Director accountability in the new world

The baying for Directors' scalps when things go wrong in corporate Australia is infectious, and has never been louder. Only this week shareholder activists have recommended against the re-election of Holly Kramer at Woolworths' mid-December AGM. This is not due to the Woolworths People Committee not taking action (ie executive bonuses were reduced 20-30%, and the Board has announced it will consider "further consequences" at the completion of its review), but rather the sentiment that these accountability consequences were not applied "timely enough" by the Board.  A clear learning from this, and other CEO and Director resignations in 2019 (most notably Westpac's last week), is that when a significant issue or crisis arises, it must be addressed with a sufficient "sense of urgency", and in today's new world this needs to be overtly detectable.

Holly joins a growing list of Directors of major Australian corporates who have sat uncomfortably in the cross-hares of public accountability scrutiny. This trend has gained increasing momentum since APRA's CBA Report in early 2018, and has been fuelled by a string of subsequent public and regulatory inquiries into corporate conduct and culture in Australia (most notably the Hayne Royal Commission into Banking & Financial Services).

Trust in, and the reputation of, Australian corporates is under challenge - no sector is immune.  The lack of trust in corporate Australia is a problematic issue (see the Governance Institute's 2019 Ethics Index). This trust deficit cannot be ignored. Corporates must address it by doing the right thing and not standing for poor behaviour. The "how" will inevitably be something that is unique to both your industry and your own company's situation. However, common for all is that it will take time, consistency and a real commitment through all levels of your organisation to do the right thing by all your stakeholders, and to have overt displays of this both internally and externally. 

The new normal for corporate Australia is that when things go wrong, there is no tolerance for whether Directors knew or didn't know… the presumption is "you should have known". 

There are good insights and practical learnings to help mitigate the risks of this in ASIC's Corporate Governance Taskforce's "Director & Officer Oversight of Non-Financial Risk Report" released in October 2019. These include:

• material information should not be buried in lengthy Board Packs nor lost in undocumented closed sessions
• Boards must take ownership of the form and content of the information they're receiving to better inform themselves of the management of material risks - if papers have "unnecessary" length, then the Chairs need to provide this feedback and actively calibrate this with Management
• Boards must call for reporting from Management that has a clear hierarchy and prioritisation of risks
• Boards must reflect on the functioning of their Risk Committees, including whether they:

* dedicate enough time to discharge their mandate

* meet often enough so that they are actively engaged in the oversight of material risks in a timely & effective manner [note: if material risks are routinely addressed outside committee meetings, companies should consider whether the frequency of their BRC meetings is adequate]

*are dynamic and forward looking in identifying and taking a leadership position in responding to emerging risks

• the full Board should approve the company's Risk Appetite Statement (RAS), and Directors must understand each of the lead and lag metrics chosen to measure the risks (#what gets measured gets managed)
• Boards must hold Management to account when companies operate outside risk appetite... for the Board to be able to do this, Management must report to the Board against the metrics in the RAS (ie tracking how the Company is actually operating compared to the appetite)
• Boards cannot sit back and be reactive to issues as they arise - that is not enough - they must step back and consider compliance risk exposure holistically and prioritise the resolution of root causes of any breaches of risk appetite. This should include requiring Management to undertake root cause analysis, or thematic analysis, to identify underlying causes of recurring issues. Such requests of Management should be reflected in the Meeting Minutes so Directors can evidence their "active stewardship"
• other examples of what assists Directors in evidencing "active stewardship" is for the Minutes to also record (a) any Director requests for further information, analysis or action from Management, (b) significant lines of inquiry or debate by Directors, (c) any requests for changes to Management's recommendations or proposals by Directors, and (d) the rejection or deferral of any recommendations or proposals (& the rationale why)
• Boards cannot simply express disappointment at a risk staying outside appetite for a stated period. They must do more to quickly have the company returned to being back within appetite. This includes challenging the actions and timeframes within which Management propose to resolve the issue. Prioritisation and slippage should be monitored and accounted for. In the absence of tangible and timely plans to return to within appetite, Boards should consider whether Management needs to cease practices that are causing the company to be outside appetite
• simply expressing concern, or passively providing feedback for Management’s ‘consideration’, will not suffice as genuine active oversight. A good example of a process that demonstrates accountability and active oversight in action is for the accountable first line business owners to attend at Risk Committee Meetings for high-rated 'red' risk incidents and to take responsibility for reporting back to the Risk Committee until closed out. The same applies for red rated audit items, and the consideration of any impairments, at the Audit Committee
• there must be information flows upwards from all the Committees to the Board, and this needs to be formalised and well managed - for eg, Committee Minutes should be provided to the Board, and Committee Chairmen should provide verbal updates to the Board
• cross-information flows between Board Committees should also be formalised, including by cross-committee memberships but also referring/notifying items between Committees
• Minutes of Meetings must adequately capture key discussion points, reasons for decisions and significant issues raised by Directors with Management

The 3rd point is important - proper analysis and prioritisation by Management will better arm Boards to properly consider and manage the risks that are of the most significance for their organisation. Also, just by asking this exercise of Management, the Board will gain valuable insight into the maturity of their Management teams in terms of their risk capability. 

As Directors don't participate in the day-to-day governance of Management's work, there can too often be assumptions made by Boards about the risk management maturity down through the Management levels of their organisation. It is important for Boards to understand the governance structures at an enterprise-wide level below the Board, and the quality and timeliness of these forums and the flow of information upwards (& sidewards) throughout the organisation. Without understanding this, Directors are not able to properly consider whether risk is being appropriately managed within the organisation. As with many other aspects of a Director's role, Directors must look beyond their Risk Committee papers.  

#corporategovernance #directors #accountability #governance