June 11, 2014

(Re)considering a Board Risk Committee

Surprise! It’s Randi blogging for the first time on this blog…Ever since the recent, highly publicized cyber breach incidents – whether warranted or not (see Broc’s recent blog) – it seems like hardly a day goes by without media coverage & third-party commentary about the board’s risk oversight role. This new Deloitte report– which addresses Deloitte’s findings of a global study addressing the prevalence and drivers of board-level risk committees – is very timely.

A primary theme is that board risk committees are just one tool that boards should at least consider to help effect their risk oversight responsibilities. That said, as the study shows, board risk committees (stand-alone or hybrid) for large companies outside the highly regulated financial services industry (FSI) are still relatively uncommon globally – and virtually non-existent in the US. This is the kind of benchmarking information most boards like to be aware of.

Most commonly, US boards effect their risk oversight by allocating responsibilities among multiple board committees; the balance typically retain responsibility at the full-board level. However, like all other governance practices, re-evaluating the approach to risk oversight periodically in the context of evolving macro & company-specific circumstances is important – even if it appears that the status quo is working. Sometimes this means reviewing particular governance practices outside of the board’s slated review time frame (e.g., proxy season). This report assists that review process by teeing up for the board’s consideration these potential benefits of a risk committee:

Depending on the organization and its industry, risks, and regulatory and risk governance needs, a board-level risk committee can enable the board to:

  • Assert and articulate its risk-related roles and responsibilities more clearly and forcefully.
  • Establish its oversight of strategic risks, as well as the scope of its oversight of operational, financial, compliance, and other risks.
  • Task specific board members, external directors, and other individuals with overseeing risk and interacting with management and the chief risk officer.
  • Recruit board members with greater risk governance and risk management experience and expertise.
  • Keep the board more fully informed regarding risks, risk exposures, and the risk management infrastructure.

Importantly, the report emphasizes that – outside of the FSI – risk committees aren’t normally required, and may not be desirable for every company. Each board needs to determine for itself how best to effect its risk oversight responsibilities; a dedicated risk committee is just one of several potential approaches. As noted in my previous blog about board technology committees, some boards function most effectively at the full board level with minimal work conducted in standing committees – whereas others function primarily through their standing committees. Both approaches can be equally effective. Along those lines, the board can certainly achieve the risk oversight benefits identified in the report without establishing a dedicated risk committee.

Should Directors Be Allowed to Attend All Committee Meetings?

Speaking of board committees, I couldn’t help but to add my 2 cents to a current spirited debate on LinkedIn about whether it’s appropriate for all board members to attend all committee meetings. It quickly became clear in my following of this group discussion that not only are the views about this topic widely divergent, but that my views appear to be in the minority on this issue.

So far, opinions weigh in favor of excluding all non-committee member directors from all standing committee meetings, whereas I and a few others believe that – generally (subject to independence & other relevant considerations) – allowing all directors to attend all committee meetings as observers/listeners is a net positive. What I am observing by following this discussion is that the views of those opposed to this “open invitation”  approach are based on philosophical beliefs about “right and proper” governance and assumptions about director personality & behavior – rather than their personal experience. On the other hand, those of us in favor of this “open invitation” approach are basing our views on our positive first-hand experiences with this practice.

The “opposition camp”  is largely attributing negative characteristics to directors who express a desire to attend committee meetings other than their own – including micromanagement, lack of trust of the competence of committee members, out-of-control egos, inexperience, etc. – that simply bear no resemblance to my (and a few others’) personal experience. There also appear to be concerns about potential inefficiencies, inadequate leadership skills of board chairs who would allow such a practice, the director’s desire to attend committee meetings possibly revealing tendencies to overstep into management territory, etc.

As I noted in the group discussion, while I was a corporate GC & secretary, two of my very seasoned and reputable directors who have served for many years as directors of other public companies suggested this practice of inviting (but not mandating) all directors to attend all committee meetings based on their positive experiences at one of the Fortune 500 company boards on which they (still) serve. Triggered by their recommendation, we adopted the practice at my company and it unquestionably resulted in a more aware and engaged board overall – as well as other upsides.  These upsides (and others) are shared by the few other LinkedIn group members who expressed favorable views about this approach based on their personal experiences.

This is not to say that allowing all directors to attend committee meetings as a listener/observer is the right approach for every company; rather, each board should consider this based on its own facts and circumstances. However, those who have not experienced it should not automatically assume that a director’s request to attend committee meetings evidences personality (or other) flaws – or that adopting this approach would result in inefficiencies or other adverse implications.

Finally, I have to say that it seems counter-intuitive to me that – with all of the media and investor criticism lately about directors’ lack of sufficient awareness & engagement, people are so vehemently opposed conceptually to directors attending their own board’s key committee meetings.

Webcast: “Proxy Season Post-Mortem: The Latest Compensation Disclosures”

Tune in tomorrow for the webcast – “Proxy Season Post-Mortem: The Latest Compensation Disclosures” – to hear Mark Borges of Compensia, Dave Lynn of and Morrison & Foerster and Ron Mueller of Gibson Dunn analyze what was (and what was not) disclosed this proxy season.

Randi Morrison