In this edition of ‘Inside the Boardroom’, Betsy Atkins answers readers’ questions about inclusiveness and diversity, data breaches and cyber threats, and institutional investors.
How can boards help foster inclusiveness and diversity? What should we be doing to avoid the type of sexism and discrimination that allegedly occurred at Uber and elsewhere?
Boards can help oversee the “tone at the top” of a company to ensure there is active oversight to avoid sexism or discrimination. Boards may want to review hiring goals for gender diversity and minorities. Also, with the CEO’s support, board members who have a passion or connection to the topic of inclusiveness and diversity can offer to both mentor and meet with groups within the company.
At Volvo, I host a luncheon meeting a few times of year for female middle management, high-potential executives. Male board members can also actively mentor and sponsor women and minority employees to foster inclusiveness. The board can discuss if they think it is helpful to proactively ensure the company has a wide range of abilities, experience, knowledge and strengths.
In the wake of the recent data breach suffered by Equifax, it’s becoming clear that reducing vulnerability to cyber threats is increasingly critical. What is the role of the board in terms of cybersecurity oversight? What can directors do to stay informed about the issue and take appropriate precautionary measures?
Cyber breach is one of the key vulnerabilities that boards review as part of their enterprise risk management oversight and is frequently a priority on the audit committee’s annual calendar. The impact of a cybersecurity breach extends far beyond costs and losses related to the data that is stolen, impacting brand reputation and consumer and investor confidence. This, in my view, elevates the risk and the need for board attention.
Directors may want to invite the chief information officer or chief information security officer to present the company’s prevention, detection and mitigation policies and programs to the full board annually, perhaps at a working dinner. Additionally, particularly given the Equifax breach, it is critical to understand the company’s data policies regarding software updates and patches as part of an overall compliance program. Another practice to consider is inviting an outside expert, such as a representative from a cybersecurity company like SecureWorks, the Chertoff Group or FireEye to speak to the board as part of its continuing ongoing education. Finally, at a minimum, boards should ask if there is a standard cyber risk matrix that they can look at, such as the NIST Dashboard.
What changes have you observed in how the board engages with institutional investors? What practices should boards consider adopting to build institutional investor relations?
There is a significant emerging trend for boards to meet with their large institutional investors, such as big index funds like Vanguard, State Street and Fidelity. There are two groups within these index funds, the investment group and the governance group. The governance group will vote the proxy either in support or against management’s recommendations on pay, equity grants as part of compensation to leadership and management and—importantly—any response to activist proxy proposals.
Meeting with the governance group on an annual basis is a good way to build relationships and credibility for questions and concerns that inevitably come up related to compensation packages, specifically CEO and senior executive salaries, bonuses and long-term incentive equity grants and activist proposals. The investment group is typically on a quarterly update cycle with the company via the CFO and investor relations team. The board does not normally meet with the investor group. The lead director on one of my public boards has been meeting with both individual active investment funds and the index funds’ governance groups for the past three years. These meetings have proven critical to gaining their support on the issues mentioned above. I recommend this as a new best practice for boards to consider and discuss.
To submit a boardroom question for Betsy Atkins, email CBMEditorial@ChiefExecutive.net.