'THE DAILY CORPORATE GOVERNANCE REPORT’ (for public company boards, the C-suite and GCs)

? ? ? ? ?Please see the items below with the related links (NOTE: access to link content may be metered, require a no-charge registration or require a paid digital subscription)?

? ? ? ? ? ? ? (i) Deloitte on the new global internal audit standards, and the critical role of audit committees: As noted in this?Deloitte memorandum posted on its website this month, "Governing a relevant, effective, and valued internal audit function ", in January 2024 the?Institute of Internal Auditors?(IIA)?released these new?Global Internal Audit Standards , which will?become effective January 9, 2025,?with implications for audit committees:

? ? ? ? ? ? ? ? ? "In January 2024, the Institute of Internal Auditors (IIA) released the new Global Internal Audit Standards??(Standards) to elevate the quality and effectiveness of an organization’s internal audit function and its activities. The new Standards aim to elevate internal audit practices globally, enhance the credibility and relevance of internal audit functions, and support internal audit activities in providing greater value to organizations through improved governance, risk management, and control processes. For audit committees, understanding the new Standards is crucial to providing the necessary oversight of the internal audit function for their organization to be able to leverage internal audit more effectively.?

? ? ? ? ? ? ? ? ??"The new Standards become effective January 9, 2025 and represent an important evolution in the practice of internal auditing?in consideration of increasingly complex and dynamic risk environments, rapid technological advancements, increased stakeholder expectations, and growing emphasis on strong organizational governance practices. At the same time, there is an expectation of increased accountability and performance from the internal audit function.....Audit committees play a critical role in oversight of the internal audit function’s implementation and adoption of the new Standards. By staying informed and proactive, audit committees can help their organizations navigate the complexities of the new Standards and achieve greater value from their internal audit activities."

? ? ? ? ? ? ? ? ?The Deloitte?memorandum provides a useful overview of the new Global Internal Audit Standards,?and in addition also discusses in separate sections:

? ? ? ? ? ? ? ? ? ? " -- Ten attributes of an effective internal audit function

? ? ? ? ? ? ? ? ? ? ? -- Essential activities of the audit committee (and senior management) that support an effective internal audit function

? ? ? ? ? ? ? ? ? ? ? -- Considerations for the audit committee in supporting adoption of the new Standards"

? ? ? ? ? ? ? ? ? ?Below is from the section, "Essential activities of the audit committee (and senior management) that support an effective internal audit function":

? ? ? ? ? ? ? ? ? ?"Boards, and specifically audit committees, play a critical role in overseeing the internal audit function and supporting its effectiveness.?The chief audit executive is responsible for the internal audit function’s implementation of and conformance with the new Standards and related principles—and the new Standards outline the requirements of the chief audit executive.?However, in developing the new Standards, there was also recognition by The IIA that there are essential governance activities performed by the board (typically audit committee) and senior management. These activities are believed to be necessary for the internal audit function to be most effective and enable the audit committee and senior management to champion and promote internal audit within the organization.?They are labeled “essential conditions” and are contained within the new Standards in Domain III: Governing the Internal Audit Function......

? ? ? ? ? ? ? ? ? ?"The essential conditions outlined in Domain III specific to the board address:?

? ? ? ? ? ? ? ? ? ? ? ?- Governance ?framework:

? ? ? ? ? ? ? ? ? ? ? ? ? ? — Clear mandate: Ensure that the internal audit function has a clear and appropriate mandate (i.e., the authority, role, and responsibilities of the internal audit function) documented within the internal audit charter. ? ? ? ? ? ? ? ? ? ? ? ? ? ? -- Independence and objectivity:?Safeguard the independence of the internal audit function (and objectivity of its internal auditors) by ensuring the function has direct access to the audit committee and is free from undue influence......

? ? ? ? ? ? ? ? ? ? ? ? -?Communication and reporting:

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?-- Transparent communication:?Support open and transparent communication between the internal audit function, management, and the audit committee. Promote effective communication and collaboration between internal auditors and key stakeholders. Set expectations for communication, including frequency and escalation criteria and process.....

? ? ? ? ? ? ? ? ? Below is from the section, "Considerations for the audit committee in supporting adoption of the new Standards":

? ? ? ? ? ? ? ? ??"Audit committees play a critical role in oversight of the internal audit function’s implementation and adoption of the new Standards. We have identified some specific (five) responsibilities below.

? ? ? ? ? ? ? ? ? 1.?Oversight and guidance: Provide oversight and guidance to the chief audit executive as to implementation of the new Standards and to determine alignment with the related essential conditions and information needed from the chief audit executive.

? ? ? ? ? ? ? ? ? ?2. Resource allocation and readiness preparation:?Determine if the internal audit function has the required resources, including budget and personnel, to implement, adopt, and conform with the new Standards. Discuss with the chief audit executive any resource constraints, as well as expected implementation areas that may require a higher level of effort or time. In order to adopt and conform with the new Standards in early 2025, internal audit functions should be performing a readiness assessment and identifying and prioritizing required actions to be taken. In addition, internal audit functions should invest in training and development programs for?internal audit staff to confirm that they are well- versed in the new Standards and expectations...."

? ? ? ? ? ? ? (ii) board risk oversight/board risk reporting and engagement: In 2016, global consulting firm Protiviti released this issue in its series of "Board Perspectives", "Board Perspectives: Risk Oversight ", which "summarized six board risk reporting principles intended to focus directors on risks that matter"; this was followed in Nov./23 by this further Board Perspectives issue, "Board Risk Oversight in the Age of Disruption "; and this month, Protiviti?released a companion piece to the latter, "Board Risk Reporting in Disruptive Times ", which discusses "10 interrelated principles underlying board risk reporting and engagement". Below are two of these principles:?

? ? ? ? ? ? ? ? ???"5. Define and communicate who is responsible for risk management.?Directors want to know that someone owns the risks that matter. Risk ownership responsibility rests with the CEO, their direct reports and so on, cascading downward and across the organization so that everyone with significant responsibilities is accountable for the risks sourced from their respective activities. To this end, the chief risk officer (CRO) may serve as a catalyst in designing, implementing and providing needed support to risk owners in implementing the organization's risk management framework. The board needs assurance that responsibility for managing risk is where it should be — at the source of risk so that unforeseen developments can be acted on timely.

?

? ? ? ? ? ? ? ? ? ? ?6. Require risk owners to engage directly with the board on relevant risks.?When owners of corporate, line-of-business, product, geography, functional or program objectives and performance goals report to the board, they should also disclose the most important risks they face within the context of a common framework and language. This linkage of opportunity and risk is important, as it enables each stakeholder reporting to the board to engage in a dialogue with directors on (a) the underlying risks and assumptions inherent in executing the strategy and achieving performance targets, (b) the "hard spots" and "soft spots" inherent in the business plan, and (c) the implications of changes in the external environment on the core assumptions and desired risk levels underlying the strategy. Integrating?risk with performance reporting engages the collective experience of the board in addressing potential market developments and elevates confidence in management's risk awareness and ownership."

? ? ? ? ? ? ? (iii) HBR article on what companies should do before taking a public stand on social issues/report on the prevalence of public companies speaking out on social issues:?

? ? ? ? ? ? ? ? ? ? (a) So much advice over the past year in particular has been given on if and when companies should speak out publicly on social issues, and the latest in this advice-giving genre is this article appearing in the current issue of the?Harvard Business Review Magazine (the November-December 2024 issue), "Reducing the Risks of Corporate Activism ." Below is the headnote summary:

? ? ? ? ? ? ? ? ? ? ? ? ?"Summary: When companies take a stance on social issues—something more and more businesses are doing these days—they can antagonize large swaths of customers. But there’s a way to decrease the chances that will happen, say Kimberly Whitler and Thomas Barta. Before launching a campaign or making a public statement, executives should analyze two things: how divisive an issue is, and how well a position fits with a firm’s mission and values."

? ? ? ? ? ? ? ? ? ? ? ? ?Below is from the body of the article, which inter alia provides "four guidelines" for a company to follow when considering taking a stance on a social issue:

? ? ? ? ? ? ? ? ? ? ? ? ?".....Taking a stance on social issues doesn’t have to antagonize a large swath of your customer base, however. That’s the conclusion that Kim Whitler, an associate professor at the Darden School of Business, and Thomas Barta, the dean of the Marketing Leadership Masterclass, came to after interviewing hundreds of executives, C-level leaders, and board members about corporate activism.

? ? ? ? ? ? ? ? ? ? ? ? ?"Many scholars have been looking at how a firm’s political positions can affect its relationship with a broad spectrum of stakeholders, but Whitler and Barta have zeroed in on one question: How should companies assess the threat of a negative reaction among consumers??“While the consequences can vary, the risk is greater than just a short-term dip in sales,” Whitler says. “When companies pick a side, it can change how customers on the other side perceive the brand, alienating them and risking a market share loss that’s difficult to recover from.”

??

? ? ? ? ? ? ? ? ? ? ? ?"Whitler and Barta advise brands to focus on two factors:?consumer agreement?(how unifying or polarizing the social issue involved is) and positional alignment?(how well a stance fits with a firm’s mission and values). Before making a public statement or launching a campaign, executives should analyze data on those variables—which can be gathered from surveys, focus groups, and social media posts—to estimate market share risk. The more divisive an issue is, and the further afield a stand is from a firm’s image, the bigger the risk.

? ? ? ? ? ? ? ? ? ? ? "The researchers don’t recommend that brands always soften their stances or that they avoid activism altogether. Instead, they offer four guidelines:

? ? ? ? ? ? ? ? ? ? ? "Your organization’s position on issues shouldn’t be one person’s decision.: ....

? ? ? ? ? ? ? ? ? ? ? ?Don’t allow activism to distract you from your purpose: .....

? ? ? ? ? ? ? ? ? ? ? ?Don’t attack your base: ........

? ? ? ? ? ? ? ? ? ? ? ?Team up with others: .........

? ? ? ? ? ? ? ? (b) As noted in item (ii)(f) from this Monday, the Society for Corporate Governance released last week the latest in it series of?Board Practices Quarterly reports, "Corporate engagement on diversity and other social and public policy matters ", based on an August 2024 survey of "primarily corporate secretaries, in-house counsel, and other in-house governance professionals, representing 99 public companies of varying sizes and industries." Some key takeaways appear in this Society for Corporate Governance?blog post ?last Wednesday:?

? ? ? ? ? ? ? ? ? ? ? ? ?“-- Speaking out” governance: A large minority of respondents (41%) indicated that their company’s board or board committees had discussed whether and when the company or any of its officers or directors should speak out (externally) on the company’s behalf on environmental, social, political, or public policy (ESPP) matters over the past year, and an additional 3% said the topic is under consideration and/or on the agenda of an upcoming board or committee meeting.

? ? ? ? ? ? ? ? ? ? ? ? ? ?-- Speaking out prevalence: While a?majority of companies overall indicated that their CEO or other officers or directors had not made any public statement on any ESPP matter on the company’s behalf over the past year, this response reflects just 42% of large/mega caps compared to 72% of mid-caps, with large/mega-caps much more likely to have spoken out on such matters (usually in relation to the company’s industry or line of business)."

? ? ? ? ? ? ? (iv) press releases of the day:?

? ? ? ? ? ? ? ? ? ?(a) American International Group, Inc. (AIG)?announced yesterday in this press release the appointment of a chief risk officer, reporting to the Chairman and CEO, as follows:

? ? ? ? ? ? ? ? ? ? ? ? "American International Group, Inc. today announced that?Christopher Schaper has been appointed Chief Risk Officer of AIG, effective immediately. Mr. Schaper will continue to report to Peter Zaffino, AIG Chairman & Chief Executive Officer and will continue to serve on AIG’s Executive Leadership Team.

? ? ? ? ? ? ? ? ? ? ? ? ?"Mr. Schaper has held the role of Chief Risk Officer on an interim basis since September 2024, while also serving as AIG’s Global Chief Underwriting Officer. As Chief Risk Officer, Mr. Schaper will oversee AIG’s global Enterprise Risk Management organization,?including the company’s risk management strategy, policies and practices. He will continue to serve as Global Chief Underwriting Officer, in an interim capacity, until a successor is appointed.....";

? ? ? ? ? ? ? ? ? ? ?(b) Nasdaq-listed, transportation company CSX Corporation announced on Tuesday in this press release ?the appointment of a new Chief Legal Officer,?as follows:

? ? ? ? ? ? ? ? ? ? ? ? ? "CSX today announced that Executive Vice President and Chief Legal Officer Nathan Goldman will retire from the company on January 1, 2025. Michael Burns is promoted to Senior Vice President and Chief Legal Officer effective January 2, 2025.

? ? ? ? ? ? ? ? ? ? ? ? ? "Nathan Goldman retires from CSX after a distinguished 21-year tenure with the company......In his new role, Michael Burns will oversee all of CSX's legal and regulatory affairs, the corporate secretary’s office, risk management, police and infrastructure protection, environmental and hazmat, and audit functions. He previously served as CSX vice president and general counsel......"

? ? ? ? ? ? ? ?-----------------------------------------------------?

?Please contact me if you would like to be on the distribution list and receive every issue of this newsletter directly in your inbox.