Strategy will be the primary board focus for 2017, with risk oversight and preparing for activists also at the forefront of board members’ minds. FEI Daily spoke with Deb DeHaas, vice chairman and chief inclusion officer at Deloitte on the 2016 Board Practices Report issued by Deloitte’s Center for Board Effectiveness and the Society for Corporate Governance.
Board diversity no longer means just gender, race and ethnicity. Today, boards are looking at age, skillset, and title to build a truly diverse group of individuals with varying perspectives.
FEI Daily: This was the 10th edition of the report. What have been the biggest changes since it began?
Deb DeHaas: I would say it's continued to evolve over the years. We tend to do it every other year mainly because sometimes you don't see enough change within a one year window. Some of the risks have changed that are being highlighted by companies. For instance, no one was talking about cyber risk when we started this. As you look at the greatest risks that companies would say they're focused on, it's the top risk. That's probably one of the biggest shifts in the last several editions. I would also say the emphasis on activism was really not as top of mind when we started doing this.
FEI Daily: What were some of the concerns you heard from respondents around activism?
DeHaas: I thought it was interesting that the number of companies that had been approached by an activist was actually down slightly from the last two reports that we've done. Almost three-quarters of the companies report discussing preparing for activists, up 19 points from two years ago. Many companies have already had at least one experience with an activist. Some have had multiple activists over the years. I think there is much more emphasis and focus by boards on wanting to be prepared, many more boards having a playbook, being prepared to respond.
I also think that one of the other big trends that has happened in governance over the last several years is a much higher level of shareholder engagement. I think companies have always had a robust process, but I think it's been ramped up. In some cases, board members are actually involved in that engagement. Activists are often some of those significant shareholders.
If you look at what activists tend to say when they are public about their issues with a current management team and or board, it usually falls into a couple of areas. It's usually they don't like the strategy or they believe that the company and its stock is under-performing, and these are often linked because activists don't think the strategy is appropriate. Strategy and activism are very much tied together.
FEI Daily: As business models are disrupted and the pace of change increases, are boards talking about strategy more frequently?
DeHaas: Boards have always focused on strategy, but I think one thing that has shifted is it was fairly traditional that boards would have one meeting per year where it would be the strategy deep dive. It was a document that was a three to five year long-term strategy and it wouldn't get much focus the remainder of the year.
Boards are now talking about strategy at every meeting. It's a much more dynamic and evolving conversation by boards than it has been. If that's not happening or if management isn't taking a dynamic approach to strategy and linking it to considerations around risk, that's a risk to the organization and board.
FEI Daily: What is the board's responsibility when it comes to cyber security?
DeHaas: In my own personal experience, and I think our survey certainly validates this, it’s a key risk. Every company is focused on it. It's not a risk that is limited to a particular industry, although there may be greater risk in certain industries if a cyber-attack or cyber breach occurs.
One of the things that boards have been struggling with is needing to own and understand cyber risk. There's been a lot of progress in the last several years for gaining. Now I think everyone is beyond the awareness phase and much more in the understanding phase, working closely with management to understand what are the crown jewels that we have to protect? Is it access to healthcare information? Is it credit card information, breaching trust with our customers? Boards are trying to understand how much time to spend on this, recognizing that you can probably never be totally protected.
Our survey suggested that more than half of the companies have their audit committees have responsibility for cyber. That does feels consistent with what I see at various clients. Some companies, if they don't have it in the audit committee, have a risk committee, and pretty much all financial services companies do have risk committees.
Some companies have set up technology types of committees that are focused not only on cyber, but on other strategic technology risks and opportunities. Then, some have said, "This risk is so important, we're going to have it be a risk that the full board oversees." That's a little bit of what I'm seeing from a trend perspective.
The other piece is that many boards are asking not only to hear from their management teams, or the CIO. Oftentimes, they're asking an outside party to come in and provide an outside perspective in tandem on what they're seeing at other organizations and provide some perspective on how they think that company is addressing its cyber risk.
FEI Daily: In terms of composition, are boards actively trying to diversify their membership?
DeHaas: Today Fortune 500 boards are the most diverse they've ever been in terms of gender and race ethnicity.
Fortune 100 boards are roughly 36 percent women and minorities. Fortune 500 boards are roughly 31 percent. You do see that the larger public company boards do have the greatest diversity and it continues to decline in the Fortune 500. We haven't done an analysis of the Russell 3000, but others have and they are less diverse as you get smaller, which is interesting.
Boards are thinking about diversifying the board broadly and not just on the more traditional gender, race, ethnicity consideration. They're thinking about what skillsets they may need and about diversity from an age and generational perspective.
Our surveys showed very few of these companies, less than 10 percent, had board members under 50. Most of the surveys would show that the average board age is somewhere in the low 60s and that many boards have increased the age for mandatory retirement from 70 to 72 and 75 in some cases. Tenure has stayed the same. I think there's much more intention on taking a hard look at the collective skills of the board.
Many companies, if you look at their proxy statements, are providing more information about the diversity of their board. Some actually even use a matrix to show where they have deep industry or technology experience. Boards are still looking to have some relatively high representation of either sitting CEOs or former CEOs and chairmen, COOs, CFOs, and other finance executives.
Boards have begun to look for individuals with a technology background in the last few years. Another emerging hot skillset is people looking at CMOs or those who bring digital expertise or even data analytics expertise to the board. People are thinking much more around this idea of really needing to refresh the board and having more intention of how they do that.
We had a board symposium with a number of boards and the chair of a Fortune 50 company on our panel used a term that I thought was great. She talked about how we need to institutionalize freshness in the boardroom. I thought that really resonated with the people who were attending our symposium. That is a goal that most boards should try to have.