Tag Archives: governance

Critical Thinking Is So Important – It Needs To Be Taught And Discussed

Posted on by

Do you get a feeling sometimes or even overall generally that you really aren’t sure whether you can trust what someone is telling you? I’m actually past that point – except for good friends that I have known for some time and who I trust and respect, I either don’t believe what I am hearing or I certainly question its basis. This makes decision making more difficult and time intensive.

Some people simply without any discomfort lie as a matter of course – these people are missing a personality gene or trait – you may have seen survey results that seek to quantify how many times a person on average is lied to each day. The numbers are stunning. But I’m not even talking about that. At a different lower level you have things like the speaker’s spin, overstatement or exaggeration, intent to persuade, the speakers omission to state other important information, alternative or contrary information, preconceived belief or prejudice, lack of reliable factual support, and false, contrived or erroneously limited possible choices or explanations, et al. Defending on the severity these might be considered intentional fraud, constructive fraud, deceit, negligent or innocent misstatement or misrepresentation, or some other form of dishonesty.

Your only option or defense is to critically think about, consider, and evaluate what you are hearing. Alternatively, you might say that you need to actively question what you are hearing or being told. But it takes time, effort and interest – it isn’t the easy approach.

Can you critically think about something if you have little background or personal experience with that issue or topic? Sometimes I hear people say that you cannot comment about something because you haven’t experienced it. I specifically disagree, although the point has some relevance. Lack of information or personal experience makes critical thinking and evaluation more difficult. But you certainly can still use your own good judgment, consider possible alternatives to what you are being told, gather additional information including alternative or contrary information, and question the speaker about his or her position, alternatives, and basis for statement or opinion.

Frankly, I have to say that listening to the news, or salespeople, or politicians, just as examples, tends to drive me crazy sometimes as their information and statements can almost always be rebutted or at least questioned. Who has the time for that? And maybe that’s their point – you don’t have the time.

From my audit committee guide, the following is a summary of the business judgement rule for board directors – you will note that it’s significantly based on informed, critical thinking:

In summary, as a general principle the business judgment rule provides that a director should undertake his or her duties:

-In good faith, with honesty and without self-dealing, conflict or improper personal benefit;

-In a manner that the committee member believes to be in the best interests of the corporation and its shareholders; and

-With the care, including reasonable inquiry, that an ordinarily prudent person in a like position would use under similar circumstances.

Reliance Upon Other People Under the Business Judgment Rule

In the course and scope of performing his or her duties, a director must necessarily obtain information from and rely upon other people. The director is not involved in the day-to-day operations of the business. The director provides an oversight function. Pursuant to the business judgment rule, a director is entitled to rely on information, opinions, reports or statements, including financial statements and other financial data, prepared or presented by any of the following:

-Officers or employees of the corporation whom the director believes to be reliable and competent in the relevant matters;

-Legal counsel, independent accountants or other persons as to matters that the director believes are within the person’s professional or expert competence; or

-A committee of the board on which the director does not serve, as to matters within that committee’s designated authority, so long as the director acts in good faith, after reasonable inquiry as warranted by the circumstances, and without knowledge that would cause reliance to be unwarranted.

You can find more information including Tate’s Excellent Audit Committee Guide on my blog at http://directorofficernews.com, and also on my trust, estate, conservatorship and elder abuse litigation blog at http://californiaestatetrust.com.

 

Advertisement

Risk Management – Is Anyone Doing It, Yes Some Are – Is There An Agreement On How It Should Be Done, No Definitely Not

Posted on by

Here is a link to a discussion by Matt Kelly of Compliance Week about risk management, suggesting or perhaps stating that risk management is being done by financial institutions and some other public corporations, but it is a mixed bag, and, in my words, risk management and how to do it really have not caught on. And then below the link to Matt’s discussion, I have pasted in this post my response to Matt. Here is the link to Matt’s very interesting discussion – please read it, CLICK HERE.

And here’s my response to Matt’s post. Good discussion Matt. I’m not sure everything in the discussion correlates, but I believe the underlying points are true. Your discussion caused me to think about all of the many, many emails that I receive about new risk management discussions and posts, and some of them are by me. But have they done much good? I question whether they have. I’m not being critical, just truthful. Hordes of risk management, and internal control, and governance discussions and posts are created monthly, and for many, many years. But I have come to believe that people most often take action only if they are presented with a specific situation that they know demands that they take action, or they are required to by law, statute, or regulation, or they are required to by rule, sometimes (such as stock exchange rules), or it becomes an expected practice, sometimes (such as an expected practice in the community or perhaps by a professional organization such as the NACD, etc.). Otherwise, the requirement that the organization, or the board, or the audit committee, or the risk committee is responsible for risk management is simply too vague and indefinite. And that’s the way it is.

Dave Tate, Esq., San Francisco and throughout California, http://directorofficernews.com

 

Social Security Risk Management – Congress and President Get a “D” and a NIST Tier 1 or 2 Rating

Posted on by

I’m going to rant a little in this “fun” post. Another week, another article about social security going broke, about tweaks to “fix” it by payroll tax increases, cutting benefits, taxing benefits, and/or raising the age to receive benefits. The following is another disheartening article about the doom of social security, about beginning in 2017 and thereafter new increases in the age to receive benefits, that even those reductions in benefits won’t “fix” social security, and that those increases originated way back in 1983.  For the article Click Here.  The point is, 1983 was over 30 years ago, and even before that it was known that social security was failing. The options are not good for anyone who has paid for social security for all of their working life, or even just for a significant number of years, for younger people (in their 20’s and 30’s) who are new or relatively new to the mandatory social security payment program, or for people who are somewhere in the middle (in their 40’s). I suspect that few people would voluntarily pay into such a system if they were allowed to vote on it today.

I don’t fault elected representatives who speak up and propose new fixes, because social security has to be fixed. It’s just that none of the options are good. I have already lost when you consider the amounts that my employers and I have paid into social security over my working life. And that was money year after year that could have been better used for many other things.

The President is the CEO of social security. Congress, the Senate and the House, are the Board of Directors. That means whomever is in office at the time, and in the case of the social security system, that means year after year, decade after decade.  Let me just say that if social security was a company the CEO and the Board would all be fired, or the program would have been terminated or really fixed or altered decades ago.

Have you seen the NIST – National Institute of Standards and Technology – Framework for Improving Critical Infrastructure Cybersecurity? The Framework originated in 2014, as a U.S. Government recognized outline for risk management steps in cybersecurity. The following is an August 31, 2014, blog post discussing the Framework, Click Here. You will note that the Framework includes a Tier rating system for how developed an entity’s risk management system is, Tier 1 being the worst and Tier 4 being the best. Below I have copied and pasted the four Tiers. Based on the NIST Tier descriptions, I rate social security system design and risk management at Tier 1, or perhaps a Tier 2 rating. You give it your rating. Social security is not even close to the Tier 4 rating that it should have given that payments into social security are forced on people, the astronomical amount of money that is withheld and paid into the system each pay period, and how people really are entirely dependent on the honesty and integrity of the system’s operation, management and risk management, including the honesty and integrity of the President as CEO and Congress as the Board. Below are the NIST Tiers. Enjoy.

Dave Tate, Esq. (San Francisco/California).

NIST Tiers:

Tier 1: Partial (first and lowest level of risk management practices) – Risk management practices are not formalized.  Risk is managed on an ad hoc and sometimes reactive manner. There is limited awareness of cybersecurity risk at the organizational level.  An organization may not have the processes in place to participate in coordination or collaboration with other entities.

Tier 2: Risk Informed (second level of risk management practices) – Risk management practices are approved by management but may not be established as organizational wide policy.  The organization knows its role in the larger ecosystem but has not formalized its capabilities to interact and share information externally.

Tier 3: Repeatable (third level of risk management practices) – The organization’s risk management practices are formally approved and expressed as policy. There is an organization-wide approach to manage cybersecurity risk. The organization understands its dependencies and partners and receives information from these partners that enables collaboration and risk-based management decisions within the organization in response to events.

Tier 4: Adaptive (forth and highest level of risk management practices) – The organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity activities. There is an organization-wide approach to managing cybersecurity risk that uses risk-informed policies, processes, and procedures to address potential cybersecurity events. Cybersecurity is part of the organizational culture and evolves from an awareness of previous activities, information share by other sources, and continuous awareness of activities on their systems and networks. The organization manages risk and actively shares information with partners to ensure that accurate, current information is being distributed and consumed to improve cybersecurity before a cybersecurity event occurs.

* * * * *

On the 2015 Audit Committee Agenda

Posted on by

10 things that audit committees should keep in mind as they consider and carry out their 2015 agendas.

Click on the following link for the discussion: www.kpmg-institutes.com

Good broad topic areas to consider, although I prefer the following discussion materials that I have written as they are more specific – click on the following link – Audit Committee Self-Evaluation Form David Tate Esq 10302014.

Dave Tate, Esq. (San Francisco / California).

3 Major Changes Congress Wants to Make to Social Security – On the Scale of Risk Management How Would You Score Congress?

Posted on by

Social Security needs change to survive over the long run, and Congress seems willing to take up the daunting task of a Social Security overhaul. – Sean Williams – Investment planning

Click on the following link for the article: www.fool.com

No surprise here.  Inactive and lack of diligent long-term planning. This issue has been around for 40-50 years.  A serious issue for old, middle age and young alike.

If you are young, why do you want to pay 13-14% (half from you and half from your employer) into this program when there is no reasonable certainty that it will be around for you when you retire, and if it is around there is no reasonable certainty about what the benefits will be.

If you are near or at retirement and you paid into this program for 40-50 years you are probably safe, if you don’t live for another 20 years.

If you are in the middle, not near retirement, and have been forced to pay into this program for 25-35 years, good luck to you.

How would you rate the Social Security program risk management? See my prior blog post about the NIST cybersecurity risk management framework, Click for Post .  I would rate Social Security risk management as Tier 1 – Tier 2.

Dave Tate, Esq. (San Francisco / California)

UK pressures Bank of America unit on risk management – Wall Street Journal

Posted on by

(Reuters) – British regulators are pressuring Bank of America Corp’s European investment-banking arm to improve its risk management practices, saying the current ones are “simplistic” an…

Click on the following for the article: au.news.yahoo.com

You may have been following the efforts to bring European and U.S. accounting standards into conformity, and how difficulty that has been.  I would evaluate the chance of bringing the various different governance and risk management codes into conformity as zero. And as the European regulatory agencies appear to be getting more active and demanding both with the code provisions and enforcement, we might expect European developments in these areas to become more center stage.  Dave Tate, Esq. (San Francisco / California)

Regulator launches consultation on ‘The essential trustee’ – Press releases – GOV.UK

Posted on by

U.K. Guide to trustees’ duties is updated.

I am following up on a post by a LinkedIn group member about a new regulatory initiative by the U.K. Charity Commission on trustee standard of care.  You can click on the following link to access the article: www.gov.uk

The following are my initial comments about the post and the regulatory proposal.

Thank you Jane.  I clicked on the materials.  As they are rather long for a morning before work read, I’ll have to get back to them in detail.  Preliminarily it appears to pretty much follow what in the U.S. would be the business judgment rule.

The very real distinction is whether a regulatory agency will really enforce the requirements. And with charities there are so many different types and missions, and people of tremendously different backgrounds who serve on the boards.

I have served on two nonprofit boards and as an audit committee chair – on one of the boards all members were pretty sophisticated, on the other board perhaps less than half would fit that criteria. But on both boards they all supported the mission, did not have conflicts, and tried to make correct and diligent decisions within their abilities.

Should some of the board members on the second board not be allowed to serve as board members?  Tough call. Depending on the final outcome of the regulations, they could have a chilling or at least limiting effect on who can or wants to serve on a charity board. The U.K. initiative will be very interesting to watch.

Dave Tate, Esq. (San Francisco / California)

Glass Lewis – Heat on the Audit Committee to Make It Right (Fraud)

Posted on by

I have been evaluating Glass Lewis’ Proxy Paper Guidelines, 2015 Proxy Season, An Overview of the Glass Lewis Approach to Proxy Advice, United States – there are many provisions pertaining to audit committees, audit committee members, and under what circumstances Glass Lewis will recommend voting for or against audit committee members and/or the entire committee. Audit committee members should read the Guidelines, to be informed. Some of the provisions are reasonable, others I believe are not or are overstated. This post discusses Standards for Assessing the Audit Committee #13 (material accounting fraud). Later blog posts will discuss other Standards. Although we all agree that material accounting fraud should not occur and should be prevented, as far as deciding whether or not to vote for or against an audit committee member or the entire committee when fraud has occurred isn’t or isn’t necessarily cut and dry.

* * * * * * *

The STANDARDS FOR ASSESSING THE AUDIT COMMITTEE are at pages 9-11 of the Proxy Paper Guidelines.

* * * * * * *

In pertinent part Glass Lewis advises: “When assessing the decisions and actions of the audit committee, we typically defer to its judgment and generally recommend voting in favor of its members. However, we will consider recommending that shareholders vote against the following: . . . .

* * * * * *

13. All members of an audit committee at a time when material accounting fraud occurred at the company.” (bold added)

My thoughts. Footnote 19 of the Paper, also states “Research indicates that revenue fraud now accounts for over 60% of SEC fraud cases . . . .” Provision #13 seems overstated and too bright line – (1) the audit committee members are significantly dependent on information provided by others including the CEO, CFO, internal audit, the independent outside auditor, foreign operations, etc. – (2) the audit committee only has oversight responsibilities – (3) what is “material,” quantitatively and qualitatively? – (4) what if the accounting treatment was a judgment call [i.e., see the new upcoming changes to “principles” based accounting for revenue]? – (5) why the entire audit committee as a group – each member has only one vote – really the entire committee out? – (6) what is “fraud”? – (7) fraud is often very difficult to prevent and detect – (8) what if the director is good for the company except perhaps in this instance of oversight? – (9) what if the audit committee was diligent and the fraud occurred anyway – (10) maybe recommend keeping the director, but not as an audit committee member? – (11) more?

Comment if you would like.  Please also tell others if you like this blog and my posts. Thanks.

Dave Tate, Esq., San Francisco / California, http://directorofficernews.com

Updated Audit Committee Self-Evaluation Form

Posted on by

Updated audit committee self-evaluation form, click on the following link, use the form and enjoy,

Audit Committee Self-Evaluation Form David Tate Esq 10302014

Dave Tate, Esq. (San Francisco/California)