Clarity on board 

By Tim J. Leech, Managing Director Global Operations at Risk Oversight Solutions Inc.

“Clarity of purpose… consistently predicts how people do their jobs… motivation and cooperation deteriorate when there is a lack of purpose. You can train leaders on communication and teamwork and conduct 360 feedback reports until you are blue in the face, but if a team does not have clarity… problems will fester and multiply. When there is a lack of clarity, people waste time and energy on the trivial many.” [1] Greg McKeown in Essentialism: The Disciplined Pursuit of Less

I have provided risk and internal audit training and consulting services to literally thousands of companies. When a client engages me, one of the first steps is to source and read the board’s charter. With few exceptions, the charters are long on ‘how to’ statements with repetitive use of the words ‘review’ and ‘oversee’; and short on specific outcomes sought as a result of the board’s existence/funding – the board’s purpose. 

Over the past 10 years, stakeholders have increasingly been specifying and demanding what they want from boards and, most importantly, showing they are willing to take aggressive steps when boards don’t do/produce what they want.

Key stakeholders, including regulators (particularly in the financial services sector), powerful institutional investors, activist investors, private equity firms looking to invest, environment, social and governance (ESG) activists, and others are all becoming increasingly strident in terms of what they expect as outcomes from boards, regardless of whether the boards targeted are willing to accept these elevated responsibilities.  

When I work with leadership teams and boards to implement objective-centric risk and certainty management (OCRCM), a key step is to create/clarify/agree a top-end result statement of value creation and preservation objectives that are important enough to warrant formal risk/certainty assessment and reporting. To define them, I often start with a simple facilitation prompt:

What objectives do you need to achieve a year from now/five years from now for sustained success? The accomplishments that will make you great and the objectives, if not achieved, that will materially hurt entity value? 

In addition to being responsible for clarity on corporate purpose/strategy, boards need to define their own purpose. To elicit the board’s purpose, I start with:

If there was no board today and one was created, what would be different a year from now as a result of the board’s existence/funding?

My experience and research indicate most boards have not defined with any clarity their purpose and directors struggle to define/agree the words for an end-result board purpose statement when first asked.

Recently, in one of my LinkedIn posts, I proposed what I think should be a board’s purpose statement: “Key stakeholders have increased confidence the company has the right/appropriate strategy and supporting value creation/preservation objectives; and the Board is actively overseeing/trying to ensure the CEO/company is effectively pursuing its strategy/objectives/performance targets within risk/certainty boundaries acceptable to the board.”

Proposed draft statement of board purpose

Key stakeholders believe the company has the right/appropriate strategy and supporting value creation/preservation objectives; and believe the CEO/ company is pursuing its strategy/objectives/performance targets effectively within risk/certainty boundaries acceptable to the board

A visual created by the Open Compliance & Ethics Group (OCEG) to capture what they call ‘principled performance’ aptly depicts the role of a board – ensure management is pursuing objectives agreed with the board within mandated and voluntary boundaries is shown below.“

Stakeholders increasingly expect that the ‘voluntary boundary’ defines the amount of risk/uncertainty the CEO and board are prepared to accept in pursuit of objectives. They also expect that boards are taking steps to ensure the company is operating within ‘mandated boundary’ set by laws, government or regulators. This is especially true for mandated boundaries that come with huge fines and/or reputation damage when they aren’t respected and government/regulators decide to vigorously enforce them.

What do authoritative board director associations say 

Following my LinkedIn post, I have been doing more web research to see what ‘authoritative bodies’ think/say the purpose of a board should be. The Institute of Directors (IOD) in the UK defines the ‘purpose’ of the board as to ensure the company’s prosperity by collectively directing the company’s affairs, while meeting the appropriate interests of its shareholders and relevant stakeholders’ (Standards for the Board, IoD).[3]

Pretty vague, but at least it’s an end result. End result objectives included in the statement seem to be ‘ensure company prosperity’ and ‘meet appropriate interests of shareholders and relevant stakeholders’. I teach my students that any time the word ‘by’ appears in an objective statement it signals a ‘how to’ segment in the sentence is coming, as opposed to what is to be achieved as an outcome. IoD goes on to define the ‘role’ of the board as follows:

The board of directors of a company is primarily responsible for:

• Determining the company’s strategic objectives and policies
• Monitoring progress towards achieving the objectives and policies
• Appointing senior management
• Accounting for the company’s activities to relevant parties e.g. shareholders

I also teach my students that any time an alleged end-result objective statement has ‘ing’ at the end of words, it also indicates an activity statement (a ‘how to’); not an end result, i.e.  ‘what’s to be achieved’. If you take the words ending in ‘ing’ out, it gets closer to clear end results (e.g. the board is responsible for the company’s strategic objectives, senior management, progress towards achieving objectives and the company’s activities – quite clear).

Google searches that I did on the National Association of Corporate Directors (NACD) in the US and the Institute of Corporate Directors in Canada (ICD), were unsuccessful in locating what they believe is the core purpose of a board. 

My sense is that powerful institutional investors do hold boards responsible for corporate strategy and company prosperity, not just reviewing what’s offered by management and asking a few good questions. On the other hand, as a forensic/litigation accountant by training, I understand the natural aversion to clear, publicly disclosed accountability for specific outcomes. The NACD site in the US and ICD site in Canada do provide plenty of hints about possible board purpose from the activities/things they say boards should do, but little clarity on specific outcomes sought/ purpose as a result of a board’s existence/funding.

The draft board purpose statement I’ve proposed above has been formulated, based on my reading of what regulators, powerful institutional investors, ESG activists and others increasingly say they want from the existence/funding of a board. The purpose of the board is vitally important to me in my work because the primary client of my primary clients, risk and internal audit functions, is the board.

Without reasonable clarity on board purpose, the purpose of increasingly expensive and proliferating second-line/risk functions and third-line internal audit that serve boards is similarly vague/undefined. For information on the new 2020 IIA THREE LINES MODEL, see Ethical Boardroom’s Reading Between the Lines article.[4]

If one accepts the general thrust of what I have proposed as the purpose of a board, it naturally leads to my proposed draft purpose statement for risk functions and internal audit who, at least theoretically, exist to support the CEO and board:

Proposed draft statement of PURPOSE of risk functions and internal audit

Ensure the CEO and board receive materially reliable and timely information on the current risk/certainty that the company’s top strategic/value creation objectives and value preservation objectives are achieved, while operating with a level of risk/certainty acceptable to the CEO/board

A better way forward

Boards that are willing to define their purpose in a clear end-result statement will find it immediately helps clarify what most needs to be accomplished; and clarifies the information the board needs from CEOs, chief risk officers and chief internal auditors to discharge their core purpose. Without clear board purpose, staff groups, including risk management and internal audit, have to guess at what the board wants/needs from them. This makes the majority of risk management and internal audit functions in the world today ‘supply-driven’ not ‘demand-driven’ by boards with clear purpose – not ideal by any stretch of the imagination. 

By far the most important and challenging element of the board purpose statement I have proposed is: ‘Key stakeholders believe the company has the right/appropriate strategy and supporting value creation/preservation objectives’.

In steps 1 and 3 above, we recommend that when an organisation implements an OCRCM framework, it provides a practical platform for CEOs and boards, with input from a chief risk officer or, in smaller companies, a trained objective-centric risk/certainty facilitator, to define, debate, and agree the top strategic/value-creation objectives and the target levels of risk/certainty assessment rigour and independent assurance – a step very few CEOs/boards have done in the past. 

Defining/agreeing the more traditional value preservation objectives, such as reliable financial statements, data security, compliance with laws, continuity of operations, don’t usually present much of a challenge. Agreeing clear end-result top strategic/value creation objectives is, in my experience, quite difficult. Once steps 1 to 3 are done, the framework provides full support to complete steps 4 and 5.

The framework produces more and better concise information that helps CEOS/boards make well-supported resource allocation decisions and discharge the second part of the draft board purpose: the CEO/company is pursuing its strategy/objectives/performance targets effectively within risk/certainty boundaries acceptable to the board’.  

Stakeholders increasingly expect boards to oversee strategy/value-creation objectives and value-preservation objectives. Boards that won’t define and disclose their purpose to key stakeholders will increasingly see it defined for them by the courts, regulators, powerful institutional investors and society–- whether they like and accept it, or not. 

Clearly defining board purpose will generate many tangible benefits to companies that go far beyond what is traditionally seen as ‘risk management’. The term ‘certainty management’, with real, demonstrable CEO/board input, participation and oversight, better captures the best way forward.

About the Author

Tim J. Leech FCPA CIA CCSA CRMA is Managing Director Global Operations at Risk Oversight Solutions Inc. ROS focusses on helping companies implement objective centric enterprise risk management (ERM) and internal audit to meet escalating board risk oversight expectations and add real value. He has more than 30 years of global experience in the board risk oversight, ERM, internal audit and forensic accounting fields, including expert witness testimony in civil and criminal proceedings. Tim has provided training for hundreds of thousands of public and private sector board members, senior executives, professional accountants, auditors and risk management specialists globally. He has been published in the Harvard Governance blog, London School of Economics Centre for Risk and Regulation, IIA global and many others. He is a regular contributor to Ethical Boardroom and Conference Board Director Notes.