Where Boards Of Directors Go Wrong: 10 Points

Lots of "governance experts" claim they work with the boards of Fortune 100 companies, but Rick Steinberg actually does it.

The former corporate governance leader at PricewaterhouseCoopers, who also founded the firm's risk management and control consulting practice, Steinberg has literally written the standards on which most public companies rely. He is co-author of the now-famous COSO internal control framework, and is the principal author of the new enterprise risk management framework.

We caught up with Steinberg at the Boston Harbor Hotel on the evening of March 10th. He'd recently returned from Europe where he was consulting for the board of a global electronics powerhouse, and was in town to do the same for a Boston-area staple.

Based on his recent engagements, we asked for his thoughts on the 10 most common mistakes that boards are making in today's environment.

Here are Steinberg's top 10:

Falling Prey To Governance Ratings.

Boards are cognizant of scores disseminated by an increasing number of rating organizations, especially those for their own company. And if the investor community sees these ratings as accurate indicators of future company performance, a great deal more attention will be paid, justifiably so.

But such correlation has yet to be proved, and spending undue attention on ratings can be counterproductive. This is because criteria used are, with few exceptions, based on information obtained from publicly available data, rather than knowledge of what goes on inside the boardroom.

Yes, some information garnered in the ratings process can in certain cases, as some suggest, serve as a "window" on board effectiveness. But how well the board truly operates in carrying out its responsibilities to help grow share value is more important than driving up externally developed scores.

Looking At The Wrong Performance Measures.

Boards dutifully review data provided by management, and in many cases it's the right information to examine.

But where it's not, performance too often deteriorates long before directors realize it's too late to fix what needs to be fixed.

Historical financial and share price data are not enough. Measures must be aligned with the company's strategy, and be sufficiently forward looking — including key non-financial data — to enable real-time appraisal of how the company is really doing.

Insufficient Discipline In Director Selection.

Board membership carried over the long term might have been right years ago, but could be wrong for today and — more importantly — for tomorrow.

Haphazard selection of new directors, even with an independent nominating committee, won't ensure the right mix if the process lacks thoughtful needs analysis and skills matching.

Individual board members will want to consider not only process, but look around the board room and ask oneself, is this the group with which I want to work, and when necessary, go to war?

Preoccupation With Potential Liability.

Boards and individual directors today are increasingly concerned with personal liability, and justifiably so. Marketplace expectations for directors have risen dramatically, to the point where it may be impossible to satisfy them all.

And with the new and still untested Sarbanes-Oxley requirements, indications from the far-reaching and influential Delaware Chancery Court, and limitations of many D&O policies, directors should be concerned about liability.

But attention must be paid to fundamental board responsibilities — making sure the company has the right strategy and implementation plan; relevant and aligned performance metrics; strategically and economically sound M&A partners; effective ethics, control and compliance programs; sound financial reporting; sensible and effectively motivational compensation programs; and the like.

Frankly, if the board does its job well in carrying out its core responsibilities, and the company is successful, there is little likelihood of being sued in the first place.

Blatantly Ignoring Institutional Investors.

Owners of significant amounts of a company's stock increasingly want — and expect — to be heard.

Boards disregarding these requests are asking for trouble.

And if the media gets involved, the spotlight becomes bright and hot, creating headaches for the board and company that can be intense and long-lasting.

Boards certainly shouldn't allow institutional investors to dictate what needs to be done, but allowing major shareowners to raise issues and offer input and suggestions — and ensuring any information provided complies with Reg. FD and other rules — enables those investors to participate in the governance process without voting with their feet.

Thinking You Are Apprised Of Critical Risks, When You're Really Told About Problems.

With all the recent talk about the importance of being risk-focused, many boards are informed of business issues after the "bad stuff" has already occurred, rather than of where the potential exists for things to go seriously wrong.

You want to know — far in advance — where the pitfalls lie that can derail key initiatives and strategic objectives, and to make sure those risks are being identified early and properly managed.

Presuming Top Management Knows What The Critical Risks Are.

For the board to have any chance of being informed by management of key risks facing the company, management itself needs to have processes in place to ensure it can identify newly emerging risks.

As a result, the board must ensure the company has an effective enterprise risk management process whereby each level of management identifies, analyzes and manages risk, and communicates upward. Only through such a process and culture can the most critical risks and related actions be presented to the board in a timely fashion.

Focusing So Hard On The New Rules, And Failing To Successfully To What The Board Should Be Doing.

A tremendous amount of attention is being given to the new requirements of Sarbanes-Oxley, the exchanges and the SEC.

Yes, ensuring compliance with these requirements is essential.

Those rules may deal with matters of form, structure and responsibilities, but really they represent enablers for enhanced board performance.

In other words, a board can follow every rule and still be ineffective.

Of course, boards must carry out their responsibilities in acting as an effective check and balance on management — the basic thrust behind the new rules and compliance requirements. But the board also must operate effectively as a unit, providing the needed advice, counsel and direction to management to grow share value.

Signing Off On Bad Strategy.

Many boards do the right thing, carefully assessing strategic plans — often at an offsite retreat — reviewing market, competitive and other relevant information before approving the company's strategy.

But too many boards don't go deep enough.

They don't get to see alternative strategies considered and ultimately rejected by management, along with the related rationale.

They don't see management's plan for implementation of the strategy, and ensure the plan is supported by the needed organizational structure, resource allocations, and buy-in of key managers who truly will make it happen — or not.

Making Bad Decisions About The CEO.

It's fair to say that the board's most important responsibility is having the right chief executive.

But that can also be the most difficult decision to get right.

It's only "after the fact" that one truly knows whether the selection was good or bad.

Some boards have waited too long to make a change, and it appears some have pulled the trigger too quickly.

Boards that do the best jobs know their company, its needs, the environment in which it operates, and its culture and direction. They carefully identify criteria for the person needed to get the company to where it needs to be, cast a wide net internally (preferably with sound advance succession planning) as well as externally, and — most important — they have the business acumen, instinct and judgment to select the right individual to lead the company.

And then the board puts in place the right motivations and measures, and provides the right level of oversight — neither abdication nor micromanagement — to help and allow the CEO to do the job.

The column solely reflects the views of its author, and should not be regarded as legal advice. It is for general information and discussion only, and is not a full analysis of the matters presented.

What did you think of this column? If you'd like to react or respond, we urge you to write a letter to the editor.