By Tim J. Leech, Managing Director, Risk Oversight Solutions
A National Association of Corporate Directors (NACD) commission in the US announced in January 2022 it will answer those three questions above by year end. Dubbed the ‘Future of the American Boardroom Commission’, a prestigious group of board directors and governance subject matter experts has been assembled by NACD to ponder these questions in the difficult context of the world’s most litigious country.
I have already cast my vote. Based on more than three decades of observing board practices and escalating shareholder and broader stakeholder expectations, I believe some board practices in the US, and around the globe, are seriously outdated, have often proved ineffective in colossal ways, and are in urgent need of change. This article outlines the three major board practices areas that I believe are in urgent need of reform. My observations and recommendations to fix outdated board practices apply globally.
The press release announcing this new NACD commission summarised its purpose. Led by co-chairs Sue Cole and Bill McNabb, the first phase of this initiative will focus on identifying outdated practices and developing high-level guidance to advance board effectiveness. These guiding principles will be coupled with practical advice and tools to help boards and their committees take swift and deliberate action to adopt specific changes. “Boards today bear a tremendous responsibility to the organisations and communities they serve – one that requires a fresh perspective on board performance, quality, transparency, and value,” said Peter Gleason, president and CEO of NACD. “NACD is proud to bring this research forward to enable boards to meet the demands of the future.”
A blog post by Friso van der Oord, NACD’s SVP content, a few days after the press release announcing the new commission, provides more context: “To position boards to help their companies succeed in a more turbulent future, we need to firmly challenge how boards are composed and structured, how they operate and interact with the business, and how they hold themselves accountable. Although the fundamental legal underpinnings of board governance have not changed, longstanding conventions and unwritten norms that have shaped boardroom practices and behaviours deserve to be revisited.”
To respond to this new US commission’s purpose, I did three posts on LinkedIn to my contacts and members of 10 discussion groups and copied each post and a draft of this article to van de Oord. Each post has an important message.
POST ONE: ARE BOARD PRACTICES OUTDATED?
NACD, world’s leading directors’ association, just convened a new commission to identify outdated board practices; and recommend what boards need to change. This post describes what this new commission should focus on first.
NACD’s announcement sets the stage: “Based on our recent analysis, almost 60 per cent of directors expect that environmental, social, and governance (ESG) reporting will receive as much scrutiny as financial reporting. Close to 40 per cent believe that a sole focus on shareholders at the expense of other stakeholders will come to be considered inappropriate.”
My hope is this commission starts by clearly defining, in simple words, what NACD believes the purpose of a board should be. It shouldn’t be stated in legalese. I have tried, but can’t find anywhere that NACD has clearly stated what they think the purpose of a board should be. To assess whether current board practices are outdated, clarity is needed on board purpose.
UK Governance Code requires all UK-listed companies ‘comply or explain’. Principles A and B state: “A successful company is led by an effective and entrepreneurial board, whose role is to promote the long-term sustainable success of the company, generating value for shareholders and contributing to wider society. The board should establish the company’s purpose, values and strategy, and satisfy itself that these and its culture are aligned.”
I don’t think they’re as good as they could be, but they’re at least a start. Last year, I proposed what I think board purpose should be after decades of reading hundreds of board charters, corporate strategy slide decks, and observing evolving stakeholder expectations. A simpler proposal for board purpose:
- Board ensures the company has clear purpose and appropriate supporting value creation and value preservation objectives. including ESG objectives, if any,
- Board ensures management pursues those objectives effectively, while operating with a level of risk/certainty acceptable to the board.
I’m OK if boards don’t agree with mine. Just publicly state their purpose /objectives.
To flesh out the purpose of a board, I like to start with “What do your shareholders and key stakeholders expect will be different as a result of existence/funding of the board? Ideally, board purpose statements are framed in a way average shareholders/stakeholders can understand. Lawyers may not agree. See my previous piece in Ethical Boardroom for more details.
Time will tell if NACD’s newest investigative commission thinks shareholders/stakeholders deserve to know what boards they rely on think is their purpose. Long lists of board practices/activities in charters, without a clear board purpose statement/objectives, aren’t helpful. Each board activity should be challenged – why does the board do this? Focus first on the why, then how.
POST TWO: ARE BOARD PRACTICES OUTDATED?
My first post focussed on the need for NACD’s newest commission to agree the purpose of boards first, before trying to identify outdated board practices. This post focusses on board oversight of management risk-taking linked to strategy and top value creation and value preservation objectives – is it part of board purpose or not?
I’ve been studying reports of commissions around the world created to identify root causes of governance failures since 1985 when Estey Royal Commission studied the failure of two of Canada’s eight biggest banks. Lots wrong with the boards, auditors, and regulators.
Since 1985 there have been waves of big governance failures. Each inevitably followed by more commissions/inquiries. They’ve all looked at role/responsibilities of boards, auditors and regulators. Board charters haven’t changed much since 1985. Big failures keep coming.
After Estey reported in 1985, the Treadway Commission reported in ‘87 after a flurry of governance failures in the US. Many of the same problems. In 2011, following the 2008 global financial crisis and more commissions/inquiries, I co-authored a rigorous academic-style paper on four waves of corporate governance failures; regulatory responses, including rigorous analysis of big regulatory ‘wrong turns’; and recommendations on what needed to change for the International Journal of Disclosure and Governance.
At the root of most governance failures is a simple question: did the board of those companies accept that a key element of board PURPOSE is to oversee management’s risk-taking in pursuit of corporate strategy and top value creation and value preservation objectives? Yes, or no?
If the answer is “no, the board does not accept oversight of management risk-taking linked to key objectives as part of board purpose”, there is no need to go much further examining the role of the board when companies fail. The board didn’t think it was their job.
If the answer is “yes, the board accepts responsibility for oversight of management’s risk-taking linked to key objectives as part of board purpose”, the next question should be “are boards getting reliable/useful information on the true state of risk/certainty linked to key objectives from management, risk functions, and internal audit to help them discharge this element of board purpose?
I don’t believe it’s possible to identify key outdated board purposes in the absence of clarity on board purpose. Boards that don’t like the type of board purpose statement I propose in part one should disclose to shareholders/stakeholders in plain words what they see as their purpose, and let them decide if they like it, or not. I believe a lot more boards with board purpose better aligned with evolving shareholder/stakeholder needs and expectations are required. I hope the new NACD members are listening.
POST THREE: ARE BOARD PRACTICES OUTDATED?
A blue chip NACD commission has just been set-up in the US to find out. My short answer is yes, they are outdated. Parts 1+2 call on boards to define/disclose board purpose to key stakeholders. Without clarity on board purpose, you can’t assess effectiveness of board practices. My picks for top outdated board practices are:
Outdated board practice #1 Board oversight of risks not linked to top strategic objectives. Evidence is clear, risks with greatest potential to erode entity value are strategic risks. Paradoxically, evidence is also clear, strategic objectives receive the least amount of formal risk assessment. I’ve read hundreds of strategic plans – in most cases little evidence of risk assessment of the strategy/objectives proposed. Surveys continue to show limited integration of strategic planning and ERM.
Recommendation: Boards should demand strategic plans be risk-assessed during development. During strategy implementation, the entity’s ERM framework should monitor/report to the board on risk status linked to top strategic objectives. We recommend a simple five-step process (page 87)
Outdated board practice #2 Board oversight of risk status linked to traditional value preservation objectives, including financial statement reliability, legal compliance, data security, business continuity, etc. Most companies still use legacy methods for these objectives. Boards get risk lists and internal audits that often miss the really big risks. There is lots of evidence legacy assurance methods don’t work very well. See my LinkedIn post on modern objective-centric ERM/IA assessment methods.
Recommendation: All ERM, internal audit and SOX 404 type work and reports to the board should be ‘objective centric’. The assessment method used by all lines should be strategy/objective centric, linked to performance (per COSO ERM/IIA Three Lines Model). Boards should demand it if CROs and/or CAEs are unwilling to update. Boards should have at least one director trained on modern objective centric risk management. See my piece on Risk Oversight Solutions: Ten Primary Assurance Methods on the main assurance methods.
I am hopeful this new NACD commission will decide board practices above are, in fact, seriously outdated and there is an urgent need to relegate them to museums.
“It is not possible to meaningfully assess whether today’s board practices are outdated in the absence of better clarity and agreement on board purpose”
NACD recommendations should start with how boards define/disclose board purpose; how boards decide which objectives the board wants risk/certainty status information on; how boards define the level of reliability/independent assurance on risk/certainty status data they want; and how boards oversee management’s risk-taking. Define/agree board purpose first, then assess board practices.
The future of the Commission
Some time ago, I spent considerable time trying to find anywhere the NACD has defined what they think the purpose of a US board is/should be. I was unsuccessful.
Elliot Schreiber, an American, globally recognised governance expert, and author of a new book titled The Yin & Yang of Reputation Management, a book with one of the most prestigious groups of reviewers I’ve seen, via a LinkedIn comment on Post One of this series, told me why he thinks I couldn’t find any definition of board purpose on the NACD site:
“Tim Leech: You likely will not find a common purpose of a board from NACD, although you will from IoD in Canada and UK. The reason is that governance in the US is rules-based, while the rest of the world is ‘principles-based’. The US gives each company and each board the authority to establish its own purpose based on its need. In general, the purpose of all boards is to provide oversight of management as the representative of shareholders. While this is likely disappointing, it explains why you cannot find anything on the NACD site. The practices they likely are focussing on is the redefinition of the board as representative of stakeholders, and what that means.”
While I understand the preference of most US boards not to clearly define what they see as their purpose in the world’s most litigious country, I am steadfast in my belief: it is not possible to meaningfully assess whether today’s board practices are outdated in the absence of better clarity and agreement on board purpose.
We will know sometime over the next year if this new NACD commission is willing to advise US boards that boards should, as a ‘good practice’ clearly define and communicate to stakeholders what each board sees as its purpose. We will also know this year whether this new NACD commission is willing to venture an authoritative view on what this commission and, by extension, the NACD thinks the purpose of an effective American board should be today to better serve shareholders and an increasingly powerful and vocal broader group of stakeholders.
I have stated in my responses and in many other places, including my 2021 Ethical Boardroom article Clarity on Board, that a key role of the board should be to take reasonable steps to oversee management’s risk-taking linked to a company’s top strategic/value creation and value preservation objectives. I also think that, to serve as representatives and stewards of a company’s shareholders, each board should tell shareholders and future shareholders whether they accept or reject responsibility to oversee management’s risk taking in pursuit of top strategic objectives. Management risk taking has been at the heart of the world’s biggest governance disasters, including the global financial crisis of 2008.
Given the litigious US environment, it may be that a lot of US boards are happy, and will continue to be happy, staying silent on their purpose. Boards and director institutes in other countries around the world should decide whether they think shareholders and broader stakeholders are entitled to know what directors that represent them think is the purpose of a board. A board’s view of board purpose, when it is aligned with what stakeholders see as effective value management, may soon become a competitive differentiator.
About The Author:
Tim J. Leech FCPA CIA CCSA CRMA is Managing Director Global Operations at Risk Oversight Solutions Inc. ROS focusses on helping companies implement objective centric enterprise risk management (ERM) and internal audit to meet escalating board risk oversight expectations and add real value. He has more than 30 years of global experience in the board risk oversight, ERM, internal audit and forensic accounting fields, including expert witness testimony in civil and criminal proceedings. Tim has provided training for hundreds of thousands of public and private sector board members, senior executives, professional accountants, auditors and risk management specialists globally. He has been published in the Harvard Governance blog, London School of Economics Centre for Risk and Regulation, IIA global and many others. He is a regular contributor to Ethical Boardroom and Conference Board Director Notes.