Understanding key issues that affect the company is a critical element of a director’s responsibility. As part of their oversight, directors should ask questions that help them get their arms around those issues in an ever-changing world and governance environment.
PwC’s 2013 Key questions for board and audit committee members focuses on areas including strategy and risk management, anti-corruption and compliance, financial reporting, information technology, and shareholder and stakeholder communications.Each area has a discussion along with suggested director actions and questions to consider.
Here’s a sample:
Strategy and risk management
Directors should be looking at how management is evaluating and executing its strategic plan and risk management practices. The board-level strategy discussion with management may include items like an analysis of the company's strengths, weaknesses, opportunities, and threats, and its long-term vision, overall mission, and guiding principles. It is also important for directors to understand and have measures to assess execution of the strategy.
Anti-corruption and compliance
Directors should be assessing what the company is doing to comply with anti-corruption laws and regulations. That assessment might include determining the effectiveness of the company’s anti-corruption compliance programs and policies, including internal controls and compliance testing, resource allocation, and employee and third-party training and communications. Companies’ anticorruption programs may help minimize the risk of enforcement action and severe penalties if a violation is identified.
Audit committees need to make sure management is addressing contemporary accounting topics, including asset impairments, income taxes, and segment reporting, and ensuring the transparency and appropriateness of the company's disclosures. They should engage in robust and frank discussions with management and the auditors about key accounting issues and disclosures. Audit committee members will want to especially focus on areas that are complex, unusual, and higher risk. They will also want to focus on new areas and matters that are different from prior reports, including any changes due to economic conditions, business strategy, or new accounting policies.
As far as IT goes, directors should be looking at whether or not the company effectively addresses the key opportunities and risks. Boards will want to ensure there is a clear allocation of oversight responsibility between the full board and its committees. They will also want to implement a process to bring discipline and rigor to IT oversight. It is critical that directors have substantive and candid discussions with management and the company’s key technology personnel about the risks and competitive opportunities IT presents.
Cybersecurity risks are one element of IT that should be top of mind. Directors should understand the company's data security program and the controls designed to mitigate data security risk. Effective processes to monitor networks, computers, and user access can help identify potential threats. It’s also important to address risks that might arise if sensitive information is housed with third parties.
Shareholder and stakeholder communications
Does the board have a policy about its communications with shareholders and other stakeholders? If the board agrees that direct communication is appropriate, it should decide who will take the lead. This may be the board chair, lead director, or a committee chair, depending on the topic. Those individuals should be trained on the company's communications policies. Directors should ensure that their communications are clear, balanced, informative, and in compliance with regulations.
For a copy of the entire publication, click here.