If the recent financial crisis taught us anything, it taught us the value of a high-functioning board of directors. An educated, involved board can help steer an organization away from needless risk and into a balanced governance structure – the board handles oversight while management handles day-to-day operations.I’d like to suggest three issues that your board should watch during 2016. Not all boards will take action on all of them, but I think it’s important to keep them top of mind.
As information systems grow and an increasing number of devices are connected and have internal data storage, the risk of data breaches continues to grow. Financial losses due to breaches in information systems are staggering. They are estimated at more than $400 million from 700 million compromised records, and hackers have exposed the personal information of 47 percent of adults in the United States. Compromised data is increasingly valuable, but thieves are also after information that can embarrass or disrupt a company.
Cybersecurity is not simply an IT issue. It is an enterprise-wide concern and corporate directors must recognize the risks within their organizations. We recommend that our clients take the following steps to begin their journey to cyber-resilience:
- Conduct an annual cybersecurity “health check.”
- Understand the legal implications of cyber risks.
- Provide board members and senior management with access to cybersecurity expertise.
- Ensure the organization implements and maintains an enterprise-wide cyber risk management program using industry guidance as a framework.
- Ensure the organization has implemented and regularly tests incident response plans.
The question is no longer if a breach will occur, but when it will occur. The five steps outlined above will begin to set your organization on a path for cyber-preparedness.
Effective Audit Committees
An audit committee has oversight responsibilities for financial reporting, internal and external auditors, regulatory compliance, and responsibilities to monitor accounting policies. SEC registrants are required to have independent audit committees, but many private companies also operate with them.
Not all companies, however, need an audit committee. I have seen companies set up audit committees only to fill them with members of the organization who are already involved in the day-to-day activities of the company. These committees are sometimes perfunctory, functioning only as window dressing, and, in my opinion, are often not worth having. Appropriately qualified, independent directors often bring new ideas to the table and can critically evaluate areas of risk to the company. They often are able to see risk because they have a fresh perspective, and management can benefit from their perspective and advice.
One of the best pieces of advice I could give is that, to get the most from the committee, all key members of your organization must be completely committed to the committee’s work. An audit committee can be highly effective management tool, especially when everyone is committed to helping it operate at the highest level possible.
We saw an amazing statistic recently from Patrick Ungashick, president of White Horse Advisors – nine million of America’s 15 million business owners were born in or before 1964. That means one business owner turns 65 every 57 seconds. As they approach 65, many of those 9 million business owners are contemplating their own retirement and the future of their businesses.
Whether privately held or public, companies face disruption when a leader retires or leaves the company. Establishing a succession plan early keeps the process from seeming personal, and should be initiated by the board of directors. Markets react to uncertainty and creating a formal succession plan helps maintain an organization’s stability.
Are these the only issues your board needs to watch in the coming year? Of course not. But they are some of the key issues most businesses will face. 2016 will certainly have its ups and downs, and the global economy is unpredictable, but keeping the board of directors focused on sound management will keep your organization ready for any challenges that come.
For weekly insights into enterprise complexity, please sign up here: