Posts Tagged ‘Risk Management’

In Conversation with Dona Young and Carolyn Miles

October 12th, 2014 | By

The differences between nonprofit and corporate governance are few and far between when the nonprofit in question has a budget of almost $700 million and operations in more than 120 different countries. But when you are a nonprofit of this size, what should the board’s expectations of management be—and vice versa? Carolyn Miles, president and CEO of Save the Children, and Dona Young, who is a director on the Save the Children board, spoke with NACD Senior Advisor Jeffrey M. Cunningham about how directors can navigate the perils and opportunities of operating around the globe while fostering a top-notch organizational culture.

One of the problems of working in the nonprofit space is controversial topics—for example, immigration, an issue that came to a head with the recent influx of children crossing the U.S. border. For Miles, Save the Children didn’t adopt the attitude of choosing sides, but rather, they chose children. With that mindset, the organization was able to push beyond the immigration debate and focus on the issue of taking care of kids and ensuring their basic human rights. It’s a position that drew criticism but doing otherwise would have been a disservice to the company’s mission.

Both Miles and Young drove home the importance of bringing into the boardroom what’s going on in the field. Young emphasized the need of having a CEO who is continuously communicative with the board. Miles explained a practice she has used of bringing people who are working in the field to attend boardroom meetings and explain their needs to directors. Those lines of communication better inform the board and is a boon to helping the board helping the company accomplish its mission.

Miles also explained how Save the Children’s directors venture out to experience the work that their organization is doing, what she believes is a critical practice. Save the Children’s directors have been to the places that are the toughest—Afghanistan, Liberia, and Iraq. On a recent trip to Liberia, Miles was confronted with about 4,000 cases of Ebola in Liberia, which has created about 2,000 orphans. As a result, Save the Children wanted to consider sending aid, even though the issue at hand was out of the company’s traditional scope.

“We vet the issues together as a board,” Young said. “At the core of our mission, we have to assume risk.” She offered the following process of evaluating resources to ensure that the company can address a certain area of risk.

  • Identify each component of that risk.
  • Identify how each component is to be addressed.
  • Evaluate if the board has the skill sets to attack the issue at hand.

These are tactics that are as relevant for Save the Children as they are for a company such as IBM. Although the traditional scope of Save the Children’s activity did not lie within epidemic disease control, they did, however, know a lot of the pieces of how to assist (e.g., setting up hospital), and the company was able to respond to the Ebola crisis in the ways that it could and in a fashion that was true to its core mission.

Miles also discussed the importance of metrics. From her perspective, it is critical for nonprofits to focus on metrics and not just the “greater good of the cause.” If a company is able to produce palpable results, people who bankroll the organization look to their contributions not as a donation, but as an investment. Young added the importance of the board’s role as a steward of those funds, and the need for discipline and process—if that is not in place, there’s no way company is achieving its goals.

How Boards Can Proactively Oversee Strategy and Risk

May 15th, 2014 | By

The 2013-2014 NACD Public Company Governance Survey found that strategic planning and oversight ranked as the number one issue for directors. While risk oversight came in at number 3, Paula Cholmondeley—who serves on the boards of Terex and Dentsply International Inc.—finds it curious that risk doesn’t follow strategy as the number 2 priority because these issues are part and parcel of each other.

During a May 6 panel discussion at the C-Suite to Board Seat program at the Four Seasons Hotel in Washington, D.C., Cholmondeley and fellow panelist Greg Pratt offered their perspectives on the board’s role in overseeing strategy and risk. Cholmondeley emphasized that strategic thinking is where directors add the most value to a company. Furthermore, boardroom discussions surrounding strategy should be viewed on an ongoing basis—not as a single event. Chairman of Carpenter Technology Group and director of Tredegar Corp., Pratt went on to  compare strategy to a GPS system:  A tool that tells you where you are, where you want to go, and the possible ways to reach that destination. According to Pratt, directors have a responsibility to use strategic discussions and planning to decide which route is best for the business.

THREE KEY TAKEAWAYS FOR OVERSEEING STRATEGY

1. Educate yourself—and others. This is especially important for directors serving on boards in industries in which they do not have prior experience. Reading industry publications, attending relevant conferences, and getting exposure to as many sources of industry information possible can help directors enrich board discussions. Similarly, directors should ensure that the strategic goals are well-known throughout the company. This could include requesting that the CEO meet with staff so that goals are communicated to the lower levels of the company.

2. Set reasonable benchmarks. Directors should consider the critical assumptions underpinning the strategic plan. For example, how much progress is the company expected to make in the course of a month? Evaluate whether those benchmarks are reasonable for your company by consulting regional or national industry sources as well as third-party sources.

3. Monitor the course and evolve the strategy. The board should consistently review corporate performance with respect to the strategy, and alter course when necessary. Boardroom culture should support open discussions with the c-suite—and management should feel free to report to the board areas where the strategy may or may not be working. As a company reacts to different economic environments, the board needs to be able to evaluate which initiatives worked, which initiative work over a period of time because they are key to your business.

THREE KEY TAKEAWAYS FOR MANAGING RISK

As stated in the 2009 Report on the NACD Blue Ribbon Commission on Risk Governance: Balancing Risk and Reward, “Every business model, business strategy, and business decision involves risk.” Risk may bring doubt, but it is the board’s role to work with management to find a balance between the costs and benefits of a strategic plan.

1. Get the committees involved. While ultimate responsibility for governing risk lies at the board level, the board can look to committees for support. In publically-traded companies, the audit committee has traditionally assumed the responsibility of risk oversight.  A growing trend, however, is to delegate specific risks to various standing committees. The board can also create new committees that manage the emerging facets of risk, such as keeping the board abreast of new sources of competition.

2. Work with management to assess risk. Open communication between management and the board is critical, especially because the C-suite is likely to be the first to see that a strategy is not working. Directors should learn how risk discussions take place within the various departments and business lines, and establish multiple avenues through which directors can work with management.

3. Be aware of the risks around the corner. The board should constantly review potential non-traditional sources of competition, for example, Amazon’s move to enter the dental distribution market.  Likewise, a company should work to make itself obsolete—best itself at its own game before the competition—and then create a strategy that will again put the company on the cutting edge of its industry.

NACD will continue to discuss these issues throughout 2014. Our Directorship 2020 events explore the disruptive forces that create new challenges in the boardroom and our forthcoming 2014 Blue Ribbon Commission Report will address the board’s role in recalibrating strategy. The topic will also be discussed at the next C-Suite to Board Seat in Beverly Hills, CA.

Cybersecurity – Improvements Needed in the Boardroom

January 30th, 2014 | By

Cybersecurity is undoubtedly a critical aspect of board oversight, but an overwhelming majority of directors rate their and their board’s knowledge of IT risk as “in need of improvement.” More than three quarters of directors believe their personal IT knowledge could use a boost and nearly 90 percent believe the same of their board’s IT knowledge. A lack of cyber knowledge at the board level can lead to overreliance on C-suite experts and difficulty by directors in judging an appropriate level of involvement.

Recognizing the disconnect between the need for effective cybersecurity oversight and the boardroom’s lack of IT acumen, NACD, supported by Protiviti and Dentons, convened three roundtable discussions, bringing together directors, executives, and experts in the field of cybersecurity. These meetings provided insight into the numerous and significant risks presented by cybersecurity, while experts pinpointed deficiencies in board responses to threats and possible solutions. Key statements from participants prompted NACD, Protiviti, and Dentons to address issues demanding director attention and action:

  • Boardroom cyber literacy: “Cyber literacy can be considered similar to financial literacy. Not everyone on the board is an auditor, but everyone should be able to read a financial statement and understand the financial language of business.”
  • Identifying high-value information targets: “Do not just harden the perimeter, because hackers will get in. Accept that they can get in, and then design the strategy with the assumption they are already ‘inside.’”
  • Formulating detection and response plans: “When your company is hacked, do not start spending money like a drunken sailor.”
  • The human factor: “People are the constant weakness. Cybersecurity is a human issue. Often the biggest problems are caused by an inadvertent actor.”

Cybersecurity: Boardroom Implications contains information on these issues and more, including questions directors can ask when planning for a breach and when a breach is discovered. Click here for your complimentary copy of the report.