Risks Confronting Boards 2016 - Key Insights & Observations
Directors are charged with vast responsibilities to their shareholders and constituents. They are faced with a constant struggle of executing on the organization's mission, through a strategy that achieves sustainable profitability – all while combating risks. For nearly a decade, EisnerAmper has surveyed directors about their top concerns – and their approaches to mitigating risk.
A key issue we had explored in last year's report centered on directors identifying major risks, with little apparent action by board members or management to temper the concerns. This year, our survey uncovered some other themes that paint a much broader picture of the puzzle: a lack of confidence
in those leading the organization; audit committees and internal audit struggling with resources, knowledge and their general role; and a growing number of organizations without an enterprise risk management ("ERM") process. These puzzle pieces (audit, confidence, ERM) provide the substance necessary to take action. If managing these is a challenge, then actions taken, based on a questionable foundation, may be imprudent at best and likely misdirected.
Discussions with board members following our survey as well as significant geopolitical change highlighted 2 additional factors – diversity and overall uncertainty. At this point in time, it would be wise to consider these while managing risk. Diversity must be considered beyond its traditional terms (race, ethnicity, gender, etc.); and boards must plan for the unexpected, while watching for the unknown.
One final preliminary note: Previously, reputational risk was identified alongside the other concerns we profile. However, today's instant news – social media and online/live streaming have brought about the disappearance of the traditional 'news cycle' – has made reputational risk a consequence of any other potential catastrophe. Therefore, we have opted to remove it from the options, and no longer rank it among the others.
Lack of Confidence
The 2016 survey results exposed confidence issues (which had been lurking in the undertones of responses in previous years) in leadership, both among the board and organization executives. From operational executives managing top-rated concerns to boards' preparation for crises, this survey yielded increasingly negative responses.
This could indicate that boards understand their organizations' shortcomings and areas that need attention. If this is the case, this honest reflection is encouraging, as half the battle is determining an organization's risks and identifying where the organization lacks expertise and focus.
The role of an audit committee has grown substantially over time. Members of audit committees provided varying responses when asked to determine the committee's most significant risk: financial statement accuracy, compliance and regulatory, financial, cybersecurity, fraud, or internal controls. This committee seems to be inundated with numerous and substantial responsibilities.
Across all 3 organization types, just over half of the directors indicated, with confidence, that their audit committee is providing adequate oversight of the most significant risks. The recurring theme of "growing concern, little action" emerges easily with the considerable weight and amount of risks this committee is assigned to manage.
The majority of respondents indicated that internal auditors focus on internal controls over financial reporting as well as operational audits. Internal auditors should also be the heavy hitters supporting the board's understanding and management of risk.
Further, boards may want to consider a representative from internal audit becoming part of the audit committee. This increase in communication and collaboration between operations, particularly audit, and the board may improve overall levels of confidence and ability to take action. However, this approach demands that internal audit has the resources and capacity to handle this additional responsibility.
Enterprise Risk Management
In previous surveys, EisnerAmper found, overwhelmingly, a lack of ERM programs. This year, we again asked the question: From 2014 to the present, responses indicating "No, we do not have a program" rose by almost 25%. Couple this with another statistic from this year's survey: Only a little more than 10% of directors feel their board is well-prepared to manage their organization's next crisis.
Boards need to consider the implications of traditional and new risks and the growing potential for a crisis. During a National Association of Corporate Directors ("NACD") roundtable:
*Grills, K. (2017, November 22). At Roundtable, Directors React to Trump Election.
Retrieved from NACD: https://blog.nacdonline.org/2016/11/directors-react-to-trump-election/
A board's makeup is another factor that has to be considered when discussing the ability (and approaches) to address risk. When asked about diversity goals, many directors feel diversity, in the traditional sense, is not as pertinent as diversity in experience and expertise.
Diversity in general is vital to decrease the risk of groupthink. However, in addition to an emphasis on gender and race, for example, diversity of experience and education may be an equally relevant consideration. For example, as "free" education (e.g., Massive Open Online Courses ("MOOC") and learning certificates offered by prestigious universities) becomes more widely embraced and the cost of a traditional college education skyrockets, does having "alternative" education background add to diversity of thinking?
Workforce considerations: As we examine manufacturing, infrastructure, and artificial intelligence, is our under-age-30 workforce being trained and/or educated to supply the range of skills organizations will require? Our workforce is seeing a significant change in the skills needed: One side of this chasm rests on meeting the demands of a knowledge-based economy (How will today's workers transition into knowledge based roles?) and the other side rests on supporting the growth of a workforce more narrowly specialized in the trades. Is the next generation of our workforce being guided towards these needs? Do they have access to the necessary knowledge to succeed?
Will corporate America be left to shoulder this responsibility? If so, boards will have to seriously consider this long-term concern and the action that should be taken in the short-term.
Directors across all organization types showed the least concern for geopolitical volatility. While it was the first time this issue appeared in our survey, the survey was administered and closed prior to the U.S. presidential election and post-Brexit vote results. Following these events, however, we found this issue top-of-mind for directors, who contemplated and debated a host of geopolitical uncertainties and their varied impact on their organizations during a NACD roundtable hosted by EisnerAmper.
Concerns About Risks Confronting Boards - 2016 Survey Results