Attention Compliance and Risk Officers: Are You Giving Your Board of Directors What It Needs?
Monday, April 23, 2007
Posted in: General
Ken Wooten, Polivec's Product Management Director, shares his thoughts on what boards need today in order to be effective.
In the years since the Sarbanes-Oxley act was enacted, much focus has been put on the role of the Board of Directors. For most organizations this has resulted in significant changes in the makeup and operation of their boards. Some of this transformation was mandated by Sarbanes-Oxley and other regulations, but there is also increasing desire and effort to make boards more effective and valuable to the business.
Prior to SOX, many boards were comprised of nothing more than passive figure heads, offering little or no measurable value to the business. However in reaction to regulatory pressures, the pendulum has swung in the other direction. Now boards want detailed information on all aspects of the business. This can create enormous pressures on the executive management team to respond.
In his book Boards That Deliver, Ram Charan, a highly acclaimed business advisor who taught for 30 consecutive years at GE's Crotonville Institute, discusses the transformation of boards from passive to active. He describes three phases that boards go through: “Ceremonial,” “Liberated,” and “Progressive.” Mr. Charan’s book offers some great insight and recommendations to help boards become more effective.
What can compliance and risk management executives do to ensure their board of directors has what it needs to be effective? The answers will vary depending on the company, however here are three areas to consider:
- Metrics – Create a set of agreed upon metrics that are consistent. Expect adjustments—keep in mind that you want board members to understand and make use of reports during board meetings with minimal effort
- Timeliness - Any data that is presented to the board must be current. Outdated compliance or risk data has little to no value
- Efficiency – You must find a way to deliver the agreed upon metrics and reports with as little impact as possible to your organization. As much as possible, daily activities and transactions should automatically feed into your management reporting.
Compliance and risk reporting needs to mature to the point that financial reporting has achieved today. It took years to develop the metrics and systems needed to consistently report on financial matters. Compliance and risk executives do not have that much time. The urgency is immediate and the burden is only going to get worse.
In the meantime, the challenge for you is to find a middle ground between providing too little information to your board, and providing so much it bogs down your organization.