Information Flow Beyond the CEO
As a delegate to NACD’s Advisory Council on Risk Oversight recently said: “Directors don’t know what they don’t know.” This Fortune 500 director was referencing one of the challenges facing corporate boards today: asymmetric information risk.
Asymmetric information risk refers to the risk inherent in the imbalance in the information flow between management and the board. Directors serve in a part-time capacity while the management team operates full time. Naturally, senior-level executives have a much deeper knowledge about the organization’s operational processes and risks than the board. As such, directors rely on senior management for the information necessary to carry out their oversight duties.
In our experience working with boards, we’ve found an effective solution for mitigating asymmetric information risk is to develop a systematic process in which the board is given access to the executive team – beyond the CEO. Examples of senior staff with whom the board should regularly meet include the chief risk officer, chief compliance officer, head of internal audit, chief ethics officer, general counsel, CFO, and chief information officer. NACD’s C-Suite Expectations: Understanding C-Suite Roles Beyond the Core helps directors understand the types of information they should provide.
One way to ensure that this systematic reporting occurs is to include a recurring slot for key executives and functional leaders to present – perhaps during the board and or committee executive sessions. The goal here is to help the board understand what keeps these executives up at night and anticipate issues in advance.
The board is responsible for providing oversight on the appraisal of strategic and enterprise risk. The inherent nature of a director’s role, however, results in a reliance on the information presented in the boardroom and between meetings, by select members of the management team. For the board to mitigate this natural imbalance in information flow, directors should have in place a systematic process for engaging with key executives, in addition to those limited few who traditionally participate in board meetings.
For more on leading practices in risk oversight, read the latest Summary of Proceedings from the NACD Advisory Council on Risk Oversight.