The entire board relies on the hard work of the audit committee to meet its overall objectives. But audit committees today are faced with the heavy burden of regulatory mandates and growing investor expectations. Workloads are increasing, and they have to oversee more complex areas. Many audit committees are asking whether they have the right approach to meet the demands.
One way to ensure the effectiveness of the audit committee is to have a strong chair. Good leadership and effectiveness go hand in hand, and a strong chair can get the most out of the committee members. By choosing a strong leader for this essential role, your entire board will be able to have greater confidence that the audit committee is on top of the issues.
So what makes a strong audit committee chair? Audit committee chairs need to have experience, healthy skepticism, integrity, and strong communication skills. And to be a truly effective, he or she has to take the time to really work on the committee agenda and make sure meetings run well. They also need to be able to effectively coordinate with other board committees, such as the risk and compensation committees.
Here are six other attributes that I have observed in great audit committee chairs:
Highly experienced: Strong audit committee chairs need to have a good understanding of the business, its risks, and controls. They also know what topics to elevate to the full board, and when to do so.
Professionally skeptical: They’re willing to provide an independent point of view and are intellectually curious. They will look for additional information when they aren’t happy with the answers they get frommanagementand
Possesses integrity and confidence: They promote a strong “tone at the top” for the company and for the committee. They also need to ensure that all elements of the charter are being addressed.
Organized and proactive: They’re able to prioritize the most important items on the agenda. They’re good discussion facilitators and know when to cut off low-value discussions.
Strong communication and interpersonal skills: They provide clear updates of issues to the full board. They’re not afraid to ask difficult questions and have uncomfortable conversations with members of management, service providers, and even other committee members.
Willing to devote the time and energy: Chairing the audit committee requires a big time commitment—agendas are denser, filings are more voluminous, and compliance is more time-consuming. So the chair has to be ready, willing, and able to dedicate the time to the job. Strong chairs take the time to develop the agenda and effectively execute meetings. They also make themselves available to management and other board members. The time commitment of the audit committee chair goes well beyond just the meeting time dedicated to that committee, not to mention meetings of the full board.
Strong audit committee chairs understand that an effective audit committee means more than simply meeting stock exchange composition requirements. They recognize the importance of having a diverse committee made up of members with the right experience, expertise, and both hard and soft skills. They keep the committee refreshed and use the assessment process to ensure that all committee members are functioning effectively.
Having a strong audit committee chair at the helm can help ensure that the audit committee not only keeps up but excels.
Cybersecurity is more than a technological issue—it’s a business issue. In a BoardVision video moderated by Judy Warner—editor-in-chief of NACD Directorship magazine—Mary Ann Cloyd, former leader of PwC’s Center for Board Governance, and Zan M. Vautrinot, former commander of the Air Forces Cyber Command and current director of Symantec, Ecolab, and Parsons Corp., discuss effective cyber-risk oversight, addressing the following questions:
How can boards communicate with management about cyber risk?
How does cyber risk fit into discussions about risk appetite?
Here are some highlights from that conversation.
Judy Warner: For directors, I think one of the greatest challenges around the issue of cyber is how to engage in an informed conversation with management. And how do they become informed about their oversight roles as they relate to cyber?
Zan Vautrinot: One of the things that was absolutely clear about the private sector and corporate leadership is that they understood how to have a discussion about risks and strategy. The only thing different with cyber is that some of the technology and some of the solution sets are slightly different, but the conversation is the same. It is a discussion about a particular kind of risk and how it relates to the kind of business you are [in].
Warner: Mary Ann, from your perspective, how does that conversation take place, or start to take place, at the board level? And is it a conversation for the full board or a specific committee?
Mary Ann Cloyd: I guess I always say it depends. I never want to be so prescriptive as to tell somebody what they need to do because every board and every committee is different. However, I do think that, given the magnitude of how this affects so many businesses, it’s not a technology issue. It’s a business issue. So, with that, where would you oversee any other business issue at your board? And I’m guessing that a lot of it would belong at the full board, with parts of it delegated down to a committee.
Warner: The NACD recently published a handbook on cyber-risk oversight, and one of the discussions is around risk appetite and where does cyber fit into that equation today. And I know, Mary Ann, you have said we need to think of cyber as any other risk.
Cloyd: I think you bring up two interesting things. [I]n fact, we did a small publication [at PwC’s Board Leadership Center] earlier this year, and we called it “Defining Risk Appetite in Plain English.” What prompted it was I had a director come to me and he said, “Mary, we’re doing our off-site strategy session and we always talk about risk appetite. Do you have a good pre-read that I could give to the board so that they can understand what risk appetite means?” So we did this to really put in plain English, in four pages or less, what the dialog is between management and the board, and how you develop and define your risk appetite. And, to me now—as you have so beautifully put this, Suzanne—cyber is just another part of that risk discussion and how it fits into your overall strategy.
Vautrinot: Right. And if you have already had a discussion about your strategy and those things that are most important to you as a corporate entity, is it the data that is unique that you’ve collected—the information and the access to that information—that makes your corporation unique? Is it the technology or your research and development? Is it your insight into financial transaction or merger and acquisition? Is it [about] manufacturing processes or distribution processes?
Every board and every management team knows what is most important to them being successful as a corporation. It is likely that those things are the areas that [the board] would want to focus on with assessing cyber risk. If you look at that area and say this is what is most important to us as a corporation, and this is the technology that we depend on to do that activity, now I can say that is sufficient or it is insufficient relative to the amount of risk I am willing to accept in that area. There may be other areas that aren’t core to the business, and so you are willing to accept a different amount of risk or put different systems in place that kind of sandbox it—[systems] that put a fence around, or that separate or provide different controls to allow [the lower-risk] activity to run more openly, whereas [higher-risk areas are] much more controlled and much more precious.
Understanding the behavior of investors, employees, and consumers is a critical success factor for all companies. This can be difficult for corporate directors, however, as America’s demographics are constantly evolving. At this year’s second Directorship 2020® event, NACD partnered with Broadridge Financial Solutions, KPMG’s Audit Committee Institute (ACI), Marsh & McClennan Cos., and PwC to provide an in-depth look at today’s social and demographic trends and how boards can harness the opportunities these often-disruptive forces create.
In his keynote address, Scott Steinberg, CEO of TechSavvy Global and author of Make Change Work For You, affirmed that change is the “new normal.” He emphasized that companies must constantly innovate in order to survive in today’s volatile business environment. Some companies, such as Apple, Amazon, GE, and Samsung, have maintained their competitive edge by mastering the art of “sustainable innovation.” Steinberg pointed out that these companies foster highly collaborative relationships with their employees, who also represent the company’s customer base. By creating avenues for employees to share their observations on emerging threats and opportunities, these organizations are simultaneously constructing platforms to prototype new business products. These collaborative relationships thus enable management to harness the full range of talents that allow an enterprise to continually adapt and grow.
In the second keynote speech, Paul Taylor, former executive vice president of the Pew Research Center and author of The Next America, focused on two major demographic trends that are happening in the United States. First, the bulk of the country’s population is aging. Older generations have always needed the younger ones to drive the economy; the millennials, however—the youngest generation in today’s workforce—are collectively experiencing great difficulty in launching their careers and remain largely dependent on their forebears. Taylor observed that businesses need to mimic these new domestic norms and similarly nurture and invest in millennials to ensure the success of their firms’ future leaders.
Second, Taylor pointed out that by 2050, immigrants will comprise the largest-ever share of the American population: while 20 percent of Americans were of immigrant descent in 1960, that proportion is projected to climb to 37 percent. Not only will this expand the workforce and brainpower of the American economy, but it will also change the demographic complexity of the country’s consumer base. Furthermore, this modern immigration wave has begun to alter traditional attitudes toward racial and ethnic boundaries. For example, children of immigrants are more likely to marry someone of a different race or ethnicity. These trends are already driving business behavior, as contemporary television commercials clearly demonstrate: in an ad for Coca-Cola, the anthem “America the Beautiful” is sung in several languages; and two recent Cheerios ads featured a multi-racial family.
The presentations and discussion in Atlanta generated three key takeaways for directors:
Assess your corporate culture. Corporate culture can often be a significant roadblock to innovation, and many companies stumble because they fail to periodically rethink their identity. A corporate culture that allows for evolution is, by definition, resilient and adaptable. Regard your employees as a wellspring of innovative ideas, because they have the most direct interaction with your customers. Their insights into evolving consumer demands can, in turn, generate your business’s next game-changing idea. A big challenge for many firms is how to encourage employees to speak up, especially at established companies where a the corporate culture has been in place for some time. (FedEx, for example, has a 40-person team that is charged with driving innovation throughout the entire organization.) By contrast, the smaller size and absence of inhibiting precedents at start-ups enable them to be more adept at mining creative solutions from their entire employee base. Spurring and sustaining innovation is about institutionalizing a love of change within your organization. Create forums through which everyone—from the mailroom to the boardroom—feels free to share ideas.
Make educated bets. A lack of risk tolerance is a major barrier to innovation. For companies that are doing well, staying the course may seem like a safe bet; but as the competitive landscape shifts, this approach will ultimately cause the company to falter Create systems that allow the company to take smart risks. In line with the company’s established risk appetite, it’s acceptable—and expected—that a company will have to weather some level of failure. The board can openly discuss unsuccessful ventures with management, leveraging those experiences as learning opportunities instead of viewing them solely as a misstep.
Embrace diversity of all types. According to the Report of the NACD Blue Ribbon Commission on The Diverse Board:
[A] company’s ability to remain competitive will rely on its understanding of global markets, changing demographics, and customer expectations. Diversity is a business imperative, not just a social issue. The new business landscape will require boards to cast a wider net to find the very best talent available. As a natural corollary, the board’s mix of gender, ethnicity, and experiences will likely increase.
In his speech, Paul Taylor addressed the issue of age diversity specifically. Younger directors with relatively little board experience may be passed over for a directorship because seasoned directors perceive them as lacking the experience and credibility necessary to be effective. However, seeking out non-traditional director candidates (whether that status is determined on the basis of age or other criteria) can be critical to effectively managing a board’s talent pipeline. Established directors have the ability to mentor and develop the next wave of board leadership and, in turn, benefit from the perspectives of new directors who bring varied backgrounds and skill sets into the boardroom.
Look for full coverage of this NACD Directorship 2020 session in the May/June 2015 issue of NACD Directorship magazine.