By Richard F. Chambers – President and CEO, The Institute of Internal Auditors
Given the reliance of companies around the world on market indices, against which they can measure their own economic performance and that of the industries they belong to, the absence, until recently, of a comprehensive index that appraises corporate governance is bewildering.
It’s all the more so when you consider the increasing pressures that companies are under from investors, regulators, consumers and other stakeholders to demonstrate value and sustainability, especially through the lens of environmental, social and governance (ESG) metrics.
A growing number of investors are seeking assurance that companies are providing accurate and transparent accounting of their finances, and also are behaving ethically while meeting objectives that align with stakeholders’ needs and interests. This is more important than ever as the world continues to navigate one of the most disruptive events in more than a generation, the Covid-19 pandemic.
Recognising the need to gauge whether senior management and the board are acting in the company’s best interests and to assess how effective the interaction is between the board, executive management, internal audit and key stakeholders, The Institute of Internal Auditors (IIA) and the Neel Corporate Governance Center at the University of Tennessee’s Haslam College of Business created the American Corporate Governance Index (ACGI).
The index is based on responses to a survey by chief audit executives, or those best positioned for an independent, unbiased and enterprise-wide assessment of a company’s governance practices.
It’s not often that a new report reveals information that is truly startling or provides fresh insight into an area that has been studied as closely as corporate governance. But American Corporate Governance Index: Failure to Make the Grade did just that.
The index gave a mediocre grade of C+ on average to corporate governance of publicly traded companies in the United States. On the surface, a C+ may not seem disturbing or particularly shocking. On deeper consideration, however, I see it as a warning sign of one of the biggest threats to all organisations, not just publicly traded ones: a poor understanding of the value of strong governance. And while the ACGI is based on US-listed companies, its implications are global.
It’s critical to understand that the ACGI is an index, not simply a survey report, and one that’s scored based on eight guiding principles of corporate governance. These principles were designed specifically to encourage companies to aspire to achieve sound corporate governance. That means that every organisation should strive to meet each of the principles at the highest level – an A+.
On introducing the principles about a year ago, I wrote in my blog that attaining the highest level of conformance should be motivated by a sincere desire on the part of an organisation’s leadership to do the right thing, not simply because it is on a list to be checked off. What’s more, the principles must be taken as a whole, with ample appreciation for how they relate to each other, rather than being approached separately. The root cause of many of the corporate scandals of the past decade was ineffective governance within those organisations. Too many corporate boards are simply going through the motions, or worse, are asleep at the wheel.
Take, for example, the scandal at financial giant Wells Fargo, triggered by the unauthorised creation of millions of phony customer accounts over a 14-year period for the purpose of gaming sales results. When a judge in the US District Court of San Francisco, Calif., ruled in October 2017 to allow two cases against 15 directors and four officers – both current at the time and former – to proceed, it put corporate boards on notice that they would be held accountable when corporate misconduct occurs on their watch. The court found it plausible, as the complaint by shareholders had alleged, that a majority of board members at Wells Fargo had ‘consciously disregarded an obligation to be reasonably informed about the business and its risks or consciously disregarded the duty to monitor and oversee the business,’ as reported by the New York Times.
The ACGI report, produced before Covid-19, highlights seven key findings that offer vital insight into the health of corporate governance. Based on the findings, the diagnosis is not good.
One in every 10 companies included in the index scored an F. It is particularly disturbing that 10 per cent of publicly traded companies suffer from substantial corporate governance dysfunction. Sceptics might note that the number of business failures in any given year is probably higher than one-in-10, but that is not the point. Governance failure does not equate to business bankruptcies. Businesses come and go for a variety of reasons, including low capitalisation or new competition, while organisations can continue to operate for years with poor corporate governance. All the while, they abound in inefficiencies and questionable practices that have an effect well beyond the organisation.
To grasp how far afield the effects of poor governance can extend, consider Volkswagen’s emissions testing scandal. By intentionally rigging its emission controls software to circumvent US emissions testing standards, Volkswagen allowed its cars to pump up to 40 times more nitrogen oxide into the air when driving on the road than under test conditions.
‘The ACGI report, produced before Covid-19, highlights seven key findings that offer vital insight into the health of corporate governance’
Companies are willing to sacrifice long-term strategy in favour of short-term interests. The focus on the short term is nothing new, but the index actually captures just how pervasive it is. Companies scored a D (67) in their responses to the revealing statement: ‘Your company is not willing to sacrifice long-term strategy for the benefit of short-term interests’. Put another way, short-term results trump long-term results.
In only one of six areas under Principle 4 (incentivising long-term strategy and behaviour) did companies score higher than a C+, which was ‘employees are compensated and/or incentivised in a way that encourages the achievement of corporate objectives in an ethical manner’.
In Principle 4, respondents pinpointed two areas in need of improvement: the company’s willingness to avoid sacrificing long-term strategy for the benefit of short-term interests, and the extent to which employees receive adequate training to complete expected job duties. Although successfully addressing these issues is primarily up to senior management, boards also must reinforce their commitment to long-term performance and value. Part of what has motivated boards in recent years to hold some of their regular meetings in locations where their companies’ key operations are located is an understanding that they can get a more complete picture of issues affecting the workforce by speaking to lower-level managers in places remote from corporate headquarters.
More than one-third of board members are not willing to offer contrary opinions
or push back against the CEO. According to the survey behind the ACGI, chief audit executives (CAEs) said they believed more than a third of board members would fail
to push back against a CEO who wanted to delay reporting negative news. That reflects an issue that I have called out many times – an overabundance of civility in the modern boardroom. Many of the corporate scandals we have witnessed were precipitated at least in part by the board’s reluctance to question management. Directors cannot afford to be content with having recruited a talented CEO and think they can then step back and let him or her do their job.
In two of the six areas under Principle 6 (information given to the board), companies scored a D: board members’ willingness to ask whether the information presented to them is accurate and complete, and the board taking steps to protect proprietary information it is given.
Regarding the latter, nine per cent of respondents to the survey acknowledged that there had been in the preceding 12 months a cybersecurity breach related to information given to the board, and only 47 per cent of respondents said they believe their board members understood the need and the way to take proper precautions when using email or the board portal in order to protect proprietary company information.
This is a particularly troubling finding in a time when cyberattacks, especially amid the pandemic when companies are distracted, are rampant and data protection is calling for extra attention. Although not addressed directly in our survey, to the extent that management is concerned about the board’s lax protection of company information, senior executives may consciously or subconsciously withhold certain relevant information from the board.
Boards fail to verify the accuracy of information they receive. The ACGI gave a D (67) to board members asking whether information presented to them is accurate and complete. Another IIA report, On Risk 2020: A Guide to Understanding, Aligning, and Optimising Risk, featured a similar finding. In that report, CAEs rated organisations’ ability to provide information that is complete, timely, transparent, accurate, and relevant lower than either executive management team members or board directors did.
Independent boards drive stronger governance. One ACGI finding offers a positive affirmation of the value of board independence. Our analysis found that the ACGI score is higher, on average, among companies with a higher percentage of independent board members. Additionally, ACGI scores are lower when a combined CEO-chairman role is not balanced by a high level of board independence.
Greater regulation does not correlate with stronger governance. CAEs assigned the highest overall rating (83, or B) to Principle 7, which states that boards should ensure that corporate disclosures are consistently transparent and conform to ‘legal requirements, regulatory expectations, and ethical norms.’
‘Companies are vulnerable to corporate governance weaknesses or failures. The majority of respondents said their organisation had no formal mechanism for monitoring or assessing the full system of corporate governance’
It should not be surprising that respondents rated this element of corporate governance as one of the most effective, given declining rates of financial restatements, comment letters from the US Securities and Exchange Commission, and other public disclosure deficiencies in recent years. The percentage of companies filing restatements of their financial statements dropped to less than seven per cent in 2018 from about 15 per cent in 2006, while companies that received an SEC comment letter on a 10-K filing decreased to 19 per cent in 2016 from 37 per cent in 2010.
But the ACGI did not find that higher regulation led to better governance. In fact, it noted no statistically valid differences among industries that are minimally, moderately, or heavily regulated. That suggests that organisations approach regulatory compliance as more of a check-the-box exercise, where there is a greater focus on meeting legal requirements and regulatory expectations than on aspiring to high ethical standards.
Companies are vulnerable to corporate governance weaknesses or failures. The majority of respondents said their organisation had no formal mechanism for monitoring or assessing the full systemof corporate governance. The survey found that only about one fifth of organisations (21 per cent) report that they audit the full system of corporate governance annually. On the positive side, the internal audit function performs full-system audits in most of those cases (75 per cent). However, more than half (55 per cent) of the organisations whose CAEs responded to the survey only ‘informally keep an eye on’ various governance components, according to the ACGI.
This finding is particularly troubling in that it reflects how uncommon it is for organisations to grasp the overall governance picture. I believe this finding exposes the root cause of many of the decade’s biggest scandals. Governance weaknesses in any area – compliance, ethics, and financial controls – are more likely to remain unknown when organisations lack a holistic understanding of governance across the enterprise.
Pre-survey interviews with CAEs indicated that, when the internal audit function evaluates the full system of corporate governance, it considers many of the elements outlined in the principles, putting great emphasis on the effectiveness of tone at the top, culture, communication, and proper alignment of incentives and corporate objectives. But if the evaluation is not conducted by internal audit, CAEs reported, it’s most often done by the general counsel’s office or at the direction of the nominating/governance committee. In those cases, it’s more likely to be a compliance-oriented ‘check-the-box’ exercise with a greater focus on stock exchange requirements and other laws and regulations. Without effective evaluations, organisations can easily miss warning signs of weaknesses or vulnerabilities that can lead to governance breakdowns.
With reporting relationships to management and the board, internal auditors are positioned at the centre of corporate governance and can play a vital role in support of strong and effective governance. Not only can internal auditors uncover weaknesses, but they can also help educate stakeholders about the importance of understanding and nurturing sound corporate governance throughout the organisation. Let’s hope that the inaugural ACGI report will serve as a call to action for all of the players in American corporate governance and globally to step up to the challenge.
The next ACGI survey is underway, with added questions specific to Covid-19. It will be interesting to see how companies are treating governance in light of the heightened risks presented by the pandemic. Results are expected to be released in January 2021.
About The Author:
Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA, is president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of internal audit and association management experience, mostly in leadership positions. Prior to taking the helm of The IIA in 2009, he was national practice leader in Internal Audit Advisory Services at PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon.
He currently serves on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Board of Directors; the International Integrated Reporting Council (IIRC); and The IIA Board of Directors, as well as the Georgia State University School of Accountancy Advisory Council and the University of Alabama Culverhouse School of Accountancy’s Professional Advisory Board.Chambers also has served on the U.S. President’s Council on Integrity and Efficiency. Accounting Todayranks Chambers as one of the Top 100 Most Influential People shaping the accounting profession, and he is recognized by the National Association of Corporate Directors (NACD) as one of the most influential leaders in corporate governance. Chambers is an award-winning author, writing The Speed of Risk: Lessons Learned on the Audit Trail, 2ndEdition (2019), Trusted Advisors: Key Attributes of Outstanding Internal Auditors (2017); and Lessons Learned on the Audit Trail(2014), which is currently available in five languages.