In the coming year, public company compensation committees face the task of overseeing the disclosure of information related to clawback policies, executive pay versus company performance, and the ratio of CEO pay to the median employee.
Overseeing a company's IT initiatives, particularly the adequacy of cybersecurity, can be a challenging task for directors. The subject matter can be complex and involve highly technical jargon that is difficult to understand. Companies are also increasing their reliance on emerging technologies and these come with increased risks. The financial and business impact of a significant cybersecurity breach can be substantial to a company―including its brand.
For directors, it is critical to understand a company’s cybermetrics, which is the information and statistics that directors need to support a comprehensive view of a company’s IT infrastructure, risks, and strategy. Some companies (like those in energy and banking) may need to protect IT systems and data that are critical to our nation’s infrastructure. Some may use point-of-sale devices in operations, conduct transactions exclusively online, and allow customers and employees to access data via mobile devices. Others may share information with third-party suppliers, or various other activities that can increase cyberrisk. The right cybermetric reporting will differ depending on these variables.
There are many other considerations in determining the right cybermetrics to be reported to directors. To learn more on this topic, click here.
Compensation committees facing wave of Dodd-Frank disclosures
In the coming year, public company compensation committees face the task of overseeing the disclosure of information related to clawback policies, executive pay versus company performance, and the ratio of CEO pay to the median employee.
The questions on the minds of many compensation committees and boards are: How do we prepare for such disclosures? How will they affect the compensation package and the disclosure process? How will they affect our say on pay vote? Should a third party be brought in to help? What are the implications for the Compensation Discussion & Analysis (CD&A) section of the proxy statement?
Of these most recent disclosures originated by the Dodd-Frank Act, only the CEO pay ratio rule has been finalized, but it won’t be effective until the 2018 proxy season. The clawback policies and pay versus performance rules were proposed in the past four months, and expected to be finalized by April 2016. While many companies adopted clawback policies after the Sarbanes-Oxley Act was passed in 2002 and include some degree of pay versus performance information in their CD&A, the requirement to disclose the CEO pay ratio is likely a new concept for most organizations.
I am very pleased to have the opportunity to work with all of you as the new leader of PwC’s Center for Board Governance and the Investor Resource Institute.
The current business environment poses many challenges and opportunities for directors in their governance role. Cybersecurity, board composition and activism are the hot topics, but an underlying theme of an increased need for trust and transparency is also emerging.
In my interactions with investors and thinking about the broader spectrum of shareholders, it is apparent that many elements of governance are significantly nuanced, without black or white solutions, and that increased interaction between directors and shareholders is needed to close the expectations gap.
That is why you are going to see more articles in BoardroomDirect sharing views from the lens of investors. I hope to provide you with some perspectives from the investor community that will help you fulfill your role as a director. Or, at the very least, give you something to think about.
When trouble comes knocking: Dealing with investigations
Corporate investigations are on the rise, and the expectation is for these fact-finding exercises to be appropriately and objectively governed. Often, this responsibility falls to independent members of the board of directors. More likely than not, audit committee members will be asked to oversee an investigation at some point. For most, it is not a matter of if, but when.
Issues triggering an investigation are broad and can range from claims of financial reporting fraud, conflicts of interest, harassment, and violations of laws and regulations to retaliation against whistleblowers. In addition, the increased prevalence of cyber-attacks against corporations in recent years may trigger the need for investigations into the nature, timing, and extent of the breach. And the heightened focus on bribery and corruption by regulators around the globe has triggered many inquiries regarding these issues.
“Investigations are often directed to the audit committee since they usually play a key role in overseeing the company’s compliance activities, including the allegations submitted through the whistleblower hotline,” said Don Keller, partner in PwC’s Center for Board Governance. He added that at many companies, the audit committee is often charged with overseeing IT, so any issues that fall into this domain are often the responsibility of the audit committee to investigate as well.
As their responsibilities grow, audit committees continue to focus on overseeing the company’s financial statements and external auditor while ensuring the quality of the audit. To aid audit committees in carrying out these responsibilities, two publications were recently released: the Audit Committee Collaboration’s External Auditor Assessment Tool and the PCAOB‘s Audit Committee Dialogue.
To gain practical feedback around the usefulness of these publications for audit committees, PwC’s Center for Board Governance had conversations with Dennis Beresford, NACD board member and Executive in Residence at Terry College of Business, University of Georgia (and former FASB chair and audit committee chair for various companies), and Vanessa Chang, audit committee chair of Edison International and American Funds.
In the conversations, both Beresford and Chang indicated that audit committees should review these new resources and consider how they could use them in their oversight role.
Ask board members to rank the importance of strategic risk oversight and the response is almost always a resounding “No. 1.” It is also an area on which most directors want to spend more boardroom time, according to PwC’s 2014 Annual Corporate Directors Survey.
The focus is not surprising when you consider the following responses to a PwC and Strategy& survey asking 2,800 executives about their company’s strategy:
These results demonstrate just how difficult it is to define a company’s strategy over the long-term in today’s fast-changing environment. They may also be indicative of the short-term “fire fighting” mode that some companies have been in over the past decade. Many have faced a variety of issues and crises, whether due to external forces or internal events.
Activist investors are increasing in number and becoming more assertive in exercising their influence over companies in which they have a stake. And shareholder activism comes in different forms, ranging from say-on-pay votes, to shareholder proposals, to âvote noâ campaign where some investors will urge other shareholders to withhold votes from one or more directors, to hedge fund activism.
Activism can build or progress. If a company is the target of a less aggressive form of activism one year, such as say-on-pay or shareholder proposals, and the activistsâ issues are not resolved, it could lead to more aggressive activism in the following years.
Companies, governments and society at large are coping with the rising incidence of crisis events including cyber-crime, natural disasters, major product recalls, pandemics, terrorism and war. No company can immunize itself from the possibility of a crisis, but they can be better prepared.
Knowing when an âeventâ is really a crisis
When do you declare a crisis? Delays can slow response times, potentially making situations worse or even leading to a larger crisis. Yet, delays are common, either because management doesnât recognize what is happening, or because thereâs concern with labeling the event a âcrisis.â
Companies should consider defining in advance what constitutes a crisis for them and determining âtrigger pointsâ that once reached may indicate a crisis situation. These will be unique to each company and should take into consideration the companyâs risk tolerance levels. Examples of trigger points include financial losses above a certain dollar amount, particular networks offline for a specified period of time, reaching specified threshold levels for damage to a physical plant, or even loss of life. Management should discuss their definition with the board.
One story of the 2015 proxy season is shareholder proposals to nominate directors and a 48-year-old shareholder proposal exclusion rule.
The rule allows for the exclusion of a shareholder proposal that directly conflicts with a management proposal. While the rule has been around since 1967, recent developments regarding a proxy access shareholder proposal filed at Whole Foods Market has raised the prospect of whether the rule needs to be changed.
In January, SEC Chair Mary Jo White asked the agencyâs staff to review the rule after SEC staff had initially granted no-action relief to Whole Foods management. Subsequently, the commissionâs Division of Corporation Finance announced it will âexpress no views on the application of Rule 14a-8(i)(9) during the current proxy season.â
The changing business landscape, technological advances, and significant risks such as cybersecurity continue to present opportunities and challenges for companies today. Directors will want to take a fresh and critical look at their boardroom agenda to ensure it is meeting todayâs needs.
PwCâs 2014-2015 edition of Key considerations for board and audit committee members, an annual publication from PwCâs Center for Board Governance, can help enhance the quality of board and management discussions in the coming year.
Companies continue to measure the risks and rewards of social media. Whether or not they participate in the myriad of social media channels, directors are becoming more aware of the potential risks and the importance of social media policies.
In PwCâs 2014 Annual Corporate Directors Survey, 41% of directors say they are now at least moderately engaged in overseeing the companyâs monitoring of social media for adverse publicityâcompared to 31% in 2012. There was also an 11 percentage point increase (to 42%) in the number of directors who are at least somewhat engaged in overseeing employee social media training and policies.
This development is not surprising when you consider that, according to PwCâs State of Compliance 2014 Survey, by 2020 each person will have more than six devices with which they can communicate using social media. Nearly 90% of those compliance executives surveyed said they have an employee social media policy, up from 65% in 2013.
On November 4, Republicans won control of the US Senate, picking up eight seats for a majority of 53. Coupled with increasing its majority by 12 seats in the US House of Representatives, Republicans will have control of both chambers when the new Congress convenes in January 2015. With three races in the House and one in the Senate still undecided, that majority could grow.
Directors should be thinking about how this change will affect the level of uncertainty pending legislation could potentially have on their companies. For one thing, certain tax provisions, such as the research credit, 50% bonus depreciation, and section 179 small business expensing have expired could be taken up in the lame duck session this year before the 114th Congress convenes in January.
Beginning with the lame duck session already underway, directors should be mindful of three areas in the coming weeks and months: (1) extension of certain tax provisions, (2) Dodd-Frank Act rulemaking, and (3) possible changes in the Affordable Care Act (ACA).
2014 Annual Corporate Directors Survey
PâWe structured this year's survey to gauge director sentiment on a number of key governance trends shaping the board of the future,â said Mary Ann Cloyd, Leader of PwC's Center for Board Governance. âAs directors continue to face scrutiny from investors, regulators and other stakeholders, board practices remain in the spotlight.â
Among the board practices that have the attention of more directors are those regarding IT.
âOver the past few years, we've seen significant changes to board practices regarding IT oversight and cybersecurity,â Cloyd said. âThere is increasing recognition that IT is a business issue, not just a technology issue.â
Use the following links to learn more about specific topics addressed in this yearâs survey: Board performance and diversity, Board priorities and practices, IT and cybersecurity oversight, Strategy and risk oversight, and Executive compensation and director communications. To download the complete report, click here.
PwCâs Center for Board Governance recently published the fourth in its Audit Committee Excellence Series, Achieving excellence: Overseeing external auditors. The publication addresses leading practices related to communications with the external auditor, the chairâs relationship with the lead audit partner and the firm, evaluating the external auditorâs performance, and the companyâs preapproval controls for services provided by the external auditor. The publication also discusses third-party influencers that can have an impact on the committee.
Effective oversight of the external auditor is an important element of the financial reporting process. And todayâs environment is one of heightened investor and regulator expectations. Audit committees recognize the importance of maximizing their relationship with their external auditors. The following are some of the actions the publication identifies to help audit committees achieve excellence:
Read Achieving excellence: Overseeing external auditors edition. Visit the Audit Committee Excellence Series website for past editions on Forward-looking guidance practices and potential risks of consensus estimates, Financial reporting oversight, and Overseeing internal audit.
As cybersecurity has risen to the top of many boardsâ risk management agendas, there is a more compelling need for clear dialogue between the C-suite and the board.
Some directors report they are frustrated because they are not getting the information they need from the CIO or CISO to appropriately assess the companyâs cyber risks, according to Charles Beard, a principal in PwCâs forensics practice. He is a former senior vice president and general manager of cybersecurity at Science Applications International Corp.
âOne way to address this issue is to change the message from one focused on the technical aspects of the companyâs approach to one focused on oversight of a comprehensive and multi-disciplinary cybersecurity program,â Beard said. He also suggests the person delivering that program-focused message should be someone who can more easily communicate it to the board in contextual risk terms, such as the general counsel.
Why should a company have such a program? As regulators and plaintiffs in civil lawsuits take increasing interest in companiesâ cyber operations and duties, IT budgets reflect a âdo-more-with-lessâ approach, digital devices proliferate and network access becomes pervasive. Effective risk management is required to manage these increased vulnerabilities. A formal comprehensive risk management program acknowledges the reality that companies are inextricably linked to all things digital and that breaches are an increasing threat.
The audit committeeâs role is not getting easier, but it has a lot of resources in its arsenal to help meet todayâs high expectations. A high-performing in internal audit function can be a valuable resource.
About one-third of board members believe internal audit adds less than significant value to the company and only 64% believe internal audit is performing well at delivering expectations, according to PwCâs 2014 State of the internal audit profession study â Higher performance by design: A blueprint for change. Even chief audit executives (CAEs) are critical of their functionsâ performance, with just two-thirds saying itâs performing well.
This Issue in focus discusses what the audit committee can do to help internal audit improve its performance and provide more value. For a more in-depth discussion, read the current edition of our Audit Committee Excellence Series. Achieving excellence: Overseeing internal audit.
Directors for public companies of all sizes are spending time in their boardrooms discussing one particular class of shareholders: activists.
What is the current assessment of activist shareholders such as hedge funds?
In many cases they deliver steady returns, produce sophisticated plans to improve value, have effective messaging, and can have a big impact with relatively low investment. In addition, they are more accepted in the marketplace. This was the view from a March 2014 PwC Deals practice webcast.
âOne of the key points is that the activist hedge funds are outperforming the market,â Ron Chopoorian, a PwC Deals partner, said. âThereâs also been a fundamental shift in the sentiment about activists. They are no longer seen as corporate raiders; they are seen pushing for shareholder value.â Some evidence of that acceptance by the marketplace is that pension funds and endowments committed $7 billion to activist funds in 2013, according to PwC.
Risk appetite should have a starring role in a companyâs overall strategy and investment decisions. But the concept can be confusing.
So what is risk appetite, and why is it so important?
By definition, it is the amount of risk an organization is willing to accept in pursuit of strategic objectives. When done right it is a robust process that can help management and the board understand exposures and make appropriate risk-based strategic decisions. [Read more in a new PwC publication Board oversight of risk: Defining risk appetite in plain English.]
The Public Company Accounting Oversight Board (PCAOB) has proposed standards and amendments setting out a new auditorâs reporting model and the auditorâs responsibility regarding other information. Earlier this month these were the focus of a two-day public meeting of the PCAOB in Washington, D.C. The meeting, which included directors, audit firms, investors, and other parties involved in the financial reporting process, focused on:
The proposed standards were released for comment August 2013. The comment period, which originally ended in December 2013, was reopened and now ends on May 2.
How does an audit committee "raise the bar" on its performance? The PwC Center for Board Governance is publishing the Audit Committee Excellence Series (ACES) to help address this question. The series provides practical and actionable insights, perspectives and ideas to help audit committees maximize committee performance. While targeted to directors serving on audit committees, it is also beneficial to others working with audit committees including CFOs, CAOs, general counsels, and internal auditors.
The inaugural edition covers a company's forward-looking guidance practices and the potential risks associated with analysts' consensus estimates. It provides board-level perspectives regarding current trends, as well as the pros and cons of providing guidance. The release also suggests being alert to certain types of management behaviors that can be considered "gaming" reported results to meet consensus estimates.
The next edition will focus on financial reporting oversight. It will discuss the importance of press releases covering preliminary results, considerations for audit committees before releasing results, and tips for reviewing actual filings. The third edition will cover the role of internal audit and will help audit committees oversee and maximize the value of this important resource.
To read the eight-page inaugural edition, click here.
The new voluntary US Department of Homeland Security standards for cybersecurity and the recent point of sale (POS) data breaches at some US retailers show that cybersecurity is not just an IT problem.
Actually, cybersecurity is a business issue that can wreak havoc with any organization that uses the Internet or wireless technology to do business. In addition to the obvious intellectual property and customer data security, privacy and IT risks, successful cyber-attacks can affect a companyâs brand, reputation, and business relationships. The data most vulnerable to attacks have been customer credit card numbers and PINs, employeesâ personal healthcare information, and companiesâ third party suppliers confidential information.
While 69% of CEOs responding to the PwC 17th Annual Global 2014 CEO Survey say they are somewhat concerned or extremely concerned about cyber threats, 24% of directors responding to the PwC 2013 Annual Corporate Directors Survey say they are still not sufficiently engaged in understanding their companyâs cybersecurity spend.
Mary Ann Cloyd, leader of PwCâs Center for Board Governance, recently talked with Noreen Doyle, director of Newmont Mining Corp., Credit Suisse, and QinetiQ Group Plc, and Jim Nevels, chair of The Hershey Co, about a variety of issues including shareholder communication, risk oversight, and board diversity. Read more.
PwC has released its 2013-2014 edition of Key considerations for board and audit committee members. It is an annual report published by PwCâs Center for Board Governance to address the changing boardroom agenda that outlines topics that can help enhance the quality of board and management discussions in the coming year.
The topics covered in the report include strategy (considering megatrends, the customer experience, and supply chains), emerging technologies and Big Data (tapping new avenues for revenue and growth), risk oversight (focusing on cybersecurity and third parties), talent pipeline (having the right skills and experience for the future, including the boardroom), corporate ethics (gauging the compliance atmosphere), the financials (keying in on complex accounting, and keeping up with regulators and standard-setters), and stakeholder communications (deciding when to engage and whether to expand the audit committee report).
A new PwC comprehensive report examines the views of corporate directors and institutional investors on current corporate governance issues. The report, What matters in the boardroom? Depends on whose shoes youâre in, compares results from PwCâs 2013 Annual Corporate Directors Survey and 2013 Investor Survey. It also includes certain CEO perspectives from PwCâs 16th Annual Global CEO Survey.
âWe prepared this report to compare the responses of these two groups and identify areas where viewpoints are shared or differences existâ said Mary Ann Cloyd, Leader of PwCâs Center for Board Governance. âWe hope this information helps directors, investors and management teams better understand where their views are similar and where they differ.â
There is considerable alignment between directors and investors on the important issues directors should be focusing on in the coming year, according to the report. Both groups include strategic planning, risk management, and succession planning on their top five lists of priorities. Ninety-five percent of investors say strategic planning is the âmost or a very importantâ area for director focus while nearly eight of 10 directors say they want to spend more time in that area going forward.
Boards confront an evolving landscape
Many companies today are considering implementing transformational changes to their businesses, that may include mergers and acquisitions (M&A), new go-to-market strategies, or significant technology rollouts. According to PwCâs 16th Annual Global CEO Survey, 61% of CEOs say they anticipate change in 2013 at their companies in M&A, joint ventures, or strategic alliances, and 75% said the same about an increase in technology investments.
To be successful in todayâs complex and competitive world means companies must think ahead and be willing to transform themselves to respond to economic, political, regulatory, technological, and other pressures. Transformation comes with risk. Mismanagement of these risks can lead to negative outcomes, including failing to achieve strategic objectives, significant disruption to operations, and possible damage to a company's reputation.
The likelihood of a failed transformational program is high: 70% of all attempted organizational changes fail, according to Dr. John Kotter, who wrote The 8-Step Process for Leading Change.
This issue of BoardroomDirectÂ® is a Special Edition that links to the third edition of ProxyPulse, a collaboration between Broadridge Financial Solutions and PwC's Center for Board Governance. This edition is a recap of the 2013 proxy season, providing a comparison of the 2012 and 2013 proxy seasons and offers analysis of director elections, say on pay, proxy material distribution, and the mechanics of shareholder voting. In addition, there are key questions directors might ask. The analysis by PwC in ProxyPulse is based upon Broadridgeâs processing of shares held in street name, which accounts for over 80% of all US publicly traded shares outstanding.
Boards confront an evolving landscape
There is unprecedented change in the corporate governance world: new perspectives on boardroom composition, higher levels of stakeholder engagement, more emphasis on emerging risks and strategies, and an increasing velocity of change in the digital world. These factors, coupled with calls for enhanced transparency around governance practices and reporting, the very active regulatory and lawmaking environment, and the perceived increased influence of proxy advisors are all accelerating evolution in the boardroom. In some cases, even a revolution.
The following are some of the insights from Boards confront an evolving landscape: PwCâs 2013 Annual Corporate Directors Survey. During the summer, 934 public company directors responded to survey questions. Of those directors, 70% serve on the boards of companies with more than $1 billion in annual revenue.
To read the results of this yearâs survey, click on each of the following category links: Board composition and behavior, IT oversight, Executive compensation, Stakeholder communications, Strategy and risk management, Regulatory and governance environment.
Many boards today are trying to figure out if they have the proper skills and experience to guide their companies now and in the future. Each board needs to consider whether the backgrounds and experience of its existing directors are appropriate or if new skills are needed. Recently, some critics have been outspoken about their perception of deficiencies in the current state of board renewal.
And some board members themselves are questioning the competency of their fellow directors. While a majority of directors at companies with annual elections are elected with at least 90% of the vote, there are still plenty of directors dissatisfied with their current boardâs composition. Early results from PwCâs 2013 Annual Corporate Directors Survey show that 35% of 934 directors responding say someone on their board should be replaced, up from 31% a year ago. The top three reasons cited are diminished performance because of aging, lack of expertise, and lack of preparation for meetings.
On average, directors are getting older and fewer are leaving boards to make way for the next generation. The 2012 Spencer Stuart US Board Index reports that the number of new directors has slowed to 291 of 5,184 total director seats in 2012, a 27% decrease from 2002. At the same time, the average age of directors (68), average board tenure (8.7 years), and mandatory retirement age (72-75) have all risen. Currently 73% of S&P 500 companies have existing mandatory retirement age policies, but sometimes they are waived. Â Only 4% of S&P 500 boards specify director term limits with the majority setting the limits between 10 and 15 years.