Update on the current board issues: January 2015

January 2015
  • Print-friendly version
BoardroomDirect®<br><span>Update on the current board issues: January 2015</span>

At a glance

Key considerations for board and audit committee members, 2014-2015 edition. The changing business landscape, technological advances, and significant risks such as cybersecurity continue to present opportunities and challenges for companies today. Directors will want to take a fresh and critical look at their boardroom agenda to ensure it is meeting today’s needs.

Issue in focus

Key considerations for board and audit committee members: Is your boardroom agenda meeting today’s needs?

The changing business landscape, technological advances, and significant risks such as cybersecurity continue to present opportunities and challenges for companies today. Directors will want to take a fresh and critical look at their boardroom agenda to ensure it is meeting today’s needs.

PwC’s 2014-2015 edition of Key considerations for board and audit committee members, an annual publication from PwC’s Center for Board Governance, can help enhance the quality of board and management discussions in the coming year.

Here are some highlights:

Shareholder activism: Preparing for potential interaction

The number of shareholder activists is growing, and their assets are, too. Nearly one in five S&P 500 companies were targets of shareholder activism in 20141. Activist hedge funds often target companies they believe are mismanaged or underperforming, while others go after companies with a lot of cash on hand.

What can companies do? Some companies have found it beneficial to look at the company through the activists’ eyes, proactively identifying and addressing areas such as undervalued assets and cost-cutting measures, which can be common targets.

Director considerations:

  • Think about what activists commonly look for, and consider whether the company may be a target of an activist campaign.
  • Discuss with management whether to evaluate how the company might be viewed through activists’ eyes.
  • Discuss with management the company’s crisis response plan, if needed, in the event of an activist campaign.

Emerging technologies: Considering their strategic impact

Companies recognize that they have to keep up with the rapid pace of technological change and stay focused on innovation in order to stay competitive.

Big Data, mobile computing, the cloud, and social media are examples of emerging technologies that are reshaping business. What are companies doing with these technologies?

  • Big Data – Many companies are mining the massive amounts of data they collect and data provided by third parties to make predictions about customer behavior.
  • Mobile computing – Some companies are investing more in mobile advertising, while others are considering creating branded mobile apps.
  • Cloud computing –Some companies are adopting cloud computing technologies to allow for more agility, scalability, and efficiency, along with cost reduction. They are starting to move to the cloud to manage human resources, financial information, procurement, and supply chain services, among other activities.
  • Social media – More companies are using social media to increase brand loyalty and improve their customer experience.

Director considerations:

  • Discuss with management how the company is keeping up with technological change and the activities of its known competitors and potential disruptors.
  • Understand how the company is using emerging technologies to drive growth and how the related risks are managed.

Risk oversight: Focusing on risk appetite and third-party risks

Boards should continue to focus on overseeing the company's most critical risks and agree on the company’s overall risk appetite. They should also recognize the risks that come with the use of third parties.

Risk appetite is the amount of risk an organization is willing to accept in pursuit of strategic objectives. It’s a process that, when properly defined and communicated, drives behavior by setting the boundaries for running the business and capitalizing on opportunities.

Companies frequently use third parties, and this can expose companies to risks—with significant bottom line and reputational repercussions. Companies need to have appropriate risk management practices that address third-party risk, including conducting appropriate due diligence.

Director considerations:

  • Discuss management’s assessment of the company’s risk appetite and consider whether it should be adjusted as strategic goals and objectives change.
  • Discuss with management the company’s third party relationships and how it manages, and monitors the related risks.

Cybersecurity: Overseeing the risk

Cybersecurity is more than a technology issue. It is a business issue and broader risk-management issue. Companies today are interconnected with their customers, vendors, distributors, suppliers, partners, advisors, and many others. These parties have various access points to a company, which can create greater exposure to a cyberattack.

Companies today are often managing larger, more complex digital environments without bigger IT budgets. Delays to software upgrades or the replacement of legacy IT infrastructure -- “enterprise technical debt” – can create greater risk exposure to cyberattacks and ballooning costs over time.

The Cybersecurity Framework, which the Commerce Department’s National Institute of Standards and Technology (NIST) released in February 2014, can be a resource for companies. The Framework is a risk-based compilation of guidelines designed to help companies assess their current capabilities and draft a roadmap toward improved cybersecurity practices.

Director considerations:

  • Actively engage in the discussions around the company’s cybersecurity program and whether it protects the company’s most valuable assets across the business enterprise and is getting the appropriate level of attention, resources, and leadership.
  • Discuss the IT budget with management, including the IT security budget, and understand the company’s enterprise technical debt, if any.
  • Ask about the NIST Framework and whether management has considered the guidelines in developing its cybersecurity program.

Crisis management: Understanding the response plan

Companies may face crises ranging from a cyberbreach to a natural disaster or even a sudden change in leadership, so they will want to have a crisis response plan. It’s important to test that plan to improve the likelihood of effective execution. Some companies do so by conducting tabletop exercises to examine specific scenarios and pressure-test incident response plans.

Crisis response plans should be updated. Recent crises can provide some lessons to consider: It’s important to have the right crisis response team in place, and it’s also important to control the message from the beginning.

Director considerations:

  • Ask if management has performed periodic scenario testing of the company’s crisis management plan to reduce the likelihood of mistakes and inefficiencies.
  • Consider lessons learned from recent crises and discuss with management whether any actions or changes are needed to the company’s crisis response plan.

Financial reporting and revenue recognition: Keeping up with standard-setters and regulators

The FASB issued a new revenue recognition standard in 2014, which aims to provide a single, comprehensive revenue recognition model for all contracts with customers. It will have varying effects on companies depending on their industry and current accounting practices, but extensive disclosure requirements will impact all companies. The new standard has far-reaching implications and companies will want to start preparing for it now.

Directors should also stay up-to-date on any new or proposed accounting standards that could impact the company’s financial reporting and business practices. For example, standards related to discontinued operations and going concern were recently issued by the FASB.

Director considerations:

  • Discuss with management which customer contracts will be affected by the new revenue recognition standard and how revenue recognition will change for the company.
  • Understand other key financial reporting developments and discuss with management how they might impact the company, as well as how the company is preparing for potential new rules.

Noteworthy investor perspectives: Considering their views

There are investors of all sizes and types participating in the capital markets today. While they may have different perspectives and investment strategies, most have expectations about board performance. So it’s important to know your shareholder base and consider its views.

For example, institutional investors have a keen interest in diversity. More rate gender diversity as “very important” than do directors.

And whether to have direct dialogue between boards and investors remains a topic of much discussion. Two-thirds of directors say their board had direct communications with institutional investors in the last 12 months. Institutional investors’ opinions about direct communication with board members vary. Some believe that board interactions should have a purpose—and not just occur for the sake of engagement. Others are considering more robust engagement with boards, including proposing “shareholder liaison committees.”2

Director considerations:

  • Assess whether the board has the right skills, experience, and diversity for optimal performance and future success.
  • Determine if and when the board should communicate directly with investors and if the company has established communications protocols.

1 Brendan Sheehan, “Trends in Shareholder Activism,” Global Governance Advisors, October 2014.
2 Stephen Foley, “Vanguard calls for boardrooms shake-up,” The Financial Times, December 4, 2014.