The changing landscape of Board Room priorities
There was a time not so long ago where Board agendas never mentioned scary words like compliance, risk/crisis management or cyber security. It was all about profit, projections, shareholder returns and the like.
According to an article in The Age / Business, October 04 by Jonathan Wenig, it’s now about compliance, cybersecurity, balance sheets, crisis management in that order, then the expected board management issues, organisation culture and strategies.
Why the change?
Over the past few years, the big end of town and many middle tier organisations have demonstrated a lack of compliance accountability, naïve attitudes to risk and poor planning. This has garnered media attention and in turn, a public voice.
There have been too many high profile compliance failures making headlines and reflecting organisational cultures of non-acceptance of accountability for what they do and how they do it. This is a massive threat to financial and business performance not to mention director liability.
Then there is a lack of understanding of the need for effective and timely risk and crisis management. Risk/crisis management has been centre stage in the wake of events such as the Dreamworld tragedy and the more recent banking royal commission fall out. This will be more so in coming months with the pending shake up of the corporate watchdogs, heavily criticised for being ineffectual. Clearly, the watchdogs have been put on notice and this will inevitably change their profile in the compliance arena in future. The watchdog might just become ‘The Watchdog’ resulting in corporate litigation along with more public shaming of recalcitrant organisations.
Global cyber security issues and the new and strengthened Australian data security legislation has already and will continue to impact organisations. Costs in managing data security along with ownership of cyber security risk falls to Boards of management as does breaches of data security. Director liability and business and financial performance are at risk.
Where to from here for the Board agenda?
Board due diligence through a structured risk management program is a key factor moving forward. Board agendas and board papers will need to demonstrate transparency, accountability, risk profiling, corporate governance and compliance programs. Basically, good governance.
Board papers are likely to include:
Compliance Officer: Compliance program performance report
Privacy Officer: Privacy protections performance report
Information Security Officer: Cyber security system plan and performance report including vulnerability management plan
Risk Manager: Corporate Risk Register and risk profile report
Legal Representative: Performance against legal obligations including top legal risk management issues
Times have changed, Boards will change.
There is a clear relationship between managing risk, taking a risk, growing a business and good governance. So much so that government agencies themselves are required to take a risk management approach and in doing so, demand that of private enterprise through legislation.
This will be reflected in the Board Room of the future.