Future Students, Alumni & Visitors


This blog is intended to be a governance resource and source of current governance commentary, offered by a corporate governance academic engaged in research, teaching and other ongoing academic activities. There is a very public element to the governance field, and it is hoped that this blog will contribute to the public discussion of current governance issues. It is also hoped that it will address a need in the governance field by presenting a holistic online approach to the topic. There is a rapid rate of change in the field of governance (public, private, government and not-for-profit entities) and developments in internet technology move swiftly. This governance blog offers resources for a broad variety of stakeholders including: [...more]




What are some best governance practices of award-winning companies?

 

Photo tweeted by @tyfrancis

Photo tweeted by @tyfrancis

I recently served on a governance awards judging panel assembled by the Canadian Society of Corporate Secretaries (CSCS). Winners of the awards were announced at this organization’s annual conference in Halifax last month. I participated in a plenary discussion to discuss some of the winning practices, and governance generally.

Here are the six award-winning companies, the categories under which they won, and their governance practices and results that they have that are, in my view, exemplary, in no particular order:

Shoppers Drug Mart – Best practices in managing boardroom diversity

  • Five out of eleven Directors are female, with two of three women Committee Chairs;
  • Continuous review of a robust director competency matrix, including focusing on board dynamics and decision-making;
  • Detailed director recruiting using precise director profile output resulting from the competency matrix assessment;
  • Board does not require CEO experience, and Board recruits and appoints first-time Directors;
  • Prospective Directors includes individuals not previously known to incumbent Directors;
  • Rigorous director interviews, including assessing capacity for constructive challenge, and comprehensive, tailored onboarding process; and
  • Limits on board tenure, over-boarding and interlocks.

Bank of Montreal – Best use of technology in governance, risk and compliance

  • Board portal with encrypted materials on a secure intranet site, secure email, user friendly interface, paperless iPad, and separate Director education iPad App;
  • Global entity records and management systems, with searchability, real time accuracy and updates, customization, validation, aggregation, and comprehensive, enterprise-wide compliance monitoring and reporting;
  • Investor relations alerts, conference calls and audio webcasts;
  • Ethics, legal and compliance: interactive, tailored, training annually for select employees, and suppliers, with user guide and follow-up;
  • Specialized regulatory training for senior management, all other employees, to educate, train, strengthen risk culture, using internal website, mandatory readings and eLearning;
  • Online governance and director assessment by the Board;

BCE – Best overall governance

  • Individual annual director elections, majority voting, independent Chair, advisory vote on executive compensation, and director interlock and tenure guidelines;
  • Internal audit and Risk Manager Officer report directly to Audit Committee Chair;
  • Electronic voting at annual shareholder meetings;
  • Comprehensive ethics program, focus on audit independence, and whistle-blowing policy;
  • Full written governance mandates, board leader position descriptions, education, orientation, and comprehensive board evaluation process and governance disclosure;
  • Focus on director competencies, geography and performance;

Tarion Warranty Corporation – Best approach to board and committee support

  • Annual work plan, consent agendas, skills matrix, terms of reference, position descriptions, and board portal;
  • Third party governance review, including peer to peer review of Directors;
  • Term limits for Board Chair and Directors, and guideline limits for Committee Chairs;
  • Six Directors with board certification;
  • Balanced score card and key performance indicators (KPIs) for company and CEO performance;
  • KPIs presented to Board at each meeting in dashboard format, and reviewed in depth by Audit Committee;
  • Stakeholder relations department to enhance focus on stakeholder satisfaction, engagement and communication;

Canada Council for the Arts – Best shareholder / stakeholder engagement

  • Highly consultative culture and stakeholder engagement, exemplary annual reporting, rotating meetings geographically;
  • Strategic engagement (financial and non-financial), outreach, dialogue, surveys, consultation sessions and workgroups, with comprehensive, exemplary written shareholder and other stakeholder reporting, follow-up, and use of social media;
  • Direct Board contact with artists, arts community, partners, leaders and other stakeholders;
  • Directors as ambassadors at stakeholder outreach events, nationally and internationally;

TELUS Corporation – Best sustainability, ethics and environmental governance program

  • Board and Committee leadership to monitor corporate social responsibility (CSR), including environmental policies, enterprise energy strategy, ethics policy, whistleblower policy;
  • Employee, environment and community engagement, culture and performance (numerous examples and leadership);
  • Governance Reporting Initiative reporting on CSR performance since 2000, third party reporting verification, stakeholder solicitation, and CSR reporting recognition;
  • Environment management system since mid-1990s, carbon footprint reporting early adopter, and alignment goal of ISO 14001:2004 compliant by 2014;
  • CSR metrics integrated into strategic planning, and CEO and other executive performance objectives; and
  • Supplier code of conduct in 2011 for business partner adherence.

It was an honor to serve on this judging panel and the above Canadian companies should be celebrated – as well as their Directors – for setting the ever-rising bar for effective corporate governance.

Save and Share
  • Print
  • PDF
  • email
  • LinkedIn
  • Twitter
  • Facebook
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Add to favorites
  • RSS

Getting More Women on Canadian Boards, Part 1

The Ontario Securities Commission (OSC) should be congratulated for addressing gender diversity last week. Other than Quebec, the addressing of boardroom and senior management diversity (beyond gender) has been long overdue in Canada.

However, the central thrust of the proposal is a “policy” that listed companies may – or may not – draft; and that listed companies may – or may not – disclose. Measureable objectives within the policy may – or may not – occur. These requirements are very wishy-washy. This is an overly tempered, passive and permissive approach.

The OSC’s approach was said to be modeled off of the Australian one, but it was not in several dimensions, as I read things. The Australian approach actually defined diversity, which goes beyond women, and holds companies responsible for setting measureable objectives and reporting specific progress against their achievement. There are several content suggestions Australia provided as well. The UK’s approach to diversity is also stronger than the OSC’s, as are several countries in Europe.

A “policy” approach with insufficient guidance is unwise. The Americans adopted this approach with regard to diversity and it has been an abject failure. Clever lawyers can craft well sounding polices that are so general that it is virtually impossible not to comply with them. I remember one case where a NYSE company lawyer (a white male) actually tried to convince me that eleven all-white-male directors were, indeed, diverse because all the men had a diversity of “perspective” and “opinion.” This is what happens when regulators are passive or complacent.

This is part of a larger issue with the OSC, and that is inadequate articulation of principles and practices within its overall corporate governance framework. Other than disclosure, here, which is in turn modeled off of guidelines for publicly-listed companies, the actual guidelines are a mere four pages. They have not been updated since the financial crisis and are outdated, originally drafted in 2004 and approved in 2005.

For example, the approach to risk management within this National Policy is only two lines. (See 3.4 (b) and (c) here.) This hardly captures what has happened in the field of risk governance best practice since 2008. I advised a company last week that had a massive risk management failure and the word “risk” is not even mentioned in the vast majority of its governance terms of reference documents. This is hardly surprising given the OSC’s approach to risk itself.

The superficial approach to strategic planning and value creation is similar (See 3.4 (b) here.) A TSX board must simply “adopt” a strategic planning process [what exactly is a “strategic planning process”?], and approve a strategic plan once a year that takes into account the risks of the business. It is hardly surprising that strategy gets short shrift in many boards, my research suggests.

Without guidance, any policy, approach, or plan, or even a director “competency” can mean whatever the drafter [usually management or an advisor beholden to them] wants it to mean. This is precisely where blockage, entrenchment, and ultimately decision-making failure can and does occur.

What the OSC should instead do is move towards a comprehensive framework of governance (i) principles and (ii) practices that achieve the objectives of the principles, which other jurisdictions use. A series of succinct almost binary guidelines is simply inadequate and naive. Other jurisdictions, such as the UK, South Africa and EU have far more comprehensive principle and practice approaches, which guide companies when they comply or explain. A set of recommended practices, when it comes to diversity for example, can be pointed to by progressive directors or investors. And it is not an excuse that comprehensive principles and practices cannot be crafted because of the variety of Canadian companies. South Africa has just as great a variety of companies, and its King III Code, which is one of the most comprehensive in the world, applies to all types of companies, including: listed, private, not profit and state owned. Principles and practices is a drafting exercise and require work.

Without principles and practices, other initiatives such as diversity are bootstrapped onto inadequate guidelines.

Take individual competencies and skills of directors for example, which relate to diversity. TSX companies should recruit directors on the basis of “competencies” and “skills” (see sections 3.12 – 3.14 here), but nowhere are “competencies” or “skills” defined, nor are examples of competencies or specific expertise suggested. Other Canadian regulators (including ones I have advised) are more specific in articulating what expertise directors are expected to possess, offering comprehensive frameworks and practices, including for risk management.

Otherwise, a company is free to draft fluffy guidelines, policies, charters, and so on, that are largely public relations exercises or designed to keep the power with management, rather than designed to advance the spirit of what the regulator intended. They ultimately have limited force or effect. They are designed to protect and forestall. Many of the companies I research who have failed have similar fluffy policies. Retained management lawyers perpetuate this with cut and paste precedent exercises spread amongst their clients.

Without sufficient guidance provided by a regulator, short bios occur; or it is simply stated that a director possesses a given competency, without articulating how and when the competency was acquired. What happens here is that women are short-shrifted as they are alleged not to have the experience or the qualifications when they may or do. Second, guidance can be offered on how directors should come to be selected for membership, including interviews, short-lists, advertisements and so on, as other jurisdictions are doing.

In my next blog, I will outline specific defects of the above OSC’s proposed policy, in accordance with best practices other jurisdictions have adopted.

Save and Share
  • Print
  • PDF
  • email
  • LinkedIn
  • Twitter
  • Facebook
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Add to favorites
  • RSS

I am pleased to be asked to assist the National Association of Corporate Directors in a social media pod at their annual Board Leadership Conference, October 11-13, to expose directors in a more in-depth and hands on way to social media (forthcoming).

I am asssiting the NACD by gathering potential readings for issue identification, etc., from my library and online, and specifically seeing things from a governance and board perspective.

Here is a listing:

July 21, 2013, updated July 29, 2013

Richard Leblanc

Associate Professor, Law, Governance & Ethics, York University

Prof Dr Richard W Leblanc

York University

4700 Keele Street

Toronto, CANADA M6S 1P3

Webpage: http://www.yorku.ca/rleblanc

Dr. Leblanc prepared this list of readings and potential issues/trends below, on IT related topics

Board’s role in Social Media “listening”

Lead or be left behind: A chairman’s perspective on social media

http://www.deloitte.com/assets/Dcom-UnitedStates/Local%20Assets/Documents/us_chairman_LeadorLeftBehind_042213.pdf

What Do Corporate Directors and Senior Managers Know about Social Media?

http://www.gsb.stanford.edu/sites/default/files/documents/TCB_DN-V4N20-12.Social_Media.pdf

50 Top Tools for Social Media Monitoring, Analytics, and Management

http://socialmediatoday.com/node/1458746

Social Media and the Board: Why #Hashtags Matter to Directors

http://business-ethics.com/2012/04/12/1642-social-media-and-the-board-why-hashtags-should-matter-to-directors/

Seven Steps for Board Success in the Facebook Age

http://knowledge.wharton.upenn.edu/article.cfm?articleid=2940

Cameras May Open Up the Board Room to Hackers

http://www.nytimes.com/2012/01/23/technology/flaws-in-videoconferencing-systems-put-boardrooms-at-risk.html?_r=0

Nonprofit Boards and the iPad: a Good Fit?

http://nonprofit.about.com/od/boardquestions/a/Nonprofit-Boards-And-The-Ipad-A-Good-Fit.htm

Potential Issues/Trends

  • Lack of direct digital media management experience for some/many directors, even incumbent CEOs / SMT (senior management team);
  • Psychological / comfort issues as well, but this is changing as boards are going paperless (tablets, portals, etc.) and there is pressure on laggarts;
  • Concerns with Reg FD and equal treatment of investors: directors more comfortable listening;
  • Directors are listening and reading, and this should not be misunderstood for lack of appreciation or passivity: there is high awareness among good boards and directors, which usage statistics above may not reflect;

 

Social Media and Reputational Risk

Reputation Risk: A Corporate Governance Perspective

http://processunity.com/cms/wp-content/uploads/2012/05/Reputation-Risk-Conference-Board.pdf

Director: Reputations at Risk

http://www.director.co.uk/magazine/2010/6_June/social_media_63_10.html

Ten Keys to Manage Reputation Risk

http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/xsp/.ibmmodres/domino/OpenAttachment/KnowledgeLeader/Content.nsf/C3C1BFD887594D4B88257B58006610E6/body/The%20Bulletin,%20Issue%202,%20Volume%20V%20–%20Ten%20Keys%20to%20Managing%20Reputation%20Risk.pdf

Virtual world, real risks: When social media becomes a liability

http://www.grant-thornton.co.uk/PageFiles/3572/Virtual%20World_Real%20Risk.pdf

Reputational Risks & The Role Of Social Media

http://www.youtube.com/watch?v=qoTtmRgDThs

Social Media Said to Present Significant Reputational Risks

http://www.marketingcharts.com/wp/direct/social-media-said-to-present-significant-reputational-risks-22952/

Three Steps Towards Managing Reputational Risk

http://deloitte.wsj.com/riskandcompliance/2013/04/25/three-steps-toward-managing-reputational-risk/

The Board, Social Media and Liabilities

http://www.mediabadger.com/2012/12/the-board-social-media-and-liabilities/

Reputation risk management on the rise

http://www.camagazine.com/reputationrisk/

Social media reputation damage high on risk managers’ list of concerns

http://www.ferma.eu/2011/10/social-media-reputation-damage-high-on-risk-managers-list-of-concerns/

The Risks of Social Media: Self-Inflicted Reputation Damage

http://www.riskmanagementmonitor.com/the-risks-of-social-media-self-inflicted-reputation-damage/

Potential Issues/Trends

  • Speed, inter-connectedness and unpredictability of transmission;
  • Personal vs executive vs corporate reputations now merging;
  • Design and implementation of internal controls, balanced with communication and opportunity;
  • SM was junior position at outset, but now best practice is senior management oversight or member ownership;
  • Crisis planning involves digital stress testing and response plans in advance; mock runs also;
  • Reputation online background checks for directors, management, employees now; good firms will do regular reviews of current members;
  • Online analytics part of information flow to good SMTs and boards;

 

Integrating Social Media into overall strategy/questions the board should be asking management

Why boards need to adopt social media

http://blogs.reuters.com/lucy-marcus/2012/03/22/why-boards-need-to-adopt-social-media/

What Directors Think About Social Media

https://www.boardmember.com/MagazineArticle_Details.aspx?id=9128

Boards remain uneasy about social media, says women’s directors group

http://www.corporatesecretary.com/articles/technology-social-media/12487/boards-remain-uneasy-about-social-media-says-womens-directors-group/

Directors and IT: What works best?™

http://www.pwc.com/en_US/us/corporate-governance/publications/directors-and-it/assets/pwc-it-for-corporate-directors-full-report.pdf

Social Media – questions for directors to ask

http://www.cica.ca/focus-on-practice-areas/governance-strategy-and-risk/directors-series/director-alerts/item63118.pdf

20 Questions Directors Should Ask about Information Technology Security

http://www.cica.ca/focus-on-practice-areas/information-technology/publications/item46763.pdf

SOCIAL MEDIA: What Boards Need to Know

http://www.weil.com/files/upload/May2012_Opinion.pdf

Elevating technology on the boardroom agenda

http://www.mckinsey.com/insights/business_technology/elevating_technology_on_the_boardroom_agenda

10 Questions You Should Ask Your Social Media Expert, Guru or Wizard

http://www.socmedsean.com/10-questions-you-should-ask-your-social-media-expert-guru-or-wizard/

52 Questions To Ask When Hiring A Social Media Company

http://outspokenmedia.com/social-media/quesitons-hiring-a-social-media-company/

The Key to Social Media Success Within Organizations

http://sloanreview.mit.edu/article/the-key-to-social-media-success-within-organizations/

The Board’s Responsibility for Information Technology Governance

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1947283

MONITORING RISKS BEFORE THEY GO VIRAL:
IS IT TIME FOR THE BOARD TO EMBRACE SOCIAL MEDIA?

http://www.gsb.stanford.edu/sites/default/files/research/documents/CGRP25%20-%20Social%20Media.pdf

Privacy and Boards of Directors:; What You Don’t Know Can Hurt You

http://www.ipc.on.ca/images/Resources/director.pdf

Execs Not Using Social Media At Board Level Strategy

http://www.business2community.com/social-media/execs-not-using-social-media-at-board-level-strategy-0318067

Social Media — The New Business Reality for Board Directors

http://www.pwc.com/en_CA/ca/directorconnect/publications/pwc-social-media-new-reality-for-directors-2012-09-28-en.pdf

Too Many Top Executives Aren’t Taking Social Media Seriously

http://www.businessinsider.com/top-executives-dont-take-social-media-seriously-2013-5

Why 1700 CEOs Are Wrong about Social Media

http://socialmediatoday.com/thoughtreach/991031/why-1700-ceos-are-wrong-about-social-media?inf_contact_key=3791995094c307c4b1d275d00b36b16025118ec3bcf13175ef3d187c59ac45b8&goback=.gmp_4220981

How Kodak Squandered Every Single Digital Opportunity It Had

http://mashable.com/2012/01/20/kodak-digital-missteps/

Potential Issues/Trends

  • SM seen in the main as a risk (: defensive, liability), versus being seen opportunistically and strategically;
  • CIOs/CTOs may lack broad P&L experience for board membership; this may not change;
  • Technology / reputation risk may need board committee oversight, depending on sector and opportunity/threat;
  • SM advocates may have self interest (e.g., vendors, service providers): assurance and analytics are immature but evolving;

 

Big Data/ Analytics

Big data: The next frontier for innovation, competition, and productivity

http://www.mckinsey.com/insights/business_technology/big_data_the_next_frontier_for_innovation

Big data

http://en.wikipedia.org/wiki/Big_data

http://searchbusinessanalytics.techtarget.com/definition/big-data-analytics

Guide to big data analytics tools, trends and best practices

Experts share perspectives and identify best practices for big data analytics projects in this Essential Guide.

http://searchbusinessanalytics.techtarget.com/essentialguide/Guide-to-big-data-analytics-tools-trends-and-best-practices

Severe Consequences Face Big Data Analytics Without Governance, Experts Say

http://www.crn.com/news/security/240158457/severe-consequences-face-big-data-analytics-without-governance-experts-say.htm

INFORMATION TECHNOLOGY AND FIRM PROFITABILITY: MECHANISMS AND EMPIRICAL EVIDENCE

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1000732

New research suggests using big data, particularly social media data, can lead to a biased representation of the data based on societal factors.

http://sloanreview.mit.edu/article/the-pitfalls-of-using-online-and-social-data-in-big-data-analysis/

Potential Issues/Trends

  • Big Data is somewhat tangential to my area of expertise, so I will not comment; however; big data / analytics are an important area, with significant capacity and opportunity, and it is correct for this item to be on this list;

 

Social Media & CRM

Three Out of Four Social Networkers are Logging in on Company Time, Ethics Resource Center Reports

http://www.ethics.org/news/three-out-four-social-networkers-are-logging-company-time-ethics-resource-center-reports

How the Voice of the People Is Driving Corporate Social Responsibility

http://blogs.hbr.org/cs/2013/07/how_the_voice_of_the_people_is.html

Social Media in Corporate Social Responsibility (CSR)

http://blogs.cisco.com/csr/social-media-in-corporate-social-responsibility-csr/

Tying Together Social Media and Corporate Social Responsibility

http://www.convinceandconvert.com/pr-20/tying-together-social-media-and-corporate-social-responsibility/

Mashable: Corporate Social Responsibility

http://mashable.com/category/corporate-social-responsibility/

Why Social Media Is Vital to Corporate Social Responsibility

http://mashable.com/2009/11/06/social-responsibility/

A Guide To Social Media For CSR Professionals

http://www.csrwire.com/blog/posts/721-a-guide-to-social-media-for-csr-professionals

Telus Corporate Social Responsibility Report 2012

http://csr.telus.com/en/

Tying Together Social Media and Corporate Social Responsibility

http://www.convinceandconvert.com/pr-20/tying-together-social-media-and-corporate-social-responsibility/

Potential Issues/Trends

  • Digital media is the new stakeholder communication platform;
  • CSR lacks rigor of reporting that US GAPP / IFRS have; this is changing, but regulators are waiting for maturity; GRI has made good efforts, as have others (e.g., integrated reporting);
  • CSR (including Climate change/environmental) may lag because of austerity and jobs concerns since 2008;
  • Exemplary companies (see above) are communicating CSR through social media, communicating directly with stakeholders;
  • Opportunity to affect messaging and communication: needs to be genuine and two way; listening and acting; stakeholder groups are sophisticated, even activist;

 

Trends/Emerging Topics

What Do Corporate Directors and Senior Managers Know about Social Media?

http://tcbblogs.org/governance/2012/10/31/what-do-corporate-directors-and-senior-managers-know-about-social-media/

Use of board portals and social media

http://www.conference-board.org/retrievefile.cfm?filename=TCB-CoW_V2N11.pdf&type=subsite

2012 CEO, social media & leadership survey

http://www.brandfog.com/CEOSocialMediaSurvey/BRANDfog_2012_CEO_Survey.pdf

Taming Information Technology Risk:

A New Framework for Boards of Directors

http://www.oliverwyman.com/media/OW_EN_GRC_2011_PUBL_Taming_IT_Risk.pdf

IBM CEO Predicts Three Ways Technology Will Transform The Future Of Business

http://www.forbes.com/sites/jennagoudreau/2013/03/08/ibm-ceo-predicts-three-ways-technology-will-transform-the-future-of-business/?goback=.gmp_4220981.gde_4220981_member_221432830

The Next Digital Paradigm

http://www.forbes.com/sites/gregsatell/2013/02/02/the-next-digital-paradigm/?goback=.gmp_4220981

Make Social Media an Organizational Asset – Right Now!

http://www.thecmosite.com/author.asp?section_id=1237&doc_id=246605

THE FUTURE OF DIGITAL [SLIDE DECK]

http://www.businessinsider.com/future-of-digital-slides-2012-11?goback=.gmp_4220981

Ten Technology Trends that Will Change the World in the Next Ten Years

http://www.zawya.com/story/ZAWYA20120212081954/

Technology, Strategy and Shareholder Engagement Driving Corporate Governance

http://www.deloitte.com/view/en_us/us/press/ac998d5e23835310VgnVCM2000001b56f00aRCRD.htm

Potential Issues/Trends

  • Rapid change and transformation occurring: a few have said ‘revolution’, e.g., cloud, meta data, digital payment, social platforms, ease of use, direct contact with users;
  • Intermediaries in any value chain may need to transform because of technology;
  • Board should be in position to predict, press and stretch management if / when SMT is off-course or in denial;
  • Some industries/sectors will need to transform or die / be replaced: opportunities here; we are seeing transformation and complacent vs strong boards;
  • Boards should not be in denial if SMT (day to day) may be, and see up and out (what is coming) to fullest extent possible;

 

Cyber

Cyber Risk Management – A Board Level Responsibility:
http://www.bis.gov.uk/assets/biscore/business-sectors/docs/c/12-1119-cyber-risk-management-board-responsibility

10 Steps to Cyber Security – Executive Companion:

http://www.bis.gov.uk/assets/biscore/business-sectors/docs/0-9/12-1120-10-steps-to-cyber-security-executive

http://www.gchq.gov.uk/Press/Pages/10-Steps-to-Cyber-Security.aspx

Cyber risk, Guidance note

https://www.icsaglobal.com/assets/files/Guidance%20notes/gn06-2013cyberrisk.pdf

Cyber security: Considerations for the audit committee

http://www.ey.com/Publication/vwLUAssets/Cybersecurity_Considerations_for_the_audit_committee/$FILE/Cybersecurity_considerations_for_the_audit_committee_GA0001.pdf

Cyber Security and the UK’s Critical National Infrastructure

http://www.chathamhouse.org/publications/papers/view/178171

Cost of cyber attacks triples in a year

http://www.ft.com/intl/cms/s/0/bb3fcc90-ab4a-11e2-ac71-00144feabdc0.html#axzz2Zcz9iIg1

Cyber threats and security breaches forcing companies to re-evaluate risk management

http://www.canadianunderwriter.ca/news/cyber-threats-and-security-breaches-forcing-companies-to-re-evaluate-risk-management/1002271537/

The Art of Cyber War

http://www.nacdonline.org/Resources/Article.cfm?ItemNumber=6807

U.S. Outgunned in Hacker War

http://online.wsj.com/article/SB10001424052702304177104577307773326180032.html

Cybersecurity and Internet Governance

http://www.cfr.org/cybersecurity/cybersecurity-internet-governance/p30621?goback=.gmp_4220981

Time to get real over cyber security

http://www.cbronline.com/blogs/cbr-rolling-blog/time-to-get-real-over-cyber-security-230212

Cyber crime is now a booming industry

http://www.business-standard.com/article/technology/cyber-crime-is-now-a-booming-industry-112012300057_1.html

Potential Issues/Trends

  • Rogue players beyond domestic enforcement, sanctions (e.g., Al Qaeda, China, Russia, Ukraine, other);
  • Lack of full understanding of precise vulnerabilities by some/many directors;
  • Under-reporting by companies who have been hacked, and industry specific (e.g., defense, utilities, banking);
  • Government action increasing (e.g., NSA): privacy concerns;
  • Literature is still very general (some exceptions, e.g., NACD above (The Art of Cyber War), others), suggesting lack of knowledge, immaturity;
  • Multi/bi-lateral agreement to enforce within rogue states needed;
  • Good industry-specific boards will do (have done) thorough cyber review and strengthen defective controls, with expert input;
  • Some boards have IT as a desired board competency, and IT as material business risk;

 

BYOD- Security

Good Governance Guide: Issues to consider in the use of tablets for accessing board papers

http://www.csaust.com/media/365618/2012_ggg_tablets_boardroom_v2.pdf

10 steps for writing a secure BYOD policy

http://www.zdnet.com/10-steps-for-writing-a-secure-byod-policy-7000006170/

For BYOD Best Practices, Secure Data, Not Devices

http://www.cio.com/article/711258/For_BYOD_Best_Practices_Secure_Data_Not_Devices

Security Think Tank: BYOD – key tenets and best practices

http://www.computerweekly.com/opinion/Security-Think-Tank-BYOD-key-tenets-and-best-practices

Bring Your Own Devices Best Practices Guide – Dell

http://i.dell.com/sites/doccontent/business/smb/sb360/en/Documents/good-byod-best-practices-guide.pdf

Learn BYOD policy best practices from templates

http://www.techrepublic.com/blog/it-consultant/learn-byod-policy-best-practices-from-templates/

Best practices to make BYOD simple and secure

A guide to selecting technologies and developing policies for BYOD

http://www.citrix.com/content/dam/citrix/en_us/documents/oth/byod-best-practices.pdf

Dell Outlines The Death Of The PC

http://www.forbes.com/sites/adriankingsleyhughes/2013/03/30/dell-outlines-the-death-of-the-pc/?goback=.gmp_4220981

Potential Issues/Trends

  • Usage may have overtaken internal controls and policies in some companies;
  • Demographic and talent issues (e.g. education sector, younger students may: bring only a smartphone to class; not have used pen and paper);
  • Theft, loss: purging of data, passwords, signatures, controls to mitigate: policies all progressing, at differential speed;
  • Better policies available (see above); Whitehouse example: http://www.whitehouse.gov/digitalgov/bring-your-own-device
  • Devices may be opportunities, e.g., over 100K online course registrants in Harvard-MIT course: devices may be (or already are) the main channel of communication to customers, other stakeholders;

 

Executive Security

Corporate Theft? Build a barrier with access governance

http://www.kpmg.com/US/en/IssuesAndInsights/ArticlesPublications/Documents/corporate-theft-build-barrier-access-governance.pdf

Global Status Report
on the
Governance of Enterprise It (GEIt)—2011

http://www.isaca.org/Knowledge-Center/Research/Documents/Global-Status-Report-GEIT-10Jan2011-Research.pdf

Cobit: An information security survival kit

http://www.pkfavantedge.com/wp-content/uploads/2013/COBIT_Security.pdf

Potential Issues/Trends

  • See cyber;
  • There should be rigorous controls, and third party validation if possible, e.g., separation of duties, prevention of management over-ride, treatment of passwords, restricted digital areas, separation of development and approval, record retention, etc.;
  • Assume IT and executive management self interest: control environment and board oversight/reporting important to deter fraud schemes, internal cyber;

 

Social Media & Investor Relations

A Virtual Annual Meeting Approach

http://www.directorship.com/adopting-a-virtual-approach-to-the-annual-meeting/

Call to move huge annual reports online

http://www.ft.com/intl/cms/s/0/71dc17ba-19d5-11e0-b921-00144feab49a.html#axzz2Zcz9iIg1

Twitter Speaks, Markets Listen and Fears Rise

http://www.nytimes.com/2013/04/29/business/media/social-medias-effects-on-markets-concern-regulators.html?pagewanted=all

Dress rehearsal for disaster shows why Twitter has no place on Wall Street

http://opinion.financialpost.com/2013/04/26/dress-rehearsal-for-disaster-shows-why-twitter-has-no-place-on-wall-street/

SEC Says Social Media OK for Company Announcements if Investors Are Alerted http://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171513574#.Uer4KFMpcvQ

New SEC Guidance on Social Media Levels Playing Field for Investors

http://blogs.cfainstitute.org/marketintegrity/2013/04/08/new-sec-guidance-on-social-media-levels-playing-field-for-investors/

How to Use Social Media for Regulation FD Compliance

https://blogs.law.harvard.edu/corpgov/2013/04/16/how-to-use-social-media-for-regulation-fd-compliance/

SEC Blesses Social Media Disclosures

http://www3.cfo.com/article/2013/4/disclosure_regulation-fair-disclosure-twitter-facebook-social-media-sec-guidelines-governance

The Push and Pull of Social Media for Investor Relations

http://blog.businesswire.com/2013/06/20/the-push-and-pull-of-social-media-for-investor-relations/

The Greatest Social Media for Investor Relations Panel Ever*

http://blog.investorrelations.com/2013/06/24/the-greatest-social-media-for-investor-relations-panel-ever/

Social Media’s Place in Investor Relations

http://thesocialmediamonthly.com/social-medias-place-in-investor-relations/

Social Media for Investor Relations

http://www.slideshare.net/IRSmartt/social-media-for-investor-relations-12976664

Survey finds social media gap between investors, companies

http://irwebreport.com/20130611/iros-vs-investors-social-media/

Crisis investor relations in the age of social media

http://irwebreport.com/20111208/crisis-investor-relations-social-media/

SEC’s social media guidance has devil in details

http://irwebreport.com/20130403/secs-social-media-guidance-has-devil-in-details/

Social Media Strategy for Investor Relations

http://www.brandchannel.com/images/papers/530_ccg_wp_social_media_strategy_ir_0911.pdf

Potential Issues/Trends

  • SEC permits investor contact using SM: significant;
  • Accuracy and fair disclosure concerns by companies and investors;
  • Regulators are reviewing proxy plumbing (shareholders) and will inevitably address SM, perhaps even (eventually) digital investor voting, fora, collaboration, communication using digital platform [think of a LI or FB group within a company investor section of a website];
  • Investor relations will use (are using) SM, including digital communication, hybrid annual meetings, Q and A, outreach, etc.: this will mature and eventually be regulated to provide structure, expectations;
  • Paper, in person meetings, email, even voting may/will be replaced with digital (text, visual, audio – multi media): the changes are starting;

 

Other:

Director skills

Recruiting the Digital Director

http://www.spencerstuart.com/research/bg/1535/

Wanted: More Directors With Digital Savvy

http://online.wsj.com/article/SB10001424127887324031404578483043683328314.html?goback=.gmp_4220981.gde_4220981_member_241245618

CIOs Say Corporate Directors Are Clueless About IT

http://www.cio.com/article/721456/CIOs_Say_Corporate_Directors_Are_Clueless_About_IT?goback=.gmp_4220981

Risk and IT intersection

Observations on Developments in Risk Appetite Frameworks and IT Infrastructure

http://www.newyorkfed.org/newsevents/news/banking/2010/an101223.pdf

Recruiting a Nonprofit Digital Board Director: Limitations & Alternatives

http://non-profit-management-dr-fram.com/2013/05/27/recruiting-a-nonprofit-digital-board-director-limitations-alternatives/

Nonprofit Board Responsibility Social Media – What Needs To Be Done? Revised & Updated

http://non-profit-management-dr-fram.com/2013/06/23/nonprofit-board-responsibility-social-media-what-needs-to-be-done-revised-updated/

 

Management suite:

Digital diaspora in the enterprise: Arrival of the CDO and CCO

http://www.zdnet.com/digital-diaspora-in-the-enterprise-arrival-of-the-cdo-and-cco-7000016193/

CIOs Can Strengthen Your Board of Directors

http://blogs.cio.com/careers/17010/cios-can-strengthen-your-board-directors?goback=.gde_4220981_member_111162885

KPMG brochure:

Risk management in an evolving world

Making the case for social media governance

http://www.kpmg.com/US/en/IssuesAndInsights/ArticlesPublications/Documents/social-media-brochure.pdf

Save and Share
  • Print
  • PDF
  • email
  • LinkedIn
  • Twitter
  • Facebook
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Add to favorites
  • RSS

Corporate Directors: “You Hold Much of Our Future is in Your Hands”

In an inspirational video for the National Association of Corporate Directors’ annual conference, one speaker remarks, “Directors: You hold much of our future in your hands.” Another said “More government is not the answer: We are.”

The above are not exaggerations. Layers and layers of regulation and compliance are dragging corporate governance downward. Many boards have largely marginalized value creation and strategy, my research suggests. America is in danger of experiencing a lost decade since the financial crisis, given its debt and political intransigence. Corporations and their boards need to lead the way.

Boards should revitalize, as the American economy (and the world) is dependent on it. But they need to do so in a way that puts their own interests and reputations at risk. They need to be ruthless in recreating – and think only of the best interests of their enterprises. They need to “future proof” in other words, which is the theme of the NACD conference.

Future-proofing the boardroom means renewing and preparing for the future irrespective of present incumbents and office holders. This is extraordinarily difficult to do for any group, let alone corporate boards.

Here are some tough questions good boards should be struggling with:

Do we have the right directors?

Do we as a whole have the right competencies and skills, but more importantly do we have courage to replace those directors who do not? If we are one of those directors, do we have the courage and integrity to step down, i.e., not act in self-interest? Tough conversations need to be had with directors who refuse to go.

Do we have the right chair?

Does our Chair (or Lead Director) have the independence, attributes, experience and track record that the company and senior management needs and respects – to lead the board, hold management to account, and focus on value creation? If not, a tough conversation needs to occur.

Do we focus on strategy and value creation?

Assuming we have the right directors and Chair, do we spend enough time on the strategy and value creation of the enterprise? Is at least 50% of our time spent here? If not, why not and how do we fix this?

Do we have a long-term focus and the right metrics that drive management to focus on the long-term as well?

Do we measure and reward performance such as innovation, health, reputation, talent, culture, satisfaction and engagement, that is aligned with our product and risk cycle? These metrics are key to value creation. Or are we subsumed by the short-term? If we are (as most boards are), how do we change this?

Do we really listen and communicate with our shareholders?

Do we engage meaningfully and authentically with our major, long-term shareholders? Do we listen to and act on their concerns, or do we entrench and are we defensive? If we do not listen and act, then why not, and how can we structure ourselves differently?

Are directors sufficiently independent from each other and from management?

Do we bring on directors who are not previously known to us or to management? Are we scrupulous in not allowing directors to be compromised, and act when we see that a director is? Do all directors disclose when they are compromised?

Do we embrace and understand technology?

There is an enormous transformation afoot. See a reading list as an example of digital media’s impact on reputation, business models, big data and change. Do boards have the ability to understand and predict how their company and industry will change? If not, recruit directors who do.

Do we establish the right tone at the top?

Lastly, do we direct management to establish systems, controls and an ethical culture that rewards proper risk taking? Do we lead by example, and are we ruthless in acting at the slightest deviation from proper business conduct and integrity?

The above questions are adopted from a larger paper I authored focusing on strengthening public company boards, in which I interviewed forty activists, private equity leaders, NACD 100 members and CEOs, here.

The answers to the above questions are fundamental for corporate boards and their directors. More importantly, candid answers will have implications for the way a current board is constituted, is led, and functions.

Answering the questions truthfully, unbiasedly and void of any personal interest whatsoever will be the toughest part for any board.

Richard Leblanc is a governance lawyer, academic, speaker and independent advisor to leading Canadian and international boards of directors. He can be reached at rleblanc@boardexpert.com.

Save and Share
  • Print
  • PDF
  • email
  • LinkedIn
  • Twitter
  • Facebook
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Add to favorites
  • RSS

Mandatory Tendering of UK Audits – A Better Approach Was Missed

Last week, the Competition Commission in the UK issued a provisional decision requiring audit committees of large companies to tender bidding for the external audit every five years, among other reforms (see here).

Make no mistake: this is a major change and will shake up the cozy relationships some audit firms may have with their clients. Even this change is more significant than what was expected (I would have predicted 9-12 years). The Competition Commission is serious.

Here is what listed companies and the big 4 audit firms will argue: Five-year tendering is a one-sized fits all approach that does not address audit quality and imposes high switching costs. And there are unintended consequences.

They are entirely correct, and there would have been a better approach.

First, why are they correct? The academic evidence is that auditor rotation (assuming a good tendering process results more often than not in a different firm doing the audit) likely does not improve audit quality. Second, five years is therefore arbitrary. Third, a new auditor will need to climb a learning curve, and this is a costly investment for a company, not to mention the actual audit committee time in overseeing the tendering process. Fourth, a company will be forced to tender when they may be very satisfied with the auditor’s independence and quality of their work and reporting.

A far better approach would have been to address the heart of the issue: assess audit quality and act on the results.

An objective, robust annual evaluation of the external auditor, involving a 360 review by the board, the audit committee, and reporting senior and financial management of the company, with results disclosed to shareholders, would have been a much better approach.

The reluctance by boards to assess auditors in this fashion essentially forced regulation.

We see the same reluctance by boards to assess directors, act on results, and report to shareholders. Regulators in Europe and Asia are therefore imposing term limits on directors, at about 9 years. This is also arbitrary and can force a good director off a board or keep a poor director. Term limits may even come to North America. There are articles in the mainstream press about “zombie” directors and directors whose terms exceed 40 years.

Boards need to step up and address their own performance and that of their advisors. Regulators have shown they will act in the absence of self-governance and boards may not like it when they do.

Save and Share
  • Print
  • PDF
  • email
  • LinkedIn
  • Twitter
  • Facebook
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Add to favorites
  • RSS