An ever-increasing reliance on evolving technologies has left corporations vulnerable to cyber-attack and business model disruption. At the same time, enterprise risk management has landed squarely in the sights of institutional investors. As a result, boards must enhance their oversight of risk management.
Audit committee members, who have had responsibility for risk management on many boards, are feeling strained as regulatory demands intersect with that increased responsibility; in a recent survey of nearly 1,500 audit committee members by KPMG, half of those surveyed reported their committees may not have the time or expertise needed to be effective in all areas of responsibility.
Thus, there is a growing awareness that boards may need to evolve, including by altering board committee structures and reallocating workflows. To help us better understand these issues, we asked Betsy Atkins, veteran of 23 boards and 13 IPOs, to share her expertise on providing effective oversight of risk management in the boardroom.
Q: What is a board’s primary role with respect to enterprise risk management?
A: The board’s primary roles related to enterprise risk management are ensuring the company’s strategy is still relevant, examining the real risks the company faces and determining what risk oversight mechanisms are most effective. The lifecycle of S&P 500 companies has declined from about 60 years in 1958 to now below 20 years now, begging the question “Why do so many established public companies go out of business?”
While some get acquired, go private, or become bankrupt, too many disappear because they don’t innovate or stay relevant. The rate of change in business today is alarming—a very real threat for the shareholders is that a company quietly loses market share for three or four years and then suddenly wakes up to realize they’ve lost nearly thirty percent of their market. When that happens, we see Blockbuster and Borders get replaced on the S&P 500 by Netflix and Amazon. Both of those companies might still be in business if their boards had been keeping an eye on new business models, digitally-born companies, and marketplace disrupters.
Q: What are some strategies boards can employ to better manage risk?
A: There are a number of tactics for load-leveling the risk management responsibility across a board, including:
Separating the oversight of future-looking risks from backward-looking risks.
Divide risks into two main categories: backward-looking risks and future-looking risks. Forensic, backward-looking risks include financial internal controls, review of quarterly financial statements, and compliance with FASB regulations. These are historically—and appropriately—the strength and domain of the audit committee.
Future (and emerging) risks include cyber-attacks, cyber breaches that damage brands, disrupted business models, and emerging digital marketplaces. Technology risk, too, needs to be examined. Although disaster recovery has long been a purview of the audit committee, oversight of cyber security and technology risks do not necessarily belong on the audit committee agenda.
Assigning oversight of forward-looking risks to the governance committee.
Audit committees are disproportionately busy on corporate boards. Compensation committees are also quite busy during certain times of the year, leaving governance and nominating committees as the least busy.
The nominating mandate is clear and happens in short bursts: refresh and renew the board. But what is governance on behalf of shareholders? Often, it’s limited to code of conduct, tone at the top, and preventing foreign corrupt illegal practices and sexually predatory behavior. However, governance really ought to be ensuring—on behalf of the shareholders—that the company is relevant, innovative, and vibrant.
I chair the Nominating and Corporate Governance Committee on the Board of HD Supply. Our Audit Committee looks at internal controls, financial reporting, and other functions that Audit Committees historically have performed. We created a more future looking-role for the Nominating and Governance Committee to look at business strategy, including the digital transformation of the company’s business. We’ve had outside speakers from major consultancies like McKinsey, Boston Consulting Group, and Accenture come in and educate us. We’re also working with artificial intelligence experts who can help us understand how to apply that technology to increase B2B sales revenue.
Incorporating working sessions into board meetings.
Like other boards, at HD Supply we have a nominating and corporate governance, audit, and compensation committee readout. But what’s a little different from other boards I’ve served on is that we have a lively discussion around the board table during these readouts, regularly debating our major initiatives of digital and business model transformation.
And we believe in working board dinners, held at our headquarters in the training center versus at a restaurant. We bring in the company’s senior leadership team, as well as contemporary and knowledgeable external speakers, to discuss topics we want to immerse ourselves in.
Leveraging technology to manage risks by monitoring corporate health.
There are a number of metrics that should be tracked to assess corporate health and flush out potential risk factors; these are related to compliance, digital advancement, product and service development pipelines, market share, customer satisfaction, and employee turnover.
There are companies and platforms out there, like Boardvantage that can capture and track those types of metrics to develop an automated corporate health dashboard. Are we as digitally advanced as Amazon? Are we developing and introducing new products and services as quickly as Lowes? Are we an innovation leader, laggard or fast follower? Are we growing market share or losing it? Are we using artificial intelligence as effectively as our competitors? These are the benchmarks we want to monitor.
Viewing board composition as a competitive asset.
It is incumbent on boards to consider, and actively discuss on the governance committee, whether the board should be viewed as a competitive asset to the shareholders or just fiduciaries who do oversight. If the determination is “we are a competitive asset” then the board really ought to look at the competencies around the table the same way a company looks at its management leadership team.
Boards ought to carefully consider, given the turbulent sea of changes that businesses are navigating, how best to refresh and bring on a director or two with skill sets they’ll need in the next three to five years. Boards should forward-appoint members the same way corporations forward-hire, rather than waiting passively for a retirement to free a seat at the table.
By employing these tactics, boards can better fulfill a critical governance mandate: identify business-killing risks before it’s too late.
Betsy Atkins serves as President and Chief Executive Officer at Baja Corp, a venture capital firm and is currently the Lead Director and Governance Chair at HD Supply. She is also on the board of directors of Schneider Electric, Cognizant and Volvo Car Corporation and served on the board of directors at Nasdaq LLC and at Clear Standards as CEO and Chairman. A self-proclaimed “veteran of board battle scars,” Ms. Atkins will be collaborating with Nasdaq to produce a series of corporate governance “nuts and bolts” articles.