A new NACD report on board oversight of disruptive risk exhorts directors to ramp up scrutiny to help companies deal with unknown unknowns that are unpredictable and inevitable.
When it comes to disruptive risk, one size most definitely does not fit all.
Serious disruption for public companies – and other organizations – comes in all shapes and sizes. Sometimes it’s evident – a risk hiding in plain sight that is minimized or ignored – and sometimes it’s hidden – an unknown unknown apparent only in hindsight. Risk can involve sudden or creeping technological transformation, or not. It can involve profound geopolitical forces working slowly beneath the surface like tectonic plates, or not. It can involve seemingly small political shifts that turn out to be bigger than anyone imagined, or not.
Whatever the nature of the risk, however, all disruptive risks share one thing, according to the National Association of Corporate Directors’ new Blue Ribbon Commission Report on board oversight of disruptive risk: Impact.
“These risks could be internal, external, relatively more or less known to the company,” one Blue Ribbon Commissioner said, “but the common denominator is the severity of the impact.”
The NACD report, “Adaptive Governance: Board Oversight of Disruptive Risks,” will prove both unsettling and soothing to corporate directors, C-suite executives, general counsel and investors. Unsettling because it is not possible to anticipate every disruptive risk beyond suggesting that it is all but inevitable in most organizations – just a matter of time and circumstances. Soothing because NACD provides a prescription in the form of what it calls “adaptive governance” for dealing with such risk.
Among the key elements of adaptive governance are:
- A transparent boardroom culture where “open discussion, constructive challenge, and active self-reflection” are prized, and friction is recognized as an antidote to the blind spots regarding risk that some boards experience. “The virtues of collegiality in the boardroom,” one Commissioner said, “are outweighed by the vice of complacency.”
- Commitment to continuous improvement so board skills are “fit for purpose” in a business environment that can move at breakneck pace. The remedy is diversity writ large: background, skills, perspectives, and experiences. “Many boards,” complained one Commissioner, “are locked into a lagging mind-set in part because of composition.”
- Large chunks of time carved out on the board agenda for scanning the horizon for incipient risks that threaten long-term strategy and value creation rather than endless backward-looking performance reviews and “box-checking” exercises.
- A focus on “resiliency” by the board, recognizing that a purposefully resilient organization has distinct advantages. “How well the company responds to disruptive situations may make the difference between profitable growth or becoming an also-ran,” said one Commissioner.
ERM Health Check
Lest anyone mistake the Commission report for a mere alarum, most of it focuses on concrete actions board members can take to help their organizations “see around corners.” Interestingly, according to the report, the varied experience of board members and the part-time nature of their service are distinct advantages companies should understand and leverage. “Think of a kaleidoscope – many different pieces that are constantly shifting,” said one Commissioner. “The board’s job is to help company leaders step back and put those pieces into a pattern that yields new insights."
The Commission cautions against overreliance on the traditional mechanisms of enterprise risk management, which are critical to an organization’s health but can lull companies into a false sense of security. Where does ERM end and the board’s oversight of disruptive risk begin? Given the board’s responsibilities, laid out in previous NACD reports, for long-term strategy and value creation, this is something that should not be left to chance.
As a first step, NACD suggests a kind of health check on the organization’s ERM systems. Is it a tick-off-the-boxes approach? Or does it roll in forward-looking data to inform better decision making? “First, get the basics right,” said one Commissioner. “The company needs to do a good job at core enterprise risk management processes or it will be constantly fighting fires.”
Once the known and routine risks are in hand, you can step back and look ahead to more exotic and potentially more disruptive unknown risks. As the Commission puts it in one of the recommendations sprinkled throughout the report, “Ensure that the organization’s fundamental enterprise risk management processes are effective, but recognize that these processes may not necessarily capture disruptive risks.”
The Adaptive Approach
From that foundation, the Commission examines four “imperatives” for boards to consider in their drive for stronger adaptive governance:
Strengthening the Culture – Hearkening back to a prior report, “Culture as a Corporate Asset,” the Commission focuses on an area where it says many boards fall short: building up those aspects of corporate culture relevant to identification and management of disruptive risk. These include openness to non-traditional views, questioning long-held assumptions (including one’s own), insistence that bad news travel fast from management to the board, balancing management support with constructive challenge, a bias in favor of continuous improvement, and honest, ongoing self-reflection.
One barrier to adaptive governance is how the human brain has evolved, according to behavioral scientists. The brain takes mental shortcuts to cope with large volumes of information, but those shortcuts also pave the way for cognitive biases that hinder ability to deal with disruptive risk. The report suggests coping strategies for dealing with this ever-present danger, including designating a “devil’s advocate” to represent opposing views. But simply recognizing that these lurking biases exist is a key first step.
Investing in Skills – Directors have grave doubts about management’s preparedness for atypical risks. They also worry about the readiness of their own boards for effective oversight. Among other levers available to the board, two stand out. In selecting and evaluating CEOs, it is important to gauge leadership abilities in disruptive settings. And as boards look at the talent strategy of their organizations, they need to make sure management is taking a proactive approach to assembling the skills needed to deal with disruptive risk. In addition, board composition is key. The principles laid out by NACD in the Report of the Blue Ribbon Commission on Building the Strategic-Asset Board are especially relevant, including the importance of having a forward-looking and diverse board. Specifically, director renomination should not be a default decision, and diversity should be viewed as a strategic imperative, not a compliance matter.
Enhancing Board Processes – A board’s operating processes can be tuned in ways that contribute to better situational awareness. An NACD poll found that directors, in working to oversee disruptive risk, suffer from a lack of information, insufficient time on the agenda devoted to atypical risk, and thin outside information. The Commission recommends that boards review their operating processes with disruptive risk oversight in mind. Especially, the Commission suggests, it’s important to carve out sufficient time on the board’s agenda, at least annually, for a probing discussion of the company’s vulnerability to disruptive risk, employing tools and techniques such as scenario planning, simulations, and stress testing.
Review Shareholder/Stakeholder Communications – When it comes to disruptive risk, business as usual won’t cut it regarding company disclosures and other communications. SEC disclosure rules mandate “organized and concise” – not boilerplate – identification of “the most significant factors that make an investment in a registrant’s securities speculative or risky.” Investors are increasingly interested in major trends, social, environmental or technological, with the potential for disruption. Boards and management teams must regularly review communications to assess how they deal with disruptive risk and its bearing on long-term strategy, market performance, and talent development plans.
Back to the Future
The NACD report on adaptive governance and disruptive risk begins with a letter from Commission co-chairs, Sue Cole, managing partner of SAGE Leadership & Strategy, and Kevin Westbrook, president and chief executive officer of KRW Advisors, both longtime directors. They kick off their work with a quote from N.Y. Yankees baseball great Yogi Berra: “The future ain’t what it used to be.”
It’s funny, like most Yogi sayings, but with a serious undertone. Disruptive risk lurks out there in the shadowy future of most organizations. As such, oversight of these impossible-to-predict and potentially existential threats shoots right to the top of the very crowded agendas of corporate directors. Cole and Westbrook sum up the situation in their accompanying letter:
“According to recent NACD research, nearly half of directors say their boards’ tendency to focus on oversight of known risks – those that management has already identified – presents a significant barrier to understanding and overseeing disruptive, atypical risks,” they write. “We believe this constitutes a failing grade. The objective of this Blue Ribbon Commission initiative is to help directors improve that grade.”
Published October 8, 2018.