Wouldn’t it be nice if you could be a board or board committee member without worry or concern? Well . . . you can’t unless you are oblivious to issues and risks, but of course you can and should endeavor to be proactive and ahead of the game; spot, obtain needed information about and deal with issues; interact with others, not in a silo; and make prudent decisions.
I have seen an article that ISS has recommended that 7 of 10 Target board members should go, at least in part because of the massive data breach that Target suffered last year. Here is a link to the story, click here.
If they weren’t already, perhaps now catastrophic incidents will result in a call for board member ouster. That’s not an easy decision to make, of course, and should be made on a case by case and person by person basis. What if the director in question brings a lot more to the table that would be lost and difficult to replace if ousted? Directors are responsible for risk management and opportunity oversight, but not day-to-day operations. And serious incidents can happen even with diligent oversight, including intentionally caused incidents like computer hacking. What about ouster for environmental incidents? What about ouster for product design and manufacturing incidents? What about ouster for perceived inadequate risk management or internal control processes? You get the point.
Clearly if you are a board member, and if you are a board risk committee member, you have ultimate risk oversight responsibilities. What if you are an audit committee member and your audit committee has been delegated risk management oversight? Audit committee members already have significant and time consuming oversight responsibilities for accounting and financial records, foreign corrupt practices act compliance, oversight of the independent outside audit and auditor, and financial internal controls. If your audit committee charter, you do have a charter, right, delegates to you risk management responsibilities, you had better be sure that the charter specifies which responsibilities, i.e., accounting, financial, audit, FCPA, and internal controls, or more, such as general overall broad risk management, that you do have and don’t have, and that you believe that you are qualified and able to satisfy those oversight responsibilities.
Dave Tate, Esq. (San Francisco and California)