Beyond the Balance Sheet

How Modern Challenges Are Reshaping the Focus of Board Committees

(Originally appeared in the April 17th, 2024 'Across the Board' digital publication, a Board Director, Board Advisor, C-Level, and Business Leader publication reaching 48,000+ exceptional business leaders in over 70 countries with articles focused on leadership, strategy, and governance topics - sign up here )

Written by guest author Gretta Antonescu, IBDC.D

The landscape of corporate governance is undergoing a significant shift. Traditionally, Board Audit and Risk Committees (ARCs) have focused primarily on financial reporting and internal controls. In today's dynamic business domain, Boards of Directors are facing a rapidly evolving risk environment, and although traditional focus on?financial reporting is still crucial, it is increasingly expanding with a new set of specific?challenges. These?include?cybersecurity threats and?the lightening-speed?emergence of artificial intelligence (AI), along with their?evolving operational risks?and?regulatory requirements. Much is happening here, but it begs the question, "how are modern Boards preparing for and successfully mitigating?these risks?"

Many Boards are?significantly expanding?Audit and Risk Committee mandates to tackle these modern threats.

New Regulations?- The regulatory environment surrounding cybersecurity and AI is rapidly developing, directly impacting ARCs' responsibilities. Following is a breakdown of key areas:

Cybersecurity Risk?- Data breaches, ransomware attacks, and cyber espionage are a constant threat to companies of all sizes. Simultaneously,?Boards are increasingly expected to fully?understand their company's cybersecurity posture. This includes vulnerability assessments, incident response plans, and the effectiveness of security controls. Moreover, regulations like the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) in the US, SEC’s Cybersecurity Disclosure requirements and the Cybersecurity Act (CSA) in the EU, are raising the bar for data security and privacy. These cybersecurity regulations require increased transparency on cybersecurity oversight and incident reporting, and the ARCs play a crucial role as they need to ensure the effectiveness of Internal Controls and Disclosure Procedures related to cybersecurity. Additionally, Board disclosures must address management's role in handling cybersecurity threats as the new regulations introduce corporate accountability at CEO and Board?level, requiring that corporate management oversees, approves and is trained on cybersecurity.

Important focus areas for Board ARCs?in preparation for evolving and upcoming cybersecurity disclosures:

1. Cybersecurity Strategy and Risk Management: ARCs should collaborate with management to understand the company's cybersecurity approach and risk mitigation strategies. ?
2. Incident Response Plan: Reviewing management's plan for responding to cyber incidents is crucial. ?
3. Materiality Considerations: Understanding what constitutes a "material" incident requiring disclosure is essential. ?
4. Disclosure Committee: ARCs should be aware of the role and composition of the committee responsible for overseeing cybersecurity disclosures. ?
5. Expanded Management Certifications: Be prepared for the possibility of increased management certifications regarding cybersecurity controls.

AI Risk -?The rapid adoption of AI presents exciting opportunities, but also raises new risks.?Regulations addressing algorithmic bias and explainability of AI decisions are emerging, and?Stanford University's AI Index reveals a surge in regulatory activity. Across 127 countries, AI-related legislation skyrocketed from a single law in 2016 to 37 by 2022. The European Union is leading the charge with its ambitious AI Act, which they tout as the world's first comprehensive AI regulation, which mandates human oversight and risk assessments for high-risk AI applications. Four AI giants - Anthropic, Google, Microsoft, and OpenAI - are tackling AI safety head-on through the Frontier Model Forum. This collaborative effort aims to accelerate progress in AI safety research and foster public-private partnerships to ensure responsible development. However, each company also recognizes the need for a comprehensive, individual approach. Effectively managing AI risks requires a thorough assessment that considers both potential dangers and opportunities. ARCs will need to understand the regulations and oversee the development and deployment of ethical AI frameworks to mitigate potential financial and reputational risks. ARCs will need to work with the management to establish responsible AI development, deployment practices and a rigorous control framework ensuring accountability and data confidentiality and integrity.

Important focus?areas in understanding and oversight of AI systems?for Board ARCs?in preparation for mitigating AI risks:

1. AI Strategy and Governance: ARCs should gain a solid understanding of the company's AI strategy and governance framework. This includes its goals for AI development, ethical principles, and risk management practices. ?
2. Explainability and Transparency: Understanding how AI systems reach decisions is crucial. ARCs should ensure the company can explain AI outputs, that the company develops and deploys AI models that are interpretable and auditable and identify potential areas where transparency may be limited. ?
3. Risk Assessments: Implementing a risk assessment framework to evaluate the specific risks associated with each AI application used by the company. This should consider potential safety risks, privacy concerns, and reputational risks.

Important focus?areas in governance and compliance of AI systems?for Board ARCs?in preparation for mitigating AI risks:

1. AI Development and Deployment Policies: ARCs should review and approve policies governing the responsible development, deployment, and use of AI within the company. ?
2. Compliance with Regulations: As AI regulations evolve, ARCs need to stay informed and ensure the company's AI practices comply with relevant regulations like the EU's AI Act or the California Consumer Privacy Act (CCPA) in the U.S. ?
3. Data Governance Framework: Establishing a robust data governance framework that ensures the responsible collection, storage, and use of data for AI development and training.

The evolving regulatory landscape surrounding cybersecurity and AI demands a proactive, two-pronged?approach from Boards of Directors. First,?ARCs?require an expanded mandate to encompass these emerging areas. Second, Boards must consider diversifying the skills of ARC members to include expertise in cybersecurity, AI, operational risk and data governance.?By taking these steps, Boards can ensure their companies not only navigate these challenges, but also leverage them as opportunities for growth and innovation.

Is your Board?prepared to expand?Audit and Risk Committee mandates?

Reach out?to learn more?through?our Board Director Education & Certification program , plus?Consulting &?Advisory ?offerings,?and?International Speaking Tour topics.

About the Guest?Author: Gretta Antonescu is a Harvard Alumni Entrepreneur in Residence and a Board Advisor with over 19 years of international experience in financial services, digital transformation, and operational excellence. She earned?an International Board Director Competency Designation (IBDC.D) and the ESG Global Competent Boards Designation, as well as several executive education certificates from Wharton, Yale, and Bayes Business School.?Connect with Gretta Antonescu?on LinkedIn .

____________

Sponsored Advertisements?+ IBDC.D CPE Credit Opportunities

Advertise With Us

Have something that could benefit the 'Across The Board' community and further elevate leadership? By all means, click ?for audience engagement details,?pricing, and multi-article discounts. Get your coveted offerings in front of the premier curated group of 48,000+ Board Directors, Board Advisors, C-Level, and Business Leaders in over 70?countries. The right audience makes all the difference!

____________

Board Education?& Certification

____________

International Speaking Tours

____________

Here's Some Additional Reading

Boeing’s Ongoing Corporate Challenges

The Responsibility?Incongruity

Your Executive Presence

The Optimists

Director RTB

See all articles here

★ ? Join Our Mailing List ?? ★

____________

"Get Quoted"

Want to be quoted in an upcoming 'Across The Board'?article on a topic you are passionate about? Over 200 experts have done so to-date. Propose an article topic or let us know your expertise area?and let's work through the details. Reach out ?to get your name and company in front of the premier curated group of global Business Leaders, C-Level, Board Directors, & Board Advisors - go ahead, make a name for yourself! Also, explore the possibility?of providing an article quote and supportive advertisement simultaneously - these get the best traction and response.

____________

Copyright ? 2024? All rights reserved.