components of a corporate defence programme. A corporate defence programme therefore represents an organisation’s ongoing efforts to address these corporate defence-related matters and every organisation will have some form of corporate defence programme in operation, whether these efforts are formal or informal.

Board members need to understand that each of these components are inherently inter-connected and inter-dependent and therefore their effectiveness is contingent on one another, as each contributes to and receives from each of the other components. Effective corporate defence requires the alignment, integration and coordination of all of these specialist components. A comprehensive corporate defence programme therefore involves managing and coordinating each of the critical corporate defence components under the same umbrella (see graphic, above). These critical components address corporate defence from different perspectives and form part of the necessary system of checks and balances required to help ensure that the organisation has taken appropriate measures to help preserve stakeholder value and safeguard stakeholder interests.

“Deficiencies and weaknesses in an organisation’s corporate defence programme tend to result in corporate losses or failures”

Typically, corporate defence deficiencies and weaknesses can include failures in corporate governance, poor risk management, compliance failures, unreliable intelligence, inadequate security, insufficient resilience, ineffective controls and the failures of assurance providers. As these critical components are inherently interconnected, the existence of more than one of these weaknesses or deficiencies in any given organisation tends to exacerbate the initial problems experienced and can eventually result in exponential collateral damage to stakeholder value.

Board members need to appreciate that, logically,  if deficiencies and weaknesses in an organisation’s corporate defence programme tend to result in corporate losses or failures, then more robust corporate defence programmes can help to better safeguard against the occurrence of such scenarios. In many organisations such deficiencies and weaknesses very often begin with the lack of a formal structured corporate defence programme. What is needed is more effective corporate defence rather than what has been described as ‘corporate defence theatre’, which is simply the appearance of corporate defence efforts.

Board oversight of the corporate defence programme

It is the duty of the board to determine for itself if their organisation is adequately addressing their corporate defence duties and whether or not they can demonstrate that they have taken adequate steps in this regard. In recent years there have been ongoing calls from regulators and other stakeholder groups for improved board oversight of corporate defence-related matters including calls for better board risk oversight, board compliance oversight, board cybersecurity oversight and board oversight of internal controls, etc. Addressing each of these individual board oversight requirements in an ad-hoc fashion can prove problematic and can result in boards being overburdened and forced to simply react to these matters as they appear on the board radar rather than proactively directing and controlling the corporate defence agenda.

On the other hand, the introduction of a formal structured corporate defence programme can help ensure that all corporate defence-related activities are appropriately managed in an integrated and systematic manner. Such an approach can help ensure that stakeholder interests are better safeguarded while also facilitating more efficient use of valuable boardroom time. The adoption of such a formal approach also means that the board can more easily demonstrate that due care was taken in the performance of their value preservation obligations.

About the Author:

Sean Lyons is author of new book Corporate Defense and the Value Preservation Imperative: Bulletproof Your Corporate Defense Program