(with contributing author Jeff Kuhn)
Laureen DeBuono is currently Lead Independent Board Director at Rani Therapeutics (NASDAQ: RANI), and Jeff Kuhn is currently Chair of the Audit Committee and on the board at Skyline Enterprises. Both FLG partners have served as past directors and Committee Chairs at a number of private and public companies, and are multi-year alumni of Stanford Directors College.
Here is their latest roundup of advice and counsel related to effective Board governance in turbulent times, gleaned from their insights while attending SDC in June 2022:
- Best practices for more effective board meetings
- Board committees: best practices
- Board scrutiny of C-Suite hires
- Crisis preparation and management
- Cybersecurity risk mitigation
- Post-mortems (material events/outcomes)
Best Practices for More Effective Board Meetings
Every year, a Board of Directors should conduct a strategic offsite or, at a minimum, devote one entire board meeting to setting strategy. It is important to bring an outside perspective, a set of “provocateurs” if you will, who can challenge the status quo from a strategic standpoint and assist with scenario building and brainstorming. It is also frequently helpful to invite outsiders to at least one other Board meeting during the year to help provide an independent perspective and add relevant context to Board decision making.
An annual Board calendar tied to a consistent Board meeting agenda and workplan, year-over-year, can greatly help facilitate key Board discussion from strategy and planning to risk and crisis management etc. This helps align Board member expectations and ensures that the Board addresses these critical issues every year while also addressing necessary ad hoc agenda adds.
Boards should require (and enforce) that all members read through all Board materials in advance of meetings. Meetings should focus on discussion/debate of what the data shows/implies in terms of appropriate actions not on the data itself provided prior to the meeting. An executive summary by the CEO of key takeaways should frame this discussion.
Independent Board members should always have an executive session at the close of every Board meeting. These sessions should be used to reflect on key lessons learned at the meeting and any issues which might have been missed in the discussion so that this information can be channeled back to the CEO.
Board Committee Guidance
Board Committee Chairs should always include in the Board packet a short, one-page summary of current Committee issues and areas of concern.
The Governance and Nominating Committee should be responsible for an annual review of C-suite succession planning recommendations. This committee must also be charged with how ESG criteria (Environmental, Social, and Governance) at the company will be incorporated into company culture and employee/management standards for behavior.
The Compensation Committee should be focused on talent acquisition and retention processes and company culture, not merely compensation and benefits. When exploring new stock option incentives, the company should never reprice existing options but instead, should always cancel existing liabilities and reissue new options to existing as well as new owners. And a Board must provide oversight of this activity.
Board Director Scrutiny of C-Suite Hires
When interviewing and evaluating prospective hires in the C-suite, Board members should focus more on leadership skills and company cultural fit vs candidate’s technical skills.
Crisis Preparation and Management
Proactive scenario planning is the first key to effective crisis management. Companies should undertake tabletop exercises modeling potential crises (e.g., “What if China invades Taiwan?”) so that they can evaluate in advance the potential impacts to manufacturing, supply chain, customers etc. Similar scenarios should be run for any significant company risks (e.g., cybersecurity).
Every company should have a crisis management plan which extends across geographies, departments, and divisions. The development and ongoing updating of this plan can be handled by a committee or, better still, by the full Board. The crisis management plan should a specify who is authorized to speak for the company when replying to press inquiries and issuing press releases, and it may make sense to have engaged a crisis management consulting firm in advance, just in case. If a crisis hits, there is extremely little time – or none at all – to engage in planning; you must have a plan ready to go.
Cybersecurity Risk Mitigation
Cybersecurity is often overseen by the company’s Audit Committee. Companies who haven’t done so already should prepare for a cybersecurity attack. An assessment and evaluation of risk should be done annually using outside consultants along with development of risk mitigation strategies. Make sure your company has adequate cybersecurity insurance. The circumstances under which the company team needs to escalate a threat or attack to the Board level need to be clear to both management, the IT department, and the Board. Companies need to develop proactively the procedures which will go into effect during an attack from initial identification to downtime to restoration of functionality (assume 21 days typically).
Board Post-Mortems: Material Events
When reflecting on company situations which involved poor outcomes, company teams should do a “hot wash,” a military analogy describing analyzing what went wrong, why, and show to fix the issue. Emphasis should always be placed on finding solutions and preventing future occurrences versus placing blame on who or whatever caused the situation.
FLG Partners assists many Boards, investors and directors better manage risk, develop internal policies and controls, and improve company governance. If you need assistance, please reach out to us.