COSO ERM Revised: What It Means for Your Board

Jim DeLoach

Jim DeLoach

Recently, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated enterprise risk management (ERM) framework for public exposure and comment. Why is it important for directors to heed and apply these updates to their work? What follows is a summary of five important insights for directors to implement in the boardroom from the revised framework.

1. Identifying risks to the execution of the strategy is not enough. Many organizations focus on identifying risks that might affect the execution of the chosen strategy. The process of identifying these risks is an inherently good exercise. However, COSO asserts that “risks to the strategy” are only one dimension of strategic risk. There are two additional dimensions to applying ERM in strategy setting that can significantly affect an enterprise’s risk profile.

  • The “possibility of strategy not aligning” with an organization’s mission, vision, and core values, which define what the organization is trying to achieve and how it intends to conduct business. Directors should ensure that the company doesn’t put into play a misaligned strategy that increases the possibility that the organization may run askew of its mission and vision, even if that strategy is successfully executed.
  • The “implications from the strategy.” COSO states: “When management develops a strategy and works through alternatives with the board, they make decisions on the tradeoffs inherent in the strategy. Each alternative strategy has its own risk profile—these are the implications from the strategy.” When overseeing the strategy-setting process, directors need to consider how the strategy works in tandem with the organization’s risk appetite, and how it will drive behavior across the organization in setting objectives, allocating resources, and making key decisions.

In summary, the updated COSO framework asserts that all three dimensions need to be considered as part of the strategy-setting process. Failure to address all three could result in unintended consequences that lead to missed opportunities or loss of enterprise value.

2. Recognizing and acting on market opportunities and emerging risks on a timely basis is a differentiating skill. COSO asserts that an organization can be viable in the long term only if it is able to anticipate and respond to change—not only to survive, but also to evolve. Enterprise resilience, or the ability to function as an early mover, is an indispensable characteristic in an uncertain business environment. Therefore, corporate strategies must accommodate uncertainty while staying true to the organization’s mission. Organizations need to exhibit traits that drive an effective response to change, including agile decision-making, the ability to respond in a cohesive manner, the adaptive capacity to reorganize, and high levels of trust and collaboration among stakeholders.

3. Strengthening risk governance and culture sets the right tone. Effective risk governance sets the tone for the organization and reinforces the importance of, and establishes oversight responsibilities for, ERM. In this context, culture pertains to ethical values and responsible business behaviors, particularly those reflected in decision-making. COSO asserts that several principles drive the risk governance and culture needed to lay a strong foundation for effective ERM:

  • fostering effective board risk oversight;
  • recognizing the risk profile introduced by the operating model;
  • encouraging risk awareness;
  • demonstrating commitment to integrity and ethics;
  • establishing accountability for ERM; and
  • attracting, developing, and retaining talented individuals.

Whether an organization considers itself risk averse, risk neutral, or risk aggressive, COSO suggests that it should encourage a risk-aware culture. A culture in alignment with COSO’s revised principles is characterized by strong leadership, a participative management style, accountability for actions and results, embedding risk in decision-making processes, and open and positive risk dialogues.

4. Advancing the risk appetite dialogue adds value to the strategy-setting process. The institution’s risk appetite statement is considered during the strategy-setting process, communicated by management, embraced by the board, and integrated across the organization. Risk appetite is shaped by the enterprise’s mission, vision, and core values, and considers its risk profile, risk capacity, risk capability, and maturity, culture, and business context.

To be useful, risk appetite must be driven down from the board and executives into the organization. To that end, COSO defines the “acceptable variation in performance” (sometimes referred to as risk tolerance) as the range of acceptable outcomes related to achieving a specific business objective. While risk appetite is broad, acceptable variation in performance is tactical and operational. Acceptable variation in performance relates risk appetite to specific business objectives and provides measures that can identify when risks to the achievement of those objectives emerge. Operating within acceptable parameters of variation in performance provides management with greater confidence that the entity remains within its risk appetite; in turn, this provides a higher degree of comfort that the entity will achieve its business objectives in a manner consistent with its mission, vision, and core values.

5. Monitoring what really matters is essential to effective ERM. The organization monitors risk management performance and how well the components of ERM function over time, in view of any substantial changes in the external or internal environment. If not considered on a timely basis, change can either create significant performance gaps vis-à-vis competitors or can invalidate the critical assumptions underlying the strategy. Monitoring of substantial changes is built into business processes in the ordinary course of running the business and conducted on a real-time basis. As ERM is integrated across the organization, the embedding of continuous evaluations can systematically assist leadership with identifying process improvements.

Following are some suggested questions that boards may consider, based on the risks inherent in the entity’s operations:

  • Is the board satisfied that the organization is adaptive to change, and that management is considering the effects of volatility, complexity, and uncertainty in the marketplace when evaluating alternative strategies and executing the current strategy?
  • Should management consider the principles supporting effective implementation of ERM, as set forth by COSO, to ascertain whether improvements are needed to the enterprise’s risk management capabilities?


Jim DeLoach is managing director with Protiviti, a global consulting firm. 

Lessons From the War Over the Target Data Breach

Craig Newman

Craig Newman

The dust settled recently on another chapter of the Target Corp. data breach litigation. Although the five shareholder derivative lawsuits filed against Target’s officers and directors have been dismissed, they underscore the critical oversight function played by corporate directors when it comes to keeping an organization’s cyber defenses up to par. While the ink isn’t quite dry on the court papers, it’s time to start reflecting on the lessons of the skirmish.

In the midst of the 2013 holiday shopping season, news leaked that hackers had installed malware on Target’s credit card payment system and lifted the credit card information of more than 70 million shoppers. That’s almost 30 percent of the adult population in the U.S.

Predictably, litigation was filed, regulatory and congressional investigations commenced, and heads rolled. Banks, shareholders, and customers all filed lawsuits against the company. Target’s CEO was shown the door.

And Target’s directors and officers were caught in the crossfire. In a series of derivative lawsuits, shareholders claimed that the retailer’s board and C-suite violated their fiduciary duties by not providing proper oversight for the company’s information security program, not making prompt and accurate public disclosures about the breach, and ignoring red flags that Target’s IT systems were vulnerable to attack.

The four derivative cases filed in federal court were consolidated (one derivative lawsuit remained in state court) and Target’s board formed a Special Litigation Committee (SLC) to investigate the shareholders’ accusations. The SLC was vested with “complete power and authority” to investigate and make all decisions concerning the derivative lawsuits, including what action, if any, would be “in Target’s best interests.” Target did not appoint sitting independent directors but retained two independent experts with no ties to the company—a retired judge and a law professor. The SLC conducted a 21-month investigation with the help of independent counsel, interviewing 68 witnesses, reviewing several hundred thousand documents, and retaining the assistance of independent forensics and governance experts.

On March 30, 2016, the SLC issued a 91-page report, concluding that it would not be in Target’s best interest to pursue claims against the officers and directors and that it would seek the dismissal of all derivative suits.

Minnesota law, where Target is headquartered, provides broad deference to an SLC. Neither judges nor plaintiffs’ are permitted to second-guess the SLC members’ conclusions so long as the committee’s members are independent and the SLC’s investigative process is ‘adequate, appropriate and pursued in good faith.” By these standards, U.S. District Judge Paul A. Magnuson recently dismissed the derivative cases with the “non-objection” of the shareholders, subject to their lawyers’ right to petition the court for legal fees.

Target isn’t the only data-breach-related derivative case filed by shareholders against corporate officers and directors. Wyndham Worldwide Corp.’s leadership faced derivative claims relating to three separate data breaches at the company’s resort properties. After protracted litigation, the derivative claims were dismissed in October 2014, in large measure because Wyndham board’s was fully engaged on data security issues and was already at work bolstering the company’s cybersecurity defenses when the derivative suit was filed. A data-breach-related derivative action was also filed against the directors and officers of Home Depot, which remains pending.

Despite the differences between the Target and Wyndham derivative suits, both cases contain important lessons for corporate executives and sitting board members.

  1. Treat data security as more than “just an IT issue.” Boards must be engaged on data security issues and have the ability to ask the right questions and assess the answers. Board members don’t know what they can’t see. Developing expertise in data security isn’t the objective; rather, it’s for directors to exercise their oversight function. Board members can get cybersecurity training and engage outside technical and legal advisors to assist them in protecting their organizations from data breaches.
  2. Evaluate board information flow on cybersecurity issues. How are board members kept up-to-date on data security issues? Are regular briefings held with the chief information officer (CIO) to discuss cybersecurity safeguards, internal controls, and budgets? Boards might also consider appointing special committees and special legal counsel charged with data security oversight.
  3. Prepare for cyberattacks in advance. Boards should ask tough questions about their organization’s state of preparedness to respond to all aspects of a cyber-attack, from reputational risk to regulatory implications. Get your house in order now, and not during or after an attack. Not surprisingly, multiple studies—including the Ponemon Institute’s 2016 Cost of Data Breach Study—suggest that there is a correlation between an organization’s up-front spending on cybersecurity preparation and the ultimate downstream costs of responding to a breach.
  4. Decide whether and when to investigate data breaches. Before hackers strike, boards must decide whether and when to proactively investigate the breach, wait to see if lawsuits are filed, or wait to see if regulators take notice. Regardless, boards should be prepared to make this difficult decision, which will establish the tone of the company’s relationship with customers, shareholders, law enforcement, regulators, and the press.
  5. Develop a flexible cyber-risk management framework. Cyber-risk oversight isn’t a one-time endeavor, nor is there a one-size-fits-all solution. The threat environment is constantly changing and depends, in part, on a company’s sector, profile, and type of information collected and stored. While cyber-criminals swiped credit card data in the Target and Wyndham cases, the threat environment has escalated to holding organizations hostage for ransomware payments and stealing industrial secrets.

Cybercrime is scary and unpredictable. It poses risks to a company’s brand, reputation, and bottom line.  Board members are on the hot seat, vested with the opportunity and responsibility to oversee cybersecurity and protect the company they serve.

Craig A. Newman is a litigation partner in Patterson Belknap Webb & Tyler LLP and chair of the firm’s Privacy and Data Security practice. He represents public and private companies, professional service firms, nonprofits institutions and their boards in litigation, governance and data security matters. Mr. Newman, a former journalist, has served as general counsel of both a media and technology consortium and private equity firm.

Interview Like Your Job Depends On It

Interviewing can be a scary thing and leave even the most competent of applicants feeling judged and at the mercy of others. That’s especially true if you’re new to interviewing or haven’t been through the process in a long time. This series will take some of the mystery out of interviews and help you sell yourself to the organization.

First, it’s important to understand that the interview may happen in one day but it’s by no means a one-day endeavor. Once a prospective employer has expressed interest, one of the most basic initial steps toward a successful interview is getting it scheduled. When scheduling an interview, there are questions you can ask that will help you prepare. How long will the meeting last? Who will I be meeting with? What additional information about the position can you provide me that is not reflected in the job description? Was there anything in particular about my qualifications that interested you?

By asking questions, you are demonstrating interest and perhaps gaining additional insight that could help you in the interview. As soon as these questions are answered, you should immediately begin your research.

It’s particularly important to learn about the person that will be interviewing you: their role in the company, areas of expertise, examples of their work and perhaps outside interests. This research will help demonstrate thoughtfulness and planning, two important attributes that every employer appreciates in an employee.

Now that you’ve scheduled the interview, we’ll look at how to prepare strong answers (especially in difficult situations), what to do after an interview, and how you can evaluate the interview for yourself. We’ll also discuss situations in which you may have multiple interviews for the same job and how to tailor your approach to each one.

Turning ‘Commonsense’ Governance Into Common Practice

Friso van der Oord

Friso van der Oord

The most powerful names in U.S. business have published guidance on Commonsense Principles of Corporate Governance (Commonsense Principles) to provide a framework to improve corporate governance and make it more long-term–oriented. Warren Buffett of Berkshire Hathaway, Laurence D. Fink of BlackRock, Jamie Dimon of JPMorgan Chase & Co., and others have outlined principles covering nine broad categories of governance issues that, while nonbinding, will likely spark an important dialogue in boardrooms. Eight of the categories have direct and far-reaching implications for boards, while the final group of principles relates to the role asset managers play in the governance arena. What makes this announcement unique is the unified position these leaders have taken behind one set of commonsense principles.

At the National Association of Corporate Directors (NACD), an organization that is advancing exemplary leadership among our community of 17,000 director members, our position is clear: We agree with many of the principles outlined and we can help boards implement effective governance practices. In fact, the Commonsense Principles reinforce the Key Agreed Principles to Strengthen Corporate Governance for U.S. Publicly Traded Companies that we introduced a few years ago.

While recognizing that the principles are not a one-size-fits-all solution, and that practices will likely differ based on size, industry, and specific company, we’ve included a practical list of next steps below that boards can take to implement the principles.

The Case for Improved Governance

Key drivers behind the 50+ nonbinding principles are the decline in the number of publicly traded firms, with many highly performing private companies delaying initial public offerings (IPOs), essentially reducing available investment opportunities; the current lack of trust between shareholders, boards, and management teams; concerns about the dominance of short-termism in the management of companies; and the complexity of current corporate governance rules.

The Commonsense Principles identify several areas for improvement:

  • Board agendas should include a focus on major strategic issues (including material mergers and acquisitions and major capital commitments) and long-term strategy, ensuring thorough consideration of operational and financial plans, quantitative and qualitative key performance indicators, and assessment of organic and inorganic growth, among other issues. A company should not feel obligated to provide earnings guidance, the business leaders suggest, and should determine whether providing earnings guidance for the company’s shareholders does more harm than good. Companies should frame their required quarterly reporting in the broader context of their articulated strategy and provide an outlook, as appropriate, for trends and metrics that reflect progress (or lack of progress) on long-term goals.
  • Every board needs a strong leader who is independent of management, the principles emphasize. The board’s independent directors usually are in the best position to evaluate whether the roles of chair and CEO should be separate or combined, and if the board decides on a combined role, it is essential that the board have a strong lead independent director with clearly defined authorities and responsibilities.
  • Diverse boards make better decisions, so every board should have members with complementary and diverse skills, backgrounds, and experiences. It’s also important to balance the wisdom and judgment that accompany experience and tenure with the need for the fresh thinking and perspectives that new board members can bring.
  • In financial reporting, the use of Generally Accepted Accounting Principles (GAAP) should not be obscured by the use of non-GAAP metrics.

Action Steps for Directors

You and your board/company may consider taking certain steps:

  • Review the principles in detail and benchmark your current governance approach against them.
  • Determine if identified differences are areas ripe for further discussion and possible change.
  • Engage your largest investors to get their take on the principles and how they plan to use them when assessing corporate governance effectiveness.

NACD Alignment With Commonsense Principles

Below I’ve highlighted just a few examples of how NACD aligns with the most significant principles. I have included links to NACD reports that can help boards make the Commonsense Principles common practice.

Focus on Long-Term Value Creation

The principles advocate for the creation of long-term shareholder value. Our guidance to members over the past several years has skewed unabashedly toward boards prioritizing long-term value creation. In fact, our 2015 Report of the NACD Blue Ribbon Commission on the Board and Long-Term Value Creation emphasizes the need for directors to align short-term goals—and executive compensation—with long-term strategy. The report provides tools and practical recommendations including, among others, the following:

  • Boards should consider recommending a move away from quarterly earnings guidance in favor of broader guidance parameters tied to long-term performance and strategic objectives.
  • The board’s CEO selection and evaluation processes should include an assessment of the extent to which he or she can be an effective advocate for the firm’s long-term strategy.
  • The nominating and governance committee should approach board composition and succession planning with long-term needs in mind, based on the director skills that will be most relevant to the company’s strategy in three, five, or more years.

Role of the Lead Director

The role of the lead independent director emerged as another key area where board effectiveness can improve. We at NACD believe that the lead independent director should spearhead efforts to intensify the board’s efficacy by identifying and addressing weaknesses in process and individual director performance. An effective lead independent director should be able to provide criticism that is both respectful and objective, and be able to ensure every director’s voice is heard. To put it simply, the lead independent director should bring out the very best in the board. Our NACD Blue Ribbon Commission Report on the Effective Lead Director provides practical guidance on how to do that.

Board Composition and Diversity

Public-company boards should have a diverse and complimentary mix of backgrounds, experiences, and skills, according to the Commonsense Principles. While this is an area in which we’ve not seen much movement—aside from a slight increase in gender diversity, with 79 percent of NACD survey respondents reporting they have at least one woman director on their board compared with 77 percent in 2014—our Report of the NACD Blue Ribbon Commission on the Diverse Board: Moving From Interest to Action provides very practical advice and tools, including a board-level discussion guide on diversity, that can help boards make diverse board composition a priority. Additional information can be found in NACD’s Board Diversity Resource Center.

Non-GAAP Financial Metrics

The use of non-GAAP metrics in financial reporting has been widely scrutinized by regulators. Mary Jo White, chair of the U.S. Securities and Exchange Commission, stated last December that non-GAAP metrics deserve “close attention, both to make sure that our current rules are being followed and to ask whether they are sufficiently robust in light of current market practices.” NACD’s Audit Committee Chair Advisory Council, a prestigious group of Fortune 500 committee chairs, met a few months ago to discuss the use of non-GAAP metrics. The council made an important recommendation:

From a governance perspective, audit committees should ensure that there are adequate controls in place to help mitigate the risk of management bias in measuring and reporting non-GAAP measures, and that these controls are frequently assessed.

For more information, please review the brief NACD Audit Committee Chair Advisory Council: Audit Committee Oversight of Non-GAAP Financial Measures.

Further Guidance

Our resources and messaging have always been—and will continue to be—shaped by directors who actively contribute to better board-governance practice. As the largest gathering of directors in the United States, NACD’s 2016 Global Board Leaders’ Summit will convene some of the best minds in governance to continue the dialogue on how boards can adopt leading practices. We believe in and strongly support good corporate governance and will continue to provide resources to help directors effectively oversee U.S. businesses. For more information on the governance principles NACD has established, please review our Key Agreed Principles to Strengthen Corporate Governance for U.S. Publicly Traded Companies.


Tackling the Meeting Monster

During a recent executive coaching session, my client tapped open the calendar on his iPad and, pointing to the vast amount of purple-shaded area exclaimed, “No wonder I can’t get any work done.  All I ever do is attend meetings!”

This “Meeting Monster” phenomenon is a common lament among executive coaching clients and one I’ve contemplated for many years.  My observation is that it frequently arises from an organization’s culture and not simply from an individual leader’s inability to manage their time.

For example, in the early stages of an organization’s growth it is important for everyone to be “in the loop.”  Everyone can be in a relatively small area.  It is easy to collaborate.  Every day is a meeting.

As organizations grow, however, being “in the loop” can become a status symbol.  “Not being included” can mean “Not being important.” With increasing size and productivity demands, organizations are pushed to re-think meetings, and especially to ask:  “Do all of us need to meet?”

As a result of asking this new question, the meeting focus can shift away from Status, Communication, and Inclusion to Critical Problem Solving and Crucial Communication.

Then, when a meeting is truly required and the purpose of the meeting has been defined, the next question is “Who should be included?”  What follows is a process I have found to be helpful in planning efficient meetings that lead to high-quality decisions.

Stakeholder Analysis

A stakeholder is anyone who has something to gain or lose from the outcome.  All stakeholders will receive meeting minutes showing all decisions made, the stakeholder responsible for each planned action, and estimated timing.

  1. List all who have a stake in the outcome.
  2. Does each who has a vested interest need to participate in person?
  3. Identify the critical-success stakeholders and confirm their presence at the meeting.
  4. Talk with all others who have a vested interest in the outcome.  Invite those stakeholders to keep up with progress via detailed meeting minutes that will be distributed within 24 hours after the meeting.  Many will appreciate the opportunity.

Agenda and Roles

  1. Pre-publish an agenda with meeting objectives and expected outcomes.  Send well in advance.  Put “communicate only” stakeholders in cc section of email notice.   Provide firm, realistic start and stop meeting times.  Grossly overestimate time required to prepare.
  2. Where appropriate, assign responsibilities/preparation tasks to team members.
  3. Ask in advance for someone to record actions, decisions, and responsibilities in minutes that will be distributed within 24 hours of meeting conclusion.
  4. Ask in advance for a meeting time keeper.

Facilitate the Meeting

  1. Start on time.
  2. Ban/limit phones, laptops.
  3. Food distracts.  Use only when it supports your purpose.
  4. Determine what tools, charts, equipment you need in advance and have it there.
  5. Stick to the agenda.  Re-state the purpose of the meeting and expected outcomes. 
  6. Encourage participation by all.  We can stifle innovation when not all ideas are voiced.
  7. Create a parking lot to capture issues to address off-line.
  8. Praise in public; criticize in private, especially when the person being criticized is not in the room.  Everyone is on the company team.
  9. Summarize meeting outcomes, action steps and responsibilities at meeting conclusion.

The facilitator’s role is to challenge, to be sure that assignments are realistic and measurable, and to determine whether additional support or resources are needed. 

We welcome your own stories and feedback about strategies you have used to tackle your “Meeting Monster” in your workplace.

Work–Life Balance in France

French people work more than some of you think! As a consequence, work-life balance is a real issue according to many surveys done recently.

Reconciling work and private life is undeniably a key issue of job satisfaction. The balance between private life and professional life is, with the interest of labor and the working atmosphere, the three most essential ingredients to generate job satisfaction. For 99% of employees surveyed, it is important that the employer permits having a good life balance. Recognition, autonomy and being promoted in comparison are cited by 52% of employees. This is a view shared by all. Whatever their age, gender, family structure, professional category, sector of activity and size of their business…the employees interviewed agreed to place life balance, work and labor interest on the top of their job satisfaction factors list.

If, at first, employees feel relatively easy to reconcile work and private life, 76% of employees surveyed felt easy to balance work and private lives (15% think it is “very easy”, 61% “fairly easy”), reconciliation is considered difficult by a quarter of employees (24%).

In addition to daily social and family life, children seem to suffer from the balance that manage to implement the French employees concerned: 55% of parents believe that it is difficult (16% impossible) to care for their children as they would like and 49% have trouble spending enough time with their spouse.

Work-life balance is a complex issue to manage for a third of employees. A third of employees estimate they are spending too much time at work. In addition, professional concerns, or even working at home frequently affects 26% of employees. This percentage rises to 38% among managers.

Finally, almost one out of  ten employees, due to workload, fail to utilize vacations (9%). A much more common situation among the managers and employees who report working 40 hours or more per week (19% on each target). When they are asked about the evolution of the quality of their personal work-life balance, French employees are more likely to think there is a  degradation (34%) rather than an improvement (21%). Executives, again, are more negative (39%). The majority of employees believe that few things are set up in the company to facilitate the reconciliation of work and private life. If more than half of employees believe that their company makes very little effort (56% assign a score between 0 and 5), 16% attribute a good score in their structure.

However, few companies seem to mobilize on the subject…If 49% of employees feel their manager made efforts to help them better balance work and private life, only 34% believe that the direction of their business is concerned with  the subject.

The employees do not identify the French administration as an active contributor to the improvement of a better privacy.

Everyone agrees that the benefits are for both employees and businesses:

  • Better health, with reduced stress (53%, ranking first benefits for employees), which helps to reduce absenteeism (46%, ranking first profits for businesses)!
  • Enhanced efficiency, which ensures for the company gains in productivity and quality and employee satisfaction do its job quickly and well (2nd place benefits for employees and companies). 
  • Employees also see it a way of personal fulfillment (3rd place benefits for employees) and anticipate greater involvement in their structures (3rd place profits for businesses)

For employees, the key word is time arrangements and working conditions. They feel that it helps them to be able to leave their workplace in case of imperative (74%) see their workload arranged in case of personal concern (69%).

Corporate concierge solutions and nursery appear secondary compared to the introduction of greater flexibility in the organization of work (40% and 28% of employees believe that this helps or assist).

Now that it is mid-July, time has come for vacation; French people will now leave their work for our regular 3-week summer vacation. The work-life balance subject will come back in early September!

Directors Can Add Valuable Perspective to SEC’s View of Sustainability

The sustainability information in CSR reports is not, from our perspective, “investment-grade;” that is, it is not necessarily material, not industry specific, not comparable, and not auditable.

Business news headlines on any given day highlight the importance of sustainability issues such as resource scarcity, climate change, population growth, globalization, and transformative technologies. In today’s world, management of these and other sustainability risks and opportunities influences corporate success. Thus, understandably, investors are increasingly requesting information on how companies are managing these factors.

Aulana Peters

Aulana Peters

A concept release from the Securities and Exchange Commission (SEC) on disclosure effectiveness includes a lengthy discussion of sustainability disclosure. In the release, the SEC states that it is “interested in receiving feedback on the importance of sustainability and public policy matters to informed investment and voting decisions.” We hope that the SEC’s request for input on sustainability issues signals an understanding that the information investors consider “material”—much like the world around it—is changing. As a result, corporate disclosures should also evolve to provide investors with the information they need to make informed investment and voting decisions.

Sustainability issues are increasingly important to a company’s financial condition and operating performance, and thus merit the attention of its board. At more than 55 percent of S&P 500 companies, the board oversees sustainability, according to the Investor Responsibility Research Center Institute. Such boards are to be applauded for taking a more holistic view of risk oversight, and for getting out in front of global challenges.

This shift in focus by investors and the business community is driven by a growing recognition that sustainability issues are business issues, not only born of social or political concerns. One recent study found that when companies focus their efforts on managing material sustainability factors—namely, those critically linked to their core business—they outperform their peers with significantly higher return on sales, sales growth, return on assets, and return on equity. They also show significantly improved risk-adjusted shareholder returns.

Clearly, the board plays a key role in developing a company’s capacity to create long-term value and in safeguarding its assets. In this regard, a board’s careful consideration of information on material sustainability factors would help it to fulfill its oversight responsibilities, by assisting it in understanding, prioritizing, and monitoring business-related risks and opportunities.

For example, a board should regularly consider how its company measures, manages, and reports its material sustainability risks. A pharmaceuticals company might consider how it is addressing a $431 billion counterfeit drug market, where mitigation strategies in an increasingly complex, global supply chain could stem or reverse the loss of consumer confidence and company revenues, and prevent up to 100,000 deaths each year (see Roger Bate’s 2012 book Phake: The Deadly World of Falsified and Substandard Medicines). The plunging stock price and loss of goodwill suffered by Chipotle Mexican Grill after outbreaks of E. coli and norovirus at its restaurants demonstrate the way in which a failure to manage sustainability risk factors can seriously damage a company’s reputation and shareholder value.

Moreover, sustainability issues not only raise risks, but also present opportunities that can and should be taken into account by the board as it considers development and implementation of the company’s strategic goals.

Sustainability issues may have a material impact on a company’s ability to achieve such goals. For automakers, a strategy that incorporates fuel-efficient technologies and alternative fuels can help the company capitalize on legal and consumer trends regarding fuel economy and emissions in a market where car ownership is projected to triple by 2050.

Elisse Walter

Elisse Walter

Sustainability issues directly affect a company’s financial condition and operating performance. Therefore, it is not surprising that investors are increasingly demanding more effective and useful sustainability information. Many companies have made efforts to meet this demand through disclosures in corporate social responsibility (CSR) reports, by responding to questionnaires, or otherwise engaging with investors. The sustainability information in CSR reports is not, from our perspective, “investment-grade;” that is, it is not necessarily material, not industry specific, not comparable, and not auditable. To that point, a 2015 PwC study found that 82 percent of investors said they are dissatisfied with how risks and opportunities are identified and quantified in financial terms; 74 percent of the investors polled said they are dissatisfied with the comparability of sustainability reporting between companies in the same industry.

What the markets have lacked, until now, are standards that can guide companies in disclosing material sustainability information in a format that is decision-useful. These standards must be industry specific. Sustainability issues affect financial performance differently depending on the topic and the industry. Therefore, investors need guidance on which sustainability issues are material to which industries, and they need industry-specific metrics by which to evaluate and compare the performance of reporting companies.

The Sustainability Accounting Standards Board (SASB), an independent 501(c)(3) nonprofit, was created to address this market inefficiency. The mission of SASB is to develop and disseminate industry standards for sustainability disclosure that help public corporations provide material, decision-useful information to investors via MD&A and other relevant sections of SEC filings such as the Form 10-K and 20-F. SASB’s standards are formulated with broad market participation and draw upon metrics already used by the corporate community. They will continue to evolve, as our world, and thus material sustainability issues, change.

Investors want to place their funds in entities that have good prospects for the future. To do so, they evaluate the information that is material to a company’s prospects. Not all that information rests in the financial statements that reflect a company’s current financial condition. We believe that, in today’s world, risks and opportunities not yet reflected in a company’s financial statements influence its success.  And, the information that is “material” to investors—much like the world around it—has changed.

To help companies disclose material sustainability information, the capital markets need standards for disclosure of sustainability information that are created by the market, specific to industry, and compatible with U.S. securities law.

The management and disclosure of sustainability issues merits the attention of directors. The public comment period for the SEC’s disclosure effectiveness concept release runs through July 21. This is an important opportunity for publicly held companies and their directors to be heard on these critical issues, and to stress the importance of a market standard that serves investors while not overburdening issuers.

Aulana Peters was an SEC Commissioner from 1984-1988. Elisse Walter was the 30th chair of the SEC. Peters and Walter serve on the SASB board of Directors.

Suck It Up, Buttercup!

As business leaders, we spend a lot of time and energy concerning ourselves with control: leading the team, steering projects, improving work habits, inspiring discipline and productivity. Most leaders put a lot of stock in being able to exert our wills upon others and wrestling every situation from the grips of chaos. All of this comes down to control.

After all, the very word “leader” describes a person who others follow. In the Western world, the ideal leader has long been seen as a strong and severe figure who pushes and drives. The word itself casts a very heavy emphasis on imposing control over other the people we work with. It’s why a lot of aspiring “leaders” seem to cherish the fantasy of being the “Captain of the Ship,” barking out orders, shoving through their agendas, and meting out strict discipline among the “crew.”

Let me give you an example from a real “captain” — a client who came to me for advice about some workforce problems he was having. The Captain was a strong-willed, confident leader. The sort of boss who commanded respect from his very presence, with a deep voice and an iron will. And he was good at his job, having guided his team to success after success.

Now, meet the crew: smart, savvy sales professionals who worked hard and had deep respect for the Captain and his command. Upon interview, I learned that they all felt inspired by their boss, in general, and for the most part, felt motivated by his leadership.

But the Captain had concerns: “Take last week for example,” he said. “An entire team showed up over an hour late for work. The whole team. They didn’t even phone in, and they know that punctuality is a core value of this business. They know it’s important to me that employees show up on time and ready to work.”

I interviewed the employees about this particular situation and, of course, heard a very different story: “We all stayed three hours late the night before holding an important sales event. The event was a huge success, we landed two new clients, and we decided to reward ourselves by allowing ourselves a bit of a late start the next day. The boss didn’t even care about our success — he just wanted to bawl us out about being late for work. It seemed unfair.”

I confronted the Captain with his crew’s version of events: “Look, I’m glad they had a great event, but that’s just part of their job. It doesn’t excuse them from the rules of the business, and they know I don’t encourage resting on one’s laurels.”

As I continued digging, I found out that the majority of the other sales teams were on the side of the crew, not the Captain, and I could tell that a lot of work hours were spent stewing over what was perceived as unappreciative harshness on the part of the Captain. This was one isolated event, but it was part of a greater impasse within the company. The men and women loved their leader, but they thought he was kind of a tyrant sometimes.

I asked the Captain what his primary concern was in this situation. “It’s about the productivity, and about keeping things orderly.”

I couldn’t help but retort: “Well, you have probably lost a lot more hours of productivity to the gossip and the resentment you’ve caused by your harsh reaction to them.”

“Look,” he said, with finality. “They know their responsibilities and they know we are all expected to hold ourselves to the same standard.”

So, they were at an impasse. A stellar, high-performing business was teetering on the brink of becoming a toxic workplace.

It’s in situations like these that we need to start thinking about when it’s time to give up control. That’s right. I said it. Sometimes, to get what you really want….productivity, in our Captain’s situation, you need to Give. Up. Control.

My daddy, in his Alabama Southern wisdom, had a lot of expressions that he threw around when I was growing up and that I find myself echoing well into my adulthood, and into my coaching of leaders and leadees. A lot of them revolved around a stoic appreciation for the fact that life ain’t perfect:

“It’s not your job to make everyone else just like you.”

As leaders, we sometimes get trapped in the idea that our job is to make other people think and behave just like ourselves. If there’s anything the diversity in the workplace movement has taught us, it’s that having a team of people who all think and act alike is poison. As a leader, you need to recognize that not everyone takes the same path to success. It’s just as important to make allowances for individual personalities, methodologies, and philosophies as it is for you to inspire others with your own.

“Worse things have happened to better people.”

If someone you work with does something that doesn’t line up with your vision of Professional Perfection, it’s not the end of the world…and it’s not about YOU. Human emotions have a tendency to go overboard, and we sometimes get caught up in feedback loops where we get more and more upset over small, inconsequential things. If you find yourself battling to take control of a situation, ask yourself: is fighting this fight really the most productive use of my time? Would giving up control over this small thing allow me to put more of my passion and my time into tackling a bigger problem or making a much more significant improvement somewhere else?

“Suck it up, buttercup.”

Sometimes the strongest person is the one who gives up first. Sometimes the best leader is the person who realizes it’s less important to make other people do what they want them to do, and more important to build a team that wants to move forward in the same direction — even if some members of that team take a different path towards the final destination. Are your problems with other people really about their faults, or is it more about your pride and inflexibility? Isn’t there a teeny tiny possibility that you might be wrong? Or maybe nobody’s wrong; you just have different and equally effective ideas? It might be time to lose the battle so you can win the war. I know that idea stings a little. You’ll live, I promise.

So, back to the embattled Captain and nigh-mutinous crew. What’s the proper resolution to their problems? It really comes down to each individual.

For the Captain, he needed to make a decision. Was the occasional late start something he could live with? Or was it quite simply a deal-breaker, no matter how much success the team might achieve? This isn’t a glib question. It’s really a decision he had to make.

If it’s something he can live with, I advised, he would need to learn to bite his tongue and accept that sometimes a team will go against his will and roll in a little late after a hard day’s night.

If it’s a deal-breaker, he needs to express this clearly to his crew. If he’s unsuccessful in his attempt to influence their behavior, the decision becomes to (1) show them the door if they can’t comply, and search for employees who share his passion for walking into work at 8 o’clock on the dot, or (2) accept it, but don’t waste any more energy on it.

And to be fair to their fellow workers and to their stalwart Captain, the crew members would need to make a similar decision! Their only other options are to show up when the boss says to show up or shut up and take it when he deals out a dressing-down. They know the boss, they know the way he likes things, and it’s not fair to anyone for them to poison the well by moaning and sowing discord in the break room. Otherwise, if being able to celebrate a late-night triumph by catching some extra Z’s is vitally important to their wellbeing, they should put out some resumes and find a boss that accepts such celebratory sleep-ins.

Start paying attention to the professional battles you fight. Every time you feel yourself getting worked up and in conflict, ask yourself. Is this really worth it? Or am I wasting my energy? Are there better ways to pass the day?  If you can swallow your pride and start looking at situations from beyond your ego, you might just find that you waste less energy and get a lot more done….wasn’t that the goal to with.  And your crew may go from plotting your downfall in the belowdecks to singing shanties in your honor.

Not to reinvent the wheel (or helm as it were), I’ll borrow from our Catholic friends:
God, grant me the serenity to accept the things I cannot change,
Courage to change the things I can,
And wisdom to know the difference.

Whatever you decide to do, keep your eye on the horizon and don’t sink the ship!

In closing, and without all the maritime metaphors, I’ll leave you this, regardless of your role (leader or leadee),  you need to exert influence in certain situations, and in others you need to suck it up, Buttercup.  

Brexit Fallout: Seven Board Actions to Protect Your 2016–17 Results

It has become clear that Britain’s vote to leave the European Union (EU) is a major disruption to global business plans, and its consequences clearly rise to the board level. Ongoing political chaos in the United Kingdom (UK) is having seismic economic effects and has already amplified downside political risks across Europe.

“Wait and see” is a dangerous response to a highly uncertain situation. Proactive board leaders can undertake several immediate initiatives that will minimize the damage to 2016 results in Europe and improve the resiliency of your company’s plans for 2017 and beyond.

What we know today: The UK’s economy will contract next year. Frontier Strategy Group’s (FSG) Europe, the Middle East, and Africa (EMEA) Team forecasts a sharp slowdown in UK growth in the second half of 2016, deepening into a recession of -0.5 percent in 2017. Regardless of the pace and the aim of its exit negotiations with the EU, deep splits within the UK’s major political parties and energized independence movements in Scotland and Northern Ireland guarantee governmental dysfunction and depressed sentiment among consumers and businesses.

Beyond the UK, certain economies are especially vulnerable. Ireland, Norway, and the Netherlands will be hurt quickly as UK demand shrinks. Around the world, UK and European economic woes are likely to hit Poland, South Africa, Algeria, Azerbaijan, Bangladesh, and Costa Rica especially hard in their respective regions.

What we won’t know anytime soon: As of yet, it is impossible to predict (1) whether the European Union will change fundamentally or lose additional members, (2) the political and economic effects of energized populist parties in many European countries, (3) the downside risk to the UK from regional separatism, or (4) the new destinations for foreign investment that may leave the UK. Scenarios and contingency plans are essential tools to manage risk and identify targeted opportunities in this environment.

Bolster Commercial Execution in the Second Half of 2016

Boards should expect to receive a rapid-response sales strategy review from UK executives and risk assessments for Europe overall. Is management being sufficiently proactive in managing new risks?

  1. Prioritize risks to 2016 sales targets—In the UK, business investment is most likely to see near-term declines as companies worried about growth move to limit expenditures (hiring is sharply down in London), while consumer sentiment will be dragged down by housing-price shocks. Sterling and euro depreciation will hit specific customer segments hard. Expect management to proactively engage customers about changes to their expected spending, and redeploy sales and marketing resources to the least vulnerable territories.
  2. Target contingency plans on talent and finance—Uncertainty about visa requirements for Europeans in the UK (and for non-UK citizens generally) is a serious engagement and retention risk. Currency effects are wiping out margins for some UK subsidiaries and should force a near-term rethink of hedging and payment terms. Expect management to document contingency plans with signposts and priority actions by function, especially for finance and human resources (HR).
  3. Track leading indicators of changes in demand—Volatility in currency markets and commodities markets will have global ripple effects on business and consumer sentiment, and on government finances—especially in emerging markets. Ask if European management teams are adjusting their dashboards and monthly/quarterly agendas accordingly.

Stress-Test Strategic Plans for 2017 and Beyond

The next planning cycle will be more demanding than usual. Updating forecast data is a small part of the needed response. So much will remain uncertain that plans for Europe (and for markets with links to Europe) should be stress-tested for resiliency against downside scenarios. Contingency plans should be put in place for big bets.

  1. Use scenarios to model UK and EU demand—FSG’s benchmarking found that simple scenarios are key to organizational alignment and resilience; the companies that do this best grow market share 2.1 times faster than their competition in volatile markets. My pre-Brexit vote NACD post highlights a range of risks worthy of incorporating into scenario plans.
  2. Evaluate risk exposure in European operations and the supply chain—Profitability and pricing power for imported products will diminish if barriers to trade with the UK increase and European currencies weaken further. Scenario analysis can help evaluate potentially improved returns from localized production and supply-chain structure.
  3. Rethink Europe/EMEA hub locations—Potential changes that affect HR, legal, regulatory, and finance teams may tip the scales in favor of revisiting the UK as a hub for EMEA, Europe, or Western Europe leadership and operations. Balance financial and political/reputational considerations along with change-management costs. Retention of European nationals currently based in the UK is becoming a factor as well.
  4. Reassess global market-portfolio prioritization—Long-term investment plans for Europe must be rebalanced given the likelihood of a UK recession in 2017 and ripple effects varying among other European countries. Moreover, investment cases for Europe are likely to face sharply skeptical review even as EMEA leaders strive to make up the gap that UK underperformance will create. At the global level, Asia-Pacific and Latin America leaders have an opportunity to put forward more aggressive plans for 2017 and beyond. India in particular is a substantial market that remains under-penetrated by foreign companies; higher-risk big bets there may be more warmly received when Europe looks so uncertain.

When uncertainty is high, boards have a valuable role in helping management bring focus to the most important decisions rather than falling victim to firefighting and analysis paralysis. Companies that set a proactive agenda now for a mid-year course correction and forward planning will be well positioned despite market volatility in the year ahead.

Joel Whitaker is Senior Vice President of Global Research at Frontier Strategy Group (FSG), an information and advisory services firm supporting senior executives in emerging markets.