No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Board Evaluations: 5 Ways They’re Missing the Mark

by Dottie Schindlinger
October 23, 2017
in Compliance, Featured
Business meeting at table

The Unspoken Barriers to Traditional Methods

The past few years have seen the largest security breaches in history. As risk and compliance professionals scramble to predict and prevent future breaches, one aspect that could strongly impact the outcome is how the company’s board of directors are impacting security.

Recent research suggests it might be time for GRC to get involved, particularly in board evaluations. While evaluations are a required task, many treat it as a “check-the-box” activity; meaning board performance problems permitted to persist, especially cyber risks. This piece will dive into the top five challenges of current board evaluations and how GRC can get involved.

Board evaluations are not generally in the domain of risk and compliance professionals; however recent research suggests it might be time to change this process and give GRC a seat at the table. When conducted correctly, board evaluations are an incredibly valuable tool for not only evaluating the effectiveness of directors, but also identifying areas of potential weakness, risk, or even non-compliant behavior.

However, there are challenges to get to that point; here are the top five reasons why:

#1: Complacency is Rampant

Public directors currently have a tenure of 8.7 years; however, more than one-third of directors surveyed in PwC’s 2016 Annual Corporate Directors Survey believe that at least one person on their board should be replaced, citing factors such as unpreparedness, a lack of expertise, and even age as reasons calling for a change. What’s worse, survey respondents have maintained this sentiment for the past five years, with more than half saying that no changes were made after their last board evaluation. This infers that there are potentially persistent issues impacting board performance at many companies—with too little attention being paid to remediating those issues.  Yet, poor board performance can put the organization, its investors and others at risk.

#2: There’s Little Pressure to Go the Extra Mile

While entities such as the New York Stock Exchange require listed companies to conduct board self-assessments annually, these activities are typically done within the confines of the boardroom, with only 21 percent bringing in third parties to handle evaluations. Additionally, assessments are most commonly done through a single questionnaire about the board as a whole; a lens that provides extremely limited visibility into individual director performance. Most private companies, as well as non-profits, are not required by any regulations to conduct board assessments, further clouding the ability to identify potential risks or areas where change is required.

#3: We’re Not Getting the (Whole) Truth

If someone asked you to rate your own performance, what are the chances you’d answer with complete honesty, knowing there are likely consequences for under- or poor-performance? Most people wouldn’t. So why is it acceptable to assume that board members are reporting accurately on their own personal performance? Therein lies the potential risk.

A study conducted last year by The Miles Group of 187 corporate boards, found that less than half of companies conduct self-assessments on the individual at the director level. When they do, directors are not asked to rate themselves, rather the performance of other board members. Furthermore, for companies offering peer review-type evaluations, directors admit that they are extremely uncomfortable giving candid feedback on the performance of their fellow board peers. In the Miles Group study, less than half reported that they strongly believe their board tolerates dissent – which likely discourages directors from voicing concerns about individual director performance. It’s these accepted practices that allow ineffective board members to continue serving and prevent any potentially damaging behavior from being addressed quickly.

#4: Important Issues Are Being Ignored

Board members are being held increasingly accountable for corporate missteps, and at the same time, are facing growing risks that put them personally in the line of fire. Cyber-attacks such as whaling, for example, are extremely successful at targeting high-net-worth individuals like board members and C-level executives – just ask former FACC CEO Walter Stephan who was removed after falling for a phishing attack that set the company back $50 million.

Typically, most board evaluations don’t include questions on how well directors adhere to security practices. In fact, according to a recent survey from NYSE Governance Services and Diligent, almost two-thirds of directors are not required to undergo cybersecurity training at all. It’s no surprise then to learn that security risks are rampant in the boardroom, with 92 percent saying they at least occasionally use their personal email —a channel that is notorious for hacking—to communicate with fellow board members.  Annual assessments should provide an opportunity for the board to take stock of the areas requiring attention and create board development plans – like ensuring directors receive adequate data security oversight, tools, and training on handling sensitive data.

#5: The Process of Distributing & Collecting Evaluations is Antiquated

Part of the problem with getting candid and honest remarks is that most companies are not automating the board evaluations process, and as a result, reduce the potential for true anonymity. In most companies, distributing and collecting board evaluations is manual – or by email – with corporate secretaries having to chase down board members to complete their forms. This process also limits the degree of thoughtful responses that can be collected, particularly as board members rush or are pressed for time to finish.

Meanwhile, since few regulators provide any guidance on the questions that the board evaluation should include, most companies err on the side of brevity, meaning the results will be surface level at best and might gloss over problems lurking beneath the surface. Additionally, because directors lack confidence that any candid comments they might make will lead to constructive results, they tend to rate the board’s performance higher than they might otherwise.

Companies need to evolve with the times. There are secure technology platforms available that let corporate secretaries customize questions and response types (yes/no, rating scale, etc.) and automate distribution/collection, with features that allow them to get richer, more insightful data that is more indicative of true board health. Better still, some providers have begun offering high-quality samples and templates for board surveys that include both full-board review questions, as well as collecting feedback on individual director performance. These tools allow directors a more convenient way to respond to board evaluations, anonymously and securely from mobile devices, increasing their confidence in submitting candid feedback, and flagging areas of concern. Armed with the data in aggregate, the board chair, perhaps in concert with the audit committee or governance committee chair, can sit down with each director to discuss peer review results and act if necessary.

While many boards are required to conduct evaluations, most see the activity as merely a “check-the-box” exercise. Unfortunately, this means that board performance problems are permitted to persist, which can increase the company’s risk. By embracing modern tools that offer anonymity and deliver better feedback, board leaders will have the candid insights and data needed to take actions that might have been long overdue.

As business risks continue to expand, and regulators sharpen their focus on ensuring companies are taking the right steps to identify, address and mitigate risk, the board evaluation process needs to focus on getting towards the heart of effective performance. GRC professionals will benefit from closer involvement in the board evaluation process and the ability to accurately assess any issues of concern in line with local, federal and international laws.


Tags: Board Risk Oversight
Previous Post

DOJ’s Stand On Gender Identity Clouds Legal Issues

Next Post

The Trump Effect on FCPA Enforcement

Dottie Schindlinger

Dottie Schindlinger

Dottie SchlindlingerDottie Schindlinger is the Executive Director of Diligent Institute. Diligent is the leading provider of secure board communication and collaboration tools designed to promote improved performance for boards and leadership teams. In her role, Dottie provides thought leadership on related topics through digital and print publications, conference presentations, and workshops for board members and executives globally.

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

shifting sands risk

Shifting Sands: Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape

by Jim DeLoach
February 22, 2023

The global risk landscape has rarely been more unsettled over the past half-century than it is right now, and a...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

frayed_white

New Year, Same ESG Challenges: Overstretched Boards Face Barrage of Global Regulation

by Helle Bank Jorgensen
January 25, 2023

Global economic uncertainty notwithstanding, 2023 is certain to bring a host of emerging risks for board directors to navigate. One...

Next Post
illustration of Donald Trump gesturing in front of American flag

The Trump Effect on FCPA Enforcement

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT