I recommend the recent white paper series published by the National Association of Corporate Directors (NACD). It provides guidance to supplement their Key Agreed Principles to Strengthen Corporate Governance. Both can be downloaded from www.nacdonline.org/KeyPrinciples/.
The white paper addresses:
· Risk oversight
· Corporate strategy
· Executive compensation
I was pleased to receive an email from the NACD (of course, I am sure it went to many others) asking me to comment and provide feedback. I am sharing my comments, below, for your consideration.
Thank you for the opportunity to comment and provide feedback on the White Papers: Series I. I have earlier commented on the Key Agreed Principles.
Overall, the White Papers are a good start to the discussion of director’s responsibilities and desired practices. I would like to suggest future consideration be given to the following:
1. With respect to risk appetite and tolerance, the board should take ownership not only for reviewing but also for approving the levels set. The levels should be consistent with the need to balance risk and reward, and actual risk levels should be measured against risk tolerances. In other words, it is not sufficient simply to report levels or even trends. They must be reported in the context of whether they are being managed within approved tolerances.
2. The white paper does not comment on the board’s review of the actions management is taking to manage risks. Clearly, this is critical. The board should monitor both risk levels and the actions being taken until risks are within tolerance.
3. Surveys have shown that many directors do not have a high level of confidence in the risk information provided by management, or in management’s ability to identify and assess risks. Directors should understand the ability of the internal audit team to provide independent and objective assurance of the adequacy of management’s risk management program.
4. In the Mitigating Risk section, the white paper mentions “tone at the top” with respect to integrity and ethical values. However, the Internal Environment (as described in the COSO ERM framework) also includes risk management philosophy. For risk management to be effective, it has to be accepted at all levels of the company and a part of major decision-making processes.
5. With respect to risk monitoring, the board should confirm that management’s processes provide reasonable assurance that emerging or changing risk levels will be recognized and addressed promptly. Organizations that only perform annual or quarterly risk assessments are likely to be surprised as risks change far more frequently.
6. I would also like to see more attention paid to risk in the setting and monitoring of strategy. Setting strategy without considering risks to the overall strategy and related projects is unwise, and progress in achieving strategies should also consider risk levels.
7. With respect to the independent compensation consultant, the board should obtain assurance from management that the consultant is in fact and perception independent. Often, the consultant has multiple consulting engagements that at least leave the perception of being influenced by management.
8. One interesting recent survey reported that a majority of directors believe their top executives’ compensation is either excessive or not related to performance. This suggests that some form of reasonableness measure (i.e., the principle of fair compensation) should be added to following the rules set by formulas, etc.
As always, I am available if you would like to discuss these or other matters. I welcome your comments.