Page 28 - demo
P. 28

28










                  Pay particular attention to potential       the company’s crisis planning aligns with its risk
                  risks posed by tone at the top, culture,    profile, how frequently the plan is refreshed,
                  and incentives. While a robust risk         and the extent to which management—and the
                  management process is essential to          board—conduct mock crisis exercises. Do we
        prevent and mitigate risk events, it is not enough.   have communications protocols in place to keep
        As we have seen in recent years, many of the crises   the board apprised of events and the company’s
        that have posed the most damage to companies—         response?
        financial, reputation, and legal—have been caused
        by a breakdown in the organization’s tone at the
        top, culture, and incentives. As a result, boards                  Reassess the company’s
        need to pay particular attention to these capital                  shareholder engagement program.
        “R” risks, which may pose the greatest risk of all                 Shareholder engagement is rapidely
        to the company. In today’s business environment,                   becoming a top priority for companies
        it is more important than ever that the board be      as institutional investors increasingly hold boards
        acutely sensitive to the tone from (and example set   accountable for company performance and demand
        by) leadership and to reinforce the culture of the    greater transparency, including direct engagement
        organization, i.e., what the company does, how it     with independent directors. Institutional investors
        does it, and the culture of compliance, including a   expect to engage with portfolio companies—
        commitment to management of the company’s             especially when investors have governance
        key risks.                                            concerns or where engagement is needed to make
                                                              a more fully informed voting decision. In some
                                                              cases, investors are calling for engagement with
                    Reassess the company’s crisis             independent directors. As a result, boards should
                    prevention and readiness efforts.         periodically obtain updates from management
                    Crisis prevention and readiness have      about its engagement practices:
                    taken on increased importance and         Do we know and engage with our largest
        urgency for boards and management teams, as the       shareholders and understand their priorities? Do we
        list of crises that companies have found themselves   have the right people on the engagement team?
        facing in recent years looms large. Crisis prevention   What is the board’s position on meeting with
        goes hand-in-hand with good risk management—          investors? Which of the independent directors
        identifying and anticipating risks, and putting in    should be involved? Strategy, executive
        place a system of controls to prevent such risk       compensation, management performance,
        events and mitigate their impact should they occur.   environmental and sustainability initiatives, and
        We are clearly seeing an increased focus by boards    board composition and performance are likely on
        on key operational risks across the extended global   investors’ radar.
        organization—e.g., supply chain and outsourcing
        risks, information technology and data security
        risks, etc. Do we understand the company’s                       Refine and widen boardroom
        critical operational risks? What has changed in                  discussions about cyber risk and
        the operating environment? Has the company                       security. Despite the intensifying
        experienced any control failures? Is management                  focus on cyber security, the cyber-
        sensitive to early warning signs regarding safety,    risk landscape remains fluid and opaque, even as
        product quality, and compliance? Of course, even      expectations rise for more engaged oversight. As
        the best-prepared companies will experience a         the cyber landscape evolves, board oversight—and
        crisis; but companies that respond quickly and        the nature of the conversation—must continue to
        effectively—including robust communications—          evolve. Discussions are shifting from prevention
        tend to weather crises better. Assess how well        to an emphasis on detection and containment,









        © 2017 KPMG Central Services, a Belgian Economic Interest Grouping (“ESV/GIE”) and a member firm of the KPMG network of independent member firms affiliated with KPMG International
        Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Belgium.
   23   24   25   26   27   28   29   30   31   32   33