What is Board Effectiveness?
Most Board Members I have encountered would likely not fare well with a simple question, “What is the purpose of your Board role?” It is possible my perspective (from internal audit) and experience mostly in government, healthcare and higher education is unique and other industries are faring better.
However, if a board member does not understand their role, how can they define their effectiveness? Too often politics and the notoriety of their position prevent Board members from truly understanding (or seeking to understand) the role they should be executing. For example, in the State of Texas, (to the best of my knowledge) a newly elected School District Board Member will get 8 hours of mandatory education on expectations, what to do and not to do. This is laudable and rare. If you are appointed by the Governor of Texas as a Regent to a Board in Higher Education, no training is required. So those with oversight for thousands of dollars get training, but those with oversight for billions of dollars do not. The example illustrated here is likely all too common and can have tremendous financial consequences, and dramatically increase organizational risk.
Internal Auditors, who by design are an information source for the Board, have observed many examples of Board dysfunction and its consequences. A Board Member going beyond their oversight role and getting into Operations can freeze the Executive Team with paranoia and mistrust grinding progress to a halt, wasting tremendous resources. Or a Board member not doing their job and applying a rubber stamp, can enable Executives to build self-enriching kingdoms, surrounded by yes-men to the detriment of the mission and organization. So, what should those on the Board of Directors know and how can they be effective? This has been a quest of mine over the last decade and it continues. However, I have uncovered a few realities and collected helpful resources that I believe can point a good Board Member in the most productive direction.
Board History According to Me
The idea of an Independent Board of Directors holding the Executive Team accountable is a relatively modern concept, particularly for corporations. It seems to have grown out of the historical group of individuals that collectively represented the investors in a corporation, or the enabling government agency. The trappings of this evolution include legal documents, fiduciary responsibilities and the appointment or firing of the leader running the enterprise. As the modern economy exploded in sophistication the distance between the investor or Government agency and those managing the enterprise grew. Such growth increased the need for the function of the Board of Directors to become a standard public expectation. This expectation led to much discussion about the purpose and role of the board. In the 1970’s John Carver introduced the idea that their major role is Policy Governance – setting the boundaries within which the Executive team can operate.
The Role of the Lawyer
As policy governance became a primary Board activity, Lawyers became integral to Board operations. Is the Board meeting the expectations of stakeholders? Is the Board making its choices felt through standards? These are questions lawyers can help answer and manage. Board protocols still today are typically managed by Board General Counsel.
Board Risk Oversight
While Lawyers have done a fair job of checking important boxes for Boards, the purpose of the Board has continued to expand. Most significantly, in 2002 after the implosion of Enron, Board culpability for Executive bad acts became a hot topic. Board Members who noted, “I checked the Legal Boxes” were mocked in the press and the public conclusion was that a Board Member must inform themselves of the risks taken or assumed by their Executive Team. In short, a Board is not a legal checklist or compliance activity, but a tangible check on the use of power and resources to ensure they align with the mission and intent of the stakeholders. This clarifying expectation implied needed structural changes and operational data.
Enter Enterprise Risk Management
In 2004 COSO responded to the second part of that need, operational data to enable Board Risk Oversight, and introduced the concept of Enterprise Risk Management. This was followed in 2009 by the ISO 31000 Risk Management international standard. I address the topic of Risk Management evolution in a couple other articles. In short it has taken 16 years, but there is reason to be optimistic that risk data standards for Executives and the Board will eventually evolve. However, the first question of needed Structural change for the Board to be equipped for risk oversight review, beyond the checklist has not been addressed well.
Structuring the Board
As a collector of leading practices, I have volumes of data about what Boards should do. They typically fall into two categories: 1. Characteristics of Good Boards, or 2. Leading Practices. Standard setters across the Globe typically have focused on the first. One of the most comprehensive lists of Characteristics of a Good Board can be found out of South Africa in the King Code. King Code IV is the most recent version. In the United States many Associations focused on Board training enable have enabled the sharing of leading practices. These include the NACD and specific to Healthcare the Governance Institute. However, none of this has been organized (well enough for me) in a way that clearly articulates how a Board manages its purpose and accomplishes risk oversight. That is, until I found Ken Schultz work in 2017.
This image above is Ken’s Simple six-word Model from his boutique firm, Aligned Influence. It reflects not only the needed structure of the Board, but the relationship that must exist in mutual alignment with the Executive team for it to be successful. Ken’s expertise then expands this relationship into three distinct sets of policies Governing Policies of the Board, Executive Policies and Operating Policies. Implied in Ken’s work is an awareness that the Legal skill is not enough. I would say principle based operational skills are needed within Board policies that Direct, Protect and Enable. If they are not present and these policies are written by lawyers, they tend to create “thou shalt” rules that must be individually responded to – rather than rules that acknowledge and enable practical and structural realities of operations. In short, principle base policies are more likely to fluidly integrate with efficient and growing operation system complexities. Worse, if Executive Policy mimics the “thou shalt” legal approach, it can prevent the natural evolution of operations needed to address growth and new realities. Such a case, leaves operational managers grumbling about their hands being tied and without an ability to make life better for their staff and clients.
Boards Member must be “educated” on their roles or a myriad of known and unknown risks are indirectly being assumed by stakeholders. Further Board Members have a right to receive all necessary information to observe and monitor risks assumed and taken by their executive team.
Boards first priority should be to strengthen and mature their own capabilities. This can be done by leveraging work like that of Aligned Influence (AlignedInfluence.com) to check the functional alignment between the Board and the Executive Team within Board, Executive and Operating Policy. This must not be limited to those with Legal Skill, Operational Skill must be present as well.
Next a Board’s must realize they are missing information on risk assumption and risk taking. Within every moderate to large organization are a variety of risk experts from Compliance to Information Security. These functions act like specialists managing risk hazards for Executives. Internal Auditors act like primary care doctors looking at the whole body and providing independent information to the Audit Committee. Then Enterprise Risk Management concepts are beginning to show promise and the ability to offer executives a series of “wellness checks” (Strategic and Operational Control Expectations). Savvy Boards will push for more integrate reporting on risk taking and risk assumption leveraging existing risk information available.
In my book the most effective Boards of tomorrow with be those that educate their members on their roles, and then actively plan to grow their risk oversight capabilities to match modern expectations.