Part V: Fireside Chats with the Board

Part V: Fireside Chats with the Board

So you find yourself in the boardroom, now what?

In my 90 minutes conversation with a Board Director, due to the sensitivity of the issues discussed, for the purpose of this article, I've initialled him as NK. I asked him his usual aggravations from having to sit through presentations being given to him in the boardroom, or as part of board conference calls.

"People needs to understand how the Board thinks, before talking to them."

Most people are unfamiliar with the environment of the boardroom, and what goes behind the scenes. In order to understand how the board thinks, it is important to understand WHO the board members are.

1. Most board members consist of representatives from the shareholders and have mixed backgrounds

To begin with, it is worth noting that the board's main mission is to maximise the value of the shareholders' investment, though in particular cases, this could be detrimental to the interest of other shareholders (e.g. employees, consumers, etc.). Hence, the importance of finding a balanced outcome for both shareholders and other parties in a world market by heightened social awareness ("the need to preserve a social license to operate") and regulatory scrutiny.

In order to achieve that mission, the board should consist of directors with different but complementary experiences which could bring a holistic view in the decision-making process. In other words, the board of directors must be able to see the forest surrounding the tree, not just the tree itself. Practically speaking, this implies that for a company operating in the technology sector, the Board will not only consist of people with a computer engineering background but may also have people such as ex-regulators, tax experts, etc.

The structure of the board is determined in the shareholders agreement, a legal document executed by all the parties having a stake in the company. Rules of good governance would suggest that a minimum number of independent directors also be appointed to the Board to provide unbiased views and maintain checks and balances.

2. The Board has different committees created to evaluate technical decision

To operate more efficiently and leverage its resources, the board could gather some of its members with particular expertise into a committee which would address technical matters and provide views to the whole board to facilitate a decision. Depending on the industry, the following committees are usually formed: Audit & Risk committee, Regulatory committee, Remuneration committee, Capital structure committee, etc.

What do the committees e.g. the audit & risk discuss? What do they look at?

"Whatever you do in a company, you always need to take risks in order to generate returns. But the risk taken must be appropriate and thoroughly monitored. At the board level, the audit and risk committee will consider whether the risk register has been properly documented (identification and qualification of the main risks in relation to the internal processes, the tangible and intangible assets and the employees). "

"This register rates the various risks in terms of their probability of occurrence and impact significance for the company. It is the duty of the audit and risk committee to ensure that the company's management has elaborated and implemented a mitigation plan to limit the occurrence of risks as well as their significance before they materialise," NK continues.

This is done with the aim to preserve the sustainability/ resilience of operations as well as financial profits. This is why cyber is one of the risks that speaks to the Board.

Cyber is a risk.

In case a risk is very likely to occur on a daily basis, the company may need an internal permanent resource to monitor it continually. In other circumstances, an external temporary or periodic assistance may suffice. The board acknowledge that risks can't be eliminated but CAN be mitigated. This is incredibly important for the board as it will ultimately be held responsible if major risks damage the company’s business for lack of diligence (risks not identified and/ or properly managed).

3. Who shows up at the Board meetings?

First of all, the board meetings usually last two hours to half a day. It can happen at least every three months. They might call for extraordinary meetings on occasions they urgently need to make a decision or provide guidance to the management.

Meetings attended in person (vs via conference calls) are of better value as they give the opportunity to observe non-verbal expressions and have informal conversations.

Usually, the CEO, CFO and the Company Secretary attend these meetings. According to NK, the CTO seldom and rarely attends. However, based on my conversations with different organisations, it seems that there is a trend where the CISOs are increasingly being invited into the Boardroom. Some internal senior managers or external parties (e.g.: government agencies, advisory firms) can also be invited to attend a specific section of the board meeting agenda to present or discuss a topic relevant to their sector of expertise. 

4. Behind the closed doors

It can happen that board members don’t necessarily wait till the actual board meeting to test their respective views and potentially reach a consensus. Pre and post every board meeting, many lines of communication are engaged amongst the different shareholders behind closed doors, especially when it comes to important decision.

At the board meeting itself, the management recommendations are either approved, rejected or subject to amendments requested by board members.

Ideally, the Board usually wants to come to a consensus. They want to avoid a deadlock.

NK explains, "If there's a persistent sharp disagreement, this could eventually lead to a deadlock. In any case, the management is not be able to do anything until the board comes to a decision. Someone can even be a minority shareholder but still have a negative control if he/ she has a veto right. There needs to be an agreement amongst the shareholders according to the minimum approval threshold determined in the shareholder agreement document (e.g., minimum 80% vote)".

It is of paramount importance for Board members to understand each shareholder’s particular agenda, in order to influence their views and push through decisions. Informal lobbying often take place within the board itself when board members think of ways they can convince their peers of their own agenda. It is a game of influence.

5. How should one communicate with the Board?

Here are a few things to know when engaging with the board:

  • The board is expected to have read the board pack sent to them ahead of the presentation
  • Generally, 10 - 20 mins per presentation item followed by a period of questions
  • The Chair always provides an opportune time for board members to ask questions. It is the responsibility of the board members to ask questions and to have done their own due diligence
  • The material presented to the board must be relatively easy to understand for everyone since board members usually have different backgrounds. Total absence of questions could only be due to three causes: low strategic materiality of the discussed item, lack of interest or a lack of understanding
  • Every presentation must end with a recommendation in which the board must clearly know what they are asked to do as decision makers (approval or simply take note), what you need from them in terms of resources, what is the timeline for implementation, what are the risk/ issue the company will face (if applicable)
  • It is perfectly OK to take them out for informal coffees!

This is the finale of a Five-Part #CoffeewiththeCSuite Series:

Part I: A Lesson from the World's very First CISO

Part II: Coffee with a Former US President's CISO

Part III: The View of Cyber Risk in the Retail Industry?

Part IV: The CISO Strategy

To read the entire collection of the CISO kit including global C-Suite insights and perspectives across industries, you can now get your very own Cyber Risk Leaders book in stores or the e-book on Amazon, Kindle or Google Playbooks.

No alt text provided for this image

About the Author

Shamane Tan is a published Author of Cyber Risk Leaders and the APAC Executive Security Advisor at Privasec, a leading and independent Security Consulting Firm. She has worked with exciting start-ups all the way to global organisations extensively in the Asia-Pacific region. Shamane advises the C-Suite and IT Executives on their business security posture to the reality of the challenges they faced from regulatory issues and cybercrime. She is also the founder of the Cyber Risk Meetup which is in four major cities in Australia, as well as Singapore. Her meetups offer Security Enthusiasts and Executives a unique platform to impart and exchange innovative insights. 

Priya Mishra

Management Consulting firm | Growth Hacking | Global B2B Conference | Brand Architecture | Business Experience |Business Process Automation | Software Solutions

2 年

Shamane, thanks for sharing!

回复
Valdas Deksnys

Director Of Business Development @ BigBrolis Technologies with expertise in IT Consultancy

4 年

Really interesting article to get a sneak peak of Board meetings and their responsibilities, not many people understand how it works for their organizations and strategic importance of it.

???? POH Cheng-Boon ???? PMP?

[email protected] | PMP? | Certified Career Practitioner

4 年

Shamane Tan You’ve presented a very nice behind the scene scenario of what goes on in a board meeting.

  • 该图片无替代文字
Athar Awan

Security Consultant/Researcher | Risk practitioner | Cyber Governance | Assurance | Cyber transformation

4 年

Well written article. thanks for sharing

M. Azhar R

Business Transformation, Human Resource, Operations & Workforce Solutions

4 年

Hope all is good!

要查看或添加评论,请登录

Shamane Tan的更多文章

  • 2023 CISO Trends: Beyond Business, It's Personal

    2023 CISO Trends: Beyond Business, It's Personal

    Last year, I did an infographic on my top 10 CISO flavours 2022, featuring key topics frequently discussed by cyber…

    4 条评论
  • AI Utopia 2030?

    AI Utopia 2030?

    Would this even be possible? A future where AI amplifies the best of human intentions and safeguards against the worst.…

    3 条评论
  • Conversations with an Undercover Spy

    Conversations with an Undercover Spy

    ?? Have you ever wondered what it's like being a spy while watching espionage TV series and movies? I had the…

    1 条评论
  • Harnessing the Synergy of Minds: Uniting 100+ CISOs for Collective Growth

    Harnessing the Synergy of Minds: Uniting 100+ CISOs for Collective Growth

    Today, I wanted to share with you the incredible journey of the Chief Information Security Officer (CISO) community…

    2 条评论
  • Building a Cyber Resilient Business Via the C-Suite Lens

    Building a Cyber Resilient Business Via the C-Suite Lens

    As our world becomes increasingly digital, cyber threats are on the rise and pose a significant risk to businesses of…

    3 条评论
  • Book Featured in Forbes Australia - Building a Cyber Resilient Business

    Book Featured in Forbes Australia - Building a Cyber Resilient Business

    I'm beyond ecstatic to find out that one of my many-years-in-the-making dream of mine just came to life. My heart…

    50 条评论
  • Top 10 CISO flavours this 2022

    Top 10 CISO flavours this 2022

    My first shot at making an infographic is a recap of what I consider as key CISO highlights for 2022. Let me know what…

    26 条评论
  • Part IV: The CISO's Strategy

    Part IV: The CISO's Strategy

    How many of you have often wondered how does the CISO come up with their cyber security strategy, and how does it…

    5 条评论
  • Cyber Risk Leaders Readers

    Cyber Risk Leaders Readers

    2019 has been an incredible year of many personal milestones. How can I forget the many talented Cyber Risk leaders…

    22 条评论
  • Part III: The View of Cyber Risk in the Retail Industry?

    Part III: The View of Cyber Risk in the Retail Industry?

    "The retail industry doesn’t like spending too much especially in #cybersecurity." I heard someone said this a while…

    2 条评论

社区洞察

其他会员也浏览了