Hot Topics

Hot Topics

At Independent Audit we’ve just conducted our annual review of issues we’ll be particularly looking out for in our board reviews over the next year.  We’ve identified some of the topics that probably should feature on board agendas.  None are “new” or surprising – but it strikes us how many boards are still not fully on top of them.  If you are, then great!  But it never does any harm to stand back and ask how far you are really looking at what matters in the right way – and avoiding slipping into habits that should be avoided.

So it could be worth looking at your agendas and what gets covered in your board and committee discussions to check how well these big issues are covered – and what else you might not be doing justice to.

Good practices to consider…

Make sure customers really are at the heart of board discussions.  That means constantly thinking how far there’s a customer angle: the way they benefit, how they might be affected, the implications for our values (are doing the right thing?), how we communicate changes…

Things to avoid…

Saying “it’s all about the customer” but then failing to follow that through in agendas, reports, discussions, and decisions.  It’s easy to say it – but even easier to slip back into a focus on internal issues and reliance on how things look from our viewpoint rather than the customer’s.  Don’t fall into the widespread trap of assuming that those two viewpoints are the same…

Good practices to consider…

Work out what “innovation” means in your organisation – and then thoroughly think through what it means for you both strategically and operationally.  Where it is part of the strategy (and it’s difficult to imagine many organisations where it shouldn’t be), it is weaved throughout board agenda topics.  And to make sure the focus is there, having an innovation “champion” amongst the non-executives can help.

Things to avoid…

Claiming that “innovation” is a strategic driver and part of the business culture (a frequent feature of CEO statements in annual reports) – and then neglecting to talk about it very much in the boardroom.  If management don’t bring it into papers and discussions, challenge them on it.  If it doesn’t crop up – implicitly as well as explicitly – ask why not: Is it really part of the culture?  Is it rewarded?  Is it understood?  It’s an obvious area for challenge, one where the non-executives can use their more detached perspective to make sure executives walk the talk.

Good practices to consider…

Check that, when it comes to major disruptive technologies, the board is looking far enough out – and possibly into the unknown.  Even if you think the major disruptive technologies linked to robotics and artificial intelligence are some way off, a board should still be encouraging management to look that far out, and helping so far as it can.  Quite what the technological future looks like might not be clear – but does the board know what questions it should be asking?  If not, should it be bringing in a new tech guru to help directors think through what it needs to keep an eye on?

Things to avoid…

Allowing a lack of understanding of major tech trends to get in the way of asking the big questions.  Management may well be thinking imaginatively and a long way out – but are you really in a position to judge?  And are you objective in assessing the opportunities and the risks – or overly cynical about the pace and nature of change?  We probably all feel more comfortable with what we know and understand – and can unknowingly be quite blinkered in our thinking.  What might be needed to shake up the board’s view of the world?

Good practices to consider…

Take a broad view of where the disruption might come from.  It will transform delivery mechanisms, process and operations efficiency, working methods, workforce…

Things to avoid…

Thinking it’s mainly about the products and services you deliver, this is an important part of course.  However, appreciating the wider impact and thinking through the full scale of change needs space and time in the board agenda also.  So boards should be creating that time periodically to allow broad thinking.

Good practices to consider…

As part of the innovation agenda, be honest in assessing your abilities to understand “digitalisation” and what it means across all generations of customers – and especially the “new”.  That might mean putting together a “millennial board” to help get a new view (a concept not yet widely tested but beginning to grow in popularity).  Or at least being objective in identifying and discussing which areas the board feels least confident about.  When it comes to “new world”, there’s no shame in admitting you’re out of date.

Things to avoid…

Thinking you understand the “new generation” mindset and the way they research, analyse, communicate, buy, migrate…  It pays to be healthily sceptical of the ability of a group of “old world” non-executives (average age of?) to really understand what is changing and the impact.  Most will readily admit that, at home, their children or grandchildren are “on a different wavelength” – but then many go on to claim that they “get it” when it’s discussed in the boardroom.  If they do, all well and good – but a bit of unashamed honesty is sometimes needed if a board is really to confront the challenges.

Good practices to consider…

Work out how you can really be confident that you understand the way cyber risks are being mitigated.  You’ll be heavily dependent on the CIO of course – and that’s legitimate (as long as you have the right person and team – and how do you judge?).  But the most astute boards are looking for other sources if comfort and testing – and that might mean going beyond the “usual suspects” to draw on more specialist, out of the ordinary, experts.

Things to avoid…

Assuming that the common sense the non-executives bring is enough to challenge the executives.  It may well go a long way, especially if you number amongst you an independent director who’s tech savvy.  But things are moving fast and there’s a lot to learn from what’s happening outside.  A fresh perspective designed to complement the in-house view could make a big difference in highlighting angles you might not have thought of – and give the board a lot more comfort.

Good practices to consider…

Focus on third party and contractor risks.  In many cases oversight and risk assessment of outsourced providers hasn’t kept pace with the much more extensive reliance on others.  High-performing boards have a clear picture of who’s relied on for what (including other Group functions outside the Board’s direct purview) – and also can see clearly how the governance, control and assurance are working.

Things to avoid…

Letting it slip off the risk radar as a “management issue” – or even letting it remain unseen as “somebody else’s problem”.  Where there’s critical reliance, a board’s oversight needs to extend to a good understanding of the risks and how they are managed, coupled with assurance and performance reporting.  And that applies too where it’s a service from elsewhere in the Group – the risks might be less (although sometimes they’re merely a bit different) but either way you need to make sure you aren’t taking things for granted.

Good practices to consider…

Revisit whistleblowing.  Check that your processes are actually achieving what you want them to – and that people know about them.  And take a look at how management follow through whilst preserving the essential anonymity.

Things to avoid…

Assuming the process is working just because it exists.  For many organisations, whilstleblowing processes have been in place for ten years or more.  But have they become stale?  How do you judge?  Has it become a rote item on the audit committee agenda?  Or is the process alive and kicking?

Good practices to consider…

Make sure the anti-bribery and corruption approach – and money laundering prevention – has stayed relevant and is felt throughout the business.  The systems might be working in capturing information – but even then, can the board judge whether “hearts and minds” are where they need to be?

Things to avoid…

Relying on the processes working.  All the effort put in a few years ago no doubt meant that right structures, processes and training were delivered.  But ABC is about behaviour – so how are management making sure people remain sensitive to expectations and policies?  And AML too is not just about the process – it’s about how people do it.

Good practices to consider…

Understand the social media risk and how it might hit reputation.  It’s a new world out there: is the board confident that management have thought through the risks, have controls in place – and most importantly, have a response plan?  No-one can predict how things will take off on social media so it’s wise to assume that sooner or later there will be a problem.

Things to avoid…

Tackling the risk only when it’s too late.  Or thinking there’s not much you can do about it.  Reputations (and the share price) can take a hard hit in a matter of hours – and how you respond is going to make a real difference.  Do management know what they will do?

Good practices to consider…

Make sure pension liabilities get good air time on the board agenda at least once a year – and more frequently if there’s a labour relations or reputation risk.

Things to avoid…

Treating it largely as a matter for the trustees – and as something the CFO will deal with.  It could be developing as a major risk (and not just financial) for the business so the board needs a clear view of where things stand, of current employee and union attitudes and the PR risks.  And – how does our approach fit with our declared values?

Good practices to consider…

Stop to think through now and again how you’re managing the big Business As Usual risks.  A board can’t look at all of them and does have to rely on controls and risk management systems.  But it can help to think through what are the big things that need to go right if the business is to remain stable, and how you know they are going right.  Often these aren’t captured in the principal risks list.  And looking at what has gone wrong for others (the product recall, the IT failure, the PR disaster, the accounting accidents…) can prompt you to think about the unexciting but essential areas where you might be taking things for granted.

Things to avoid…

Relying too readily on standard controls and risk management.  Yes, most of the time they work well – and the Second Line, Internal Audit and self-certification will give you some assurance.  But has the audit committee’s effectiveness review really been rigorous enough in relation to the mundane BAU matters?  Has it looked at the right things and really given you solid confidence that controls are well-embedded?  And that behaviours fully underpin risk management?

Download This Post

To download a PDF of this post, please enter your email address into the form below and we will send it to you straight away.



Ready to speak to a board evaluation specialist?

Learn how we help boards to become more effective and have a bigger impact on strategic performance.