Key considerations for board and audit committee members, 2014-2015 edition. The changing business landscape, technological advances, and significant risks such as cybersecurity continue to present opportunities and challenges for companies today. Directors will want to take a fresh and critical look at their boardroom agenda to ensure it is meeting today’s needs.
The changing business landscape, technological advances, and significant risks such as cybersecurity continue to present opportunities and challenges for companies today. Directors will want to take a fresh and critical look at their boardroom agenda to ensure it is meeting today’s needs.
PwC’s 2014-2015 edition of Key considerations for board and audit committee members, an annual publication from PwC’s Center for Board Governance, can help enhance the quality of board and management discussions in the coming year.
Here are some highlights:
The number of shareholder activists is growing, and their assets are, too. Nearly one in five S&P 500 companies were targets of shareholder activism in 20141. Activist hedge funds often target companies they believe are mismanaged or underperforming, while others go after companies with a lot of cash on hand.
What can companies do? Some companies have found it beneficial to look at the company through the activists’ eyes, proactively identifying and addressing areas such as undervalued assets and cost-cutting measures, which can be common targets.
Companies recognize that they have to keep up with the rapid pace of technological change and stay focused on innovation in order to stay competitive.
Big Data, mobile computing, the cloud, and social media are examples of emerging technologies that are reshaping business. What are companies doing with these technologies?
Boards should continue to focus on overseeing the company's most critical risks and agree on the company’s overall risk appetite. They should also recognize the risks that come with the use of third parties.
Risk appetite is the amount of risk an organization is willing to accept in pursuit of strategic objectives. It’s a process that, when properly defined and communicated, drives behavior by setting the boundaries for running the business and capitalizing on opportunities.
Companies frequently use third parties, and this can expose companies to risks—with significant bottom line and reputational repercussions. Companies need to have appropriate risk management practices that address third-party risk, including conducting appropriate due diligence.
Cybersecurity is more than a technology issue. It is a business issue and broader risk-management issue. Companies today are interconnected with their customers, vendors, distributors, suppliers, partners, advisors, and many others. These parties have various access points to a company, which can create greater exposure to a cyberattack.
Companies today are often managing larger, more complex digital environments without bigger IT budgets. Delays to software upgrades or the replacement of legacy IT infrastructure -- “enterprise technical debt” – can create greater risk exposure to cyberattacks and ballooning costs over time.
The Cybersecurity Framework, which the Commerce Department’s National Institute of Standards and Technology (NIST) released in February 2014, can be a resource for companies. The Framework is a risk-based compilation of guidelines designed to help companies assess their current capabilities and draft a roadmap toward improved cybersecurity practices.
Companies may face crises ranging from a cyberbreach to a natural disaster or even a sudden change in leadership, so they will want to have a crisis response plan. It’s important to test that plan to improve the likelihood of effective execution. Some companies do so by conducting tabletop exercises to examine specific scenarios and pressure-test incident response plans.
Crisis response plans should be updated. Recent crises can provide some lessons to consider: It’s important to have the right crisis response team in place, and it’s also important to control the message from the beginning.
The FASB issued a new revenue recognition standard in 2014, which aims to provide a single, comprehensive revenue recognition model for all contracts with customers. It will have varying effects on companies depending on their industry and current accounting practices, but extensive disclosure requirements will impact all companies. The new standard has far-reaching implications and companies will want to start preparing for it now.
Directors should also stay up-to-date on any new or proposed accounting standards that could impact the company’s financial reporting and business practices. For example, standards related to discontinued operations and going concern were recently issued by the FASB.
There are investors of all sizes and types participating in the capital markets today. While they may have different perspectives and investment strategies, most have expectations about board performance. So it’s important to know your shareholder base and consider its views.
For example, institutional investors have a keen interest in diversity. More rate gender diversity as “very important” than do directors.
And whether to have direct dialogue between boards and investors remains a topic of much discussion. Two-thirds of directors say their board had direct communications with institutional investors in the last 12 months. Institutional investors’ opinions about direct communication with board members vary. Some believe that board interactions should have a purpose—and not just occur for the sake of engagement. Others are considering more robust engagement with boards, including proposing “shareholder liaison committees.”2
1 Brendan Sheehan, “Trends in Shareholder Activism,” Global Governance Advisors, October 2014.
2 Stephen Foley, “Vanguard calls for boardrooms shake-up,” The Financial Times, December 4, 2014.