Corporate Culture and Risk Management

According to an April New York Times article, “Uber’s core company values included making bold bets, being “obsessed” with the customer, and to “always be hustling.” The company emphasized meritocracy, setting employees up as rivals and overlooking transgressions of its high performers. At its worst, Uber maintained an “unrestrained culture” that has since resulted in several allegations of harassment. A published blog post by engineer Susan Fowler, indicated that “the culture was stoked—and even fostered—by those at the top of the company.”

Adoption of a strong risk culture
An effective risk culture is not a matter of risk assessment or level of compliance; it is a matter of “conviction” – a corporate state of mind where human beings can take well-informed risk decisions because they want to, not because they have to.—@RiskCultureBuilder on Twitter

The “tone at the top” describes the climate and overall philosophy set by the board of directors and executive team to drive the culture and behaviors of all employees. In companies ranging from Uber to small businesses, this tone permeates the enterprise in a number of ways, including executive communications and onboarding and learning programs, as well as the policies and procedures designed to empower and/or control employee decision-making. The right tone stresses a high standard of ethics and a culture of compliance, but should be balanced with a message that empowers managers to take risks—appropriately—in the pursuit of short- and long-term rewards for the business.

Translating the tone into a strong risk culture requires reinforcement to employees defining how their decisions and actions affect the broader mission of the company. Then, through change management and strong accountability, culture and risk management can be aligned to keep everyone “rowing in the same direction.”

Drivers of risk culture
Many companies today have defined a “culture statement,” put it down on paper, and socialized it to employees. This is only the first step in driving employees to make the right risk management decisions, however. Consider a few of the levers that companies can pull to drive behaviors towards a stronger risk culture:

  • Performance management and compensation – Are corporate and employee goals tied to desired risk management outcomes?
  • Corporate governance – From the board of directors down, are enough questions being asked? Is there too much reliance on historical data?
  • Management reporting – Is attention to certain metrics—often short-term in nature—driving decisions that could cannibalize long-term outcomes?
  • Investor Relations – Are reasonable expectations being set with a company’s shareholders when it comes to risk versus reward?

While company leaders can help drive the desired corporate culture, this alone will not guarantee good risk management decisions every day. All employees must be taught risk management techniques, and relevant risk management skills should be built into the company’s overarching competency model. A risk culture that positions employees as an integral part of risk management will drive more successful and predictable business outcomes.

During his keynote presentation at the 2016 TMG Executive Summit, cybersecurity expert Brian Krebs reinforced this point when referring to the risk culture needed to deal with cyber risk: “…layers of technology are not enough to stop a data breach…security is only as effective as the people managing it.” Although achieving a strong risk culture is no small undertaking, the benefits will be significant as more and more risks are mitigated before impact.

Smaller Boards Mean Bigger Results, Study Finds

Small Boards Bigger Stockholder Returns

According to a new study by GMI Ratings, bigger isn’t always better in the boardroom. In research for the Wall Street Journal, analysts found that large companies with the smallest boards produced substantially better shareholder returns.

Based on a study of 400 companies with a market capitalization of at least $10 billion, those with small boards outperformed their peers by 8.5 percentage points, while those with large boards underperformed peers by 10.85 percentage points. The smallest board averaged 9.5 members, compared with 14 for the largest. The average size was 11.2 directors for all companies studied, GMI said. Their results were replicated across 10 different industries, from energy to healthcare.

Smaller boards tend to be “decisive, cohesive, and hands-on,” the WSJ noted, with more freedom to delve deep on operational issues and substantively debate issues. Further, as NYU finance professor David Yermack told the paper, small boards are more likely to dismiss CEOs for poor performance—a threat that declines significantly as boards grow.

Board Size and Shareholder Returns

While the details of causality are up for debate, the correlation is striking. Apple, which expressed firm plans to limit the board to 10 people, outperformed competitors in the technology sector by 37% between 2011 and 2014. Helmed by just seven directors, Netflix outperformed its industry peers by 32% during the same period. By contrast, pharmaceutical giant Eli Lilly, which has a board of 14, trailed its peers in the healthcare sector by 16%.

Tips for Good Corporate Governance

Maureen DeCicco of WithumSmith+Brown.

The following is a guest post for The Monitor written by Maureen DeCicco, CPA, partner in the New Brunswick office of the consulting and accounting firm WithumSmith+Brown. She has 18 years of public accounting experience and five years in private industry accounting and internal audit.

Whether your company is large or small, good corporate governance can be critical in establishing a positive organizational culture. Good corporate governance is evident by responsibility, accountability, consistency, fairness and transparency. It can financially benefit an organization, leading to higher profit margins, greater dividend yields and larger stock repurchases. Setting corporate governance procedures in place also enhances the organization’s reputation and builds integrity, making it more attractive to customers and investors.

The following are some simple tips for developing good corporate governance:

  • Document governance principles. When documenting a set of corporate governance principles, the roles and functions of the Board and its committees should be established.
  • Document committee charters. All committee charters should outline a committee’s authority as to decision making and their roles and responsibilities. This creates accountability.
  • Within charters, a well defined plan for dealing with governance issues and resolution of issues should be communicated.
  • An audit committee should monitor public accounting firm audit work, their independence, fees and level of services and scope of both audit and non audit services.
  • A compensation committee should address remuneration levels for executive officers, fringe benefit and incentive plans.
  • The corporate governance committee should make recommendations to the board for new members, and monitor the board performance.
  • The corporate governance committee should monitor committee and executive management performance.
  • Have independent members on the audit committee, including a financial expert.
  • Minutes should be taken at all meetings and committees should report formally to the board on a regular basis.
  • Employee code of conduct policy should be documented and provided to employees.
  • Board code of conduct policy for non-employee directors should be documented and provided to board members.
  • Formalize employee performance evaluations.
  • Employee complaint procedures should be made available to all employees. Employees should be made aware of non-retaliation policy and that they can be anonymous.

Following some of the basics of corporate governance demonstrates a good tone from the top, while creating transparency across all levels and in the firm’s operations. In light of the recent challenging economic times and the financial meltdown, exposing fraudulent activity is more important than ever. Good corporate governance will help to expose and correct any issues before becoming major problems.