My good friend, Jim DeLoach had two pieces published in January.
Both are full of good ideas and suggestions for boards, well worth reading.
I differ from Jim and other advisors to boards on one paramount point.
Rather than trying to make sure themselves that everything is right, the board should focus its limited time on gaining comfort that it has the right management team in place, a team capable of getting things right.
The board only meets to discuss a limited number of topics a limited number of times each year. They cannot hope to run the company in a few board meetings, assessing new technologies or financial reporting.
Instead, they need to ask the questions that will help them assess whether they have reasonable assurance that management is making intelligent and informed decisions on matters like these – every day.
So, I think it’s better for the board to ask questions such as:
- Are you, CEO, comfortable with the ability of the management team to identify, assess, select, and implement the new technologies that will advance the company? If so, why?
- Are you, CEO, assured that intelligent and informed decisions are being made as a part of setting and executing on strategies, decisions that incorporate a solid understanding and appreciation of the full range of things that might happen and affect the achievement of objectives? If so, what gives you that assurance?
- Are you, the management team, satisfied that the internal audit team is providing you (and us) with the assurance, advice, and insight we need to be successful? If so, why?
What does this mean for practitioners?
- Provide the board with information on the adequacy of management’s processes and capabilities, not just on specific topics.
- Be ready to provide your professional opinions not only on the processes but also on the people involved in running the organization. If people are not up to the job, it is wrong to sit and watch failures from the sidelines.
I welcome your thoughts and perspectives.
- The risk is assessed as high. So what? - March 15, 2023
- Putting cyber risk into business perspective - February 15, 2023
- Twitter and risk - January 18, 2023