Organizations around the world understand that corporate governance policies encompassing issues like board composition, cyber security and internal communications are designed to benefit shareholders, stakeholders, and even the board itself. What isn't always so clear is the effectiveness of policies already in place. An organization may have developed a corporate governance strategy, but could there be room for improvement? Might some aspects function well, while others require urgent modifications? When evaluating the state of an enterprise's existing corporate governance framework, a self-assessment checklist makes a good starting point. The following five questions are designed to help organizations analyze ' and maximize ' current policies, and put their corporate governance to work.
How strong is our board of directors?High on this checklist is the board itself, and more specifically, its effectiveness. Board composition has long been associated with good corporate governance, due in large part to the fact that it has a direct impact on company performance. For example, research conducted by Catalyst, a nonprofit organization whose mandate is to expand opportunities for women in business, has found that companies with the most women on their boards experience a higher return on sales and invested capital. Yet, as reported by the Harvard Law School Forum on Corporate Governance and Financial Regulation, data gathered by State Street Global Advisors shows that one in four Russell 3000 companies do not currently have any women serving on their boards. Women may not be entirely unrepresented, but they're a rarity. About 60 percent of those same enterprises have boards with a female representation that amounts to less than 15 percent. Asset management firm BlackRock recently underscored the increasingly widespread belief that board diversity gives companies an edge in its engagement priorities for corporate board meetings in 2017, as Reuters reported. "Diverse boards, including but not limited to diversity of expertise, experience, age, race, and gender, make better decisions," BlackRock wrote. Given that board strength and board diversity work together, taking a closer look at board composition is vital for creating good corporate governance. A diverse group of directors can lead to better decisions, thus positively influencing the company's bottom line.
Have we established a succession plan in preparation for director and C-suite departures?If a company hopes to practice good corporate governance, a succession plan is also a must. At some point, a C-suite executive or director is bound to make a sudden and surprising departure, and organizations that aren't prepared for this likelihood may scramble to find an adequate replacement. Company leaders who have discussed this possibility, and implemented a strategy for dealing with it, won't be caught off-guard and can continue to serve the company's needs uninterrupted. There are other advantages to having a succession plan as well. "Thoughtful planning for CEO transitions can avoid downward pressure on a company's stock price," Ernst & Young wrote on the subject. "By avoiding prolonged and expensive executive searches, a company can reduce uncertainty, strengthen investor confidence in the board and improve employee morale." To create a holistic succession plan, boards should first determine what skills and industry expertise the executive team and board of directors lack. This will help directors assess the type of candidate they'll need down the line. Executive search firm Russell Reynolds Associates also recommended that boards create a written plan outlining emergency succession procedures. The board should review this document twice a year. Russell Reynolds added that when preparing for a C-suite-level transition, boards should observe other successful CEOs in order to suss out what traits are responsible for their high level of performance. They should work closely with human resources departments to identify and observe internal candidates who could be a good fit for the CEO position and select two or three finalists. Together, these efforts will serve to prepare the board for a swift and seamless leadership transition, with minimal disruption to corporate management efforts.
Do we have a risk management strategy?Whether it's a powerful new competitor or an unpredictable business decision, risk is a part of every organization. It's essential, therefore, to ask if the board has drafted a strategy to confront and overcome the most difficult of potential challenges. In an article that appeared in The Wall Street Journal's Deloitte-sponsored Risk & Compliance Journal, Nicole Sandford, now Deloitte's Enterprise Compliance Practice Leader, said that risk oversight should be viewed as "the foundation for everything the board and management do to properly govern the organization and make sound decisions." Sandford noted that, "An organization's success is, in large part, driven by how wisely it takes risks and how effectively it manages the risks it faces." This includes decisions such as who the board elects as CEO, how that executive is compensated, the presence of performance-based pay and the use of incentive programs within the organization. The board should also ask whether it employs common best practices, or chooses instead to be a trailblazer by setting new industry standards. "Careful evaluation of skills and knowledge, process, information, and behavior can pinpoint areas of excellence and development opportunities, helping boards and executives understand which areas may need attention," she said. Internal risks like these are only part of the equation. Additionally, boards must prepare for risk in the form of external forces, from economic uncertainty to evolving industry regulations. That said, the Harvard Law School Forum on Corporate Governance and Financial Regulation stressed that "the board cannot and should not be involved in actual day-to-day risk management." Rather, directors should occupy a risk oversight role, ensuring that risk management policies are in line with the organization's "risk appetite," and that the company as a whole supports them. "Through its oversight role," wrote Martin Lipton, founding partner of law firm Wachtell, Lipton, Rosen & Katz, "the board can send a message to management and employees that comprehensive risk management is neither an impediment to the conduct of business nor a mere supplement to a firm's overall compliance program, but is instead an integral component of strategy, culture and business operations." Knowing how risk factors into the existing board and corporate infrastructure, and what measures the board is prepared to take concerning external risks, ensures organizations can improve this key aspect of their corporate governance policy.
Is our organization's data secure?As evidenced by WannaCry, the recent cyber attack that MarketWatch reported struck more than 200,000 computers worldwide, all organizations are vulnerable to hackers. Cybersecurity and corporate governance are closely connected. In an article about the board of directors' role in overseeing cybersecurity, global executive search and consulting firm Spencer Stuart shared the outcome of a panel discussion involving corporate executives and security experts. According to the panel, there are five ways in which the board can manage security:
- Accept responsibility for cyber security
- Set expectations for management
- Understand your company's potential exposure to cyber risk
- Assess current cybersecurity practices
- Plan and rehearse