Recently, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated enterprise risk management (ERM) framework for public exposure and comment. Why is it important for directors to heed and apply these updates to their work? What follows is a summary of five important insights for directors to implement in the boardroom from the revised framework.
1. Identifying risks to the execution of the strategy is not enough. Many organizations focus on identifying risks that might affect the execution of the chosen strategy. The process of identifying these risks is an inherently good exercise. However, COSO asserts that “risks to the strategy” are only one dimension of strategic risk. There are two additional dimensions to applying ERM in strategy setting that can significantly affect an enterprise’s risk profile.
The “possibility of strategy not aligning” with an organization’s mission, vision, and core values, which define what the organization is trying to achieve and how it intends to conduct business. Directors should ensure that the company doesn’t put into play a misaligned strategy that increases the possibility that the organization may run askew of its mission and vision, even if that strategy is successfully executed.
The “implications from the strategy.” COSO states: “When management develops a strategy and works through alternatives with the board, they make decisions on the tradeoffs inherent in the strategy. Each alternative strategy has its own risk profile—these are the implications from the strategy.” When overseeing the strategy-setting process, directors need to consider how the strategy works in tandem with the organization’s risk appetite, and how it will drive behavior across the organization in setting objectives, allocating resources, and making key decisions.
In summary, the updated COSO framework asserts that all three dimensions need to be considered as part of the strategy-setting process. Failure to address all three could result in unintended consequences that lead to missed opportunities or loss of enterprise value.
2. Recognizing and acting on market opportunities and emerging risks on a timely basis is a differentiating skill. COSO asserts that an organization can be viable in the long term only if it is able to anticipate and respond to change—not only to survive, but also to evolve. Enterprise resilience, or the ability to function as an early mover, is an indispensable characteristic in an uncertain business environment. Therefore, corporate strategies must accommodate uncertainty while staying true to the organization’s mission. Organizations need to exhibit traits that drive an effective response to change, including agile decision-making, the ability to respond in a cohesive manner, the adaptive capacity to reorganize, and high levels of trust and collaboration among stakeholders.
3. Strengthening risk governance and culture sets the right tone. Effective risk governance sets the tone for the organization and reinforces the importance of, and establishes oversight responsibilities for, ERM. In this context, culture pertains to ethical values and responsible business behaviors, particularly those reflected in decision-making. COSO asserts that several principles drive the risk governance and culture needed to lay a strong foundation for effective ERM:
fostering effective board risk oversight;
recognizing the risk profile introduced by the operating model;
encouraging risk awareness;
demonstrating commitment to integrity and ethics;
establishing accountability for ERM; and
attracting, developing, and retaining talented individuals.
Whether an organization considers itself risk averse, risk neutral, or risk aggressive, COSO suggests that it should encourage a risk-aware culture. A culture in alignment with COSO’s revised principles is characterized by strong leadership, a participative management style, accountability for actions and results, embedding risk in decision-making processes, and open and positive risk dialogues.
4. Advancing the risk appetite dialogue adds value to the strategy-setting process. The institution’s risk appetite statement is considered during the strategy-setting process, communicated by management, embraced by the board, and integrated across the organization. Risk appetite is shaped by the enterprise’s mission, vision, and core values, and considers its risk profile, risk capacity, risk capability, and maturity, culture, and business context.
To be useful, risk appetite must be driven down from the board and executives into the organization. To that end, COSO defines the “acceptable variation in performance” (sometimes referred to as risk tolerance) as the range of acceptable outcomes related to achieving a specific business objective. While risk appetite is broad, acceptable variation in performance is tactical and operational. Acceptable variation in performance relates risk appetite to specific business objectives and provides measures that can identify when risks to the achievement of those objectives emerge. Operating within acceptable parameters of variation in performance provides management with greater confidence that the entity remains within its risk appetite; in turn, this provides a higher degree of comfort that the entity will achieve its business objectives in a manner consistent with its mission, vision, and core values.
5. Monitoring what really matters is essential to effective ERM. The organization monitors risk management performance and how well the components of ERM function over time, in view of any substantial changes in the external or internal environment. If not considered on a timely basis, change can either create significant performance gaps vis-à-vis competitors or can invalidate the critical assumptions underlying the strategy. Monitoring of substantial changes is built into business processes in the ordinary course of running the business and conducted on a real-time basis. As ERM is integrated across the organization, the embedding of continuous evaluations can systematically assist leadership with identifying process improvements.
Following are some suggested questions that boards may consider, based on the risks inherent in the entity’s operations:
Is the board satisfied that the organization is adaptive to change, and that management is considering the effects of volatility, complexity, and uncertainty in the marketplace when evaluating alternative strategies and executing the current strategy?
Should management consider the principles supporting effective implementation of ERM, as set forth by COSO, to ascertain whether improvements are needed to the enterprise’s risk management capabilities?
Jim DeLoach is managing director with Protiviti, a global consulting firm.
The most powerful names in U.S. business have published guidance on Commonsense Principles of Corporate Governance (Commonsense Principles) to provide a framework to improve corporate governance and make it more long-term–oriented. Warren Buffett of Berkshire Hathaway, Laurence D. Fink of BlackRock, Jamie Dimon of JPMorgan Chase & Co., and others have outlined principles covering nine broad categories of governance issues that, while nonbinding, will likely spark an important dialogue in boardrooms. Eight of the categories have direct and far-reaching implications for boards, while the final group of principles relates to the role asset managers play in the governance arena. What makes this announcement unique is the unified position these leaders have taken behind one set of commonsense principles.
At the National Association of Corporate Directors (NACD), an organization that is advancing exemplary leadership among our community of 17,000 director members, our position is clear: We agree with many of the principles outlined and we can help boards implement effective governance practices. In fact, the Commonsense Principles reinforce the Key Agreed Principles to Strengthen Corporate Governance for U.S. Publicly Traded Companies that we introduced a few years ago.
While recognizing that the principles are not a one-size-fits-all solution, and that practices will likely differ based on size, industry, and specific company, we’ve included a practical list of next steps below that boards can take to implement the principles.
The Case for Improved Governance
Key drivers behind the 50+ nonbinding principles are the decline in the number of publicly traded firms, with many highly performing private companies delaying initial public offerings (IPOs), essentially reducing available investment opportunities; the current lack of trust between shareholders, boards, and management teams; concerns about the dominance of short-termism in the management of companies; and the complexity of current corporate governance rules.
The Commonsense Principles identify several areas for improvement:
Board agendas should include a focus on major strategic issues (including material mergers and acquisitions and major capital commitments) and long-term strategy, ensuring thorough consideration of operational and financial plans, quantitative and qualitative key performance indicators, and assessment of organic and inorganic growth, among other issues. A company should not feel obligated to provide earnings guidance, the business leaders suggest, and should determine whether providing earnings guidance for the company’s shareholders does more harm than good. Companies should frame their required quarterly reporting in the broader context of their articulated strategy and provide an outlook, as appropriate, for trends and metrics that reflect progress (or lack of progress) on long-term goals.
Every board needs a strong leader who is independent of management, the principles emphasize. The board’s independent directors usually are in the best position to evaluate whether the roles of chair and CEO should be separate or combined, and if the board decides on a combined role, it is essential that the board have a strong lead independent director with clearly defined authorities and responsibilities.
Diverse boards make better decisions, so every board should have members with complementary and diverse skills, backgrounds, and experiences. It’s also important to balance the wisdom and judgment that accompany experience and tenure with the need for the fresh thinking and perspectives that new board members can bring.
In financial reporting, the use of Generally Accepted Accounting Principles (GAAP) should not be obscured by the use of non-GAAP metrics.
Action Steps for Directors
You and your board/company may consider taking certain steps:
Review the principles in detail and benchmark your current governance approach against them.
Determine if identified differences are areas ripe for further discussion and possible change.
Engage your largest investors to get their take on the principles and how they plan to use them when assessing corporate governance effectiveness.
NACD Alignment With Commonsense Principles
Below I’ve highlighted just a few examples of how NACD aligns with the most significant principles. I have included links to NACD reports that can help boards make the Commonsense Principles common practice.
Focus on Long-Term Value Creation
The principles advocate for the creation of long-term shareholder value. Our guidance to members over the past several years has skewed unabashedly toward boards prioritizing long-term value creation. In fact, our 2015 Report of the NACD Blue Ribbon Commission on the Board and Long-Term Value Creation emphasizes the need for directors to align short-term goals—and executive compensation—with long-term strategy. The report provides tools and practical recommendations including, among others, the following:
Boards should consider recommending a move away from quarterly earnings guidance in favor of broader guidance parameters tied to long-term performance and strategic objectives.
The board’s CEO selection and evaluation processes should include an assessment of the extent to which he or she can be an effective advocate for the firm’s long-term strategy.
The nominating and governance committee should approach board composition and succession planning with long-term needs in mind, based on the director skills that will be most relevant to the company’s strategy in three, five, or more years.
Role of the Lead Director
The role of the lead independent director emerged as another key area where board effectiveness can improve. We at NACD believe that the lead independent director should spearhead efforts to intensify the board’s efficacy by identifying and addressing weaknesses in process and individual director performance. An effective lead independent director should be able to provide criticism that is both respectful and objective, and be able to ensure every director’s voice is heard. To put it simply, the lead independent director should bring out the very best in the board. Our NACD Blue Ribbon Commission Report on the Effective Lead Director provides practical guidance on how to do that.
Board Composition and Diversity
Public-company boards should have a diverse and complimentary mix of backgrounds, experiences, and skills, according to the Commonsense Principles. While this is an area in which we’ve not seen much movement—aside from a slight increase in gender diversity, with 79 percent of NACD survey respondents reporting they have at least one woman director on their board compared with 77 percent in 2014—our Report of the NACD Blue Ribbon Commission on the Diverse Board: Moving From Interest to Action provides very practical advice and tools, including a board-level discussion guide on diversity, that can help boards make diverse board composition a priority. Additional information can be found in NACD’s Board Diversity Resource Center.
Non-GAAP Financial Metrics
The use of non-GAAP metrics in financial reporting has been widely scrutinized by regulators. Mary Jo White, chair of the U.S. Securities and Exchange Commission, stated last December that non-GAAP metrics deserve “close attention, both to make sure that our current rules are being followed and to ask whether they are sufficiently robust in light of current market practices.” NACD’s Audit Committee Chair Advisory Council, a prestigious group of Fortune 500 committee chairs, met a few months ago to discuss the use of non-GAAP metrics. The council made an important recommendation:
From a governance perspective, audit committees should ensure that there are adequate controls in place to help mitigate the risk of management bias in measuring and reporting non-GAAP measures, and that these controls are frequently assessed.
Our resources and messaging have always been—and will continue to be—shaped by directors who actively contribute to better board-governance practice. As the largest gathering of directors in the United States, NACD’s 2016 Global Board Leaders’ Summit will convene some of the best minds in governance to continue the dialogue on how boards can adopt leading practices. We believe in and strongly support good corporate governance and will continue to provide resources to help directors effectively oversee U.S. businesses. For more information on the governance principles NACD has established, please review our Key Agreed Principles to Strengthen Corporate Governance for U.S. Publicly Traded Companies.
This is the first of a three-part series looking at the global economy and uncertainty in 2016. In our next post, we will focus on geopolitics and its implications for business strategy and decision making.
The United Kingdom’s vote on June 23 to leave the European Union highlights the uncertainty and volatility that companies face this year. (See my “Why Brexit Really Matters” article in Forbes.) Indeed, the sharp fall in global equities and currency markets on June 24 accentuates the rude awakening. But should the investment and business communities have been surprised? Most polling in the run-up to the vote suggested the leave campaign could prevail. Companies are now scrambling to implement their contingency plans…or to create them. Currency shifts will be the most immediate shock to manage.
According to NACD members, the greatest concern they foresee in 2016 is the global economic slowdown and how this will affect their company. This issue outranks other concerns, such as the changing industry landscape or cybersecurity. When looking at the board’s activities, NACD members say that the most important area for improvement is the board’s ability to test management assumptions underlying corporate strategy.
The Brexit vote highlights the strategic challenges directors face in today’s volatile world: How can directors make sense of increasingly uncertain economic conditions and what can they do to pressure test the validity of management’s assumptions about future growth?
A slow-growth world
Companies are facing strong headwinds in a slow-growth world. In April, the International Monetary Fund (IMF) downgraded its outlook for global growth this year to 3.2 percent—barring any system shocks. This is about the same rate as last year. The IMF downgraded the outlook for most major economies as well (see chart).
In June, the Organisation for Economic Co-operation and Development (OECD) fretted that the global economy is “stuck in a low-growth trap.” Shortly thereafter, the World Bank issued a more negative forecast, saying global growth would come in at only 2.4 percent this year, down substantially from the 2.9 percent pace it had projected just several months before.
Of significance, there are few positive country narratives. The United States is a relatively bright spot, with the IMF expecting 2.4 percent U.S. growth in 2016—the same as last year, but lower than the IMF had forecast in October 2015. The Business Roundtable recently downgraded their expectations for U.S. growth from 2.2 percent to 2.1 percent, based on concerns over impediments to trade and immigration. And, as most Americans feel, U.S. growth is neither robust nor equally enjoyed.
Europe looked like it might have been turning the corner: Business and consumer sentiment had improved, productivity had increased, and GDP growth strengthened significantly. But growth across the eurozone in 2016 is expected to come in at just 1.4–1.6 percent—barring a sustained Brexit shock.
Over the past decade or so, many companies have globalized and bet heavily on emerging markets (EMs)—sometimes dubbed “rapid growth markets.” This strategy could be easily justified by management when EM growth rates consistently outstripped those of the United States and Europe by five percentage points or more.
But these markets have been underperforming in recent years and their outlook has been consistently downgraded. This year, the World Bank expects emerging markets to grow by just 3.5 percent—about two percentage points below their average growth over the past decade.
Moreover, EM performance will continue to be uneven and uncertain thanks to poor governance—as exemplified by a massive corruption crisis that has gripped Brazil’s business and political communities. India continues to be a top performer at 7.5 percent growth, but the reform-oriented government there has made little headway tackling the myriad of bureaucratic impediments to investing and doing business there.
And while China is still doing relatively well—with its growth expected to be in the 6.5–7.0 percent range this year—this performance has come thanks to renewed stimulus and the expansion of debt, which raises more questions about the sustainability of China’s trajectory. At the same time, Western companies conducting business in China are facing increasing political and regulatory headwinds, not to mention a much more competitive business environment.
An uncertain outlook
Not only are we in a slow-growth world but we are also in an era of significant uncertainty about the future. The IMF in April described global economic activity as “increasingly fragile” and the World Bank warned in June that “the balance of risks to global growth forecasts has tilted further to the downside.”
Uncertainty is rooted in the fact that traditional cyclical drivers such as business capital investment and consumer spending seem to have lost their oomph. In short, in our chronically slow-growth world, businesses don’t want to invest and consumers don’t want to spend. Moreover, productivity, profits, wages, and trade growth are stagnant as well, and many economists believe that income inequality is exacerbating the slow-growth problem.
On top of this, the growing influence of geopolitical risks—the Brexit vote, the upcoming U.S. presidential election, refugee migration, and China—are adding new and hard-to-quantify variables to the outlook.
Given this context, the severe market volatility seen during the summer of 2015 and in January 2016 points to profound uncertainties about the future and to how easily perceptions and the markets can get shaken in our slow-growth world. A resurgence of sustained global market volatility triggered by the Brexit vote has the potential to derail global growth.
Pressure test management’s assumptions
In this uncertain and volatile world, directors should be testing management’s assumptions about growth—now and in the future.
Start by confirming the baseline: Does management’s view of macroeconomic growth for 2016 in the company’s key markets align with the market consensus?
Get your own perspective. As noted above, we rely on the views of multilateral organizations—such as the IMF, World Bank, and OECD—for a global perspective. Their economic outlooks are easily accessible and widely viewed as a reputable baseline around which to test assumptions.
The OECD has put together a handy one-page summary chart focused on advanced economies that a director can take to a board meeting as a reference. The World Bank has an easy-to-navigate website for exploring regional and country economic outlooks. Central banks also are a good source of country-level data.
Ask questions about management’s assumptions:
What data sources does management rely on?
Does management’s view differ materially from what others are saying?
What assumptions support a divergent outlook?
How does management account for political risks?
Next, test management’s view of the future. Economists have had to significantly downgrade their expectations of U.S. and global growth and the economic headwinds are not expected to diminish over the next several years.
Has management adjusted its growth projections downwards as well?
What is management’s two- to three-year view of China and other emerging markets?
Do the company’s plans reflect a slow-growth environment going forward?
Given widespread uncertainty and the risk of volatility, management should be able to present a range of alternative market scenarios.
Does management have an economic disruption scenario?
How has management sought to make the company more resilient to the uncertainty and volatility in the global market?
Many directors we have spoken with have highlighted the challenge of managing near-term foreign exchange risks.
What steps has the company taken to hedge against swings in key currencies?
If management says the company is going to significantly outperform its peers or the macro economy—especially in emerging markets—that is a yellow flag that should signal you to dig deeper and ask more questions.
NACD’s Global Board Leaders’ Summit in September, themed around the issue of convergence, will have dedicated sessions on global economic and political disruption, featuring subject-matter experts and seasoned directors.