The need to identify, measure and mitigate business continuity risks has never been more relevant.
Strategic risks stop businesses achieving their strategic goals – they are the big risks, usually coming from outside the business, that are difficult to anticipate and mitigate for.
Key among them is the risk to business continuity: the ability of the business to continue to deliver its goods or services when the fabric of the business – its people or assets – have been affected by a major external event.
The current coronavirus pandemic is clearly one such major event which has brought into sharp focus the business continuity planning of those businesses which are able to continue to operate during the lockdown period.
Business continuity plans are commonplace in most businesses, and usually involve the technical aspects of running a business, such as making sure that the IT systems and stored data are available and accessible remotely. There are, however, some more fundamental risks to business continuity which are often overlooked until the worst happens.
The biggest risk to any business facing an external threat to its operations is financial – the business simply running out of cash while its operations are disrupted. To mitigate this risk, business need sufficient reserves to weather the storm.
Many businesses (and most charities) in the UK live a hand-to-mouth existence with very low levels of cash reserves – usually no more than would be needed to wind down the company, pay off debts and pay redundancy costs, and in some cases not even that.
When something like a pandemic-triggered lockdown occurs, the immediate plan is for as many employees as possible to work from home. But even large multinational companies have found that this is not as simple as it sounds, with emergency investment required in additional hardware such as laptops and increased bandwidth and server capacity.
The first mitigation for business continuity risk is to ensure that there is a “rainy day” fund in your reserves to cover the additional costs the business will face in order to stay operational.
The second mitigation factor is insurance. Make sure you know exactly what is covered, though – many businesses have discovered that they are not insured for the effects of a global pandemic. It may also take time for insurers to pay out so you will need to go back to your cash reserves or make sure you have sufficient borrowing facilities such as an overdraft in place.
Thirdly, you will need to look at your corporate governance arrangements, particularly your articles of association, to ensure that you are legally able to hold board and shareholder meetings electronically. You may need to hold more frequent, shorter virtual board meetings and they will still need to be accurately minuted to record any decisions taken during the crisis period.
The fourth aspect of managing business continuity risk is communication – make sure your staff, suppliers and most importantly your customers are aware of any new arrangements which may apply, even if it is just to tell them that you are still open for business. The ideal is that any changes which are made to the business as a result of a major external event should appear seamless to the customer or end-user. Where this is not possible, communication is vital to minimise the impact to the business.
The increasing reliance on IT systems, software and digital data has meant that most business continuity plans are the responsibility of the IT department, and will in general have little or no visibility at board level – other than to clarify if there is a business continuity plan in place, and whether it has been tested recently.
In fact, business continuity is highly significant in terms of its impact on the delivery of the business strategy and should be considered in detail by the board on a regular basis.
As will be shown by the current crisis, those businesses which have been able to carry on by finding innovative solutions to the delivery of their goods or services are much more likely to be successful post-lockdown – demonstrating the value of looking seriously at the risks facing the business and, where possible, turning them into opportunities and sources of competitive advantage.
Neil Woodford – cautious, conservative, contrarian, high-risk?
These words could all have been used to describe Woodford’s investment strategy at various times during his slow rise and sudden downfall – and they all give an indication of the degree of risk he was taking with his clients’ money.
It is well established in the investment industry that risk and reward tend to go hand in hand – the greater the risk, the greater the potential return on the investment – that is the positive upside to risk – the downside is that the greater the risk the more likelihood there is that investors may lose some or all of their investment.
Risks then are both a source of competitive advantage and a potential threat to success – they can make or break an organisation.
Did Thomas Cook stop taking risks or did they just stop managing their strategic risks?
Not only is it important to recognise that risk-taking is an essential part of building a successful business it is also important that everyone involved in running a business understands what risks are being taken, how they can avoid the downsides and more importantly, how they can exploit the upsides.
Successful enterprises, globally, are realising that risks are something to incorporate into their strategy, not as something to avoid – they recognise the dangers of standing still and avoiding risks and they have made the cultural shift needed to change their business leaders’ approach to taking more risks and reaping the rewards from the greater opportunities available for bolder organisations.
A good place to start with identifying risks is the Business Plan or overall strategy document for the business – a well written plan should be based on an analysis of the strengths and weaknesses of the organisation and the opportunities available to it and any potential threats to its success.
Although when people think of risks they usually focus on the negative aspects – what can go wrong, it is also useful to think of the ‘positive’ risks presented by opportunities.
Once risks have been identified they can then be prioritised to enable the Board to satisfy itself that the organisation’s risks are being managed effectively with regular reviews and discussion to ensure that the most likely or highest impact risks are kept in sight – there will still be shocks and crises for the Board to contend with but an organisation that has identified and mitigated its key strategic risks will be much better prepared to face them than competitors who have not.
Recent changes in company law and Corporate Governance, in particular the UK Corporate Governance Code, have emphasised the need for companies to have better strategic risk management and leadership of change, to re calibrate their tolerance for well-managed and calculated risk-taking, to improve their capabilities in managing risk, to have better horizon scanning and the ability to address uncertainties and emerging risks, to place more emphasis on culture and behaviour and for their boards to focus on the things that matter with clear ownership/accountability for risks.
The culture and behaviour of the CEO and the Board with regards to risk is key to ensuring effective decision-making, which drives the success of the business.
There is a balance to be struck between taking measured strategic risks involving innovation and the reduction or elimination of undesired negative risks – a manufacturing plant cannot totally eliminate the production of faulty components but it can ensure that there is a relatively small number of them and they do not get as far as the final assembly line.
In addition to prioritising strategic risks then, we can introduce the concept of risk tolerance where the Board clearly defines and articulates the acceptable levels of risk that it will tolerate.This is analogous to the aphorism “not putting all your eggs into one basket” – a prudent Bank, for example, would not attempt to transfer all its customers from one software platform to another over a weekend – instead it would use pilot phases using batches of customers to ensure all wrinkles were ironed out before undertaking a mass migration of customer accounts.
Oil exploration is inherently a risky business, but it was the mismanagement of the reputation risk by CEO Tony Hayward which caused the most damage to the organisation rather than the environmental risk.
Operational risks, which usually arise from internal causes or known external factors, can be mitigated by using a rules-based treatment which ensures that appropriate policies, procedures and employee training are in place.
The speed with which crises go viral on social media means that it is reputation risk which is far more likely to impact on an organisation’s strategy than financial or environmental risks by themselves.The U.S. investigation commission attributed the Gulf of Mexico disaster to BP’s management failures that crippled “the ability of individuals involved to identify the risks they faced and to properly evaluate, communicate, and address them.”
This evaluation of the cause of the failure could equally well be applied to the failure of many financial institutions during the 2007–2008 credit crisis or Volkswagen and the ‘Diesel Gate’ scandal or indeed any of the high-profile corporate collapses that have occurred in the last few years.
Traditional approaches to risk management use formulaic analysis tools and rules-based systems to produce a risk-register and assurance framework where the Board’s discussion focus is too often on the numbers created by the estimates of likelihood and impact rather than the nature of the risks themselves.
Operational risks, which usually arise from internal causes or known external factors, can be mitigated by using a rules-based treatment which ensures that appropriate policies, procedures and employee training are in place.
Strategic risks on the other hand are much more likely to involve unknown or unknowable factors and therefore require a different approach.
We also see this in the financial sector with regulation and compliance, which is very similar to the management of strategic risks. Going from the familiar to the unimaginable is easier than just thinking of catastrophic outcomes as abstract risks.
These new ways of categorising risk enable Boards to decide which risks can be managed through a rules-based model and which require alternative approaches.
Key to successfully managing existential strategic risks is the ability of the Board, its executives and non-executives to engage in open, constructive, discussions about managing the risks relating to strategic choices and embedding the treatment of those risks in their strategy formulation and implementation processes.
Most importantly for organisations this includes identifying and preparing for non-preventable risks that arise externally to their strategy and operations such as significant swings in global markets, trade wars and global conflicts.
Taking Donald Rumsfeld’s Known knowns, Known unknowns and Unknown unknowns we can map those to the three main types of risks that organisations face, preventable risks, strategic risks and non-preventable risks.
Preventable risks are the internal “never events” that are controllable and should not be tolerated. A risk-based approach to running a business involves having an open management culture with clear recognition of the risks, mitigations and assurances needed to enable all employees to play their part in the company’s success.
There is also a need for Boards to learn from their mistakes – the Banks that failed in the 2007-2008 financial had relegated risk management to a compliance function with their risk managers having limited access to senior management and the Board, whereas the Banks that survived such as Goldman Sachs and JPMorgan Chase had strong internal risk-management functions and leadership teams that understood and managed the companies’ multiple risk exposures.
The future of risk and risk management will be a continuation of the trend to make consideration of strategic risk a key element in the development of corporate strategy – recognising its importance as a source of competitive advantage and a means to avoid the dramatic corporate failures that seem to be occurring with increasing regularity.
First published in Business Reporter Online • November 2019
Risk in business is inevitable – in fact it is essential. A business which does not take commercial risks will not grow, and a business which does not grow is doomed to decline.
Yet, by and large, people in business, as in life, are risk averse, seeking where possible to follow the path which provides the lowest perceived risk.
That is not to say that business leaders should behave recklessly, taking unnecessary risks with little regard to the consequences. Rather, they should take managed risks, and it is the job of the board to ensure that the risks are managed robustly and rigorously.
Businesses need to identify the risks that they face, think of ways in which they might reduce the impact of each risk on the operation of the business and prioritise their focus onto the risks with the highest likelihood of occurrence and the greatest impact to the business.
Strategic, or enterprise, risks are the overarching risks the business takes when it sets or modifies the direction of travel of the business.
With the advent of the internet, social media and digital marketing, the main risks businesses face are no longer purely financial – business failures are much more likely to occur because of reputational, environmental or security risks.
Boards need to satisfy themselves that the business’s risks are being addressed effectively and that they have the expertise available to identify, mitigate and manage risks which are far more important today than they were two decades ago.
As we have seen, businesses which have gained significant market share by delivering innovative products or services can have their share values decline dramatically through an ill-considered tweet (Elon Musk and Tesla) or misuse of customers’ data (Mark Zuckerberg and Facebook) – reputations which have taken years to make can be lost almost immediately, and many boards are ill-equipped to build the reputational resilience for their businesses to survive in the digital age.
Cyber-security is also now a very real threat to the livelihood of many businesses, and it is not just a technical issue. Boards are investing in new technologies such as blockchain and artificial intelligence to supplement their use of cyber-security consultants, penetration testing and ethical hacking to make their data systems more secure, but unless they also tackle their internal security processes there is still the possibility that a disgruntled employee or sub-contractor will leak sensitive data to competitors or publish it on the internet.
We have also seen the rise of state-sponsored cyber-threats which have further damaged the reputations of companies such as Facebook and Twitter, where fake accounts and targeted advertising have been used to influence voters in recent elections.
In addition to these reputational and security risks, boards are also having to contend with the external risks brought about by volatile financial markets. Brexit in Europe and the threat of US trade wars have led to wide fluctuations in world markets and currency exchange rates, which can have highly significant and often detrimental effects on global supply chains – and even if businesses are not directly affected the associated loss of consumer confidence can have wide-ranging consequences.
My experience, based on working with boards of businesses in many different sectors, is that board members are often unprepared or ill-equipped to deal with these strategic or enterprise risks, and chairs should question the make-up of their boards and the effectiveness of the way those boards deals with risk.
Boards often fear articulating risks in the mistaken belief that somehow this will guarantee that they will happen. The reverse is closer to the truth – failure to recognise risks means that the business is not ready to address them and has not put in place the measures, controls or mitigations to eliminate or minimise the effect of the risks.
Risks are also not always negative, and a business that is on top of its strategic risk governance can turn a risk into an opportunity at the expense of its competitors.
If businesses are to avoid the dramatic failures that we have seen with companies such as Carillion, House of Fraser, Patisserie Valerie and, most recently, Debenhams, then their boards need to invest in the expertise to enable them to identify, understand and manage the key risks that they face in the first half of the 21st century.
A new version of the UK Corporate Governance Code was published in July 2018 and takes effect from 1 January 2019.
Of the 2,600 companies listed on the London Stock Exchange, only 1,200 are listed on the Main Market and of those around 850 have a Premium Listing and are therefore required to report on how they have applied the Code – though it is recognised as a best-practice guide to Corporate Governance which sets the standards of board leadership and effectiveness, remuneration, accountability and relations with shareholders and stakeholders.
The Code, which has developed over the last 25 years since the publication of the Cadbury Report, contains broad principles and more specific provisions that Premium Listed companies are required to report on as part of their annual report and accounts. They must state how they have applied the main principles of the Code and either confirm that they have complied with the Code’s provisions or provide an explanation where they have not.
Roughly half the countries in the world which have some form of Corporate Governance regulation have adopted a code approach, similar to the UK, whilst the other half have opted for legislation. The important difference between the two approaches is that with a code, it is the shareholders who are expected to exert pressure on the directors to comply rather than the courts.
Placing the onus on shareholders to ensure that their directors follow the code is a much more flexible solution than legislation and means that the code can be regularly updated to reflect changing needs in Corporate Governance. Unfortunately, the dramatic shift in share ownership from predominately private individuals to financial institutions over the last 40 years has resulted in less pressure on directors to comply with the code rather than more.
To combat this perceived lack of interest of institutional investors in the way the businesses they are investing in are run, the UK Stewardship Code was introduced in 2010 – though this has turned out to be relatively toothless and politicians will be looking for other ways to further influence the standards of Corporate Governance in the boardrooms of the major UK companies.
Both codes are ‘owned’ by the Financial Reporting Council (FRC) which consults widely before making revisions to the codes – in the case of the latest revision to the code, consultation started in February 2017 and concluded a year later in 2018. The transparency of this process has been questioned with some commentators saying that the resultant revisions bear little resemblance to the responses submitted during the consultation.
The new shorter and sharper Code seeks to re-emphasise the relationships between companies and their shareholders and stakeholders, which are enshrined in the 2006 Companies Act, and their importance for the long-term sustainable growth of the UK economy.
The main changes to the code include:
a new provision to enable greater board engagement with the workforce to understand their views. The Code asks boards to describe how they have considered the interests of stakeholders (that is anyone with a legitimate interest in the company including employees, customers, suppliers and the local community) when performing their duty under Section 172 of the 2006 Companies Act;
a requirement for Boards to create a culture which aligns company values with strategy and to assess how they preserve value over the long-term;
an assurance that boards:
have the right mix of skills and experience;
encourage constructive challenge and;
an emphasis on the need to refresh boards and undertake proper succession planning;
consideration of the appropriateness of Chairs remaining in post beyond nine years;
strengthening the role of the nomination committee in succession planning and establishing and maintaining a diverse board;
conducting regular external board evaluations – Nomination committee reports should include details of the amount of contact the external board evaluator has had with the board and individual directors;
an emphasis on the need for remuneration committees to take into account workforce remuneration and related policies when setting director remuneration including performance-related pay to address public concerns over excessive executive remuneration.
FRC Chairman Sir Win Bischoff said about the new code:
“Corporate governance in the UK is globally respected and is a framework trusted by investors when deciding where to allocate capital. To make sure the UK moves with the times, the new Code considers economic and social issues and will help to guide the long-term success of UK businesses.
This new Code, in its new shorter and sharper form, and with its overarching theme of trust, is paramount in promoting transparency and integrity in business for society as a whole.”
Business Secretary Greg Clark said:
“Britain has a good reputation internationally for being a dependable place to do business, based on required high standards. It is right that we keep under review and update our corporate governance code to ensure the highest standards.
“That is why I supported the FRC in deciding to update their Corporate Governance Code, and I am pleased to see the revised Code.
“These changes will drive improvements in how boardrooms engage with employees, customers and suppliers as well as shareholders, delivering better business performance and public confidence in the way businesses are run. They will help the UK remain the best place in the world to work, invest and do business.”
Concern about the new Code was expressed by James Jarvis, Corporate Governance Analyst at the Institute of Directors, the Professional body that aims to improve standards of directorship:
“While the shorter and sharper nature of the code is welcome, along with the increased emphasis on the importance of a wide range of stakeholders, the IoD does have concerns over the relegation of professional development to the Guidance for Board Effectiveness. As we highlighted during the consultation period, the role of the modern director is increasingly complex and specialised, and there is an ongoing need for these individuals to take stock of their competencies. By removing reference to the professional development of directors from the Code and only mentioning it peripherally in the Guidance, the FRC risks indicating to directors that it is not important.”
At the same time as the FRC were producing the new code, they themselves were the subject of a review into their own effectiveness. This review, led by Sir John Kingman, the chairman of Legal & General Plc, which is the largest institutional investor in the UK, was set up in April 2018 by the UK government to assess the FRC’s governance, impact and powers to help ensure it is fit for the future.
The outcome of the review, which is due to be completed by the end of 2018, is aimed to make the FRC the “best in class for corporate governance and transparency, while helping it to fulfil its role of safeguarding the UK’s leading business environment.”
The FRC has two big jobs to do – in addition to being the guardians of Corporate Governance, the FRC is also the UK’s accounting and audit watchdog. Some argue that these tasks are too big to be undertaken by one body, whilst others ask if there is a conflict of interest between the roles? – the IoD has called for the creation of a new body to be responsible for promoting higher standards of Corporate Governance to leave the FRC free to concentrate on its core task of improving company audits.
Given the question marks hanging over auditors in the light of recent high-profile corporate failures such as Carillion there is an argument that Corporate Governance is the thing that the FRC does well and it is their perceived failure to improve auditing and accounting standards that needs to be addressed.
The IoD’s rationale for setting up an independent body to oversee the UK Corporate Governance and Stewardship codes is that the shaping of voluntary best practice for boards of directors and the setting and enforcement of accounting standards are very different activities
Dr Roger Barker, Head of Corporate Governance at the IOD said:
“Corporate governance has been swallowed up within a regulator that now urgently needs to focus its energies on improving the legitimacy of statutory audit. The FRC has for many years done a good job acting as the keeper of the UK’s corporate governance code, but we feel its centralised decision-making structure is not conducive to the differing regulatory approaches needed for governance and stewardship on the one hand, and statutory audit on the other. There must be a clear distinction between being robust on audit quality, while continuing to nurture the UK’s much-admired principles-based corporate governance regime”
The IoD is not the only Professional body with an interest in governance. The Institute of Chartered Secretaries and Administrators (ICSA), otherwise known as the Governance Institute – the professional body for governance has also made its views about the FRC known in its response to the Kingman Review call for evidence.
Unlike the IoD, the ICSA is firmly opposed to the suggestion that responsibility for Corporate Governance should pass from the FRC to another regulator given the expertise that has been developed by the FRC.
The ICSA’s concern with the implementation of both the UK Corporate Governance Code and the Stewardship Code is the lack of sanctioning powers open to the FRC to enforce them. This is a view shared by Labour MP Frank Field, co-author of the 60-page report into the BHS collapse by the parliamentary business, innovation and skills select committee with particular reference to Sir Philip Green who fails all but one of the section 172 tests but has not been prosecuted for failing to obey the 2006 Companies Act.
The UK Shareholders Association (UKSA) and ShareSoc have jointly asked for firmer and faster action to be taken against those who violate the integrity of reporting standards. They say that the general perception is that “in practically every financial scandal or financial crisis, the FRC seems to have taken far too long to decide and too often has concluded that nothing has gone seriously wrong”.
Partly this lack of bite for the FRC lies with its position within the regulatory hierarchy as a “Council” it has much blunter teeth than the Financial Conduct Authority (FCA), which might have more success in enforcement if it was given the powers to do so. The Companies Act has been law since 2006 but we have yet to see any meaningful prosecutions for failure to comply with section 172 and only now in 2018 is the new Code asking boards to specifically say how they comply.
With so many high-profile corporate failures being due to an inability to respond to reputational or environmental risks rather than financial ones, does it make sense for the Corporate Governance regulatory body to still have the word “Finance” in its title?
It will be interesting to see what the outcomes of the Kingman review are when the findings are reported at the end of the year.
One thing is for certain, regardless of who ‘owns’ the Corporate Governance and Stewardship Codes in the future and which political party is in power, the pressures on business leaders to improve the way they run their companies whilst avoiding scandals of corporate failures and excessive executive pay will continue to rise.
The 2018 UK Corporate Governance Code can be downloaded here
For many years it’s been almost a tradition for companies to treat the subject of health & safety management as something of a joke; as the poor relation in the management world; as something of an afterthought or optional extra.
Well, in the UK things are about to change (and change radically) with the introduction of the new Sentencing Guidelines for health & safety offences which come into effect on 1st February 2016.
Make no mistake: these are not just technical changes as to how offenders will be punished but are instead a fundamental overhaul of current sentencing policy. Of course, health & safety law has always had teeth – but now these teeth have been dramatically sharpened!
Let’s look at some of these changes in a little more detail, and those of you who wish to consider the guidelines in their entirety can download a copy from the Sentencing Council using the link:
The first, and most obvious, change is that the range of financial penalties available to the courts has been increased, and this is especially true in the case of magistrates’ courts. Up to 1st February 2016 the maximum fine available to the Bench will remain at £20,000 per offence, but from 1st February this will increase to “unlimited”, which means that magistrates will be authorised to levy the same magnitude of fine as the Crown Court.
In order to ensure as much uniformity in sentencing as possible the Guidelines also suggest ranges of fines applicable dependent upon the seriousness of the offence and the turnover of the company. (And note that the criterion being used is “turnover” and not “profit” – a significant detail).
For a “micro” company (i.e. defined as one with a turnover less than £2 million) the range for the most serious breach is £150,000 – £450,000, but for a “large” company (turnover of £50 million or more) the range for the most serious breach is £2.6M – £10M.
However, note that this upper figure of £10M is not the maximum fine which a court has the power to impose. The figures quoted in the Guidelines are only asuggested range, and courts can use their discretion to increase fines should they feel the increase to be appropriate in the interests of justice.
This approach is supported by the Guidelines which state clearly that:
“Where an offending organisation’s turnover or equivalent very greatly exceeds the threshold for large organisations, it may be necessary to move outside the suggested range to achieve a proportionate sentence”
The overarching principle behind the levy of fines is also clarified in the Guidelines as follows:
“The fine must be sufficiently substantial to have a real economic impact which will bring home to both management and shareholders the need to comply with health & safety legislation”
Well, offenders can’t say they weren’t warned!
In addition to substantially increasing the magnitude of available fines the Guidelines also include an important change in how the seriousness of offences should be assessed by the court. Currently the seriousness is based on how much harm was actually caused, but from February the courts will look instead at therisks involved in the breach – i.e. they will look at what could have happened rather than what actually happened. To quote the Guidelines:
“Health & safety offences are concerned with failures to manage risks to health & safety and do not require proof that the offence caused any actual harm. The offence is creating a risk of harm”
To put this new approach into context, consider the case of a company which has allowed the use of machinery on which the protective guards have been disabled (and, unfortunately, such management stupidity is not an uncommon occurrence!)
From February it will be irrelevant whether somebody was actually injured by this practice. The fine will be based upon the risk involved, upon the possibility that somebody could have received a life-changing (crippling) injury, and this consideration of foreseeable risk pushes the offence towards the higher end of the sentencing spectrum.
So far we’ve only looked at the potential effects of the Guidelines on organisations, but what about people? The maximum prison terms that can be imposed remain unchanged at 6 months for offenders sentenced in the magistrates’’ court and two years for persons sentenced in the Crown Court, but the change in philosophy regarding the potential harm which could have been caused by the offence will affect the likelihood of a custodial sentence being imposed.
In the example given above, that of a company failing to guard machinery effectively, it is quite probable that the senior manager/ director responsible for company operations will face an individual charge under s37 Health & Safety at Work Act 1974 for allowing the organisation to breach health & safety legislation.
Basing his sentence on the risk of serious (i.e. life changing) harm being caused by his failure will mean that he is in peril of receiving an immediate custodial sentence of between 6 and 18 months. He may not be sent down, of course, but unless there are suitable mitigating factors the Judge would certainly be acting within the Guidelines by imposing such a penalty.
Space is limited, and so I have been unable to do more than look at just a few highlights contained within the Guidelines. Nevertheless, even this quick overview should have made abundantly clear to senior managers and directors the need to take their health & safety management duties very seriously from now on.
Remember that unambiguous statement contained within the Guidelines:“Health & safety offences are concerned with failures to manage risks to health & safety”. Could they have made their warning any clearer?
Does your board have directors who trust each other, are committed, are comfortable with conflict, hold each other to account and are focused on results?
If not, your board is likely to have some degree of dysfunctionality and is possibly in need of an intervention.
I have been working with boards of organisations of all sizes in all sectors for a number of years and most of them exhibit some degree of dysfunctionality,
I use a board evaluation and diagnostic tool based on the book by Patrick Lencioni, The Five Dysfunctions of a Team, to discover the level of dysfunctionality within a board.
The foremost dysfunctionality is; Lack of Trust – if there is no trust on the board, directors will:
Conceal their weaknesses and mistakes from one another.
Hesitate to ask for help or provide constructive feedback.
Hesitate to offer help outside their own areas of responsibilities.
Jump to conclusions about the intentions and aptitudes of others without attempting to clarify them.
Fail to recognise and tap into one another’s skills and experiences.
Waste time and energy managing their behaviours for effect.
Focus time and energy on politics, not important issues.
Dread meetings and ﬁnd reasons to avoid spending time together.
The next dysfunctionality is; Fear of Conﬂict, The symptoms of this dysfunctionality in boards is that they will have boring meetings, create environments where back-channel politics and personal attacks thrive and ignore controversial topics that are critical to board success. They will also fail to tap into all the opinions and perspectives of board members and waste time and energy on posturing and interpersonal risk management.
The third dysfunctionality is where a board Fails to Commit to being a Team – this results in:
Ambiguity among the board about direction and priorities.
Missed opportunities due to excessive analysis and unnecessary delay.
A lack of confidence and fear of failure.
Revisiting discussions and decisions again and again.
Second-guessing among directors.
Dysfunctional boards are unable to create clarity around their direction and priorities and cannot align directors around common objectives. They move forward with hesitation and are unable to learn from mistakes.
Fourth, a board that Avoids Accountability:
Creates resentment among directors who have different standards of performance.
Misses deadlines and key deliverables.
Places an undue burden on the Chair as the sole source of discipline.
Does not ensure poor performers feel the pressure to improve.
Does not identify potential problems quickly by questioning each other’s approaches without hesitation.
Finally, if a board is not Focused on Results, the organisation will stagnate or fail to grow, rarely defeat competitors, lose achievement-oriented employees, be easily distracted and encourage individualistic behaviour where board members focus on their own careers and individual goals.
So what should boards be doing?
Directors who can agree with most of the following are likely to be sitting on more effective boards:
Board members are clear on what is expected of them.
Board meeting agendas are well planned so that the board is able to get through all necessary board business.
Most board members come to meetings prepared.
Written reports to the board are received well in advance of meetings.
All directors participate in important board discussions.
Different points of view are encouraged and discussed.
All directors support the decisions reached.
The board has a plan for the further development of directors.
Board meetings are always interesting and frequently fun.
How many of the above statements are you able to agree with?
If you disagree with a number of them, the likelihood is that you are a member of a dysfunctional board … and If your business has a dysfunctional board, it is also likely to be a dysfunctional business.
Directors must resist the temptation to delegate their health and safety duties
Admiral Hyman G. Rickover (USN), who was known as the “Father of the Nuclear Navy”, made the following comment about responsibility and the art of delegation:
“Responsibility is a unique concept… You may share it with others, but your portion is not diminished. You may delegate it, but it is still with you… If responsibility is rightfully yours, no evasion, or ignorance or passing the blame can shift the burden to someone else”.
These words have particular significance in the field of health & safety management, a somewhat neglected area of business operations which many directors seem to regard as just a tiresome administrative burden, and thus something which should be off-loaded to a junior manager as quickly as possible!
Delegation may seem the ideal solution but, as Admiral Rickover has pointed out, delegation does not absolve you of your legal responsibilities. The law says (in summary) that all employers have a responsibility to keep employees safe in the workplace, and in practice the burden of that responsibility – known as the “duty of care” – is carried by the company’s board of directors. So if there is a failure in the organisation’s health & safety management systems then the board of directors could be held directly and personally responsible.
This point was clearly demonstrated by the 2012 trial of Lion Steel Equipment for corporate manslaughter following the death of a maintenance worker who fell from the roof. Not only was the company itself charged with corporate manslaughter but its three directors were also charged individually with gross negligence manslaughter, an offence which can result in a substantial period of imprisonment.
What makes the Lion Steel case so important from the point of corporate governance is that one of the directors charged was actually the firm’s finance director, somebody who provided no operational input into the company’s day-to-day management. But that didn’t stop his name ending up on the charge sheet!
So, what should directors do before they decide to delegate their company’s health & safety management en bloc to a junior manager or an external consultant?
First, they need to ensure that their nominated person is qualified to the appropriate level and that this qualification is still valid. Remember that health & safety law can change substantially over time. So, for example, having once had a knowledge of (say) the Construction (Design & Management) Regulations 2007 will be of little use when working with the new CDM 2015 Regulations.
Second, they need to be satisfied that their nominated person has the personal skills and abilities needed to perform the safety management task correctly (and bear in mind that just having a qualification does not in itself guarantee competence!)
Even if the safety management work has been assigned to an external consultant the same checks should still be carried out. Does the appointed consultant actually hold appropriate health & safety qualifications? (Some “consultants” are woefully underqualified for the challenge!) Does the consultant hold a professional membership (which would mean that he – or she – would be governed by that professional body’s code of conduct and ethics)? Does the consultant carry appropriate professional indemnity insurance – and if not, why not?
Delegation is a perfectly acceptable management strategy if it is done properly, of that there is no question, but directors must resist the temptation to delegate their health and safety duties just as a matter of convenience – because therein lies the road to disaster and a personal appearance before one of Her Majesty’s Judges!
About the author:
Andy has his own health & safety practice, Management & Safety Training Ltd, and is a highly experienced consultant and trainer (including accreditation with NEBOSH both as a tutor and examiner). He is an accredited accident investigator and is qualified in both the health & safety and training sectors.
A Fellow of the International Institute of Risk and Safety Management (FIIRSM), a chartered safety & health practitioner (CMIOSH) and a member of the UK Occupational Safety & Health Consultants Register (OSHCR), he has a proven track record in fields as diverse as accident investigation, lone worker safety, construction safety, and health & safety training.
Prior to moving into the field of health & safety management he was a specialist investigator with two élite UK law enforcement agencies (including taking responsibility for the management of complex international fraud enquiries).
Gain insight on the changing landscape of Corporate Governance – how organisations of all sizes in the private, public and voluntary sectors are becoming more effective
Find the latest news on developments in Board practices and how they can enable improved business growth
Get access to free white papers, case studies, events, seminars and courses to enable your board to be more effective
Participate in up to the minute discussion topics, share your thoughts, ask questions, read what your peers and thought leaders have to say
Join others by asking questions, adding comments, and sharing your ideas, or just read what others are posting. This LinkedIn group is for you; we encourage you to make the most of it.
What is LinkedIn?
According to the LinkedIn Corporation, LinkedIn is an interconnected network of experienced professionals from around the world, representing 150 industries and 200 countries. You can find, be introduced to, and collaborate with qualified professionals that you need to work with to accomplish your goals.
Registering for a LinkedIn Account
If you are already a LinkedIn member, joining the Excellencia LinkedIn group is easy—simply click here to go directly to the group.
If you do not have a LinkedIn account, you must register for an account prior to joining the Excellencia LinkedIn group.
The membership criteria of a LinkedIn group is determined by the specific group’s manager. Usually you must be approved by the group’s manager in order to join the group or this may be done automatically in some instances.
If you do not go directly to the group upon login, follow the instructions below:
Click on ‘Groups‘ on the drop-down menu next to the ‘Search‘ box at the top of the page.
Type Excellencia into the Search box.
Click on the Search icon.
Select Excellencia from the list of search results.
As a member of the Excellencia LinkedIn group you are very welcome to create a new discussion or comment on existing discussions.
Your opinions and feedback are welcome. Please present them in an objective and respectful way that allows for a continued information relationship.
While this Group provides an open forum, it is intended to maintain respect for those who participate. Please keep your comments respectful and relevant.
Participants are asked to follow our posting guidelines below. Violation of the guidelines below may result in your post being removed or you being asked to leave the group.
We do not, under any circumstance, allow graphic, obscene, sexually explicit or racial comments or submissions; nor do we allow comments that are abusive, hateful, or intended to defame anyone or any organization.
We do not allow comments that suggest or encourage illegal activity.
You participate at your own risk, taking personal responsibility for your comments, your username and any information provided.
Please post all job-related comments on the Jobs posting tab for this group.
Members are welcome to promote themselves or their organisations using the Promotions tab.
If you have any questions about joining the Excellencia LinkedIn Group, please email Debbie Wright.
Note: If you received an Invitation to join a group, you may be pre-approved to join. To ensure that you are automatically approved to join the group, you should make sure that the email address you received the Invitation at is one of your confirmed email addresses on your account. Go to ‘Settings’ from the header of the home page, and click ‘Email Addresses’ to view, add, or delete an email address.
The Financial Reporting Council (FRC) has issued an updated version of the UK Corporate Governance Code (the Code)
The latest update of the UK Corporate Governance Code has been issued by the Financial reporting Council and is available for download here.
The main focus for the 2014 update has been to significantly improve the quality of information available to investors about the risk management processes, the long-term health and strategic intentions of listed companies.
The FRC has continued the trend, which began with the 2006 Companies Act, of asking listed company directors to consider the long-term viability of the business, including solvency and liquidity looking forward for a period significantly longer than 12 months.
In an attempt to tackle the growing unrest amongst shareholders and particularly shareholder activists, over executive pay, boards of listed companies will also now need to ensure that executive remuneration is designed to promote the long-term success of the company and demonstrate how this is being achieved more clearly to shareholders – thus aligning executive reward with the sustained creation of value.
The key changes to the Code include:
Going concern, risk management and internal control
Companies should state whether they consider it appropriate to adopt the going concern basis of accounting and identify any material uncertainties to their ability to continue to do so;
Companies should robustly assess their principal risks and explain how they are being managed or mitigated;
Companies should state whether they believe they will be able to continue in operation and meet their liabilities taking account of their current position and principal risks, and specify the period covered by this statement and why they consider it appropriate. It is expected that the period assessed will be significantly longer than 12 months; and
Companies should monitor their risk management and internal control systems and, at least annually, carry out a review of their effectiveness, and report on that review in the annual report.
Companies can choose where to put the risk and viability disclosures. If placed in the Strategic Report, directors will be covered by the “safe harbour” provisions in the Companies Act 2006.*
Greater emphasis to be placed on ensuring that remuneration policies are designed with the long-term success of the company in mind, and that the lead responsibility for doing so rests with the remuneration committee; and
Companies should put in place arrangements that will enable them to recover or withhold variable pay when appropriate to do so, and should consider appropriate vesting and holding periods for deferred remuneration.
Companies should explain when publishing general meeting results how they intend to engage with shareholders when a significant percentage of them have voted against any resolution.
The FRC has also highlighted the importance of the board’s role in establishing the ‘tone from the top’ of the company in terms of its culture and values. The directors should lead by example in order to encourage good behaviours throughout the organisation.
In addition the FRC has emphasised that key to the effective functioning of any board is a dialogue which is both constructive and challenging. One of the ways in which such debate can be encouraged is through having sufficient diversity on the board, including gender and race. Nevertheless, diverse board composition in these respects is not on its own a guarantee. Diversity can be just as much about difference of approach and experience. The FRC is considering this as part of a review of board succession planning and will consider the need to consult on these issues for the next update to the Code in 2016.
The great value of the UK Corporate Code, with its ‘comply or explain’ regime, as opposed to legislation, is that it can be quickly and easily modified to reflect current Corporate Governance thinking and address shareholder concerns in a relatively short time-scale.
The fact that Bankers bonuses are still making the headlines six years after the Banking crisis which plunged the world into recession, illustrates the need for this timely reinforcement by the FRC of the basic requirements for company directors to consider the long-term implications of their actions on the sustainability of the business and to always act in the best interests of the business – as set out in the 2006 Companies Act.
About the Author
David Doughty is a Corporate Governance Expert who works with company directors and their boards to help them to be more effective. He is a Chartered Director, Business Mentor and Executive Coach.
For the first time in law, the 2006 UK Companies Act sets out what a company directors duties are
The 2006 Companies Act, which set out to streamline and simplify UK Company law, ended up being one of the largest pieces of legislation ever written!
However, it did, for the first time, specify exactly what a Company Director’s duties are (which apply equally to both Executive and Non-Executive Directors), as follows:
To act within powers
To promote the success of the company
To exercise independent judgement
To exercise reasonable care, skill and diligence
To avoid conflicts of interest
Not to accept benefits from third parties
To declare interest in proposed transaction or arrangement with the company
To take them one by one – To act within powers – how does a director know what powers he or she is required to act within?
A good place to start is the Articles of Association (previously known as the Memorandum and Articles or ‘Mem and Arts’) – when was the last time you looked at these? When did your board last review them to make sure that they are still appropriate? These, together with any shareholder agreements, contracts, covenants and other items form the company’s constitutional documents which define your powers as a director.
If you haven’t looked at these for a while, or worse still, have never looked at them, then ask your Company Secretary for copies as soon as possible.
Next – To promote the success of the company – prior to the 2006 Act it used to be the case that company directors were responsible to shareholders and providing they endeavoured to ensure a decent return on the shareholders investment then they were complying with their duties.
Following the ‘unacceptable face of capitalism’ scandals of Lonrho and Slater Walker in the 1970s and the corporate failures of the ’80s leading to the Cadbury Report and the UK Corporate Governance Code it became clear that company directors had much wider duties which are now enshrined in the 2006 Companies Act, especially in respect of promoting the success of the company.
To promote the success of the company – having regard (amongst other matters) to:
The likely consequences of any decision in the long term;
The interests of the company’s employees;
The need to foster the company’s business relationships with suppliers, customers and others;
The impact of the company’s operations on the community and the environment;
The desirability of the company maintaining a reputation for high standards of business conduct; and
The need to act fairly as between the members of the company
Clearly, the new act, which applies equally to Executive and Non-Executive company directors in the UK, establishes a legal duty for directors to avoid short-termism in their strategic decision making and take into account the legitimate interests of their staff, suppliers, customers, the community and the environment as well as their shareholders.
With regard to the need To exercise independent judgement – it is important that, regardless of job title or board role or independence, all directors come to the boardroom table as equals, with joint and several liability for the decisions that they make and that they are not unduly swayed or influenced in making those decisions.
All directors are expected To exercise reasonable care, skill and diligence – which means that they should devote sufficient time to their role (which limits the number of directorships any individual may hold) and come to every board meeting well prepared, having read all the board papers and where possible, having had off-line conversations with fellow directors about key strategic matters.
Turning up to board meetings late and trying to read the papers during the meeting for the first time is unlikely to lead to an effective contribution to decision making or a satisfactory discharge of your duties as a company director.
Holding more than one board position or running your own business whilst serving on the board of another company are likely to compromise your legal duty To avoid conflicts of interest – whilst it is not always possible to avoid conflicts of interest, you should be aware of the possibility and alert the board when conflicts are likely to occur.
A well run board will have a Register of Interests, which will be reviewed annually, containing a list of all directors’ outside interests. The standing agenda for each board meeting should include an item for Declarations of Interests, at which point directors should declare if they have an interest in an agenda item. Often, if this is the case, the director will formally leave the meeting whilst the matter is being discussed and will only re-join once a decision has been made.
All directors should be aware of the requirement Not to accept benefits from third parties – compliance with this aspect of the act can be demonstrated by maintaining a Gifts and Hospitality register and ensuring that there is a company-wide policy on entertainment paid for by third parties.
Finally, directors need to comply with the requirement To declare interest in proposed transaction or arrangement with the company – most commonly this covers property transactions or contracts with businesses that a director has an interest in. The sphere of interests that need to be declared also usually includes the director’s spouse, children and immediate family.
If you are a company director and you have been aware of your duties under the 2006 Companies Act and you have been complying with them then you can be satisfied that you are acting within the law – if not, then you should review how you and your board operates to make sure that you are discharging your director’s duties correctly.