L’audit interne au cœur d’une grande bataille !

Je partage avec vous un récent article que Denis Lefort, expert conseil en gouvernance et audit interne, m’a fait parvenir, accompagné de ses commentaires.

Cet article de Mike Jacka* est paru dans Internal Auditor Magazine. Toute personne préoccupée par l’importance de cette fonction devrait prendre connaissance de cette mise en garde.

« En lisant ce bref article, vous saisirez rapidement que son auteur est d’avis que l’audit interne et les autres fonctions d’assurance des organisations (gestion des risques, conformité, sécurité et autres) sont entrées dans une guerre de juridiction… Et que l’audit interne ne peut agir comme si elle était comme la Suisse, neutre et inattaquable…!!!

L’auteur est ainsi d’avis que l’audit interne doit préparer à la fois sa stratégie de défense et d’attaque pour contrer les coups durs présents et à venir… »

Bonne lecture !

Internal Audit Is in the Midst of a Great War

The Harvard Law School Forum on Corporate Governance and Financial Regulation recently posted an interesting piece titled « Compliance or Legal? The Board’s Duty to Assure Compliance. » I know it all sounds a little boring, but trust me on this one — there is interesting information here. Take some time to read through it before we dive in.

(One very quick, very important aside. I came across this article as a part of The IIA’s SmartBrief — a weekly « snapshot » of news and issues internal auditors might care about. To receive the newsletter you must « opt in. » I cannot urge you enough to opt in. No puffery here. Seldom does a week go by where I don’t find at least one nugget I can use. If you aren’t receiving it, you can opt in here.)

If you have been paying attention to the discussions that are going on regarding internal audit’s evolving role you were probably gobsmacked by the similarities between those discussions and what is being said in this article. Take the opening sentence: « A series of developments threaten to blur the important distinction between the corporation’s legal and compliance functions. » Make a few changes and you are talking about the dilemma internal audit is facing. « A series of developments threaten to blur the important distinction between the organization’s internal audit department and [insert your favorite assurance provider’s name here]. »

There it is in a nutshell, the crux of the battle currently being waged over the role of internal audit and others within the organization.

Wait, let’s back up a second. Did you miss that there is a war going on? Let’s take a quick look.

I have a good friend who is a CAE. In that role he is also in charge of risk management. We often talk about the potential conflict that exists with those dual roles. He is not alone. I have talked with other audit leaders who are being approached about audit taking on the role of risk. Not a bad fit. We are risk experts, we have the communication and relationship skills, and there should be a definite meshing of gears between audit and risk.

On the other hand, I have also heard from others who face the opposite issue; they are under pressure to have internal audit placed under the jurisdiction of the risk officer. « Wait a minute, » you say, « That is a very bad idea: a serious problem, a conflict of interests, a subversion of our objectivity, an invasion on our independence. » Our list of reasons why this shouldn’t happen is quite long.

When the shoe is on the other foot the bunions become just a tad more obvious.

And it is not just the risk function. While not as common, I am hearing similar discussions around such functions as compliance, corporate security, finance, quality assurance, and, yes, even legal. In some cases the discussion is around audit taking on part of the role; in others it is about audit becoming a part of the other function.

Why are we suddenly seeing this land grab?

Governance has become an important topic at the executive and board level. (Definitely a good thing.) Assurance providers (compliance, legal, risk, et al) realize the way to raise the esteem with which the board and executives hold them is to take on a greater piece of the governance pie. The pushing and shoving starts. Escalation ensues. And we find ourselves in the midst of a jurisdictional war.

And while internal audit would like to believe we are above the fray (we are independent, we are objective, we are internal audit, hear us roar), unless we recognize the existence of this war — unless we are willing to take up arms and join in the fray — we will find ourselves trivialized, the core values we provide handed off to the victors.

We think we are Switzerland. But there is no such thing as neutrality in this battle.

So, with that background, let’s return to the article previously referenced. The contents provide a good indication of the type of arguments internal audit will encounter. Two examples:

The author states that a forced separation of compliance from under legal would jeopardize the ability of the organization to preserve attorney-client privilege. Cold chills went up my spine as I read this. I still vividly recall similar debates from 20 years ago when the legal department argued they should have more direct control over internal audit in order to preserve attorney-client privilege. We won. But it is obvious that the ugly head of that particular argument continues to rise again and again.

The article quotes compliance thought leaders as saying that the role of « guardian of corporate reputation » is exclusively reserved for the corporate compliance officer; that the compliance officer is the organizational « subject matter expert » for ethics and culture. The author of the article states that this is « contrary to long standing public discourse that frames the lawyer’s role as a primary guardian of the organizational reputation. » My first, knee-jerk reaction is that internal audit should be the guardian of reputation and the subject matter expert. But once I put my knee back where it belongs, I realize it is probably more true that the attempt to define any one department as guardian or expert is a fool’s game. Everyone with any governance role should have the protection of reputation, ethics, and culture as their No. 1 responsibility.

There is much more in the article and many more thoughtful and reasoned arguments. And it would be quite easy to say « Let them duke it out. Their arguments are not important to us. » However, that is exactly why we should be paying attention. The article contains the points that will be used in the battle — points to be used against us and points we can use in our defense.

We are in a war. And audit cannot sit back and say, « We have independence; we are safe and above the fray. » No. They will have an eye on our « turf, » also. And who’s to say that some of their turf shouldn’t be ours. I’m not saying we break out the bayonets and start going after some of the unwounded, but I am saying we have to recognize the existence of a battle and be willing to take a stand — be willing to say what it is we do, why it is important, and why we should have those responsibilities.

What are your thoughts? What is internal audit’s role regarding the organization’s approach to risk, governance, compliance, legal, etc.? If we are more involved, is there a conflict? If the lines blur, does it have a negative impact on the company? Is there really a war brewing? And what might this have to do with the future (if there is going to be a future) of internal audit?

_____________________________________

*Mike Jacka, CIA, CPA, CPCU, CLU, worked in internal audit for nearly 30 years at Farmers Insurance Group.

Nouvelles capsules vidéos en gouvernance – La diversité et la gestion des risques

Le Collège des administrateurs de sociétés est heureux de vous dévoiler sa 3e série de capsules d’experts, formée de huit entrevues vidéo.

Pendant 3 minutes, un expert du Collège partage une réflexion et se prononce sur un sujet d’actualité lié à la gouvernance. Une capsule est dévoilée chaque semaine.

Aujourd’hui, je vous propose le visionnement des deux plus récentes capsules d’experts qui sont maintenant en ligne. Elles ont pour thèmes « La diversité » par Mme Nicolle Forget, administratrice de sociétés, et « La gestion des risques » par M. Martin Leblanc, CA, CMC, Associé, Services-conseils – Management et Gestion des risques, KPMG.

Visionnez ces deux capsules d’experts :

La diversité, par Nicolle Forget [+]

________________________________________________

La gestion des risques, par Martin Leblanc [+]

Les risques de gouvernance associés à l’OPA d’Alibaba

Lucian Bebchuk, professeur de droit, d’économique et de finance, et directeur des programmes sur la gouvernance corporative à la Harvard law School vient de publier un article très important dans le New York Times.

L’auteur met les investisseurs en garde contre de réels risques de gouvernance liés à l’offre publique d’achat (OPA) de l’entreprise chinoise Alibaba.

Je crois qu’il est utile de mieux comprendre les enjeux de gouvernance avant d’investir dans cette immense OPA.

Bonne lecture !

Wall Street is eagerly watching what is expected to be one of the largest initial public offering in history: the offering of the Chinese Internet retailer Alibaba at the end of this week. Investors have been described by the media as “salivating” and “flooding underwriters with orders.” It is important for investors, however, to keep their eyes open to the serious governance risks accompanying an Alibaba investment.

Several factors combine to create such risks. For one, insiders have a permanent lock on control of the company but hold only a small minority of the equity capital. Then, there are many ways to divert value to affiliated entities, but there are weak mechanisms to prevent this. Consequently, public investors should worry that, over time, a significant amount of the value created by Alibaba would not be shared with them.

In Alibaba, control is going to be locked forever in the hands of a group of insiders known as the Alibaba Partnership. These are all managers in the Alibaba Group or related companies. The Partnership will have the exclusive right to nominate candidates for a majority of the board seats. Furthermore, if the Partnership fails to obtain shareholder approval for its candidates, it will be entitled “in its sole discretion and without the need for any additional shareholder approval” to appoint directors unilaterally, thus ensuring that its chosen directors always have a majority of board seats.

Many public companies around the world, especially in emerging economies, have a large shareholder with a lock on control. Such controlling shareholders, however, often own a substantial portion of the equity capital that provides them with beneficial incentives. In the case of Alibaba, investors need to worry about the relatively small stake held by the members of the controlling Alibaba Partnership.

After the I.P.O., Alibaba’s executive chairman, Jack Ma, is expected to hold 7.8 percent of the shares and all the directors and executive officers will hold together 13.1 percent. Over time, insiders may well cash out some of their current holding, but Alibaba’s governance structure would ensure that directors chosen by the Alibaba Partnership will forever control the board, regardless of the size of the stake held by the Partnership’s members.

With an absolute lock on control and a limited fraction of the equity capital, the Alibaba insiders will have substantial incentives to divert value from Alibaba to other entities in which they own a substantial percentage of the equity. This can be done by placing future profitable opportunities in such entities, or making deals with such entities on terms that favor them at the expense of Alibaba.

Alibaba’s prospectus discloses information about various past “related party transactions,” and these disclosures reflect the significance and risks to public investors of such transactions. For example, in 2010, Alibaba divested its control and ownership of Alipay, which does all of the financial processing for Alibaba, and Alipay is now fully controlled and substantially owned by Alibaba’s executive chairman.

Public investors should worry not only about whether the Alibaba’s divesting of Alipay benefited Mr. Ma at the expense of Alibaba, but also about the terms of the future transactions between Alibaba and Alipay. Because Alibaba relies on Alipay “to conduct substantially all of the payment processing” in its marketplace, these terms are important for Alibaba’s future success.

Mr. Ma owns a larger fraction of Alipay’s equity capital than of Alibaba’s, so he would economically benefit from terms that would disfavor Alibaba. Indeed, given the circumstances, the I.P.O. prospectus acknowledges that Mr. Ma may act to resolve Alibaba-Alipay conflicts not in Alibaba’s favor.

The prospectus seeks to allay investor concerns, however, by indicating that Mr. Ma intends to reduce his stake in in Alipay within three to five years, including by having shares in Alipay granted to Alibaba employees. But stating such an intention does not represent an irreversible legal commitment. Furthermore, transfers of Alipay ownership stakes from Mr. Ma to other members of the Alibaba Partnership would still leave the Partnership’s aggregate interest to be decidedly on the side of Alipay rather than Alibaba.

Given the significant related party transactions that have already taken place, and the prospect of such transactions in the future, Alibaba tried to placate investors by putting in a “new related party transaction policy.” But this new policy hardly provides investors with solid protection. Unlike charter and bylaw provisions, corporate policies are generally not binding. Furthermore, Alibaba’s policy explicitly allows the board, where the nominees of Alibaba partnership will always have a majority, to approve any exceptions to the policy that the board chooses.

Of course, the Alibaba partners might elect not to take advantage of the opportunities for diversion provided to them by Alibaba’s structure. And, even if the partners do use such opportunities, the future business success of Alibaba might be large enough to make up for the costs of diversions and leave public investors with good returns on their investment.

Before jumping in, however, investors rushing to participate in the Alibaba I.P.O. must recognize the substantial governance risks that they would be taking. Alibaba’s structure does not provide adequate protections to public investors.

__________________________________________

Article relié :

Alibaba Raises the Fund-Raising Target for Its I.P.O. to $21.8 Billion (Sept. 15, 2014)

Toute la lumière sur les attentes envers les C.A. | L’état de situation selon Lipton

Aujourd’hui, je veux vous faire partager le point de vue de Martin Lipton*, expert dans les questions de fusion et d’acquisition ainsi que dans les affaires se rapportant à la gouvernance des entreprises, sur les enjeux des C.A.. L’auteur met l’accent sur les pratiques exemplaires en gouvernance et sur les comportements attendus des conseils d’administration.

Ce texte, paru sur le blogue du Harvard Law School Forum on Corporate Governance,résume très bien les devoirs et les responsabilités des administrateurs de sociétés de nos jours et renforce la nécessité, pour les conseils d’administration, de gérer les situations d’offres hostiles.

Bonne lecture ! Êtes-vous d’accord avec les attentes énoncées ? Vos commentaires sont les bienvenus.

The Spotlight on Boards

The ever evolving challenges facing corporate boards prompts an updated snapshot of what is expected from the board of directors of a major public company—not just the legal rules, but also the aspirational “best practices” that have come to have almost as much influence on board and company behavior.

Boards are expected to:

Establish the appropriate “Tone at the Top” to actively cultivate a corporate culture that gives high priority to ethical standards, principles of fair dealing, professionalism, integrity, full compliance with legal requirements and ethically sound strategic goals.

Choose the CEO, monitor his or her performance and have a succession plan in case the CEO becomes unavailable or fails to meet performance expectations.

Maintain a close relationship with the CEO and work with management to encourage entrepreneurship, appropriate risk taking, and investment to promote the long-term success of the company (despite the constant pressures for short-term performance) and to navigate the dramatic changes in domestic and world-wide economic, social and political conditions. Approve the company’s annual operating plan and long-term strategy, monitor performance and provide advice to management as a strategic partner.

Develop an understanding of shareholder perspectives on the company and foster long-term relationships with shareholders, as well as deal with the requests of shareholders for meetings to discuss governance and the business portfolio and operating strategy. Evaluate the demands of corporate governance activists, make changes that the board believes will improve governance and resist changes that the board believes will not be constructive. Work with management and advisors to review the company’s business and strategy, with a view toward minimizing vulnerability to attacks by activist hedge funds.

Organize the business, and maintain the collegiality, of the board and its committees so that each of the increasingly time-consuming matters that the board and board committees are expected to oversee receives the appropriate attention of the directors.

Plan for and deal with crises, especially crises where the tenure of the CEO is in question, where there has been a major disaster or a risk management crisis, or where hard-earned reputation is threatened by a product failure or a socio-political issue. Many crises are handled less than optimally because management and the board have not been proactive in planning to deal with crises, and because the board cedes control to outside counsel and consultants.

Determine executive compensation to achieve the delicate balance of enabling the company to recruit, retain and incentivize the most talented executives, while also avoiding media and populist criticism of “excessive” compensation and taking into account the implications of the “say-on-pay” vote.

Face the challenge of recruiting and retaining highly qualified directors who are willing to shoulder the escalating work load and time commitment required for board service, while at the same time facing pressure from shareholders and governance advocates to embrace “board refreshment”, including issues of age, length of service, independence, gender and diversity. Provide compensation for directors that fairly reflects the significantly increased time and energy that they must now spend in serving as board and board committee members. Evaluate the board’s performance, and the performance of the board committees and each director.

Determine the company’s reasonable risk appetite (financial, safety, cyber, political, reputation, etc.), oversee the implementation by management of state-of-the-art standards for managing risk, monitor the management of those risks within the parameters of the company’s risk appetite and seek to ensure that necessary steps are taken to foster a culture of risk-aware and risk-adjusted decision-making throughout the organization.

Oversee the implementation by management of state-of-the-art standards for compliance with legal and regulatory requirements, monitor compliance and respond appropriately to “red flags.”

Take center stage whenever there is a proposed transaction that creates a real or perceived conflict between the interests of stockholders and those of management, including takeovers and attacks by activist hedge funds focused on the CEO.

Recognize that shareholder litigation against the company and its directors is part of modern corporate life and should not deter the board from approving a significant acquisition or other material transaction, or rejecting a merger proposal or a hostile takeover bid, all of which is within the business judgment of the board.

Set high standards of social responsibility for the company, including human rights, and monitor performance and compliance with those standards.

Oversee relations with government, community and other constituents.

Review corporate governance guidelines and committee charters and tailor them to promote effective board functioning.

To meet these expectations, it will be necessary for major public companies

(1) to have a sufficient number of directors to staff the requisite standing and special committees and to meet expectations for diversity;

(2) to have directors who have knowledge of, and experience with, the company’s businesses, even if this results in the board having more than one director who is not “independent”;

(3) to have directors who are able to devote sufficient time to preparing for and attending board and committee meetings;

(4) to provide the directors with regular tutorials by internal and external experts as part of expanded director education; and

(5) to maintain a truly collegial relationship among and between the company’s senior executives and the members of the board that enhances the board’s role both as strategic partner and as monitor.

________________________________________________

* Martin Lipton is a founding partner of Wachtell, Lipton, Rosen & Katz, specializing in mergers and acquisitions and matters affecting corporate policy and strategy

Les « Hedge Funds » contribuent-ils à assurer la croissance à long terme des entreprises ciblées ?

Voici un article publié par IEDP (International Executive Development Programs) et paru sur le site http://www.iedp.com

Comme vous le constaterez, l’auteur fait l’éloge des effets positifs de l’activisme des actionnaires qui, contrairement à ce que plusieurs croient, ajoutent de la valeur aux organisations en opérant un assainissement de la gouvernance.

Je sais que les points de vue concernant cette forme d’activisme sont très partagés mais les auteurs clament que les prétentions des anti-activistes ne sont pas fondées scientifiquement.

En effet, les recherches montrent que les activités des « hedges funds » contribuent à améliorer la valeur ajoutée à long terme des entreprises ciblées.

La lecture de cet article vous donnera un bon résumé des positions en faveur de l’approche empirique. Votre idée est-elle faite à ce sujet ?

Do Hedge Funds Create Sustainable Company Growth ?

Hedge funds get a bad press but are they really a negative force? Looking at their public face, on the one hand we see so the called ‘vulture’ funds that this month forced Argentina into a $1.5bn default, on the other hand we recall that the UK’s largest private charitable donation, £466 million, was made by hedge fund wizard Chris Cooper-Hohn. Looking beyond the headlines the key question is, do hedge funds improve corporate performance and generate sustainable economic growth or not?

Researchers at Columbia Business School, Duke Fuqua School of Business and Harvard Law School looked at this most important question and discovered that despite much hype to the contrary the long-term effect of hedge funds and ‘activists shareholders’ is largely positive. They tested the conventional wisdom that interventions by activist shareholders, and in particular activist hedge funds, have an adverse effect on the long-term interests of companies and their shareholders and found it was not supported by the data.

Their detractors have long argued that hedge funds force corporations to sacrifice long-term profits and competitiveness in order to reap quick short-term benefits. The immediate spike that comes after interventions from these activist shareholders, they argue, inevitably leads to long-term declines in operating performance and shareholder value.

Three researchers, Lucian Bebchuk of Harvard Law School, Alon Brav of Duke Fuqua School of Business, and Wei Jiang of Columbia Business School argue that opponents of shareholder activism have no empirical basis for their assertions. In contrast, their own empirical research reveals that both short-term and long-term improvements in performance follow in the wake of shareholder interventions. Neither the company nor its long-term shareholders are adversely affected by hedge fund activism.

Their paper published in July 2013 reports on about 2,000 interventions by activist hedge funds during the period 1994-2007, examining a long time window of five years following the interventions. It found no evidence that interventions are followed by declines in operating performance in the long term. In fact, contrary to popular belief, activist interventions are followed by improved operating performance during the five-year period following these interventions. Furthermore the researchers discovered that improvements in long-term performance, were also evident when the intervention were in the two most controversial areas – first, interventions that lower or constrain long-term investments by enhancing leverage, beefing up shareholder pay-outs, or reducing investments and, second, adversarial interventions employing hostile tactics.

There was also no evidence that initial positive share price spikes accompanying activist interventions failed to appreciate their long-term costs and therefore tend to be followed by negative abnormal returns in the long term; the data is consistent with the initial spike reflecting correctly the intervention’s long-term consequences.

‘Pumping-and-dumping’ (i.e. when the exit of an activist is followed by long-term negative returns) is much sited by critics. But no evidence was found of this. Another complaint, that activist interventions during the years preceding the financial crisis rendered companies more vulnerable, was also debunked, as targeted companies were no more adversely affected by the crisis than others.

In light of the recent events in Argentina it is salutary to recall this important research. The positive aspect of activist hedge fund activity that it reveals should be born in mind when considering the ongoing policy debates on corporate governance, corporate law, and capital markets regulation. Business leaders, policy makers and institutional investors should reject the anti-hedge fund claims often used by detractors as a basis for limiting the rights and involvement of shareholders, and should support expanding rather than limiting the rights and involvement of shareholders. Boards and their executives should carefully monitor these debates in order to prepare for corporate governance’s evolving policy environment.

Pour une supervision efficace de la fonction audit interne | PwC

Vous trouverez ci-dessous un document de référence publié par PwC et paru dans la série Audit Committee Excellence. Ce document, partagé par Denis Lefort, CPA, CIA, CRMA, expert-conseil en Gouvernance, audit et contrôle, apporte des réponses très complètes à plusieurs questions que les membres de conseils d’administration se posent eu égard au rôle de la fonction audit interne dans l’organisation.

1. Pourquoi la surveillance de l’audit interne est-elle critique pour les comités d’audit ?

2. Quel est le rôle des administrateurs dans l’optimisation des activités de l’audit interne ?

3. Comment aider l’audit interne à mieux définir sa mission ?

4. Quelles sont les lignes d’autorité et les besoins en ressources de cette activité ?

5. Quel est le processus de révision des résultats de l’audit interne ?

6. Que faire si votre entreprise ne possède pas une fonction d’audit interne ?

Ce document sera donc très utile à tout administrateur soucieux de parfaire ses connaissances sur le rôle très important qu’un service d’audit interne peut jouer.

Voici une introduction au rapport de PwC . Bonne lecture ! Vos commentaires sont les bienvenus.

Effective oversight of the internal audit function | PwC

The audit committee’s role is not getting any easier, but an audit committee has a lot of resources in its arsenal to help meet today’s high expectations. One of these tools is the internal audit function. Directors can, and should, focus on maximizing the value proposition of this group to ensure their own success.

A lot goes on in companies — and a lot can go wrong, even when you have good people and thoughtfully designed processes. That’s why so many audit committees look to internal audit as their eyes and ears — a way to check whether things are working as they should. Some companies staff the function internally, while others choose to outsource some or all of the role. Some do not have an internal audit function at all.

For many audit committees, overseeing internal audit isn’t just the right thing to do, it’s a requirement. At NYSE companies, audit committees have to oversee internal audit’s performance and periodically meet in private sessions. NASDAQ is currently considering whether to require its listed companies to have an internal audit function and what role audit committees should play.

Whether a required function or not, we believe it’s critical that audit committees focus on internal audit. Why? PwC’s 2014 State of the internal audit profession study found that about one-third of board members believe internal audit adds less than significant value to the company, and only 64% of directors believe internal audit is performing well at delivering expectations. Even Chief Audit Executives (CAEs) are critical of their functions’ performance, with just two-thirds saying it’s performing well.

Le C.A. doit clarifier les rôles de chef de la conformité (CCO) et de chef des affaires juridiques (General Counsel)

On note une ambigüité de rôle croissante entre les fonctions de chef de la conformité (CCO) et de chef du contentieux (General Counsel). Cet article de Michael W. Peregrine, associé de la firme McDermott Will & Emery vise à souligner les responsabilités réciproques de chaque poste ainsi qu’à montrer que celles-ci ont intérêt à être mieux définies afin d’éviter les risques de conflits associés à leur exécution.

L’auteur suggère que le rôle de chef de la conformité prend une place de plus en plus prépondérante dans la structure des organisations, en vertu du caractère « d’indépendance » rattaché à cette fonction. Les deux postes doivent donc être dissociés, le chef du contentieux se rapportant au PDG et le chef de la conformité se rapportant au conseil d’administration !

L’article insiste sur une meilleure description de ces deux postes et sur le rôle que doit jouer le conseil d’administration à cet égard.

Je vous invite à lire ce court article paru sur le blogue du Harvard Law School Forum on Corporate Governance afin de mieux connaître la nature des arguments invoqués. Bonne lecture !

Compliance or Legal? The Board’s Duty to Assure Clarity

Key Developments

Government Positions. The first, and perhaps most pronounced, of these developments has been efforts of the federal government to encourage (and, in some cases, to require) that the positions of compliance officer and general counsel be separate organizational positions held by separate officers; that the compliance officer not report to the general counsel; and that the compliance officer have a direct reporting relationship to the governing board.

There also appears to be a clear trend—while certainly not universal—among many corporations to follow the government’s lead and adopt the “separate relationship” structure, for a variety of valid and appropriate reasons. Yet, the focus on compliance officer “independence” obscures the need for compliance programs to have leadership from, coordination of or other connection to, the general counsel.

Another concern arises from the (dubious) perspective that the compliance officer should not have a reporting relationship to the general counsel. One of the underlying premises here is that the general counsel somehow has at least a potential, if not actual, conflict of interest with respect to advice that the compliance officer may provide to management or the board. However, this perspective ignores critical professional responsibility obligations of the general counsel (e.g., Rules 1.6, 1.7 and 1.13).

The third, and potentially most significant of these potential concerns relates to the preservation of the attorney-client privilege when the chief compliance officer is not the general counsel. In a recent published article, a leading corporate lawyer argues persuasively that the forced separation of the compliance and legal functions jeopardizes the ability to preserve the privilege in connection with corporate compliance based investigations.

Corporate Guardian. A second, and more subtle, development has been a series of public comments by compliance industry thought leaders suggesting that the role of “guardian of the corporate reputation” is exclusively reserved for the corporate compliance officer; that the compliance officer is the organizational “subject matter expert” for ethics and culture, as well as compliance. This “jurisdictional claim” appears to be premised on the questionable perspective that “lawyers tell you whether you can do something, and compliance tells you whether you should”.

This perspective ignores the extent to which the general counsel is specifically empowered to provide such advice by virtue of the rules of professional responsibility; principally Rule 2.1 (“Advisor”). It is also contrary to long standing public discourse that frames the lawyer’s role as a primary guardian of the organizational reputation. For example, the estimable Ben Heineman, Jr. has described the role of the general counsel as the “lawyer-statesman”, the essence of which is the responsibility to “move beyond the first question—‘is it legal?’—to the ultimate question—‘is it right?’”

Job Descriptions. The third significant development is efforts by compliance industry commentators to extend the portfolio of the CCO, to a point where it appears to conflict with the expanding role of the general counsel. As one prominent compliance authority states, “The CCO mandate is ambitious, broad, and complex; no less than to oversee the organization’s ability to ‘prevent and detect misconduct’”.

This point of view is being used to justify greater compliance officer involvement in matters such as internal investigations, corporate governance, conflict of interest resolution, the development of codes of ethics, and similar areas of organizational administration.

The debate over roles and responsibilities is exacerbated by the extent to which the term “compliance” continuously appears in the public milieu in the form of “shorthand”. In this way, the term appears to reference some sort of broad organizational commitment to adherence with applicable law; i.e., more as a state of corporate consciousness than as an executive-level job description. To the extent that “compliance” is used loosely in the business and governance media, it serves to confuse corporate leadership about the real distinctions between accepted legal and compliance components.

Expansive definitions of the compliance function are also at odds with new surveys that depict the expanding organizational prominence of the general counsel. These new surveys lend empirical support to the view that the general counsel of a sophisticated enterprise (such as a health care system) has highly consequential responsibilities, and thus should occupy a position of hierarchical importance within the organization.

The Board’s Role

As developments cause the roles and responsibilities of the compliance officer and the general counsel to become increasingly blurred, the board has an obligation to establish clarity and reduce the potential for organizational risk. The failure to clearly delineate the respective duties of these key corporate officers can create administrative waste and inefficiency; increase internal confusion and tension; jeopardize application of the attorney-client privilege, and “draw false distinctions between organizational and legal risk”.

An effective board response would certainly include directing the compliance officer and general counsel, with the support of the CEO and outside advisors, to prepare for board consideration a set of mutually acceptable job descriptions for their respective positions. This would include a confirmation of the board reporting rights of both officers. It would also include the preparation of a detailed communication protocol that would address important GC/CCO coordination issues.

The perceptive board may also wish to explore, with the support of external advisors, the very sensitive core issues associated with compliance officer independence, and with the hierarchical position of the compliance officer; i.e., should that position be placed in the corporate hierarchy on an equal footing with the corporate legal function, or in some subordinate or other supporting role.

The board can and should be assertive in adopting measures that support the presence of a vibrant, effective compliance program that teams productively with the general counsel.

Ce que chaque administrateur de sociétés devrait savoir à propos de la sécurité infonuagique

Cet article est basé sur un rapport de recherche de Paul A. Ferrillo, avocat conseil chez Weil, Gotshal & Manges, et de Dave Burg et Aaron Philipp de PricewaterhouseCoopers. Les auteurs présentent une conceptualisation des facteurs infonuagiques (cloud computing) qui influencent les entreprises, en particulier les comportements de leurs administrateurs.

L’article donne une définition du phénomène infonuagique et montre comment les conseils d’administration sont interpellés par les risques que peuvent constituer les cyber-attaques. En fait, la partie la plus intéressante de l’article consiste à mieux comprendre, ce que les auteurs appellent, la « Gouvernance infonuagique » (Cloud Cyber Governance).

L’article propose plusieurs questions critiques que les administrateurs doivent adresser à la direction de l’entreprise. Vous trouverez, ci-dessous, les points saillants de cet article lequel devrait intéresser les administrateurs préoccupés par les aspects de sécurité des opérations infonuagiques. Bonne lecture !

Cloud Cyber Security: What Every Director Needs to Know

« There are four competing business propositions affecting most American businesses today. Think of them as four freight trains on different tracks headed for a four-way stop signal at fiber optic speed.

First, with a significant potential for cost savings, American business has adopted cloud computing as an efficient and effective way to manage countless bytes of data from remote locations at costs that would be unheard of if they were forced to store their data on hard servers. According to one report, “In September 2013, International Data Corporation predicted that, between 2013 and 2017, spending on pubic IT cloud computing will experience a compound annual growth of 23.5%.” Another report noted, “By 2014, cloud computing is expected to become a $150 billion industry. And for good reason—whether users are on a desktop computer or mobile device, the cloud provides instant access to data anytime, anywhere there is an Internet connection.”

The second freight train is data security. Making your enterprise’s information easier for you to access and analyze also potentially makes it easier for others to do, too. 2013 and 2014 have been the years of “the big data breach,” with millions of personal data and information records stolen by hackers. Respondents to the 2014 Global State of Information Security® Survey reported a 25% increase in detected security incidents over 2012 and a 45% increase compared to 2011. Though larger breaches at global retailers are extremely well known, what is less known is that cloud providers are not immune from attack. Witness the cyber breach against a file sharing cloud provider that was perpetrated by lax password security and which caused a spam attack on its customers. “The message is that cyber criminals, just like legitimate companies, are seeing the ‘business benefits’ of cloud services. Thus, they’re signing up for accounts and reaching sensitive files through these accounts. For the cyber criminals this only takes a run-of-the-mill knowledge level … This is the next step in a new trend … and it will only continue.”

The third freight train is the plaintiff’s litigation bar. Following cyber breach after cyber breach, they are viewing the corporate horizon as rich with opportunities to sue previously unsuspecting companies caught in the middle of a cyber disaster, with no clear way out. They see companies scrambling to contend with major breaches, investor relation delays, and loss of brand and reputation.

The last freight train running towards the intersection of cloud computing and data security is the topic of cyber governance—i.e., what directors should be doing or thinking about to protect their firm’s most critical and valuable IP assets. In our previous article, we noted that though directors are not supposed to be able to predict all potential issues when it comes to cyber security issues, they do have a basic fiduciary duty to oversee the risk management of the enterprise, which includes securing its intellectual property and trade secrets. The purpose of this article is to help directors and officers potentially avoid a freight train collision by helping the “cyber governance train” control the path and destiny of the company. We will discuss basic cloud security principles, and basic questions directors should ask when considering whether or not the data their management desires to run on a cloud-based architecture will be as safe from attack as possible. As usual when dealing with cyber security issues, there are no 100% foolproof answers. Even cloud experts disagree on cloud-based data security practices and their effectiveness] There are only good questions a board can ask to make sure it is fulfilling its duties to shareholders to protect the company’s valuable IP assets.

What is Cloud Computing/What Are Its Basic Platforms

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services). Cloud computing is a disruptive technology that has the potential to enhance collaboration, agility, scaling, and availability, and provides the opportunities for cost reduction through optimized and efficient computing. The cloud model envisages a world where components can be rapidly orchestrated, provisioned, implemented and decommissioned, and scaled up or down to provide an on-demand utility-like model of allocation and consumption.”

Cloud computing is generally based upon three separate and distinct architectures that matter when considering the security of the data sitting in the particular cloud environment.

……

Cloud Cyber Governance

As shown above, what is commonly referred to as the cloud actually can mean many different things depending on the context and use. Using SaaS to manage a customer base has a vastly different set of governance criteria to using IaaS as a development environment. As such, there are very few accepted standards for properly monitoring/administering a cloud-based environment. There are many IT consultants in the cloud-based computing environment that can be consulted in that regard. Our view, however, is that directors are ultimately responsible for enterprise risk management, and that includes cyber security, a subset of which is cloud-based cyber-security. Thus it is important for directors to have a basic understanding of the risks involved in cloud-based data storage systems, and with cloud-based storage providers. Below are a few basic questions that come to mind that a director could pose to management, and the company’s CISO and CIO:

1. Where will your data be stored geographically (which may determine which laws apply to the protection of the company’s data), and in what data centers?

2. Is there any type of customer data co-mingling that could potentially expose the company data to competitors or other parties?

3. What sort of encryption does the cloud-based provider use?

4. What is the vendor’s backup and disaster recovery plan?

5. What is the vendor’s incident response and notification plan?

6. What kind of access will you have to security information on your data stored in the cloud in the event the company needs to respond to a regulatory request or internal investigation?

7. How transparent is the cloud provider’s own security posture? What sort of access can your company get to the cloud provider’s data center and personnel to make sure it is receiving what it is paying for?

8. What is the cloud servicer’s responsibility to update its security systems as technology and sophistication evolves?

9. What is the cloud provider’s ability to timely detect (i.e., continuously monitor) and respond to a security incident, and what sort of logging information is kept in order to potentially detect anomalous activity?

10. Are there any third party requirements (such as HITECH/HIPAA) that the provider needs to conform to for your industry?

11. Is the cloud service provider that is being considered already approved under the government’s FedRamp authorization process, which pre-approves cloud service providers and their security controls?

12. Finally, does the company’s cyber insurance liability policy cover cloud-based Losses assuming there is a breach and customer records are stolen or otherwise compromised? This is a very important question to ask, especially if the company involved is going to use a cyber-insurance policy as a risk transfer mechanism. When in doubt, a knowledgeable cyber-insurance broker should be consulted to make sure cloud-based Losses are covered.

High-profile breaches have proven conclusively that cybersecurity is a board issue first and foremost. Being a board member is tough work. Board members have a lot on their plate, including, first and foremost, financial reporting issues. But as high-profile breaches have shown, major cyber breaches have almost the same effect as a high profile accounting problem or restatement. They cause havoc with investors, stock prices, vendors, branding, corporate reputation and consumers. Directors should be ready to ask tough questions regarding cyber security and cloud-based security issues so they do not find themselves on the wrong end of a major data breach, either on the ground or in the cloud. »

Que faire quand la confiance entre le conseil et la direction est faible ? | Le cas d’une OBNL

Voici un cas qui origine du blogue australien de Julie Garland McLellan et qui intéressera certainement tous les membres de conseils d’administration d’OBNL. J’ai choisi de partager ce cas en gouvernance avec vous car je crois que celui-ci évoque trop souvent les situations vécues par certaines organisations à but non lucratif.

Ce cas présente la situation réelle d’une entreprise dont les liens de confiance entre le C.A. et la direction se sont effrités.

Qu’en pensez-vous ? Que feriez-vous à la place de Jake ? Quelle analyse vous semble la plus appropriée dans notre contexte ? Que pensez-vous des analyses effectuées par les trois experts ?

« Boards operate best when each director trusts each other director to adhere to the jointly accepted governance processes and policies as well as the relevant laws and regulations. This month our real life case study considers what to do when that trust is lost. Consider: What would you advise a friend to do under these circumstances ? »

Que faire quand la confiance est perdue ?

« Jake is a club chairman. The former chairman resigned after a major disagreement with the rest of the board which arose because the former chairman signed a major contract. When the board discovered what had happened they were furious that a large decision had been made without involving them. The former chairman stormed from the meeting and resigned in writing the following morning.

The Board then acted without a formal chair, directors took turns to chair the meetings, until the next election. During this time the board rewrote the by-laws which previously allowed the chairman to sign contracts after verification by the treasurer that doing so would not lead to insolvency. They adopted new by-laws that stated no director, including – for absence of doubt – the chairman and/or treasurer, could commit the club to any contract, expenditure or course of action unless approved in a duly constituted board meeting.

Jake was not previously on the board and was elected unopposed after being invited by the treasurer to stand for election. He is a successful businessman but has no experience with consensual board decision-making. He has now discovered that the club is wallowing because recent decisions have not been made in a timely fashion. His fellow directors are numerous, factionated and indecisive. The CEO has low delegations and the constitution envisages that the chairman, CEO and treasurer should make decisions between meetings and use the board to ratify strategy, engage members and provide oversight. The amended by-laws prevent the constitution from working but don’t provide an alternative workable model.

The board reacted with horror to a suggestion that they soften the new by-laws but don’t appear willing to improve their own performance so the club can operate under the new by-laws. Staff performance reviews and bonuses are soon to be agreed and Jake is fairly certain that his board will not make rational decisions or support the CEO’s recommendations. He knows that he needs to act decisively to avert disaster but doesn’t know where to start.

How can Jake create an environment that allows for effective management of the club before this situation spirals out of control? »

Les comités de risques | Maintenant plus « risqués » que les comités d’audit !

Voici un excellent article publié hier par Howard Davies dans le FT portant sur les nouvelles réalités de la gouvernance, particulièrement dans les institutions financières.

En effet, une enquête du Financial Times (The FT’s A-List), montre, de manière convaincante, que les comités de risques sont maintenant plus « redoutés » que les comités d’audit. C’est un phénomène récent qui n’est pas encore bien documenté mais l’expérience des membres de conseils semble indiquer que ces comités sont moins recherchés, principalement parce que les experts en risques siégeant sur les conseils sont trop peu nombreux.

Il y a 10 ans, les administrateurs accordaient peu de temps à la surveillance des risques, faisant ainsi une confiance presqu’aveugle aux experts de la direction. Les préoccupations et les priorités des conseils ont changé radicalement depuis 2008, notamment depuis que les autorités réglementaires rendent obligatoire la constitution de comités de risques sur les C.A. des institutions financières.

Plusieurs autres secteurs d’activité ont suivis en accordant une place prépondérante à la gestion des risques et à la mise en place de comités de risques distincts des comités d’audit.

L’article ci-dessous présente l’état de la situation et les changements qui s’imposent dans la gouvernance des organisations, Voici un extrait de cet article. Bonne lecture !

Audit is no longer the chore the board dreads most

« There is uncertainty about what risk committees should do »

Until recently, most non-executive directors would have told you that the audit committee is the one they really wish to avoid. The meetings are long, the papers voluminous, and the duties burdensome. So the conclusion of a recent survey by Per Ardua, an executive search company, came as a surprise. Eighty per cent of respondents in the financial sector now say that the risk committee is the one to dodge – even though audit and remuneration committees have so far more often exposed non-executives to public criticism.

The FT’s A-List

The A-List provides timely, insightful comment on the topics that matter, from globally renowned leaders, policy makers and commentators

The survey responses suggest three possible explanations. First, the risk committee has a broad range of responsibilities. For a bank, traditional value-at-risk measures, which reflect the likelihood that the bank’s loans will go bad, are just the beginning. The agenda has broadened into operational, regulatory, legal and reputational risk, demanding detailed knowledge of all areas of the business – and of the relevant rules within which they operate. Regulation is increasingly complex, and varies significantly by country.

Second, whereas audit committees look backwards, risk committees must look forwards – a more difficult task. True, the dividing line is not quite so stark in practice; some auditors do live in the here and now. But overseeing future risks requires greater exercise of judgment, and involves the use of stress testing and other relatively novel techniques.

Third, the regulatory focus on risk committees has grown. Before the Walker review of corporate governance in financial firms, most banks in the UK did not have a separate risk committee. The same was true in the US. The audit committee did the job in its spare time. Now regulators on both sides of the Atlantic look to the risk committee and its chairman to answer for the stability of a bank, to oversee compliance with capital regulation and to take responsibility for its resolution and recovery plans. Those plans are highly technical.

Source: www.linkedin.com

Voir Scoop.it – gouvernance

Comment le C.A. peut-il s’acquitter de la surveillance des cyber-risques ?

Aujourd’hui, j’attire votre attention sur un article publié par Tom Hogue, paru sur le site Cisco Blog, qui porte sur les nouvelles responsabilités qui incombent aux membres des conseils d’administration en matière de surveillance des risques cybernétiques globaux de la société..

Il existe des « guidelines » très utiles qui peuvent aider les membres de la direction (CxC), ceux qui doivent attester (signer) de la véracité des éléments de divulgation relatifs aux risques cybernétiques.

Également, il existe des moyens pour les membres de conseils d’administration de s’assurer qu’ils exercent une veille efficace de ces risques. Cet article fait écho à la conférence du Gartner Security and Risk Management Summit , plus particulièrement à la session « Finding the Sweet Spot to Balance Cyber Risk ».

Tammie Gartner Session

À mon avis, tous les administrateurs devraient se familiariser avec l’environnement et la gestion des cyber-risques car ceux-ci peuvent avoir des conséquences dramatiques sur la performance de l’organisation.

La lecture de cet article vous sensibilisera davantage à votre rôle d’administrateur et aux conséquences qui en découlent. Voici un extrait de celui-ci. Bonne lecture !

Cyber Threat Management from the Boardroom Risk: Lost in Translation

During the session, the panel had been discussing how the senior leadership teams address the problem of putting their signatures against the risk that cyber threats pose to their organizations. Tammie Leith made a point to the effect that it is just as important for our teams to tell us why we should not accept or acknowledge those risks so that we can increase investments to mitigate those risks.

What caught my attention was that the senior management teams are beginning to question the technical teams on whether or not appropriate steps have been taken to minimize the risks to the corporation. The CxO (senior leadership team that has to put their signature on the risk disclosure documents) teams are no longer comfortable with blindly assuming the increasing risks to the business from cyber threats.

To make matters worse, the CxO teams and the IT security teams generally speak different languages in that they are both using terms with meanings relevant to their specific roles in the company. In the past, this has not been a problem because both teams were performing very critical and very different functions for the business. The CxO team is focused on revenue, expenses, margins, profits, shareholder value, and other critical business metrics to drive for success. The IT security teams, on the other hand, are worried about breaches, data loss prevention, indications of compromise, denial of services attacks and more in order to keep the cyber attackers out of the corporate network. The challenge is that both teams use the common term of risk, but in different ways. Today’s threat environment has forced the risk environment to blend. Sophisticated targeted attacks and advanced polymorphic malware affect a business’s bottom line. Theft of critical information, such as credit card numbers, health insurance records, and social security numbers, result in revenue losses, bad reputation, regulatory fines, and lawsuits. Because these teams have not typically communicated very well in the past, how can we ensure that they have a converged meaning for risk when they are speaking different “languages”?

In order to fully explore the variations to the term “risk” for the business, I wanted to understand what the Security Exchange Commission (SEC) required of corporations in reporting requirements to their shareholders. The 2013 Cybersecurity Executive Order signed by President Obama, and the release of the NIST Cyber Framework seemed to be giving the SEC a new reason to revisit the topic of cyber security with a revitalized vigor.

The SEC had already published guidance on how corporations should provide cyber security risk disclosures in the CV Disclosure Guidance: Topic No. 2 Date: October 13, 2011. However, the speech that SEC Commissioner Luis A. Aguilar gave at the “Cyber Risks and The Boardroom Conference” at the New York Stock Exchange on June 10 discussed what the “boards of directors can, and should, do to ensure that their organizations are appropriately considering and addressing cyber risks.” In proposing a strong case for the boards of directors to take action, he discussed the “threat of litigation and potential liability for failing to implement adequate steps to protect the company from cyber-threats.” He also discussed the derivative lawsuits that were brought against companies, their officers and directors relating to data breaches. What caught my attention most about the speech is when he said, “Thus, boards that chose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.”

Commissioner Aguilar made a strong recommendation for corporations to voluntarily adopt the NIST Cybersecurity Framework in order to begin addressing the problem with the statement, “While the Framework is voluntary guidance for any company, some commenters have already suggested that it will likely become a baseline for best practices by companies, including assessing legal or regulatory exposure to these issues or for insurance purposes.”

I am not disagreeing with Commissioner Aguilar, but in practice, this is an incredible challenge for any board of directors as they are now being asked to provide direct cyber security oversight to the internal day-to-day operations of the organization or risk “peril.”

…..

Le vote obligatoire des actionnaires dans les cas de changements importants prévient-il les mauvaises transactions ?

Quelles transactions devraient requérir l’approbation obligatoire de tous les actionnaires ? L’article de Marco Becht, professeur de gouvernance corporative à l’Université libre de Bruxelles; Andrea Polo, du département d’économie et Business à l’Universitat Pompeu Fabra et Barcelona GSE; et Stefano Rossi du département de finance de Purdue University, s’intéresse à la limite du pouvoir qu’il est nécessaire de laisser aux actionnaires plutôt qu’au conseil d’administration.

En Grande-Bretagne (UK), les offres faites à des entreprises-cibles de grandes tailles sont considérées comme des transactions de classe 1 et donc obligatoirement sujettes à l’approbation des actionnaires. Les résultats de cette étude montrent que les bénéfices financiers résultant d’une telle approche sont très importants.

Plusieurs juridictions ont choisi d’exclure les acquisitions de tailles importantes du vote de l’actionnariat, au détriment de l’avoir des actionnaires selon l’étude. Bien entendu, lorsqu’une transaction change profondément la nature de l’entreprise et peut potentiellement avoir des conséquences importantes sur la valeur des actions, celle-ci doit être traitée lors d’une assemblée extraordinaire des actionnaires.

« Our paper infers that mandatory voting makes boards more likely to refrain from overpaying or from proposing deals that are not in the interest of shareholders »

Voici un extrait de l’article publié dans le Harvard Law School Forum on Corporate Governance and Financial Regulation. Vous pouvez télécharger tout le document ici.

Bonne lecture ! Vos commentaires, portant sur la souveraineté des C.A., sont les bienvenus.

Does Mandatory Shareholder Voting Prevent Bad Corporate Acquisitions ?

In our paper, Does Mandatory Shareholder Voting Prevent Bad Corporate Acquisitions?, which was recently made publicly available as an ECGI and Rock Center Working Paper on SSRN, we examine how much power shareholders should delegate to the board of directors. In practice, there is broad consensus that fundamental changes to the basic corporate contract or decisions that might have large material consequences for shareholder wealth must be taken via an extraordinary shareholder resolution (Rock, Davies, Kanda and Kraakman 2009). Large corporate acquisitions are a notable exception. In the United Kingdom, deals larger than 25% in relative size are subject to a mandatory shareholder vote; in most of continental Europe there is no vote, while in Delaware voting is largely discretionary.

The consequences for Delaware corporation shareholders are well documented in the relevant finance literature. A large percentage of deals initiated by U.S. acquirers destroy shareholder value with aggregate announcement losses running in billions of U.S. dollars. Shareholder voting exists, but it is voluntary and therefore endogenous. Deals facing potential shareholder opposition can be restructured to avoid a vote, as was recently the case with Kraft Inc.’s bid for Cadbury Plc, after public opposition from Warren Buffett. Shareholder voting in the United States is not a binding constraint and previous empirical studies based on U.S. data are rendered inconclusive.

Under the U.K. listing rules, bids for relatively large targets are called “Class 1 transactions” and are subject to mandatory shareholder approval. In a representative sample of acquirers listed on the main market in London, Class 1 transactions are associated with an aggregate gain to acquirer shareholders of $13.6 billion, over 1992-2010. Similar U.S. transactions in terms of size and other observable characteristics that are not subject to shareholder approval are associated with an aggregate loss of $210 billion for acquirer shareholders over the same period; and smaller Class 2 U.K. transactions, also not subject to shareholder approval, are associated with an aggregate loss of $3 billion. The findings are robust to various controls for deal characteristics and also hold at the U.K. mandatory voting threshold, where deals are very similar except in their voting status.

How does mandatory voting bring about these positive Class 1 results? Our paper infers that mandatory voting makes boards more likely to refrain from overpaying or from proposing deals that are not in the interest of shareholders. We find that shareholders never voted against Class 1 transactions ex-post and deals that were poorly received by the market at announcement were often dropped before they reached the voting stage. The results show that giving shareholder a direct decision right over large transactions can have a positive causal impact by discouraging bad corporate acquisitions.

Many jurisdictions have chosen to exclude large acquisitions from the list of fundamental changes that are outside the scope of delegated board authority. The advantages of board delegation such as reduced legal costs and greater speed and flexibility are shown to be preferred to explicit shareholder approval. This study shows that the benefits of mandatory voting on large corporate acquisitions can be large, shedding new light on this trade-off.

L’État de l’audit interne à l’échelle internationale | Rapport 2014 de Thompson Reuters Accelus

Denis Lefort, CPA, expert-conseil en Gouvernance, audit et contrôle, vient de me faire parvenir l’édition 2014 de l’étude Thompson Reuters Accelus sur l’audit interne.

Ce sondage identifie des observations intéressantes pour la profession d’auditeur interne :

(1) Seulement un peu plus de 27% des services d’audit interne vérifient les processus de gouvernance de leur organisation;

(2) Il y a encore des écarts importants de perception entre les services d’audit interne et les comités d’audit quant aux priorités que devraient être celles des services d’audit interne;

(3) Les auditeurs internes investissent 45% de leur temps pour l’audit de la sécurité des TI;

(4) Près de 50% des services d’audit interne interagissent maintenant avec les autres fonctions d’assurance de leur organisation (Conformité, Gestion des risques, etc…).

Ce document sera donc très utile à tout administrateur soucieux de parfaire ses connaissances de l’état de la situation en 2014 dans le monde.

Bonne lecture. Vos commentaires sont les bienvenus. Voici le sommaire de l’étude.

ÉTAT DE L’AUDIT INTERNE – RAPPORT 2014 DE THOMSON REUTERS ACCELUS

Thomson Reuters Accelus’ annual State of Internal Audit Survey provides an insight into the experiences and expectations of internal audit professionals around the world. More than 900 internal audit practitioners across 50 countries participated in the 2014 survey sharing their views across a range of subjects, issues and concerns. The experiences shared in this report are intended to help internal audit functions and senior management benchmark the myriad of challenges faced and enable them to leverage the approach taken by their peers.

The survey has demonstrated that the world and work of internal audit continues to be as complex, and challenging as ever. Both the volume and diversity of issues that internal auditors need to understand and assess continues to increase globally and across all industries.

In fact, at a high level the results of the Thomson Reuters Accelus State of Internal Audit Survey have remained relatively unchanged for the last few years.

This year the results confirmed that the vast majority (81 percent) of internal auditors’ focus remains on providing assurance on the efficacy of internal control process. While assurance work is the traditional mainstay of internal audit there are a wide range of other areas and issues for internal auditors to consider, including:

(1) Nearly a quarter (24 percent) of internal auditors expect their personal liability to increase in 2014. The adequacy of internal auditors’ skills, focus and approach is firmly on the radar of regulators worldwide. It is no surprise, therefore, that internal auditors expect their own personal liability to increase in the near future.

(2) Nearly half (49 percent) of all internal auditors have had no involvement in assessing their firm’s culture. There are distinct regional variations with respondents from South America reporting that three-quarters (77 percent) of internal auditors have not assessed the culture of their firm.

(3) Just over a quarter (27 percent) of internal auditors have had no involvement in assessing their firm’s corporate governance; regionally this figure looks most concerning for North America, with 32 percent of internal auditors having no involvement.

4) Internal auditors spend 45 percent of their time on IT security and risk. Nearly half (48 percent) of respondents said that it should be a top priority for their organization and 35 percent said it would be a top challenge for boards of directors in 2014.

(5) Nearly half of the respondents (48 percent) expect to be spending more time reporting to senior management and tracking remedial actions. This is in addition to almost a quarter (24 percent) of internal auditors anticipating a need to focus on the implementation of industry-specific legislation.

(6) Nearly half of internal auditors interact with risk management (44 percent) and compliance (47 percent) on at least a monthly basis. While these figures are a slight improvement on last year it remains an area where improvements could be made.

(7) It is interesting that areas not considered a priority for internal audit included customer outcomes (6 percent), whistle-blowing (5 percent) and capital and liquidity (4 percent).

(8) Internal auditors’ perception of priorities for the board are not aligned with their own. The key challenges for internal auditors are greater complexity of issues and focus on risk and control, as well as changing business models. In contrast, boards’ priorities are corporate strategy, strategic risk management and legal and regulatory risk.

The growing focus which policymakers and regulators have been placing on culture, corporate governance and risk management has emphasized still further the need for a strong, well-resourced independent audit function operating, and in particular reporting, in close coordination with other risk and compliance functions, all with visible support from the top of the organization. Yet the results show a relatively unchanged picture in these areas from previous years. As the risks increase so does the need for internal audit to react to those changes.

La saga d’American Apparel | Une affreuse gouvernance

Voici un article publié par Gael O’Brien dans Business Ethics sur la saga de la gouvernance à American Apparel. Le fondateur Charney est en guerre contre son conseil d’administration pour une foule de raisons, valables à mon point de vue.

La situation est d’autant plus saugrenue que le président Charney est responsable de la nomination des membres du C.A. !

Je vous invite à une lecture pimentée d’une situation surréelle dont vous trouverez un extrait ci-dessous.

American Apparel: Sex, Power and Terrible Corporate Governance

The American Apparel story gets crazier by the moment.

Actions taken by the company’s board two weeks ago to attempt to remove founder Dov Charney as chairman and CEO have prompted him to launch a counteroffensive to regain control of American Apparel. Working with hedge fund investors, Charney has borrowed money to increase his shares in the company to 43 percent and is threatening a proxy fight. But the hedge fund investors working with Charney are now negotiating with the very board that fired him – and there’s a possibility that a new management team could be appointed that does not include Charney.

Whether Charney is successful or not, the result of his past leadership is an American Apparel characterized by two faces in opposition to each other. When that happens, the worst face eventually outweighs the best. The retail company’s attempts at socially responsible practices — clothes touted as ethically made in the United States – have ended up being plowed under by the repugnant behavior of its leader, who sexualized the workplace as a stalking ground for employee relationships called consensual, disregarding disparity of age and power.

American Apparel’s drama illustrates two key problems: In companies where there is a dominant founder running the company according to the beat of his (or her) own drum, how hands-on can a hand-picked board be when it is necessary to reign in the founder? And, when ethical issues surface in a company with a sexually provocative brand image, how does a hand-picked board ensure a clear stand is taken?

Charney’s hand-picked board supported him for years through several very public sexual harassment lawsuits — not appearing to reign in his philosophy that a sexually-charged workplace fosters creativity; it authorized a quiet, internal investigation this year which uncovered examples where they said Charney misused company funds and didn’t prevent the posting of naked photos of a former employee who had sued him for sexual harassment a few years before.

___________________________________________________

Gael O’Brien, a Business Ethics Magazine columnist, is a consultant, executive coach, and presenter focused on building leadership, trust, and reputation. She publishes the The Week in Ethics and is The Ethics Coach columnist for Entrepreneur Magazine.

La gouvernance, les cyber risques et la reponsabilité du C.A.

Voici la présentation de M. Luis A. Aguilar, commissaire à la Securities and Exchange Commission (SEC). Le billet paru dans Harvard Law School Forum on Corporate Governance sonne l’alarme en ce qui regarde les menaces posées par les cyber attaques et les rôles et responsabilités des conseils d’administration à cet égard.

C’est un article qui met en perspective les besoins d’un changement significatif dans le focus de la gouvernance des entreprises.

Ci-dessous, un extrait de l’introduction à cet article, Bonne lecture !

I am pleased to be here and to have the opportunity to speak about cyber-risks and the boardroom, a topic that is both timely and extremely important. Over just a relatively short period of time, cybersecurity has become a top concern of American companies, financial institutions, law enforcement, and many regulators. I suspect that not too long ago, we would have been hard-pressed to find many individuals who had even heard of cybersecurity, let alone known what it meant. Yet, in the past few years, there can be no doubt that the focus on this issue has dramatically increased.

Boards of Directors, Corporate Governance and Cyber-Risks | Sharpening the Focus

Cybersecurity has become an important topic in both the private and public sectors, and for good reason. Law enforcement and financial regulators have stated publicly that cyber-attacks are becoming both more frequent and more sophisticated. Indeed, according to one survey, U.S. companies experienced a 42% increase between 2011 and 2012 in the number of successful cyber-attacks they experienced per week. As I am sure you have heard, recently there have also been a series of well-publicized cyber-attacks that have generated considerable media attention and raised public awareness of this issue. A few of the more well-known examples include:

The October 2013 cyber-attack on the software company Adobe Systems, Inc., in which data from more than 38 million customer accounts was obtained improperly;

The December 2013 cyber-attack on Target Corporation, in which the payment card data of approximately 40 million Target customers and the personal data of up to 70 million Target customers was accessed without authorization;

The January 2014 cyber-attack on Snapchat, a mobile messaging service, in which a reported 4.6 million user names and phone numbers were exposed;

The sustained and repeated cyber-attacks against several large U.S. banks, in which their public websites have been knocked offline for hours at a time; and

The numerous cyber-attacks on the infrastructure underlying the capital markets, including quite a few on securities exchanges.

Official portrait of Securities and Exchange Commission (SEC) Commissioner Luis A. Aguilar. (Photo credit: Wikipedia)

In addition to becoming more frequent, there are reports indicating that cyber-attacks have become increasingly costly to companies that are attacked. According to one 2013 survey, the average annualized cost of cyber-crime to a sample of U.S. companies was $11.6 million per year, representing a 78% increase since 2009. In addition, the aftermath of the 2013 Target data breach demonstrates that the impact of cyber-attacks may extend far beyond the direct costs associated with the immediate response to an attack. Beyond the unacceptable damage to consumers, these secondary effects include reputational harm that significantly affects a company’s bottom line. In sum, the capital markets and their critical participants, including public companies, are under a continuous and serious threat of cyber-attack, and this threat cannot be ignored.

As an SEC Commissioner, the threats are a particular concern because of the widespread and severe impact that cyber-attacks could have on the integrity of the capital markets infrastructure and on public companies and investors. The concern is not new. For example, in 2011, staff in the SEC’s Division of Corporation Finance issued guidance to public companies regarding their disclosure obligations with respect to cybersecurity risks and cyber-incidents. More recently, because of the escalation of cyber-attacks, I helped organize the Commission’s March 26, 2014 roundtable to discuss the cyber-risks facing public companies and critical market participants like exchanges, broker-dealers, and transfer agents.

Today, I would like to focus my remarks on what boards of directors can, and should, do to ensure that their organizations are appropriately considering and addressing cyber-risks. Effective board oversight of management’s efforts to address these issues is critical to preventing and effectively responding to successful cyber-attacks and, ultimately, to protecting companies and their consumers, as well as protecting investors and the integrity of the capital markets.

Sept leçons apprises en matière de communications de crise **

Nous avons demandé à Richard Thibault *, président de RTCOMM, d’agir à titre d’auteur invité. Son billet présente sept leçons tirées de son expérience comme consultant en gestion de crise.

En tant que membres de conseils d’administration, vous aurez certainement l’occasion de vivre des crises significatives et il est important de connaître les règles que la direction doit observer en pareilles circonstances.

Voici donc l’article en question, reproduit ici avec la permission de l’auteur. Vos commentaires sont appréciés. Bonne lecture.

Sept leçons apprises en matière de communications de crise

Par Richard Thibault*

La crise la mieux gérée est, dit-on, celle que l’on peut éviter. Mais il arrive que malgré tous nos efforts pour l’éviter, la crise frappe et souvent, très fort. Dans toute situation de crise, l’objectif premier est d’en sortir le plus rapidement possible, avec le moins de dommages possibles, sans compromettre le développement futur de l’organisation.

Voici sept leçons dont il faut s’inspirer en matière de communication de crise, sur laquelle on investit généralement 80% de nos efforts, et de notre budget, en de telles situations.

(1) Le choix du porte-parole

Les médias voudront tout savoir. Mais il faudra aussi communiquer avec l’ensemble de nos clientèles internes et externes. Avoir un porte-parole crédible et bien formé est essentiel. On ne s’improvise pas porte-parole, on le devient. Surtout en situation de crise, alors que la tension est parfois extrême, l’organisation a besoin de quelqu’un de crédible et d’empathique à l’égard des victimes. Cette personne devra être en possession de tous ses moyens pour porter adéquatement son message et elle aura appris à éviter les pièges. Le choix de la plus haute autorité de l’organisation comme porte-parole en situation de crise n’est pas toujours une bonne idée. En crise, l’information dont vous disposez et sur laquelle vous baserez vos décisions sera changeante, contradictoire même, surtout au début. Risquer la crédibilité du chef de l’organisation dès le début de la crise peut être hasardeux. Comment le contredire ensuite sans nuire à son image et à la gestion de la crise elle-même ?

(2) S’excuser publiquement si l’on est en faute

S’excuser pour la crise que nous avons provoqué, tout au moins jusqu’à ce que notre responsabilité ait été officiellement dégagée, est une décision-clé de toute gestion de crise, surtout si notre responsabilité ne fait aucun doute. En de telles occasions, il ne faut pas tenter de défendre l’indéfendable. Ou pire, menacer nos adversaires de poursuites ou jouer les matamores avec les agences gouvernementales qui nous ont pris en défaut. On a pu constater les impacts négatifs de cette stratégie utilisée par la FTQ impliquée dans une histoire d’intimidation sur les chantiers de la Côte-Nord, à une certaine époque. Règle générale : mieux vaut s’excuser, être transparent et faire preuve de réserve et de retenue jusqu’à ce que la situation ait été clarifiée.

(3) Être proactif

Dans un conflit comme dans une gestion de crise, le premier à parler évite de se laisser définir par ses adversaires, établit l’agenda et définit l’angle du message. On vous conseillera peut-être de ne pas parler aux journalistes. Je prétends pour ma part que si, légalement, vous n’êtes pas obligés de parler aux médias, eux, en contrepartie, pourront légalement parler de vous et ne se priveront pas d’aller voir même vos opposants pour s’alimenter. En août 2008, la canadienne Maple Leaf, compagnie basée à Toronto, subissait la pire crise de son histoire suite au décès et à la maladie de plusieurs de ses clients. Lorsque le lien entre la listériose et Maple Leaf a été confirmé, cette dernière a été prompte à réagir autant dans ses communications et son attitude face aux médias que dans sa gestion de la crise. La compagnie a très rapidement retiré des tablettes des supermarchés les produits incriminés. Elle a lancé une opération majeure de nettoyage, qu’elle a d’ailleurs fait au grand jour, et elle a offert son support aux victimes. D’ailleurs, la gestion des victimes est généralement le point le plus sensible d’une gestion de crise réussie.

(4) Régler le problème et dire comment

Dès les débuts de la crise, Maple Leaf s’est mise immédiatement au service de l’Agence canadienne d’inspection des aliments, offrant sa collaboration active et entière pour déterminer la cause du problème. Dans le même secteur alimentaire, tout le contraire de ce qu’XL Foods a fait quelques années plus tard. Chez Maple Leaf, tout de suite, des experts reconnus ont été affectés à la recherche de solutions. On pouvait reprocher à la compagnie d’être à la source du problème, mais certainement pas de se trainer les pieds en voulant le régler. Encore une fois, en situation de crise, camoufler sa faute ou refuser de voir publiquement la réalité en face est décidément une stratégie à reléguer aux oubliettes. Plusieurs années auparavant, Tylenol avait montré la voie en retirant rapidement ses médicaments des tablettes et en faisant la promotion d’une nouvelle méthode d’emballage qui est devenue une méthode de référence aujourd’hui.

(5) Employer le bon message

Il est essentiel d’utiliser le bon message, au bon moment, avec le bon messager, diffusé par le bon moyen. Les premiers messages surtout sont importants. Ils serviront à exprimer notre empathie, à confirmer les faits et les actions entreprises, à expliquer le processus d’intervention, à affirmer notre désir d’agir et à dire où se procurer de plus amples informations. Si la gestion des médias est névralgique, la gestion de l’information l’est tout autant. En situation de crise, on a souvent tendance à s’asseoir sur l’information et à ne la partager qu’à des cercles restreints, ou, au contraire, à inonder nos publics d’informations inutiles. Un juste milieu doit être trouvé entre ces deux stratégies sachant pertinemment que le message devra évoluer en même temps que la crise.

(6) Être conséquent et consistant

Même s’il évolue en fonction du stade de la crise, le message de base doit pourtant demeurer le même. Dans l’exemple de Maple Leaf évoqué plus haut, bien que de nouveaux éléments aient surgi au fur et à mesure de l’évolution de la crise, le message de base, à savoir la mise en œuvre de mesures visant à assurer la santé et la sécurité du public, a été constamment repris sur tous les tons. Ainsi, Maple Leaf s’est montrée à la fois consistante en respectant sa ligne de réaction initiale et conséquente, en restant en phase avec le développement de la situation.

(7) Être ouvert d’esprit

Dans toute situation de crise, une attitude d’ouverture s’avérera gagnante. Que ce soit avec les médias, les victimes, nos employés, nos partenaires ou les agences publiques de contrôle, un esprit obtus ne fera qu’envenimer la situation. D’autant plus qu’en situation de crise, ce n’est pas vraiment ce qui est arrivé qui compte mais bien ce que les gens pensent qui est arrivé. Il faut donc suivre l’actualité afin de pouvoir anticiper l’angle que choisiront les médias et s’y préparer en conséquence.

En conclusion

Dans une perspective de gestion de crise, il est essentiel de disposer d’un plan d’action au préalable, même s’il faut l’appliquer avec souplesse pour répondre à l’évolution de la situation. Lorsque la crise a éclaté, c’est le pire moment pour commencer à s’organiser. Il est essentiel d’établir une culture de gestion des risques et de gestion de crise dans l’organisation avant que la crise ne frappe. Comme le dit le vieux sage, » pour être prêt, faut se préparer ! »

____________________________________

* Richard Thibault, ABCP

Président de RTCOMM, une entreprise spécialisée en positionnement stratégique et en gestion de crise

Menant de front des études de Droit à l’Université Laval de Québec, une carrière au théâtre, à la radio et à la télévision, Richard Thibault s’est très tôt orienté vers le secteur des communications, duquel il a développé une expertise solide et diversifiée. Après avoir été animateur, journaliste et recherchiste à la télévision et à la radio de la région de Québec pendant près de cinq ans, il a occupé le poste d’animateur des débats et de responsable des affaires publiques de l’Assemblée nationale de 1979 à 1987.

Richard Thibault a ensuite tour à tour assumé les fonctions de directeur de cabinet et d’attaché de presse de plusieurs ministres du cabinet de Robert Bourassa, de conseiller spécial et directeur des communications à la Commission de la santé et de la sécurité au travail et de directeur des communications chez Les Nordiques de Québec.

En 1994, il fonda Richard Thibault Communications inc. (RTCOMM). D’abord spécialisée en positionnement stratégique et en communication de crise, l’entreprise a peu à peu élargi son expertise pour y inclure tous les champs de pratique de la continuité des affaires. D’autre part, reconnaissant l’importance de porte-parole qualifiés en période trouble, RTCOMM dispose également d’une école de formation à la parole en public. Son programme de formation aux relations avec les médias est d’ailleurs le seul programme de cette nature reconnu par le ministère de la Sécurité publique du Québec, dans un contexte de communication d’urgence. Ce programme de formation est aussi accrédité par le Barreau du Québec.

Richard Thibault est l’auteur de Devenez champion dans vos communications et de Osez parler en public, publié aux Éditions MultiMondes et de Comment gérer la prochaine crise, édité chez Transcontinental, dans la Collection Entreprendre. Praticien reconnu de la gestion des risques et de crise, il est accrédité par la Disaster Recovery Institute International (DRII).

Spécialités : Expert en positionnement stratégique, gestion des risques, communications de crise, continuité des affaires, formation à la parole en public.

http://www.linkedin.com/profile/view?id=46704908&locale=fr_FR&trk=tyah

** Article en reprise

Quels sont les grands enjeux de gouvernance ? | Six thèmes chauds ! *

En rappel, vous trouverez, ci-joint, une excellente publication de la NACD (National Association of Corporate Directors) qui présente les grands défis et les enjeux qui attendent les administrateurs de sociétés au cours des prochaines années.

Ce document est un recueil de textes publiés par les partenaires de la NACD : Heidrick & Struggles International, Inc., KPMG’s Audit Committee Institute, Marsh & McLennan Companies, NASDAQ OMX, Pearl Meyer & Partners et Weil, Gotshal & Manges LLP.

Vous y trouverez un ensemble d’articles très pertinents sur les sujets de l’heure en gouvernance. J’ai déjà publié un billet sur ce sujet le 23 juin 2013, en référence à cette publication.

Chaque année, la NACD se livre à cet exercice et publie un document très prisé !

Voici comment les firmes expertes se sont répartis les thèmes les plus « hot » en gouvernance. Bonne lecture.

: Boardroom, Tremont Grand (Photo credit: Joel Abroad)

(1) What to Do When an Activist Investor Comes Calling par Heidrick & Struggle

(2) KPMG’s Audit Committee Priorities for 2013 par KPMG’s Audit Committee Institute

(3) Board Risk Checkup—Are You Ready for the Challenges Ahead ? par Marsh & McLennan Companies

(4) Boardroom Discussions par NASDAQ OMX

(5) Paying Executives for Driving Long-Term Success par Pearl Meyer & Partners

(6) What Boards Should Focus on in 2013 par Weil, Gotshal and Manges, LLP

NACD Insights and Analysis – Governance Challenges: 2013 and Beyond

Today, directors are operating in a new environment. Shareholders, regulators, and stakeholders have greater influence on the boardroom than ever before. In addition, risks and crisis situations are occurring with greater frequency and amplitude. Directors have a responsibility to ensure their companies are prepared for these challenges—present and future.This compendium provides insights and practical guidance from the nation’s leading boardroom experts—the National Association of Corporate Directors’ (NACD’s) strategic content partners—each recognized as a thought leader in their respective fields of corporate governance.

_______________________________________

* En reprise

Article relié :

La réputation de l’entreprise : un actif intangible à protéger *

Vous trouverez, ci-joint, la dernière version du Rapport Bourgogne, publié par CIRANO, un centre de recherche multidisciplinaire qui a pour mission l’accélération du transfert des savoirs entre le monde de la recherche et celui de la pratique.

L’étude réalisée par Nathalie de Marcellis-Warin, professeure agrégée à l’École Polytechnique de Montréal et vice-présidente au CIRANO et Serban Teodoresco, Président de Preventa Inc., présentent, en une page, les principales conclusions tirées d’une analyse documentaire des recherches menées au cours des 12 dernières années et les résultats d’une étude exploratoire de 80 grandes sociétés au Québec. À lire.

La réputation de l’entreprise : un actif intangible à protéger

« La réputation de l’entreprise est de plus en plus définie comme l’actif stratégique le plus important sur le plan de la création de valeur. L’intérêt des scientifiques à l’égard du concept de réputation de l’entreprise a contribué à quintupler le nombre d’articles et d’études évalués par des pairs au cours de la dernière décennie (Barnett et al., 2006). Pourtant, aucune définition n’est généralement acceptée.

English: Reputation management graphic that breaks down the elements of reputation management and how they fit together. (Photo credit: Wikipedia)

Nous proposons une définition de la réputation de l’entreprise fondée sur des sources universitaires et des travaux d’experts : La réputation de l’entreprise est un actif incorporel acquis avec le temps et représente la valeur et la confiance accordées à l’organisation par les parties prenantes.

C’est un élément-clé qui favorise l’atteinte d’objectifs stratégiques, dont la création de valeur, la croissance rentable et l’avantage concurrentiel durable. Notre sondage, mené au Québec, montre que seulement la moitié des sociétés interrogées reconnaissent l’importance de la réputation. Aucune ne semble gérer la réputation de façon proactive… Le présent ouvrage propose un plan d’action à l’intention des sociétés désireuses d’effectuer la transition entre la gestion réactive et la gestion proactive de la réputation ».

______________________________________________

* En reprise

La dématérialisation du conseil d’administration | Une nécessité ! *

Cette semaine, nous avons demandé à Amanda Biggs, gestionnaire web et rédactrice en gouvernance, d’agir à titre d’auteure invitée. Son billet présente le basculement dans l’ère du numérique comme incontournable pour les entreprises et leurs instances dirigeantes.

Dématérialiser et digitaliser sont des termes que l’on retrouve à l’ordre du jour de nombreux conseils d’administration depuis quelques années.

Voici donc l’article en question, reproduit ici avec la permission de l’auteur. Vos commentaires sont appréciés. Bonne lecture.

La dématérialisation du conseil d’administration, un « must »

par Amanda Biggs

De quoi parle-t-on ?

La dématérialisation concerne l’ensemble des actions menées pour remplacer au sein d’une organisation les supports matériels d’information, de communication et de gestion par des fichiers et outils informatiques. C’est un processus propulsé par la révolution des technologies et qui s’inscrit dans une politique globale de zéro papier et d’acteurs interconnectés.

Où se déroule la digitalisation ?

Des échanges par courriel aux factures électroniques, il n’y a aucun métier qui échappe aux apports des nouvelles technologies de communication. Le conseil d’administration, garant de la bonne gouvernance au quotidien de l’organisation, doit donner le ton au sommet « the tone at the top ». Les administrateurs montrent l’exemple et se doivent d’embrasser les technologies pour leurs bénéfices mais également pour comprendre leur importance dans les activités et l’économie actuelle.

Efficacité, sécurité, responsabilité et leadership.

L’ère du digital et de l’interconnexion a bouleversé les structures traditionnelles de l’information et de la communication. Elle a aussi été source de nouveaux défis pour les conseils d’administration. En effet, une récente étude par Reuters confirme une augmentation de la taille des conseils, de la quantité de mandats détenus ainsi que le nombre de membres résidant dans des pays différents. De plus, avec l’accumulation et la démultiplication d’informations apportées par les nouvelles technologies, on assiste à un accroissement de l’épaisseur des pochettes d’informations des réunions des conseils. La gestion des réunions et d’une communication sécurisée entre membres deviennent ainsi de véritables challenges, complexes et couteux si des procédures papier sont maintenues.

ipad (Photo credit: Sean MacEntee)

Pour répondre à ces nouveaux défis et accompagner la transition digitale des conseils d’administration, des spécialistes comme Leadingboards, Idside, Diligentboard ont développé des logiciels sous le nom de « board portals » qu’on appelle en français des « conseils-sans-papier ».Les administrateurs ont tout intérêt à adopter un tel outil informatique afin d’organiser et sécuriser leur information, la consulter au besoin et simultanément ainsi qu’accéder aux archives pour pratiquer une prise de décision éclairée.

Sachant que l’intelligence économique est une arme à part entière dans un contexte d’économie globalisée, les risques pesant sur les administrateurs sont démultipliés. On note que les documents papiers comportent un risque élevé de perte, d’oubli ou de vol. Pour éviter cela, de nombreux administrateurs utilisent désormais des courriels privés pour échanger, faisant naitre de nouveaux risques sous-estimés : ces comptes peuvent être piratés, les courriels interceptés ou stockés sous le « US Patriot Act ». Si les données sensibles des conseils ne sont pas hautement sécurisées, cela peut mettre en péril toute l’activité de la société ainsi que les intérêts des parties prenantes. C’est pourquoi les board portals offrent plusieurs niveaux de sécurité afin de garantir la confidentialité des échanges.

Pour terminer, on note une popularité croissante des appareils mobiles auprès des administrateurs grâce à leur mobilité bien entendu mais aussi pour les nombreuses fonctionnalités intuitives proposées. Pour rendre l’expérience digitale la plus agréable possible, certains conseils-sans-papiers disposent d’applications iPad dédiées. Ces applications permettent aux membres d’accéder aux informations de leur conseil en tout temps mais également de prendre des notes et de communiquer entre eux pour une gouvernance améliorée et exemplaire.

Il y a bel et bien des outils aux fonctionnalités avancées pour aider et faciliter le rôle des administrateurs tout en réduisant les risques. Un conseil d’administration 2.0 permet de répondre aux nouveaux enjeux économiques efficacement tout en participant aux objectifs d’un développement durable.

__________________________________

* En reprise

Quelles sont les qualités d’un président de conseil d’administration (PCA) exceptionnel ? *

Voici un rapport de recherche publié par la firme Alvarez & Marsal, sur les qualités d’un bon président de conseil d’administration (PCA).

L’étude présente les résultats des entrevues menées auprès de 22 PCA des plus grandes sociétés publiques britanniques qui ont œuvrés avec plus de 120 PCA dans leurs carrières.

Cette lecture, vraiment fascinante, montre clairement les qualités des PCA qui sont considérées comme exceptionnelles par leurs pairs. Ci-dessous, un bref extrait du rapport.

What makes an exceptional Chairman ?

« Our research has identified the key attributes displayed by exceptional chairmen in challenging times. Although most difficult to maintain during periods of duress, these characteristics are displayed throughout a chairman’s tenure and across all aspects of their management of the business. We have also compared these attributes with the guidance for chairmen provided by the Higgs Report and the more recent guidance note published by the Financial Reporting Council. This emphasises that ‘good boards are created by good chairmen’ and the importance of the chairman demonstrating ‘ethical leadership.’ In its detail, the guidance provides lists detailing the chairman’s role, rather than the qualities which come out of our research.

Alan Greenspan, Chairman of the Board of Governors of the Federal Reserve, 1987-2006 (Photo credit: Wikipedia)

Firstly, and most importantly, an exceptional chairman understands the business, its culture, people and processes. This understanding encompasses recognising and embodying the values of the business as much as having knowledge of the business operations and the marketplace. An exceptional chairman also understands the wider industry and prepares the company for all eventualities, from further market disruption to opportunities to improve competitiveness. This is based on their deep knowledge of the company and sector. Extensive knowledge of a sector or type of sector (e.g. heavy manufacturing) is as important as the chairman’s ability to apply his or her accumulated experiences into effecting transformational change and preparing the business for future challenges.

Secondly, exceptional chairmen never consider themselves a one-person success. They create strong teams that have real influence on the company’s direction by building an effective board of non-execs and establishing a complementary working relationship with the CEO and their team. They implement change through the CEO, but are ready and able to step in at the right time to provide air cover to alleviate pressure. In short, they provide strong active leadership of the board.

Not afraid to take tough decisions in adversity, this type of chairman has an infectious enthusiasm and commitment to change which has a ripple effect, creating a ‘can-do’ attitude throughout the company. With internal stakeholders on board, the chairman uses strong communication skills to engage shareholders and other external stakeholders with change ».

L’article présente 8 aspects qui caractérisent les présidents de conseil qui ont du succès. Lisez la suite dans cet excellent rapport.

_________________________________________

* En reprise

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

« There is uncertainty about what risk committees should do »

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Partagez (share) ce post

Articles reliés :

Partagez (share) ce post

Sept leçons apprises en matière de communications de crise

Partagez (share) ce post

Related articles

Partagez (share) ce post

Partagez (share) ce post

La dématérialisation du conseil d’administration, un « must »

Partagez (share) ce post

Articles reliés au sujet :

Partagez (share) ce post