A couple of years back, Professor Michael Useem of Wharton penned an article in HBR which laid out processes for well managed boards.1 Useem writes that better governance decisions may come in part from well organised board calendars that generate both generative and protective decision-making. He also adds that some of the plumming that goes into good governance, such as committee charters and decision protocols can lead over time to a better governance culture. Matters reserved for the board include approval of the annual business plan, senior officer/C-suite incentivces, capital structure, and material litigation settlements or fines over a key threshold, according to Useem. He further suggests a calendar for key business issues at the boardroom, summarized below:
Q1: Annual plan versus results, incentives, nominating guidelines
Q2: Committee results, management reports, authorise incentives, audit review
Q3: Compliance, risk and internal audit, earnings guidiance
Q4: Next year's budget, assess director nominees, CEO/director evaluation
Below, I have enhanced this schedule to include specific risk governance features which have become a part of everday life for INEDs of financial services firms. While not suggesting one size fits all, it is meant to extend calendars specifically for risk-taking entities and boards that place risk governance at the forefront of thier monitoring roles.
Q1: Approval of the Risk Appetite Statement, Risk Committee membership and TOR, limits
Q2: Drill down on key risks, such as operational risk hygine metrics, review of reserves/write-offs
Q3: Review of cyber risks, such as key assets to protect, risks to accept, mitigate or insure
Q4: Review of incentives programs vis-a-vis risk-takers, SMCR and regulatory issues, asset allocation
Furthermore, experts can be brought in on certain areas relating to risk-taking, such as reserves versus income smoothing, operational risk measurement and tracking, dashboard design and tracking of key risks, review of competitor risk taking metrics, and detailed review of cyber risks including identification of key assets to protect and operational resiliance practices.
Happy 2020 directors!
2. Photo credits: Nasdaq and Almiral.com