Author Archive

Cybersecurity – Improvements Needed in the Boardroom

January 30th, 2014 | By

Cybersecurity is undoubtedly a critical aspect of board oversight, but an overwhelming majority of directors rate their and their board’s knowledge of IT risk as “in need of improvement.” More than three quarters of directors believe their personal IT knowledge could use a boost and nearly 90 percent believe the same of their board’s IT knowledge. A lack of cyber knowledge at the board level can lead to overreliance on C-suite experts and difficulty by directors in judging an appropriate level of involvement.

Recognizing the disconnect between the need for effective cybersecurity oversight and the boardroom’s lack of IT acumen, NACD, supported by Protiviti and Dentons, convened three roundtable discussions, bringing together directors, executives, and experts in the field of cybersecurity. These meetings provided insight into the numerous and significant risks presented by cybersecurity, while experts pinpointed deficiencies in board responses to threats and possible solutions. Key statements from participants prompted NACD, Protiviti, and Dentons to address issues demanding director attention and action:

  • Boardroom cyber literacy: “Cyber literacy can be considered similar to financial literacy. Not everyone on the board is an auditor, but everyone should be able to read a financial statement and understand the financial language of business.”
  • Identifying high-value information targets: “Do not just harden the perimeter, because hackers will get in. Accept that they can get in, and then design the strategy with the assumption they are already ‘inside.’”
  • Formulating detection and response plans: “When your company is hacked, do not start spending money like a drunken sailor.”
  • The human factor: “People are the constant weakness. Cybersecurity is a human issue. Often the biggest problems are caused by an inadvertent actor.”

Cybersecurity: Boardroom Implications contains information on these issues and more, including questions directors can ask when planning for a breach and when a breach is discovered. Click here for your complimentary copy of the report.

Succession and Sport

May 16th, 2013 | By

As reported in Directors Daily last week, Sir Alex Ferguson, manager of publicly traded Manchester United, announced his retirement. While the retirement of a sports figure, especially an English football (soccer) manager, would not normally provide fodder for an NACD blog post, Ferguson’s resignation underlies the need for succession planning and talent development, and serves as yet another warning about the risks of social media.

A soccer manager is often the most public face of the organization. Although not a traditional member of the C-suite, Ferguson’s relevance is illustrated by the announcement of his retirement. Within minutes of the open of trading following the resignation announcement, Manchester United’s stock price fell more than 5 percent. Directors, especially those who serve organizations where non-CEO employees maintain high levels of public visibility or influence, may want to look closely at Ferguson’s retirement as an example of a high-profile succession. While a coach of a sports franchise is a unique case, this succession plan looks to have been a long-term process resulting in unanimous board approval for the retiring manager’s recommended candidate.

The average tenure of a Fortune 500 CEO is 4.6 years[i], while the average tenure of a high-level English soccer manager is only 2.1 seasons. In a profession defined by short termism, Ferguson successfully managed his club for over 26 years, nearly 10 years longer than the next longest serving premier league manager. The Manchester United board allowed Ferguson to take the lead in the search for his own successor, and even allowed him to make the approach to the succession candidate. It is unusual for a board to cede so much control over the succession process. With directors serving for an average of nine years, their experience and longevity are essential to maintaining corporate continuity throughout the succession process. The board’s role in developing potential succession candidates is one aspect of executive talent development being explored by this year’s NACD Blue Ribbon Commission. The October release of the commission’s report will also examine the value of internal development, backed by a number of studies comparing internal and external succession.

The appointment of an outsider to the position of Manchester United manager was expected, but boards may wish to consider the value of recruiting internal candidates for CEO and other senior executive positions. Studies show that internally recruited CEOs deliver greater total financial performance and are more likely to retain the position[ii]. Also, senior executives hired from the outside have higher rates of failure than those internally promoted[iii], and organizations with greater reliance on external hires have twice the turnover as organizations that rely on internal promotions[iv]. While these studies point toward internal succession policies, boards may look outside when searching for fresh perspectives and thinking, or even contemplating a change in strategy. While Manchester United had been the world’s most valuable soccer club for many years, it fell to second in 2013. Could the appointment of an outside manager mean a change in strategy aimed at regaining the club’s title as the most valuable soccer team in the world?

While Manchester United’s transition process may appear successful, the announcement of Sir Alex Ferguson’s successor did not unfold as planned. There was no “the king is dead, long live the king” announcement; Manchester United announced the impending resignation but waited until the next day to name the future manager. In that short span of time, social media threw a snag in the carefully planned announcement. Prior to officially naming Ferguson’s successor, Manchester United mistakenly tweeted a link to its Facebook page that congratulated the new manager, David Moyes, on his appointment; the tweet and Facebook page were withdrawn within one minute. Moyes had been predicted as the successor, so the ill-timed social media announcement did not receive the same level of attention as other high-profile public company social media announcements. These events surrounding the succession announcement underscore risks posed by social media. In this case, it seems that human error, not a technological glitch, was the source of the problem, reinforcing the fact that while directors’ focus on IT risk is important, they can’t neglect old-fashioned human risk.

In a rare overlap of soccer and governance, Manchester United can provide directors with an example of a high-profile non-CEO succession that has received significant attention worldwide.

Five for Five

May 9th, 2013 | By

In the past five months, the NACD blog has received more than 15,000 views. Review the five most popular blog posts of the last five months to keep track of what directors find most important.

NACD Directorship 2020: Sustainability, Stakeholders, and Performance Metrics – Capitalism, and the role of the director, is changing–should the focus on “total shareholder return” shift to “total stakeholder return”?

Going Private? – In 2012, just 128 IPOs were made, a decrease from 154 IPOs in 2011. Last May, The Economist observed that this decline was part of a larger trend: the decline in popularity of the public company. Based on NACD surveys, see six key differences in the governance practices of public and private companies.

Discussion Topics for Compensation Committees in 2013 – Although numerous rules mandated by Dodd-Frank affecting the compensation committee have been implemented, directors still brace for those to come. As such, it is expected that compensation committees will maintain their focus on executive compensation in the coming year.

Alphabet Soup: A Director’s Guide to Financial Literacy and the ABCs of Accounting and Auditing – Can you keep track of accounting and auditing (A&A) acronyms? This handy guide provides tips for non-CPAs to achieve A&A literacy.

Investors Recommend Board Oversight of Trading Plans – New oversight responsibilities could be in store for directors. Although 10b5-1 trading plans have existed since 2000, a confluence of events has recently placed these plans in the regulatory spotlight.