Posts Tagged ‘Risk Management’

Cybersecurity – Improvements Needed in the Boardroom

January 30th, 2014 | By

Cybersecurity is undoubtedly a critical aspect of board oversight, but an overwhelming majority of directors rate their and their board’s knowledge of IT risk as “in need of improvement.” More than three quarters of directors believe their personal IT knowledge could use a boost and nearly 90 percent believe the same of their board’s IT knowledge. A lack of cyber knowledge at the board level can lead to overreliance on C-suite experts and difficulty by directors in judging an appropriate level of involvement.

Recognizing the disconnect between the need for effective cybersecurity oversight and the boardroom’s lack of IT acumen, NACD, supported by Protiviti and Dentons, convened three roundtable discussions, bringing together directors, executives, and experts in the field of cybersecurity. These meetings provided insight into the numerous and significant risks presented by cybersecurity, while experts pinpointed deficiencies in board responses to threats and possible solutions. Key statements from participants prompted NACD, Protiviti, and Dentons to address issues demanding director attention and action:

  • Boardroom cyber literacy: “Cyber literacy can be considered similar to financial literacy. Not everyone on the board is an auditor, but everyone should be able to read a financial statement and understand the financial language of business.”
  • Identifying high-value information targets: “Do not just harden the perimeter, because hackers will get in. Accept that they can get in, and then design the strategy with the assumption they are already ‘inside.’”
  • Formulating detection and response plans: “When your company is hacked, do not start spending money like a drunken sailor.”
  • The human factor: “People are the constant weakness. Cybersecurity is a human issue. Often the biggest problems are caused by an inadvertent actor.”

Cybersecurity: Boardroom Implications contains information on these issues and more, including questions directors can ask when planning for a breach and when a breach is discovered. Click here for your complimentary copy of the report.

Should Directors Be Thankful for Dodd-Frank?

May 20th, 2011 | By

As summer nears, directors may have a brief respite from the frenzied proxy season following new financial regulations. However, the rest of the governance community kicks into gear, pushing to digest and summarize the past months. For example, this week on Fortune.com, a contributing post titled “Why corporate directors should thank Dodd and Frank,” examines proxy advisory firm recommendations and director reelections from this season. According to the article:

“The results so far just go to show that the consequences of reform legislation like the Dodd Frank bill can actually go in favor of corporate leaders rather than against them.”

The article praises the Dodd-Frank governance reforms, pinpointing the legislation as the impetus for a decrease in “no” recommendations from Institutional Shareholder Services (ISS). In 2011, ISS voted against 7% of Russell 3000 directors, down from 13% in 2010. Additionally, just seven directors failed to win majority support for reelection, a significant decrease from 107 in 2010.

While this decline is significant, the Dodd-Frank Act brought several additional provisions that the article did not address. As is often the case with legislative governance reforms, these provisions may bring unintended consequences that the boardroom is forced to accept. Although proxy access is still under judicial review, it has the potential to disrupt boardroom composition.

Establishing a boardroom with the “right” directors—those who bring the specific skill sets the board needs strategically and who also function effectively with constructive skepticism—requires a significant effort. This effort is a key responsibility of the board’s independent nominating/governance committee, which seeks to align board composition with the company’s long-term strategy. Directors nominated by shareholder groups, and not the nominating/governance committee may or may not have the experience needed.

The proposed Dodd-Frank whistleblower bounty program has also been subject to boardroom criticism. As NACD president and CEO Ken Daly testified to a House Financial Services Subcommittee last week, implementation of this program should be delayed for modifications. By providing financial incentives to whistleblowers for reporting directly to the Securities and Exchange Commission (SEC), the new bounty program could potentially harm the internal compliance channels required under Sarbanes-Oxley.

Despite boardroom apprehension leading into this year’s proxy season, the season has been relatively uneventful. In addition to the increased support for director reelection, Towers Watson reports that 90% of votes cast have supported companies’ say-on-pay proposals. However, these issues are just the tip of the iceberg, and it’s far too early to determine whether directors should be thankful for the Dodd-Frank legislation.

Hu, Valukas, and Markopolos on Corporate Governance

November 10th, 2010 | By

As the country emerges from the worst financial downturn since the Great Depression, directors, executives and other corporate governance experts gathered to honor the 100 most influential players in the boardroom and analyze recent mistakes and how they can be avoided at the NACD Directorship 100 Forum held Monday and Tuesday in New York City. The 100 honorees were commended at a dinner Monday night in a keynote address by Henry Hu, director of the SEC’s Division of Risk, Strategy and Financial Innovation.

Hu presented his “decoupling” concept, and explained how it relates to boards’ current challenges, especially as directors face the new Dodd-Frank Act. He pointed to the Act as the “most comprehensive change in generations… representing a new era for corporations and boards that introduces new challenges and new opportunities. It is important to get the balance between corporate governance and financial innovation right.”

The Forum’s second day featured Anton Valukas, court-appointed examiner in the Lehman Brothers’ bankruptcy, explaining the actions that the Lehman board could have taken to better prepare for the company’s failure. While Valukas does not believe that failure was preventable, he did explain that, had the board asked more important questions, the fall would have had less severe of an impact on the U.S. economy. 
“In this case,” said Valukas, “one word would have made the difference: transparency.” (read Valukas’ full report here)

Also featured was Harry Markopolos, author of No One Would Listen, which details his ten-year-long investigation of Bernie Madoff’s Ponzi scheme, the largest in history.  Markopolos took a firm tone with the directors of the room, imploring them to “use your experts and don’t take numbers from management, for the sake of your shareholders and stakeholders. That’s your job.”