Aujourd’hui, je partage avec vous un cas publié sur le site de Julie Garland McLellan qui demande beaucoup d’analyse, de stratégie et de jugement.
Dans ce cas, Xandra, la présidente du comité d’audit d’une petite association professionnelle, propose une solution courageuse afin de mettre un terme au déclin du membership de l’organisation : une diminution des frais de cotisation en échange d’une hausse des frais de service et des frais associés à la formation.
La proposition a été jugée inéquitable par les membres, qui ont soulevé leur grande désapprobation, en la condamnant sur les réseaux sociaux.
Plusieurs membres insistent pour que cette décision soit mise au vote lors de l’AGA, et que le PDG soit démis de ses fonctions.
Étant donné que les règlements internes de l’organisation ne permettent pas aux membres de voter sur ces questions en assemblée générale (puisque c’est une prérogative du CA), le président du conseil demande à Xandra de préparer une défense pour le rejet de la requête.
Xandra est cependant consciente que la stratégie de communication arrêtée devra faire l’objet d’une analyse judicieuse afin de ne pas mettre la survie de l’organisation en danger.
Comment la responsable doit-elle procéder pour présenter une argumentation convaincante ?
La situation est exposée de manière assez synthétique ; puis, trois experts se prononcent sur le dilemme que vit Xandra.
Je vous invite donc à prendre connaissance de ces avis, en cliquant sur le lien ci-dessous, et me faire part vos commentaires.
This month our case study investigates the options for a board to respond to shareholders who know that they want something but don’t quite know how to get it. I hope you enjoy thinking about the governance and strategic implications of this dilemma:
Xandra chairs the audit committee of a small professional association. She has a strong working relationship with the chair and CEO who are implementing a strategic reform based on ‘user pays services’ to redress a fall in membership numbers and hence revenue. The strategy bravely introduced a reduced membership fee compensated by charges for advisory services and an increase in the cost of member events and education.
Some members felt that this was unfair as they used more services than others and would now pay a higher total amount each year. They have voiced their concerns through the company’s Facebook page and in an ‘open’ letter addressed to the board. In the letter they have said that they want to put a motion to the next AGM asking for a vote on the new pricing strategy and for the CEO to be dismissed. They copied the letter to a journalist in a national paper. The journalist has not contacted the company for comment or published the letter.
The CEO has checked the bylaws and the open letter does not meet the technical requirements for requisitioning a motion (indeed the authors seem to have confused their right to requisition an EGM with the right of members to speak at the AGM and ask questions of the board and auditor).
As the only person qualified in directorship on the association board, the Chair has asked Xandra « how can we push back against this request? »
Xandra is not sure that it is wise to rebuff a clear request for engagement with the members on an issue that is important for the survival of their association. She agrees that putting a motion to a members’ meeting could be dangerous. She also agrees that the matter needs to be handled sensitively and away from emotive online fora where passions are running unexpectedly high
Voici un article qui met en garde les structures de gouvernance telles que Facebook.
L’article publié sur le site de Directors&Boards par Eve Tahmincioglu soulève plusieurs questions fondamentales :
(1) L’actionnariat à vote multiple conduit-il à une structure de gouvernance convenable et acceptable ?
(2) Pourquoi le principe de gouvernance stipulant une action, un vote, est-il bafoué dans le cas de plusieurs entreprises de la Silicone Valley ?
(3) Quel est le véritable pouvoir d’un conseil d’administration où les fondateurs sont majoritaires par le jeu des actions à classe multiple ?
(4) Doit-on réglementer pour rétablir la position de suprématie du conseil d’administration dirigé par des administrateurs indépendants ?
(5) Dans une situation de gestion de crise comme celle qui confronte Facebook, quel est le rôle d’un administrateur indépendant, président de conseil ?
(6) Les médias cherchent à connaître la position du PDG sans se questionner sur les responsabilités des administrateurs. Est-ce normal en gestion de crise ?
Je vous invite à lire l’article ci-dessous et à exprimer vos idées sur les principes de bonne gouvernance appliqués aux entreprises publiques contrôlées par les fondateurs.
Facebook is arguably facing one of the toughest challenges the company has ever faced. But the slow and tepid response from leadership, including the boards of directors, concerns governance experts.
The scandal involving data-mining firm Cambridge Analytica allegedly led to 50 million Facebook users’ private information being compromised but a public accounting from Facebook’s CEO and chairman Mark Zuckerberg has been slow coming.
Could this be a governance breakdown?
“This high-powered board needs to engage more strongly,” says Steve Odland, CEO of the Committee for Economic Development and a board member for General Mills, Inc. and Analogic Corporation. Facebook’s board includes Netflix’s CEO Reed Hastings; Susan D. Desmond-Hellmann, CEO of The Gates Foundation; the former chairman of American Express Kenneth I. Chenault; and PayPal cofounder Peter A. Thiel, among others.
Odland points out that Facebook has two powerful and well-known executives, Zuckerberg and Facebook COO Sheryl Sandberg, who have been publicly out there on every subject, but largely absent on this one.
“They need to get out and publicly talk about this quickly,” Odland maintains. “They didn’t have to have all the answers. But this vacuum of communications gets filled by others, and that’s not good for the company.”
Indeed, politicians, the Federal Trade Commission and European politicians are stepping in, he says, “and that could threaten the whole platform.”
Typically, he adds, it comes back to management to engage and use the board, but “I don’t think Zuckerberg is all that experienced in that regard. This is where the board needs to help him.”
But how much power does the board have?
Charles Elson, director of the University of Delaware’s Weinberg Center for Corporate Governance, sees the dual-class ownership structure of Facebook that gives the majority of voting power to Zuckerberg and thus undermines shareholders and the board’s power.
“It’s his board because of the dual-class stock. There is nothing [directors] can do; neither can the shareholders and a lawsuit would yield really nothing,” he explains.
Increasingly, company founders have been opting to shore up control by creating stock ownership structures that undercut shareholder voting power, where only a decade ago almost all chose the standard and accepted one-share, one-vote model.
Now the Snap Inc. initial public offering (IPO) takes it even further with the first-ever solely non-voting stock model. It’s a stock ownership structure that further undercuts shareholder influence, undermines corporate governance and will likely shift the burden of investment grievances to the courts.
By offering stock in the company with no shareholder vote at all, Snap — the company behind the popular mobile-messaging app Snapchat that’s all about giving a voice to the many — has acknowledged that public voting power at companies with a hierarchy of stock ownership classes is only a fiction. And it begs the question: Why does Snap even need a board?
Alas, Facebook’s shares have tanked as a result of the Cambridge Analytica revelations, and it’s unclear what’s happening among the leaders at Facebook to deal with the crisis.
Facebook’s board, advises Odland, needs to get involved and help create privacy policies and if those are violated, they need to follow up.
“This is a relatively young company in a relatively young industry that has grown to be a powerhouse and incredibly important,” he explains. Given that, he says, there are “new forms of risk management this board needs to tackle.”
J’ai trouvé très intéressantes les questions qu’un nouvel administrateur pourrait se poser afin de mieux cerner les principaux facteurs liés à la bonne gouvernance d’un conseil d’administration.
Bien sûr, ce petit questionnaire peut également être utilisé par un membre de CA qui veut évaluer la qualité de la gouvernance de son propre conseil d’administration.
Les administrateurs peuvent interroger le président du conseil, les autres membres du conseil et le secrétaire corporatif.
Les douze questions énumérées ci-dessous ont fait l’objet d’une discussion lors d’une table ronde organisée par INSEAD Directors Forum du campus asiatique de Singapore.
Cet article a été publié par Noelle Ahlberg Kleiterp* sur le site de la Harvard Law School Forum on Corporate Governance.
Chaque question est accompagnée de quelques réflexions utiles pour permettre le passage à l’acte.
Bonne lecture ! Vos commentaires sont les bienvenus.
In many countries, boards of directors (particularly those of large organisations) have functioned too long as black boxes. Directors’ focus has often—and understandably so—been monopolised by a laundry list of issues to be discussed and typically approved at quarterly meetings.
The board’s own performance, effectiveness, processes and habits receive scant reflection. Many directors are happy to leave the corporate secretary with the task of keeping sight of governance best practices; certainly they do not regard it as their own responsibility.
It occurred to me later that these questions could be of broader use to directors as a framework for beginning a reassessment of their board role.
However, increased regulatory pressures are now pushing boards toward greater responsibility, transparency and self-awareness. In some countries, annual board reviews have become compulsory. In addition, mounting concerns about board diversity provide greater scope for questioning the status quo.
Achieving a more heterogeneous mix of specialisations, cultures and professional experiences entails a willingness to revise some unwritten rules that, in many instances, have governed board functions. And that is not without risk.
At the same time, the “diversity recruits” wooed for board positions may not know the explicit, let alone the implicit, rules. Some doubtless never anticipated they would be asked to join a board. Such invitations often come out of the blue, with little motivation or clarity about what is expected from the new recruit. No universal guidelines are available to aid candidates as they decide whether to accept their invitation.
Long-standing directors and outliers alike could benefit from a crash course in the fundamentals of well-run boards. This was the subject of a roundtable discussion held in February 2017 as part of the INSEAD Directors Forum on the Asia campus.
As discussion leader, I gave the participants, most of whom were recent recipients of INSEAD’s Certificate in Corporate Governance, a basic quiz designed to prompt reflection about how their board applies basic governance principles. It occurred to me later that these questions could be of broader use to directors as a framework for beginning a reassessment of their board role.
Questions and reflections
Q1) True/False: My board maintains a proper ratio of governing vs. executing.
Reflection: Recall basic principles of governance. If you are executing, who is maintaining oversight over you? Why aren’t the executive team executing and the board governing?
Q2) True/False: My board possesses the required competencies to fulfil its duties.
Reflection: Competencies can be industry-specific or universal (such as being an effective director). Many boards are reluctant to replace members, yet the needs of the organisation shift and demand new competencies, particularly in the digital age. Does your board have a director trained in corporate governance who could take the lead? Or does it adopt the outdated view of governance as a matter for the corporate secretary, perhaps in consultation with owners?
Q3) True/False: The frequency and duration of my board meetings are sufficient.
Reflection: Do you cover what you must cover and have ample time for strategy discussions? Are discussions taking place at the table that should be conducted prior to meetings?
Q4) How frequently does your chairperson meet with management: weekly, fortnightly, monthly, or otherwise?
Reflection: Meetings can be face-to-face or virtual. An alternative question is: Consider email traffic between the chair/board and management—is correspondence at set times (e.g. prior to scheduled meetings/calls) or random in terms of topic and frequency?
Q5) Is this frequency excessive, adequate or insufficient?
Reflection: Consider what is driving the frequency of the meetings (or email traffic). Is there a pressing topic that justifies more frequent interactions? Is there a lack of trust or lack of interest driving the frequency?
Q6) True/False: My board possesses the ideal mix of competencies to handle the most pressing issue on the agenda.
Reflection: If one issue continually appears on the agenda (e.g. marketing-related), there could be reason to review the board’s effectiveness with regards to this issue, and probably the mix of skills within the current board. If the necessary expertise were present at the table, could the board have resolved the issue?
Q7) True/False: The executive team is competent/capable. If “false”, is your board acting on this?
Reflection: At this point in the quiz, you should be considering whether incompetency is the issue. If so, is it being addressed? How comfortable are you, for example, that your executive team is capable of addressing digitisation?
Q8) True/False: My chairperson is effective.
Reflection: Perhaps incompetency rests with the chairperson or with a few board members. Are elements within control of the chairperson well managed? Does your board function professionally? If not, does the chair intervene and improve matters? Are you alone in your views regarding board effectiveness? A “false” answer here should lead you to take an activist role at the table to guide the chair and the board to effectiveness.
Q9) Yes/No: Does your board effectively make use of committees? If “yes”, how many and for which topics? If “no”, why not?
Reflection: Well-defined committees (e.g. audit, nomination, risk) improve the efficiency of board meetings and are a vital component of governance. In the non-profit arena, use of board committees is less common. However, non-profit boards can equally benefit from this basic guiding principle of good governance.
Q10) True/False: Recruitment/nomination of new board members adheres to a robust process.
Reflection: When are openings posted? Who reviews/targets potential candidates? How are candidate criteria determined? And is there a clear “on-boarding” process that is regularly revisited?
Q11) True/False: My board performs a board review annually.
Reflection: A board review will touch on many elements mentioned in previous questions. Obtaining buy-in for the first review might prove painful. Thereafter knowledge of an annual review will undoubtedly lead to more conscious governance and opportunities to introduce improvements (including replacement of board members). Procedurally, the review of the board as a whole should precede the review of individuals.
Q12) Think of a tough decision your board has made. Recall how the decision was reached and results were monitored. Was “fair process leadership” (FPL) at play?
Reflection: Put yourself in the shoes of a fellow board member, perhaps the one most dissatisfied with the outcome of a particular decision. Would that person agree that fair process was adhered to, despite his or her own feelings? Boards that apply fair process move on—as a team—from what is perceived to be a negative outcome for an individual board member. If decisions are made rashly and lack follow-up, FPL is not applied. Energies will quickly leave the room.
From reflection to action
Roundtable participants agreed that these questions should be applied in light of the longevity of the organisation concerned. Compared with most mature organisations, a start-up will need many more board meetings and more interactions between the board and the management team. The “exit” phase of an organisation (or a sub-part of the organisation) is another time in the lifecycle that requires intensified board involvement.
Particularly in the non-profit sector, where directors commonly work pro bono, passion for the organisational mission should be a prerequisite for all prospective board members. However, passion—in the form of a determination to see the organisation’s strategy succeed—should be a consideration for all board members and nominees, regardless of the sector.
Directors who apply the above framework and are dissatisfied with what they discover could seek solutions in their professional networks, corporate governance textbooks or a course such as INSEAD’s International Directors Programme.
If you are considering a board role, you could use the 12 questions, tweak them for your needs and evaluate your answers. Speak not only with the chair, but also with as many board members and relevant executive team members as you can. Understand your comfort level with how the board operates and applies governance principles before accepting a mandate.
Noelle Ahlberg Kleiterp, MBA, IDP-C, has worked for 25 years across three continents with companies including GE, KPMG, Andersen Consulting and Atradius. Noelle owns a sole proprietorship in Singapore and serves as a board member on a non-profit organisation in Singapore.
Le récent rapport de KPMG sur les grandes tendances en audit présente sept défis que les membres des CA, notamment les membres des comités d’audit, doivent considérer afin de bien s’acquitter de leurs responsabilités dans la gouvernance des sociétés.
Le rapport a été rédigé par des professionnels en audit de la firme KPMG ainsi que par le Conference Board du Canada.
Les sept défis abordés dans le rapport sont les suivants :
– talent et capital humain ;
– technologie et cybersécurité ;
– perturbation des modèles d’affaires ;
– paysage réglementaire en évolution ;
– incertitude politique et économique ;
– évolution des attentes en matière de présentation de l’information ;
– environnement et changements climatiques.
Je vous invite à consulter le rapport complet ci-dessous pour de plus amples informations sur chaque enjeu.
Alors que l’innovation technologique et la cybersécurité continuent d’avoir un impact croissant sur le monde des finances et des affaires à l’échelle mondiale, tant les comités d’audit que les chefs des finances reconnaissent le besoin de compter sur des talents de haut calibre pour contribuer à affronter ces défis et à en tirer parti.
Le rôle du comité d’audit est de s’assurer que l’organisation dispose des bonnes personnes possédant l’expérience et les connaissances requises, tant au niveau de la gestion et des opérations qu’au sein même de sa constitution. Il ne s’agit que de l’un des nombreux défis à avoir fait surface dans le cadre de ce troisième numéro du rapport Tendances en audit.
Les comités d’audit d’aujourd’hui ont la responsabilité d’aider les organisations à s’orienter parmi les nombreux enjeux et défis plus complexes que jamais auxquels ils font face, tout en remplissant leur mandat traditionnel de conformité et de présentation de l’information. Alors que les comités d’audit sont pleinement conscients de cette nécessité, notre rapport indique que les comités d’audit et les chefs des finances se demandent dans quelle mesure leur organisation est bien positionnée pour faire face à la gamme complète des tendances actuelles et émergentes.
Pour mettre en lumière cette préoccupation et d’autres enjeux clés, le rapport Tendances en audit se penche sur les sept défis qui suivent :
talent et capital humain;
technologie et cybersécurité;
perturbation des modèles d’affaires;
paysage réglementaire en évolution;
incertitude politique et économique;
évolution des attentes en matière de présentation de l’information;
environnement et changements climatiques.
Au fil de l’évolution des mandats et des responsabilités, ce rapport se révélera être une ressource précieuse pour l’ensemble des parties prenantes en audit.
Voici un sujet d’actualité brûlant sur le harcèlement sexuel au travail et les questions que le management des entreprises doit se poser à cet égard.
L’article publié par Arthur H. Kohn* sur le site de Harvard Law School on Corporate Governance, est très pertinent, autant pour la direction des organisations, que pour les administrateurs de sociétés.
Les auteurs présentent une série de huit (8) questions fondamentales auxquelles les responsables doivent répondre afin de bien s’acquitter de leurs responsabilités.
Il faut voir les questions comme une check-list des activités de diagnostic eu égard aux situations de harcèlement sexuel et de diverses formes d’inconduite.
J’espère que cette lecture sera utile aux gestionnaires soucieux de la qualité de l’environnement de travail des entreprises.
In recent months, sexual harassment allegations against well-known figures across a growing number of industries have become a common feature in news headlines. In the wake of these allegations, many companies have concluded that their current policies and procedures related to sexual harassment and discrimination are inadequate. Against the backdrop of this rapidly evolving landscape, companies are considering how to improve their policies and procedures not only to appropriately and effectively respond to allegations of sexual harassment, but also to deter inappropriate behavior going forward and foster an environment of openness, diversity and inclusion in their workplaces. To that end, below are 8 key questions that companies should be asking themselves in developing policies and procedures to confront sexual harassment and other forms of misconduct in today’s workplace.
The 8 Questions Companies Should Be Asking Themselves
1. Have we thought broadly, globally and proactively in developing our policies and procedures about workplace harassment?
Under both U.S. federal and state law, companies are incentivized to have policies and procedures in place that address sexual harassment and contain clear guidelines about what to do in the event an employee is sexually harassed. In addition to ensuring that their sexual harassment policies comply with applicable federal and state law, companies should consider developing other internal policies and trainings for employees and executives concerning inappropriate, offensive, or abusive behavior, including:
Policies concerning bullying, discrimination, retaliation, consensual relationships and nepotism.
Code of conduct, affirmatively establishing the expected company culture.
Trainings on unconscious bias, sensitivity in the workplace and behavioral responses to harassment and discrimination (e.g., understanding the “freeze” response to harassment).
In developing these policies and trainings, consideration should be given to the fact that the public’s perception of what constitutes harassment or inappropriate behavior has already begun, and will continue, to change. Likewise, some conduct that is unlikely to provide a basis for a legal claim against a company under the current state or federal law applicable to the company, may be the subject of future legislation. In addition, thinking not just about deterring illegal conduct but about fostering an environment in which such conduct is unlikely to occur is important. Training on unconscious bias, sensitivity in the workplace and behavioral responses to harassment and discrimination are just some ways in which the culture of a company can be improved.
As part of a comprehensive approach to developing policies on harassment, companies may also consider examining perspectives on harassment in foreign jurisdictions, including looking to local rules for guidance. Global organizations should not only adopt uniform policies across geographical areas that reflect global standards of conduct, but also should make sure that any local law requirements are adopted through addenda in relevant jurisdictions.
2. Do our employees trust the company’s procedure for reporting harassment?
If the behavior complained of is not expressly covered by a company’s sexual harassment policy or applicable law, employees may not think they have recourse through the company’s reporting procedures. Even if a company has put in place a clear procedure for reporting violations, employees may not use it if they do not trust that their complaints will be investigated thoroughly and without any repercussions. Employees may have the perception that the priorities of the individuals designated to receive complaints are more aligned with the accused or that these designated individuals have an obligation to presume innocence. Employees may moreover fear that their allegations will be perceived as overreactions or that they will face retaliation, particularly where the alleged perpetrator is a senior person or high performer. Where this is the case, employees may decide to escalate their complaints by going outside of their companies’ reporting procedures, including by sharing their stories more broadly:
through the press (Harvey Weinstein);
on social media (#MeToo);
on anonymous forums that are, or may become, open to the public (the “Sh%&ty Media Men” spreadsheet, Glassdoor.com, Blind conversation app); and
calling anonymous hotlines set up by organizations outside the company (National Organizations for Women; Equal rights advocates).
In light of this, companies should take steps to ensure that their human resources (“H.R.”) functions are sufficiently staffed and trained on how to handle concerns about harassment that they encounter outside of regular reporting channels. Companies may also consider having those in H.R. functions proactively monitor forums and other websites for allegations of harassment as a complement to their existing processes. A company’s failure to respond to allegations made in the press or on social media or to provide appropriate reporting mechanisms for harassment claims may contribute to a determination that the company has not exercised reasonable care in preventing and addressing harassment, thereby exposing the company to liability. In addition to legal risks, the publication of harassment allegations can also expose a company to reputational harm, which may be mitigated by a company’s proactive response to the allegations.
Companies should also take steps to ensure that all information concerning harassment allegations, even if not raised through the company’s reporting procedures or raised anonymously, is shared with appropriate individuals within the organization and also promptly escalated to senior management or the board. In order to comprehensively address allegations of harassment or unhealthy workplace cultures, it is essential that all known information about alleged violations be promptly and regularly escalated to senior management or the board.
3. Who is responsible for receiving complaints and do they have adequate resources and training?
Even if a company’s reporting procedures designate particular individuals as responsible for receiving complaints, employees may bring allegations to non-designated employees, including their managers and mentors. Employees may also report allegations directly to senior management. For example, recently developed apps like AllVoices enable victims of sexual harassment or discrimination to anonymously report incidents to a company’s CEO and board. Companies should thus ensure that senior management, as well as all employees and others who may receive complaints of harassment, receive training on how to respond to allegations of harassment and are well-versed on how to promptly escalate complaints within the organization. Employees should be reminded that they should never discourage someone from bringing forward an allegation of harassment and that any such allegations must be taken seriously and reported properly. As noted above, companies should also ensure that all information relevant to harassment allegations is shared with the appropriate individuals and escalated to senior management or the board on a regular basis.
Companies should also consider taking steps to assess the work environment before a complaint of harassment arises. For example, companies may consider conducting anonymous surveys of employees on their experiences in the workplace and the current harassment procedures, administering “climate assessments” in particular areas of the business, including H.R., holding skip-level meetings for senior management to gain insight into the culture at various levels of the organization, and establishing a clear open door policy to encourage openness between employees and senior management.
4. Who should be in charge of conducting investigations and do those in charge have adequate resources and independence?
Substantial consideration should be given to who is in charge of conducting an investigation into complaints of sexual harassment and to whether those directing the investigation are sufficiently independent. Companies may consider forming a committee consisting of representatives from different parts of the company to direct any harassment related investigations, including determining who should have responsibility for conducting the investigation. Depending on the nature of the allegations, an investigation by personnel in an H.R. function may be appropriate and cost effective. For allegations involving senior management or that involve pervasive behavior by a group or area within a company, a company may also consider bringing in outside counsel. In that scenario, consideration should be given to who retains the counsel and whether counsel is sufficiently independent.
Companies should also ensure that their investigations are conducted with the utmost confidentiality and assure employees that their harassment complaints are confidential and that they will be protected against retaliation. If, however, a company ultimately decides to settle with a complaining employee, it may consider reevaluating the use of non-disclosure agreements (“NDAs”), either in settlements or in existing employment contracts, which could be perceived as “hush money” or as perpetuating abusive work environments by protecting perpetrators, and which are the subject of proposed legislation in some state legislatures.
5. Has a disclosure obligation been triggered?
Additional considerations may apply with respect to responding to and preventing misconduct by senior executives. Such misconduct can create or exacerbate an abusive work environment and lead to serious reputational injury for the company. If allegations are made against an executive officer, the company should determine when and how to involve the board in dealing with those allegations. Public companies should also keep in mind that the change in employment conditions, resignation or termination of certain executives must be disclosed on a Form 8-K in the U.S., and that other foreign jurisdictions may have similar disclosure requirements.
Companies may also consider whether to review their contracts with senior executives to ensure that the contracts include provisions that require and incentivize compliance with the company’s behavioral expectations. To that end, some companies have chosen to consider, with respect to their new and existing contracts, what rights they have to terminate senior executives for cause for violations of the company’s harassment policies and to deny indemnification in such situations. One reason to consider negotiating arrangements with these protections in place is that payment of large severance packages can cause reputational harm to a company based on the perception that it is being “soft” on executives whose behavior violated its policies or rewarding executives for inappropriate behavior. On the other hand, these negotiations may present real challenges.
6. Does senior management communicate the message that harassment of any type will not be tolerated?
The adoption of strong internal codes of conduct, policies and robust procedures will have limited efficacy if senior management does not make clear that it will not tolerate harassment of any kind or by any perpetrator. Management’s failure to swiftly investigate claims of harassment or to penalize abusive behavior can exacerbate an already hostile work environment. Further, as noted above, consideration should be given to ensuring that management cannot be reasonably perceived as rewarding senior executives who do not comply with the company’s behavioral expectations or silencing victims of abuse.
Companies should encourage senior management to takes steps to facilitate openness and increased communication with their employees even before a complaint arises. Senior management should also regularly remind employees of the existence of their company’s policies and procedures related to harassment and should participate in trainings.
7. Is the board sufficiently informed on the company’s policies and procedures relating to sexual harassment?
Board members may be exposed to claims of breach of fiduciary duty following claims of sexual harassment perpetrated by executive officers or other employees of the company. In particular, public companies may face serious financial consequences following allegations of harassment at the company as a result of such claims. Boards should also be aware that there are financial risks that are not directly tied to payment of civil damages or to legal and remediation costs related to sexual harassment. The media has recently reported numerous incidents of allegations where executives have been accused of sexual harassment and other misconduct, and the companies have seen their stock price fall or lost advertising revenue, customers and business opportunities. In light of these risks and, most importantly, to protect the safety of the company’s employees, the board should periodically review the company’s sexual harassment policies, including training and reporting channels. The board should also ensure that it is being informed of violations of these policies, as appropriate, and has a sense of the day-to-day workplace culture as it relates to sexual harassment and other forms of inappropriate workplace behavior.
8. Does the company have effective standards, policies and processes, including diligence processes, to address sexual harassment issues at potential investment targets and existing subsidiaries and/or portfolio companies?
Companies may face major reputational and financial repercussions based on the misconduct of other companies that they have acquired or in which they have invested. During the diligence process, consideration should be given to inquiring into the target’s or partner’s implementation and maintenance of harassment policies and procedures, the existence of appropriate controls, and whether the investment target or its key personnel have a history of incidents, investigations or allegations of harassment issues. In addition, in appropriate circumstances, consideration should be given to engaging local counsel for investments outside the U.S. to consider whether the company’s policies comply with applicable local rules, and the impact any non-compliance could have post acquisition.
Private equity sponsors and other similar organizations should consider reevaluating policies and procedures at existing portfolio companies and subsidiaries in light of recent developments, and may further consider putting in place reporting requirements to ensure that portfolio companies and subsidiaries have implemented effective policies and ongoing training. Companies may also consider steps that can be taken internally to effectively implement appropriate policies, procedures, and training at their portfolio companies and subsidiaries. For example, consideration should be given to whether a company can leverage its own practices and policies across its portfolio companies and subsidiaries.
Conclusion
Sexual harassment related allegations are increasingly making headlines and rapidly changing perceptions concerning harassment and abusive behaviors. While the allegations initially centered on the entertainment industry, sexual harassment in the workplace has now become a major issue in a growing number of industries, including technology and finance. Companies across all industries are responding by developing strategies for tackling harassment in the workplace and minimizing risk by implementing strong policies, procedures, and complaint systems. To do so, it is essential that companies ask the right questions.
L’une des questions prédominantes — et souvent controversées — dans l’évaluation des principes de saine gouvernance concerne l’indépendance des administrateurs.
L’Institut sur la gouvernance (IGOPP) propose une approche nouvelle et originale sur la question de l’indépendance des membres des conseils d’administration.
Dans un document « L’indépendance des conseils : un enjeu de légitimité », l’IGOPP propose que toute organisation dotée d’un conseil d’administration cherche à constituer un conseil qui soit à la fois légitime et crédible.
L’enjeu n’est pas tellement l’indépendance des conseils mais bien leur légitimité et leur crédibilité. La qualité d’indépendance ne prend son sens que si elle contribue à rehausser la légitimité d’un conseil.
C’est par sa légitimité qu’un conseil acquiert le droit et l’autorité de s’imposer à la direction d’une organisation. Les conseils d’organisations publiques ou privées, sans actionnaire ou sans actionnaire actif détenant plus de 10 % du capital-actions ordinaire, devraient être composés d’une majorité nette d’administrateurs indépendants. De plus, tous leurs comités statutaires devraient être composés exclusivement de membres indépendants.
L’article ci-dessous, écrit à la suite d’une table ronde réunissant plusieurs spécialistes de la gouvernance européenne, aborde trois sujets incontournables, en tentant de tirer des enseignements pour le futur :
(1) l’indépendance des administrateurs et la pertinence du concept
(2) les divers aspects de la rémunération et les obligations fiduciaires
(3) l’identification des actionnaires et les questions de procuration des votes
Dans ce billet, nous vous proposons les questionnements reliés à l’indépendance des administrateurs.
L’indépendance est-elle une bonne idée ?
Quels sont les problèmes liés à l’indépendance ?
Quels sont les résultats de recherche qui montrent que l’indépendance améliore la qualité de la gouvernance ?
Comment composer avec l’influence des gestionnaires et des conflits d’intérêts ?
L’article publié par Christian Strenger*est paru sur le site de Harvard Law School Forum on Corporate Govervance.
Alors, selon vous, pourquoi l’indépendance des administrateurs est-elle un gage de bonne gouvernance ?
Bonne lecture ! Vos commentaires sont les bienvenus.
L’indépendance des administrateurs : panacée ou boîte de Pandore?
Board Independence: the Quality Question and dealing with Insider Issues
Background
A reliable formula for board effectiveness has been elusive, but the importance of effective boards warrants ongoing reflection and research by both academics and practitioners.
In spite of the diversity of governance models around the world, the concept of independence plays a prominent role in most, if not all, codes of governance globally as an intrinsic component of good board structure. For example, independence features, to varying degrees of emphasis, in the governance frameworks of the US, UK, Germany and Japan. It is also reflected in global frameworks, such as the ICGN Global Governance Principles or the OECD Corporate Governance Principles.
But what does independence mean in a corporate governance context, and does it deliver what we want it to? This session seeks to challenge how we think about independence and addresses several fundamental questions relating to boards and corporate governance:
Is board independence essential to quality in corporate governance—or is independence simply a placebo that doesn’t do anything but makes us feel better?
What do we expect board independence to achieve in practical terms?
Are independent directors really in a position to monitor and control corporate insiders?
These are questions that have relevance for company managers and directors, but also for investors, regulators and stakeholders.
Role of boards
A company’s board of directors is at the core of its corporate governance. Boards play a range of advisory and control functions. This includes strategic direction and risk/control oversight, along with the monitoring and reward of executive management.
At a more overarching level, agency theory suggests that one of the key roles of the board is to serve as an agent protecting the interests of shareholders vis-à-vis company management or controlling owners. This reflects a duty of care to support the company’s long-term success and sustainable value creation and to ensure the alignment of interests between management, controlling owners, minority investors—taking into account stakeholder interests as well.
Why is independence a good idea?
Shareholders and other stakeholders expect boards to have the ability and authority to think and act independently from company executives or controlling owners. The board may be unable to serve effectively in its agency role if its directors’ judgements are not free of conflicts or any other external influence other than promoting the long-term success of the firm.
What are the problems related to independence?
It is important to recognise that independence has to be looked at in the context of how it affects board processes, decisions and overall governance. Yet spite of the inherent virtues of independence, its realisation in practice is not an easy fix; nor does it intrinsically enhance board effectiveness. A director must be able to contribute something other than independence alone, whether that is in the form of sector knowledge, commercial experience, international experience, technical skills or other areas that support the board’s oversight of company management.
Moreover, independence is ultimately a state of mind, not a product of definitions. There are many different sets of criteria that seek to define independence for individual directors. While these sorts of criteria can be useful, they can also be crude, misleading or incomplete.
The Lehman Brothers board in 2008, the year of its demise, was an example of a nominally independent board. But was this board able to operate independently of a strong Chair/CEO? Was there enough financial sector expertise amongst this group of independent directors to provide a rigorous challenge? (See Annex 1 in the complete publication).
Does independence ensure quality? What is the evidence?
Independence may be real, but it can be hard, if not impossible, to measure in a meaningful way. It is much easier to measure structural features of boards than it is to measure the quality of board processes. But sometimes what is easily measurable is not worth measuring. So while it is possible (and very common) to calculate simple ratios, such as independent directors/total directors a common gauge of board independence, they may not tell us much. Indeed, the evidence of empirical studies using simplistic/conventional measures of independence has been inconclusive (See Annex 2).
Many board attributes, including independence, which are regarded as “best practice” lack clear empirical grounding, at least in an econometric context. So, in many features of our corporate governance codes we are dealing in effect with opinions more than facts.
How to deal with insider influence and vested interests?
Insider influences can vary depending on the nature of the company. For widely-held companies, the vested interests of executive management often take the form of high pay for limited performance. In controlled companies vested interests may be the controlling owners themselves in terms of entrenchment and self-dealing.
Are independent directors really equipped to challenge these insiders? Or is that possibly asking for a bit too much? The empirical evidence cited above suggests that independent directors may not have a meaningful impact on board governance. But the evidence does suggest in the area of audit committees that independence is important. This makes logical sense, but it also suggests that for an independent director to provide meaningful oversight, independence must be combined with other important attributes, including sectoral knowledge and financial expertise. Independence as a determinant of board effectiveness therefore may be a necessary, but not a sufficient, condition.
Conclusion
We need to recognise that independence may be overrated, or at least not always live up to its billing. At least as it is conventionally defined, independence has not proven to be a panacea or silver bullet to ensure good corporate governance. At the same time, however, the concept of board independence is important and worth preserving, if nothing else as an aspirational ideal.
Discussion Results
Independent directors seem to be an intuitive solution for the agency problem stemming from the separation of ownership and control, but also for limiting the power of controlling shareholders in a corporation.
The starting point of the discussion was: Why do we need independence in the first place? As investors and other stakeholders want to see their interests served and protected by the board, the absence of potential conflicts of interest between non-executive directors and managers or undue influence from a major shareholder are the answers. Disclosure of meaningful ties of the non-executive directors to the management or controlling shareholders is important. The discussion also emphasized that reasonable diversity can be a contributing factor for board independence, and that truly independent board members can play a key role in avoiding too much convergence in decision making, as well as in focusing on the well-being of the company itself, and not any separate vested interests. While the discussion highlighted many benefits of board independence, it also pointed to potential costs: board independence may come with costs relating to problems in information flows, access to information and processing. Thus, it is important to complement board independence with proper board procedures and processes.
A key point of the discussion was the definition of independence itself. Besides the obligatory disclosure of relevant ties of a non-executive board member to management or controlling shareholders, regulators tried to formalize criteria to define independent board members. Academic literature also strives to evaluate how predefined criteria affect company decisions. However, results of these efforts are mixed and can hardly achieve “true” independence. The description of certain characteristics could introduce independence on paper, but may not reflect correctly the individual case of a board member. A predefined strict categorization would in practice suffer from a “ticking the box” approach. Independence from a controlling shareholder is equally hard to define as thresholds for shareholdings may not reflect the individual circumstances. The discussion also highlighted that strict definitions of independence might also require companies to replace experienced board members with new independent board members. That could lead to a temporary loss of experience and industry expertise.
Ways for the Future:
The realistic description of board independence needs a detailed assessment of the individual and a disclosure of ties of a non-executive board member to the management or controlling shareholders. Furthermore, disclosure of the selection process of the nomination committee should bring important insights for investors and the stakeholders.
The discussion further emphasized that formal characteristics alone could be misleading to determine the independence of a board member, focusing on “independence in mind” as an important aspect. As this factor is difficult to gauge or measure, investors may have to communicate with the chair in individual cases.
A sensible and company specific skillset of personnel management, industry knowledge and experience must be represented in the board as a priority, as formal independence alone is not a sufficient prerequisite for the selection process. The discussion emphasized that extensive information is key to allow proper evaluation of true independence. This should be complemented by sufficient access to the chair for communication with investors. The latest German code revision emphasizes that chairs make themselves available to investors for such supervisory board related issues.
Ways for the Future:
Full disclosure of important ties between individual board members with management and controlling shareholders should be obligatory. To properly evaluate the board member proposals, the disclosure of the skillsets of board members and the selection process would bring further important insights for investors. An idea proposed to support the process was the development of a “board skills matrix” for individual boards.
The discussion highlighted the key role of the nomination committee in the identificatio n and evaluation of independent directors. It was therefore suggested that the chair of the nomination committee should make himself available to investors. This point was controversially discussed due to possible loss of a “One Voice” communication strategy, so that communication should be confined to the chair of the supervisory board.
Another important point of the discussion was the regular evaluation of non-executive board members, as this may bring improvements for independent guidance and decision making of the full board. It could also identify areas of strength and weaknesses for an improved performance of both boards. A key prerequisite for a successful evaluation is the independence of the conducting leader.
The discussants raised the issue of the differences emerging from national governance environments, such as different shareholder structures and cultural differences. While the Anglo American approach to independence appears to work in the UK, this differs from continental European countries such as Germany and France.
Ways for the Future:
A solution to cross-country differences is the development of “local optima” that reflect the special circumstances in each country, rather from pursuing a “one fits all” approach.
Conclusion
The participants concluded that board independence remains a central issue in the corporate governance debate. The discussion identified definition issues as critical. It was also highlighted that full disclosure of the individual independence is important. Formal independence alone does not ensure board or director effectiveness. It must be accompanied with skills, knowledge and experience to obtain satisfactory board work results. Disclosure on the individual board members’ selection process and independence characteristics should be made available to investors and the other stakeholders.
*Christian Strengeris Academic Director at the Center for Corporate Governance at HHL Leipzig Graduate School of Management. This post is based on a publication by Mr. Strenger and Jörg Rochell, President and Managing Director at ESMT Berlin, for a symposium held in Berlin on November 9, 2017, sponsored by ESMT Berlin and the Center for Corporate Governance at HHL Leipzig Graduate School of Management.
Voici un article très intéressant qui présente une vision différente de la gouvernance à l’« Américaine ».
Les auteurs XAVIER HOLLANDTS et BERTRAND VALIORGUE sont enseignants-chercheurs en stratégie et gouvernance des entreprises. L’article vient de paraître sur le site LesEchos.fr.
Le projet français de loi « Pacte » a pour objectif de repenser les grandes notions de gouvernance, notamment la place de la participation des salariés à titre d’administrateur à part entière.
L’article examine trois idées reçues qu’il est important de bien élucider :
(1) la participation permet d’équilibrer le rapport capital/travail
(2) la participation améliore le dialogue social
(3) la participation améliore la performance
Bonne lecture ! Vos commentaires sont les bienvenus.
Voilà de quelle manière les auteurs concluent leur article :
Compte tenu de ces éléments, faut-il promouvoir la participation des salariés à la gouvernance des entreprises ? Oui car l’accroissement de cette participation nous semble nécessaire pour deux raisons. L’arrivée d’administrateurs élus par les salariés au sein des conseils d’administration va permettre de recentrer les discussions sur l’entreprise, son projet stratégique, les investissements de long terme et son apport au progrès social et environnemental. Cette arrivée va redonner tout leur sens et prérogatives aux conseils d’administration.
La participation des salariés à la gouvernance va en outre apporter des éclairages et des moyens nouveaux pour gérer l’actif clé de la performance des entreprises : le capital humain. Les administrateurs salariés vont aider les dirigeants à mieux prendre en compte et développer cet actif qui est facteur majeur de compétitivité, d’innovation et de performance durable. On objectera alors que d’autres parties prenantes jouent aussi un rôle clé dans le processus de création de valeur et que leur présence au sein des conseils d’administration serait bienvenue. Ceux-là n’auraient pas tort.
À chaque semaine, j’ai l’intention de donner la parole à Johanne Bouchard* qui agira à titre d’auteure invitée sur mon blogue en gouvernance.
Son troisième billet se retrouve dans le e-Book 1 publié sur son site. Sous l’entête « What I write about », blogs in French, l’on retrouve tous les articles en français.
L’auteure a une solide expérience d’interventions de consultation auprès de conseils d’administration de sociétés américaines et d’accompagnements auprès de hauts dirigeants de sociétés publiques. Dans ce billet, elle aborde ce que, selon elle, doivent être les qualités des bons administrateurs.
Quels conseils, simples et concrets, une personne qui connaît bien la nature des conseils d’administration, peut-elle prodiguer aux administrateurs eu égard aux qualités et aux comportements à adopter dans leurs rôles de fiduciaires ?
Bonne lecture ! Vos commentaires sont les bienvenus.
Siéger à un conseil d’administration : comment exceller ?
par
Johanne Bouchard
C’est un privilège de servir au sein d’un conseil d’administration. Servir…
Les résultats sont présentés sous forme de questions relatives à la sécurité informatique :
Le CA doit-il être le responsable de la surveillance de cette activité ?
Votre CA nécessite-t-il plus d’expertise dans le domaine de la cybersécurité ?
Avons-nous toutes les compétences requises au sein du CA ?
Possédons-nous les informations nécessaires pour la supervision des risques de cybersécurité ?
Le CA, et notamment son président, a-t-il développé un niveau de relation ouverte avec le responsable des technologies (CISO) ?
Comment savoir si les contrôles mis en place pour prévenir les brèches dans les systèmes sont efficaces ?
Les auteurs donnent un exemple de tableau de bord utile pour les CA :
Despite how pervasive the threats are, 44% of the 9,500 executives surveyed in PwC’s 2018 Global State of Information Security® Survey say they don’t have an overall information security strategy. That gives you a sense of how much work companies still need to do. Overseeing cyber risk is a huge challenge, but we have ideas for how directors can tackle cybersecurity head-on.
L’article présente également une mine d’informations eu égard aux enjeux, aux défis et aux actions qu’un CA doit entreprendre pour assurer une solide sécurité informatique.
Je vous invite à lire les conclusions de l’étude de PwC ci-dessous. Pour plus d’information sur ce sujet, vous pouvez consulter le rapport complet.
Directors can add value as their companies struggle to tackle cyber risk. We put the threat environment in context for you and outline the top issues confronting companies and boards. And we identify concrete steps for boards to up their game in this complex area.
You don’t need us to tell you that cyber threats are everywhere. Breaches make headlines on
what seems like a daily basis. They also cost companies—in money and reputation. Indeed, cyber threats are among US CEOs’ top concerns, according to PwC’s 20th Global CEO Survey.
The pace of cyber breaches isn’t slowing. In part, we’re making it too easy for attackers. How? Employees fall for sophisticated phishing schemes, neglect to install security updates or use weak passwords. We are also doing more work on mobile devices, which tend not to be as well protected. And companies don’t always invest enough in cybersecurity or patch their systems promptly when problems are discovered.
The nature of cyber threats is also evolving. The self-propagating WannaCry attack, for instance, could infect a computer even if the user didn’t click on the link. Indeed, 2017 saw a number of major ransomware attacks that froze computer systems—keeping some companies offline for weeks.
Despite how pervasive the threats are, 44% of the 9,500 executives surveyed in PwC’s 2018 Global State of Information Security® Survey say they don’t have an overall information security strategy. That gives you a sense of how much work companies still need to do. Overseeing cyber risk is a huge challenge, but we have ideas for how directors can tackle cybersecurity head-on.
Challenge:
How can our board understand whether management’s cybersecurity and IT program reduces the risk of a major cyberattack or data breach—or actually makes the company more vulnerable?
Many directors are not confident that management has a handle on cyber threats. PwC’s 2017 Annual Corporate Directors Survey found that only 39% of directors are very comfortable that their company has identified its most valuable and sensitive digital assets. And a quarter had little or no faith at all that their company has identified who might attack.
There are obviously many moving parts that management needs to get right. Many companies align their programs and investments with a cybersecurity framework to help ensure they’re addressing everything they should.
For a board to oversee cyber risks effectively, it needs the right information on how the company addresses those risks. But 63% of directors say they’re not very comfortable that their company is providing the board with adequate cybersecurity metrics. [1]
Boards also shortchange the time they give to discussing cyber risks. We often see board agendas allocate relatively little time to the topic.
Another part of the challenge is that few boards have directors with current technology or cybersecurity expertise. And that puts directors at a disadvantage in being able to figure out if management is doing enough to address this area of significant risk.
Why does cybersecurity often break down in companies?
Common issues
Why they matter
There’s no inventory of the company’s digital assets
Companies can’t protect assets they don’t know about. Management should be able to explain what information and data they hold, why it’s needed, where it is (within the company’s systems or with third parties) and whether it’s properly protected. They should also know which data is most valuable (the crown jewels).
The company doesn’t know which third parties it digitally connects with
A company may interact—and even share sensitive information—with thousands of suppliers and contractors. Hackers often target these third parties as a way to get into a company’s network. Yet more than half of companies don’t keep a comprehensive inventory of the third parties they share sensitive information with. [2]
The company hasn’t identified who is most likely to come after its data
Knowing who might attack helps the company better anticipate how they might attack. That in turn may help the company put up better defenses.
The company has poor cyber hygiene
Systems that aren’t properly configured are more vulnerable to attacks. So companies should employ leading practices, like multi-factor authentication, to protect highly sensitive information. They also need to do the basics right—like removing access on a timely basis for people who leave the company or change jobs.
The company hasn’t patched known system vulnerabilities
System vulnerabilities are being uncovered constantly. But not all software companies push out patches to users. So the company needs to ensure someone regularly monitors to see if patch updates are available. And then make sure those fixes get made.
The company has a wide attack surface
Providing more ways to access company systems makes things easier for employees, customers and third parties. And for hackers. So companies need stronger controls (such as multi-factor authentication). And they need to increase their monitoring for suspicious activity.
Employees aren’t trained on their role in security
Current employees are the top source of security incidents—whether intentional or not. [3] Yet only half (52%) of executives say their company has an employee security awareness training program. [4]
Cybersecurity is viewed as the CISO’s responsibility
A chief information security officer (CISO) can’t do the job alone. Other groups like Infrastructure or Operations need to cooperate and provide resources to address cyber issues.
Board action:
Focus on getting the right information and building relationships with the company’s tech and security leaders so you get a better sense of whether management is doing enough
This is a really tough area to oversee. Here are a number of questions to help as you address it.
1. Since cybersecurity is really a business issue, should the full board oversee it?
Half of directors say their audit committee is responsible for cyber risk, and 16% give it to either a separate risk committee or a separate IT committee. Only 30% say it’s a full board responsibility. [5] If the full board doesn’t want to oversee cyber risk, ensure that, at a minimum, whichever committee is assigned the responsibility provides regular and comprehensive reporting up to the whole board. And consider moving it from the already overloaded audit committee to another board committee.
2. Does our board need greater cybersecurity or technology expertise?
For some companies, the answer will be to recruit a director with serious expertise in cybersecurity. But others won’t choose to close their skill gap by adding a new director. People with these skills are hard to find, especially since the technology landscape is changing so quickly. Some boards may not have room to add another member. Others may not want to add someone with such specific expertise unless they’re confident that person could handle other board matters as well. So instead they look for other ways to address any gap, including continuing education and using outside advisors.
3. Is everyone in the room who needs to be?
The cybersecurity discussion should include business, technology and risk management leaders—as well as the CEO and CFO. Why? For one, it reinforces that cyber is an enterprise-wide issue—and that directors expect everyone to be accountable for managing the risk. The discussion also may expose other areas where there are security gaps. For example, while a CISO will often cover IT, many industrial organizations also need to protect OT—the operational technology that directs what happens in physical plants or processes. So if the CISO isn’t covering OT, the board needs to hear from whoever is.
4. Do we have the information we need to oversee cyber risk?
First, consider whether you have the basic information you need on the company’s IT environment. Without this background, it’s tough to make sense of the level of risk the company faces. There are a few key areas:
The nature of the company’s systems.
Are they developed in-house, purchased and customized or in the cloud?
Are any no longer supported by vendors?
Is the company running multiple versions of key systems in different divisions?
To what extent has the company integrated the systems of companies it acquired?
The security resources.
Where does IT security report?
What are IT security’s resources and budget? How do they compare to industry benchmarks?
Has the company adopted a cybersecurity framework (e.g., NIST, ISO 27001)?
This type of basic information doesn’t change much, so directors likely only need periodic refreshers.
On the other hand, directors will want more frequent reporting on what does change. Each company needs to figure out which items—quantitative and qualitative—are most relevant. It’s also helpful for directors to see whether management believes cyber risk is increasing, stable or decreasing.
A good dashboard gives directors an at-a-glance understanding of the state of the company’s cyber risk. There are a number of different approaches to assembling a dashboard. One is to simply classify issues between external and internal factors, like the example we show below.
If boards sense the dashboard isn’t giving a complete or accurate picture, they shouldn’t be afraid to challenge what’s presented in it. Read more to find out how.
Example of what a dashboard might look like
5. Have we built a relationship that allows the CISO to be candid with us?
The CISO has a lot of responsibility but doesn’t always have the authority to insist that other technology and business leaders fall in line. A strong relationship with the board helps the CISO feel comfortable giving directors the true picture (warts and all) of cyber risks, including his or her views on whether resources are adequate. Periodic private sessions with the CISO are a key part of understanding whether the company is doing enough to manage these risks.
6. How can we know whether the controls and processes designed to prevent data breaches are working?
Speaking to objective groups, such as internal audit, can offer the board different perspectives. The board may also want to hire its own outside consultants to periodically review the state of cybersecurity at the company and report back to the board.
How can directors improve their knowledge of cybersecurity?
Hold deep-dive discussions about the company’s situation. That could include the company’s cybersecurity strategy, the types of cyber threats facing the company and the nature of the company’s “crown jewels.”
Attend external programs. There are a number of conferences that focus on the oversight of cyber risk.
Ask management what it has learned from connecting with peers and industry groups.
Ask law enforcement (e.g., the FBI) and other experts to present on the threat environment, attack trends and common vulnerabilities. Then discuss with management how the company is addressing these developments.
Challenge:
Given that companies are under constant attack, how can directors understand whether their company is adequately prepared to handle a breach?
No company is immune to the threat of a breach. One particularly scary aspect of cybersecurity is that companies may only know they’ve been breached when an outside party, such as the FBI, notifies them. Then there’s the question of what the company needs to do once it discovers a breach. Obviously it needs to investigate and patch its systems. But there’s much more.
Nearly all US states and many countries have laws requiring entities to notify individuals when there’s been a security breach involving personally identifiable information. These laws often set a deadline for notification—sometimes as short as 72 hours. The data breach notification laws change from time to time, making it a challenge to keep up to date. Separately, companies should also consider any potential SEC disclosure requirements regarding cyber risks and incidents.
Breaches can mean significant fines from regulatory agencies, as well as class-action lawsuits. They can also damage a company’s reputation and brand—resulting in loss of customers, as well as investors possibly losing confidence in the company. And as we have seen with some breaches, senior executives can lose their jobs.
Breaches also mean more costs to companies—to investigate, remediate and compensate those who were harmed. Only half of US companies have cyber insurance, [6] despite the growing number and size of incidents. In part, there’s still some skepticism on how claims will be covered.
Given how likely a breach is and how much companies need to do to respond, it’s surprising that 54% of executives say their companies don’t have an incident response plan. [7] Yet companies that responded well to a breach—thanks to better preparation—usually come out of the crisis better than those that had to scramble.
Board action:
Regularly review the breach and crisis management plan and lessons learned from management’s testing
It’s important to ask management about the company’s cyber incident response and crisis management plan on a regular basis. If there isn’t one, press management for a timeline to develop and test one.
If there is a plan, discuss what it entails and how the company intends to continue operating in the event of a disruptive attack. It should also identify everyone who needs to be involved, which could include the communications team, finance leaders, business leaders, legal counsel and the broader crisis response team, as well as IT specialists. The plan should specify which external resources are on retainer to support the internal teams. And who the company will work with on the law enforcement side.
A key part of the plan should cover breach notification and escalation procedures. When will the board be notified? What is the company’s plan to inform regulators? How and when will other stakeholders—including individuals whose personal information may have been lost—be informed?
Also ask management about plan testing and what changes were made as a result of the last test. Some directors even observe or participate in tabletop testing exercises to get a better appreciation for how management plans to address a cyber crisis.
Finally, have management explain if it has updated controls or recovery plans based on recent incidents at other organizations.
In conclusion…
As cyber threats persist, boards recognize they need to step up their cyber risk oversight. That starts when directors recognize that the responsibility for handling cyber risk goes well beyond the CISO. How? By insisting that cybersecurity be a business discussion, with the right senior executives in the room and a sophisticated understanding of the threats.
7PwC, Global State of Information Security® Survey 2018, October 2017.(go back)
_______________________________________________
*Paula Loop is Leader at the Governance Insights Center, Catherine Bromilow is Partner at the Governance Insights Center, and Sean Joyce is US Cybersecurity and Privacy Leader at PricewaterhouseCoopers LLP. This post is based on a PwC publication by Ms. Loop, Ms. Bromilow, and Mr. Joyce.
Quels sont les principes fondamentaux de la bonne gouvernance ? Voilà un sujet bien d’actualité, une question fréquemment posée, qui appelle, trop souvent, des réponses complexes et peu utiles pour ceux qui siègent à des conseils d’administration.
Je partage avec vous un billet qui a été publié il y a plusieurs années et qui, en 2018, est encore consulté par des milliers de lecteurs de mon blogue.
L’article de Jo Iwasaki, paru sur le site du NewStateman, a l’avantage de résumer très succinctement les cinq (5) grands principes qui doivent animer et inspirer les administrateurs de sociétés.
Bonne lecture !
Les principes évoqués dans l’article sont simples et directs ; ils peuvent même paraître simplistes, mais, à mon avis, ils devraient servir de puissants guides de référence à tous les administrateurs de sociétés.
Les cinq principes retenus dans l’article sont les suivants :
Un solide engagement du conseil (leadership) ;
Une grande capacité d’action liée au mix de compétences, expertises et savoir-être ;
Une reddition de compte efficace envers les parties prenantes ;
Un objectif de création de valeur et une distribution équitable entre les principaux artisans de la réussite ;
De solides valeurs d’intégrité et de transparence susceptibles de faire l’objet d’un examen minutieux de la part des parties prenantes.
« What board members need to remind themselves is that they are collectively responsible for the long-term success of their company. This may sound obvious but it is not always recognised ».
« Our suggestion is to get back to the fundamental principles of good governance which board members should bear in mind in carrying out their responsibilities. If there are just a few, simple and short principles, board members can easily refer to them when making decisions without losing focus. Such a process should be open and dynamic.
In ICAEW’s recent paper (The Institute of Chartered Accountants in England and Wales) What are the overarching principles of corporate governance?, we proposed five such principles of corporate governance.
Leadership
An effective board should head each company. The Board should steer the company to meet its business purpose in both the short and long term.
Capability
The Board should have an appropriate mix of skills, experience and independence to enable its members to discharge their duties and responsibilities effectively.
Accountability
The Board should communicate to the company’s shareholders and other stakeholders, at regular intervals, a fair, balanced and understandable assessment of how the company is achieving its business purpose and meeting its other responsibilities.
Sustainability
The Board should guide the business to create value and allocate it fairly and sustainably to reinvestment and distributions to stakeholders, including shareholders, directors, employees and customers.
Integrity
The Board should lead the company to conduct its business in a fair and transparent manner that can withstand scrutiny by stakeholders.
We kept them short, with purpose, but we also kept them aspirational. None of them should be a surprise – they might be just like you have on your board. Well, why not share and exchange our ideas – the more we debate, the better we remember the principles which guide our own behaviour ».
La transparence laisse paraître la réalité tout entière, sans qu’elle soit altérée ou biaisée. Il n’existe d’autre principe plus vertueux que la transparence de l’acte administratif par l’administrateur qui exerce un pouvoir au nom de son détenteur ; celui qui est investi d’un pouvoir doit rendre compte de ses actes à son auteur.
Essentiellement, l’administrateur doit rendre compte de sa gestion au mandant ou autre personne ou groupe désigné, par exemple, à un conseil d’administration, à un comité de surveillance ou à un vérificateur. L’administrateur doit également agir de façon transparente envers les tiers ou les préposés pouvant être affectés par ses actes dans la mesure où le mandant le permet et qu’il n’en subit aucun préjudice.
La continuité
La continuité est ce qui permet à l’administration de poursuivre ses activités sans interruption. Elle implique l’obligation du mandataire de passer les pouvoirs aux personnes et aux intervenants désignés pour qu’ils puissent remplir leurs obligations adéquatement.
La continuité englobe aussi une perspective temporelle. L’administrateur doit choisir des avenues et des solutions qui favorisent la survie ou la croissance à long terme de la société qu’il gère. En ce qui concerne la saine gestion, l’atteinte des objectifs à court terme ne doit pas menacer la viabilité d’une organisation à plus long terme.
L’efficience
L’efficience allie efficacité, c’est-à-dire, l’atteinte de résultats et l’optimisation des ressources dans la pose d’actes administratifs. L’administrateur efficient vise le rendement optimal de la société dont il a la charge et maximise l’utilisation des ressources à sa disposition, dans le respect de l’environnement et de la qualité de vie.
Conscient de l’accès limité aux ressources, l’administrateur met tout en œuvre pour les utiliser avec diligence, parcimonie et doigté dans le but d’atteindre les résultats anticipés. L’absence d’une utilisation judicieuse des ressources constitue une négligence, une faute qui porte préjudice aux commettants.
L’équilibre
L’équilibre découle de la juste proportion entre force et idées opposées, d’où résulte l’harmonie contributrice de la saine gestion des sociétés. L’équilibre se traduit chez l’administrateur par l’utilisation dynamique de moyens, de contraintes et de limites imposées par l’environnement en constante évolution.
Pour atteindre l’équilibre, l’administrateur dirigeant doit mettre en place des mécanismes permettant de répartir et balancer l’exercice du pouvoir. Cette pratique ne vise pas la dilution du pouvoir, mais bien une répartition adéquate entre des fonctions nécessitant des compétences et des habiletés différentes.
L’équité
L’équité réfère à ce qui est foncièrement juste. Plusieurs applications relatives à l’équité sont enchâssées dans la Charte canadienne des droits et libertés de la Loi canadienne sur les droits de la personne et dans la Charte québécoise des droits et libertés de la personne. L’administrateur doit faire en sorte de gérer en respect des lois afin de prévenir l’exercice abusif ou arbitraire du pouvoir.
L’abnégation
L’abnégation fait référence à une personne qui renonce à tout avantage ou intérêt personnel autres que ceux qui lui sont accordés par contrat ou établis dans le cadre de ses fonctions d’administrateur.
Les investisseurs institutionnels (II) cherchent constamment à améliorer leur portefeuille d’entreprises dans une perspective à long terme.
Ainsi, les II sont à la recherche de moyens pour communiquer efficacement avec les sociétés dans lesquelles elles investissent.
L’étude menée par Steve W. Klemash, leader du EY Center for Board Matters, auprès de 60 grands investisseurs institutionnels américains tous azimuts, a tenté de déterminer les cinq plus importantes priorités à accorder aux choix des entreprises sous gestion.
Voici donc les cinq grands thèmes qui intéressent les investisseurs institutionnels dans la sélection des entreprises :
(1) La composition du conseil d’administration, avec un œil sur l’amélioration de la diversité ;
(2) Un niveau d’expertise des administrateurs qui est en lien avec les objectifs d’affaires de l’entreprise ;
(3) Une attention accrue accordée aux risques de nature climatique ou environnemental ;
(4) Une attention marquée accordée à la gestion des talents
(5) Une rémunération qui est très bien alignée sur la performance et la stratégie.
Je vous propose un résumé des principaux résultats de travaux de recherche de EY. Pour plus de détails, je vous invite à consulter l’article ci-dessous.
Les cinq grandes priorités des investisseurs institutionnels en 2018
1. La composition du conseil d’administration, avec un œil sur l’amélioration de la diversité
2. Un niveau d’expertise des administrateurs qui est en lien avec les objectifs d’affaires de l’entreprise
3. Une attention accrue accordée aux risques de nature climatique ou environnemental
4. Une attention marquée accordée à la gestion des talents
5. Une rémunération qui est très bien alignée sur la performance et la stratégie
Investor priorities as seen through the shareholder proposal lens
For a broader perspective of investor priorities, a review of the top shareholder proposal topics of 2017, based on average support, shows that around half focus on environment and social topics. While the average support for many of these proposal topics appear low, this understates impact. Environmental and social proposals typically see withdrawal rates of around one-third, primarily due to company-investor successes in reaching agreement. Depending on the company situation and specific proposal being voted, some proposals may receive strong support of votes cast by a company’s broader base of investors.
Conclusion
Institutional investors are increasingly asking companies about how they are navigating changing business environments, technological disruption and environmental challenges to achieve long-term, sustained growth. By addressing these same topics in their interactions with and disclosures to investors, boards and executives have an opportunity to highlight to investors how the company is positioned to navigate business transformations over the short- and long-term. This opportunity, in turn, enables companies to attract the kind of investors that support the approach taken by the board and management. Like strong board composition, enhanced disclosure and investor engagement efforts can serve as competitive advantages.
Questions for the board to consider
– Are there opportunities to strengthen disclosures around the board’s composition and director qualifications and how these support company strategy?
– Do the board and its committees have appropriate access to deep, timely expertise and open communication channels with management as needed for effective oversight?
– Do the board and management understand how key investors generally view the company’s disclosures and strategic initiatives regarding environmental and social matters?
– How does the board define and articulate its oversight responsibilities with regard to talent? And does the board believe that the company has an adequate plan for talent management considering recent employee and employment-related developments and the company’s competitive position?
– To what extent have the board and management offered to dialogue with the governance specialists at their key investor organizations, whether active or passive, and including the largest and smallest, vocal shareholder proponents?
____________________________________________
*Steve W. Klemash* is EY Americas Leader at the EY Center for Board Matters. This post is based on an EY publication by Mr. Klemash.
Voici une étude d’Equilar qui montre une diminution constante dans la durée d’exercice des CEO aux États-Unis au cours des 5 dernières années.
Le rapport a été publié par Dan Marcec directeur des communications de la firme.
Ainsi, la présence en poste des CEO est passée d’une médiane de 6 ans, en 2013, à 5 ans, en 2017.
On note également que plus du quart des CEO restent en poste plus de 10 ans, comparativement à 38,1 % qui sont en poste entre un an et cinq ans.
L’article présente également un tableau qui montre les raisons des départs des CEO : (1) démissions (2) retraites (3) congédiement. On note que seulement 10 CEO ont été congédiés sur une période de dix ans. On peut dire que l’emploi est assez stable !
Enfin, l’étude montre que l’accroissement du taux des départs n’a pas donné lieu à des progrès dans le cadre de la diversité. En effet, comme le montre le tableau suivant, le nombre de femmes CEO de grandes entreprises est passé de 3,7 %, en 2013, à 5,6 % en 2017. La fonction de CEO dans ces entreprises est encore réservée presque exclusivement aux hommes.
Vous pouvez prendre connaissance de cet article paru sur le site du Harvard Law School Forum :
Ma veille en gouvernance m’amène à vous proposer la lecture d’un article publié par Demi Derem* et Elizabeth Maiellano sur les défis posés par un ensemble de directives récemment approuvées par le Parlement européen et qui traitent du droit des actionnaires : « Shareholder Rights Directive (SRD) ».
La Commission Européenne (CE) veut que les entreprises cotées aient une meilleure connaissance de leurs investisseurs et qu’elles soient en mesure d’interagir d’une manière claire et transparente avec eux. Voici un extrait qui montre l’ampleur des nouvelles directives.
The SRD also grants shareholders the right to vote on companies’ remuneration policies, which may increase the policy analysis and assessment required by the buy-side. Similarly, the SRD requires that any material transaction (as defined by national regulators) between a listed company and a related third party must be announced and approved by the shareholders and the board.
Depending on national requirements, the announcement may also need to be accompanied by a report about the impact of the transaction from an independent third party, the board or a committee of independent directors.
La lecture de cet article montre que les entreprises ont peu de temps pour se conformer aux directives. Les auteurs explorent les impacts de l’adoption de ces règles sur les principaux intéressés, notamment sur les investisseurs institutionnels et les firmes d’intermédiation.
All parties in the shareholder communication chain need to prepare for the enhanced requirements of the new Shareholder Rights Directive—and try to influence its local implementation to encourage a harmonised approach.
The new Shareholder Rights Directive (SRD), adopted by the European Council and approved by the European Parliament this spring, is a laudable initiative intended to encourage shareholder engagement in listed companies in Europe and improve the transparency of related processes— including proxy voting. The European Commission (EC) wants to see proof that companies understand their investors and communicate with them in a clear and transparent manner.
The new SRD updates its 2007 predecessor and introduces some new requirements related to remunerating directors, identifying shareholders, facilitating the exercise of shareholder rights, transmitting information and providing transparency for institutional investors, asset managers and proxy advisors. The majority of the SRD is required to be translated into national law by European member states by June 2019 (although some elements will not come into force until September 2020).
Given the complexities introduced by the new SRD, firms across the shareholder communication chain need to begin preparing now if they are to meet its requirements by 2019. These are expected to entail significant and potentially costly changes relating to process reforms and transparency requirements, impacting issuers, asset managers, custodians, central securities depositories (CSDs), and a range of other intermediaries and service providers.
The two-year member-state transposition process will involve adaptation of the SRD’s requirements to reflect domestic market structures and local legal processes. We encourage all affected firms to engage with the EC and national regulators, and share their views on how the SRD should be implemented. This is vital for achieving outcomes that are equitable and commensurate with the corporate governance benefits of the SRD. If national regulators opt for significantly different interpretations of the SRD, this would be challenging for industry participants.
For example, one global custodian has expressed concern about the risk of national divergence requiring compliance efforts to be tailored to each regulator’s interpretation, thereby increasing the complexity and cost of SRD implementation for firms operating in more than one market.
Another securities services firm believes that discrepancies in implementation dates in different jurisdictions will be problematic for global firms.
Institutional investor impact
Institutional investors and asset managers are likely to be affected by the SRD in a number of ways. For example, both will have to be more transparent about their engagement with investee companies and how they integrate shareholder engagement into their investment strategy. Under the SRD this information must be reported annually and made available on buy-side firms’ websites. These firms must also disclose annually their voting behaviour and explain significant votes and their use of proxy advisor services. The SRD introduces these requirements on a comply-or-explain basis.
The SRD also grants shareholders the right to vote on companies’ remuneration policies, which may increase the policy analysis and assessment required by the buy-side. Similarly, the SRD requires that any material transaction (as defined by national regulators) between a listed company and a related third party must be announced and approved by the shareholders and the board. Depending on national requirements, the announcement may also need to be accompanied by a report about the impact of the transaction from an independent third party, the board or a committee of independent directors.
These new requirements will result in the production of more data and more reporting before a vote, potentially creating a significant burden on asset managers and investors as they try to manage this information flow. This burden is likely to be particularly noticeable with related party transactions.
Intermediary implications
Intermediary firms will need to keep a close watch on national requirements for the adoption of specific identification standards and data items for shareholder transparency requirements. For instance, markets could set different minimum levels of holdings that must be disclosed.
In addition, the SRD refers to providing data in a standardised format but does not specify the standards, so these may be provided by the EC. However, if the disclosure of certain data items would breach some countries’ data privacy laws, national regulators would have to alter the local requirements.
Another change introduced by the SRD is that intermediaries will have to store shareholder information for at least 12 months after they become aware that someone has ceased to be a shareholder. Data storage and retention requirements are therefore likely to increase.
A particular concern for intermediaries is that the SRD requires them to transmit general meeting agenda and voting information “without delay”. National regulators could interpret this as a requirement for real-time or near-real-time reporting. If this means that vote information has to be transmitted immediately, intermediaries will need to introduce intraday processing support. Meanwhile, the need to use a standardised format could result in amendments to current SWIFT message formats, with associated costs. It is also likely that the volume of voting instructions and amendments will increase after implementation of the SRD.
One custodian has expressed concern about the lack of regulatory clarity on whether post-meeting announcements will also have to be transmitted immediately. The EC and national regulators will need to confirm the level of information that must be passed on to shareholders. Some intermediaries may face operational headaches if their current processes can support the transmission of voting information but not of other data items in the same standardised and immediate manner.
Intermediaries could face the brunt of the costs of SRD implementation, particularly because European member states can prohibit intermediaries from charging fees for the cost of changes related to disclosure. If regulators decide to mandate this, intermediaries will have to absorb all compliance costs rather than passing a percentage on to clients.
If regulators are more lenient, intermediaries may be able to pass on certain costs, but the SRD specifies that these must be proven to be proportionate to the cost of offering the service. Intermediaries could therefore have to pay for the full cost of transparency requirements in some jurisdictions, while providing an audit trail of operational costs (and facing questions about any inefficiencies) in others.
The bundling of proxy costs into custody fees may also need re-evaluating, because intermediaries will need to disclose their fees in relation to proxy services. The SRD stresses the need for “non-discriminatory and proportionate” fees and jurisdictions will also have the power to prohibit fees for proxy services. If some do prohibit fees, firms’ business models will need to be revised.
Widespread impact
Issuers and registrars will also be affected by the SRD in relation to the standardisation of meeting announcements and the provision of vote confirmation. And proxy service providers will be impacted, although global firms that already comply with some jurisdictions’ voluntary requirements in transparency and reporting will feel less short-term impact. They could face both opportunities and challenges—with the potential to deliver new services to help intermediaries to support requirements such as vote confirmation, but needing to invest to do so.
The SRD’s transposition period presents market participants with an opportunity to review the impact on their operations, engage with regulators and assess their readiness. It is something that the industry should embrace and collaborate on to get right.
___________________________________________
*Demi Derem is general manager for Investor Communication Solutions, International, at Broadridge, and Elizabeth Maiellano is vice president for product management, Investor Communication Solutions, International, at Broadridge. This article has been prepared in collaboration with Broadridge, a supporter of Board Agenda.
Gouvernance | Jacques Grisé 