Archive for the ‘Ethical Leadership, Citizenship and Integrity’ Category

How should a board oversee ethics?

I recently moderated a keynote address by Andrew Fastow, the former CFO of Enron, and followed up by delivering a keynote on the role of the board in ethics, tying in aspects of Mr. Fastow’s speech. What follows is based on my speech; incorporates not only my interactions with Mr. Fastow, but also Messrs. Conrad Black and Arthur Porter; and draws on my work with boards that have succeeded and failed in their ethics oversight.

Here are ten ways a board can oversee ethics:

  1. Ask the right questions.

Good questions for boards, when faced with an ethically problematic action, are: (i) How will this action impact our reputation? (ii) How will this action impact us over the long-term? (iii) What are the aggregate effects of this action? (iv) What will the view of this action be by objective parties, especially if current circumstances change? (v) Even if this action is technically correct or permitted, does it meet the principle or spirit of applicable guidelines and rules? and (vi) Are we doing the right thing?

Management should have detailed answers to these questions. And they should leave the room so only independent directors can discuss.

  1. Have a line of sight over ethics, integrity, reputation and culture.

Many behavioural and integrity controls fail in their design and implementation, and because they do not go far enough or are subject to management override. These controls should be independently audited. Good companies are measuring and assuring reputation, integrity and risk culture for boards. It is important that this assurance reach the board un-funneled by reporting management. Good Audit and Quality Committees are reaching deep into organizations to view culture, quality and “tone in the middle.” Toxic culture or wrongdoing can bring enormous and rapid harm to brand and reputation. Bad news needs to rise, without delay, and good boards do not want surprises. The days of boards overseeing just the CEO and other senior management are gone. Management needs to accept more activist boards. This does not mean boards are running companies, but they are overseeing conduct.

  1. Use executive sessions, questions and information as your leverage touch-points.

Have the authority in your board and committee charters to obtain any information, to interview any personnel, and to obtain any outside assistance that you need to in order to fulfill your duties. If management blocks access, you now work for them. Obtain disconfirming information from the outside as well. Meet directly with auditors, consultants, the risk function, and the compliance function, including without any manager in the room. Meet also with major long-term shareholders without any manager present. Only then will you hear what others hear. Boards can live in an echo chamber otherwise. You do not want to be the last to know.

  1. Make sure your lawyer is independent.

The person drafting the above charters, including your clawback clause (see 6. below), should not be the general counsel or the external counsel who works for management, or colleagues of lawyers at the law firm. None of these parties is independent. Just like auditors and compensation consultants must be independent, so should the board’s counsel. Independent assurance on related party transactions, conflicts of interest, the code of conduct, investigations, integrity risks, and whistle-blowing cannot occur by management or their advisors. Only independent advisors will be free to recommend action that corrects and directs (and when necessary, terminates) reporting management.

  1. Address whistle-blowing defects.

Once the Ontario Securities Commission enacts a whistle-blowing reward regime like has been done by the Securities and Exchange Commission in the U.S., there will be a changeover from defective regimes currently in place. If the point of contact for a whistle-blowing program is any manager, the policy is defective. The point of contact must be an independent person or party who reports directly to the Audit Committee. Only then will anonymity be preserved and the channel be used fully. Bad news needs to rise, and investigations need to occur when warranted, and neither happens if it is management investigating management.

  1. Pay for conduct and performance.

Pay drives behavior, including ethics. Many pay committees under-utilize their executive pay toolbox and control over management.

Because pay practices can incent risk-taking and unethical conduct, good regulators and pay committees require ethical conduct to be tied to executive pay. If risk management or the Code of Conduct is breached, executive pay should not vest and be clawed back if it has vested. Conduct and risks should be evaluated every pay period before the pay committee allows equity to vest or a bonus to be received. And ethics and morals clauses should be in every executive and employee contract. And directors need to lead by example, with ethics clauses drafted into their terms of service. A good board insists on resignation in advance if an ethics clause is breached.

  1. Oversee the oversight functions.

Your eyes and ears in the company are internal audit, risk and compliance. These functions must now have reporting channels right into the boardroom and committees. Does your board directly oversee these functions? Does your company have these functions? I have recommended to numerous boards the hiring of these functions and doing so can greatly improve toxic culture, flawed risk management, and unethical conduct. Just as in the early 2000s when the audit committee began to hire, fire and pay the external auditor, now the audit and other committees and the board hire, fire and pay risk, compliance and internal audit.

  1. Speak up and recruit a board challenger.

When directors and chairs are chosen on the basis of preexisting relationships, which many or most are, this means directors are beholden to each other, or worse yet, to management. These directors will not speak up or ask tough questions, as they are owned by their extra-boardroom relationships. The board becomes accountable to management rather than the other way around. Boards where fraud has occurred often met governance guidelines, including Enron. Andy Fastow said that the Enron board not only approved but encouraged his actions (in the words of one director): “Fastow you are a —- genius!” Recruit directors who have no pre-existing relationship to any other director or manager. This includes female directors.

  1. Recruit independent, competent directors with courage.

Independence of mind is not formal independence. Smart managers can capture directors through relationships, perks and incentives. There are directors on boards are well out of their depth. They are there because of relationships, profile and glow, but know little about the actual business and cannot or will not challenge because they are captured. Seeing them ask perfunctory questions is akin to a fork trying to hold water. Only when a director is truly independent and competent, can that director then challenge. Often directors are docile because they simply do not know what to do.

  1. Set tone at the top.

Lastly, and most importantly, set the ethical tone. The actions and behaviour you observe as a director is the tone that you have just accepted. Good tone at the top is unambiguous, applies to everybody, and is consequential. And it is exercised. It is the board, not just management, that sets tone. I recall the story of the audit committee chair who saw the CFO go through customs at an airport and not declare a bottle of wine. The next morning, the CFO was fired.

Management is fond of explaining unethical conduct away by saying it was a “rogue” employee. Boards are fond of explaining unethical conduct by saying “we missed it.” If boards and management teams are truly honest, they know they should not have missed it and that it was not a rogue employee. It was an employee operating within the culture that was accepted.

In all of my interviews of directors over the years, including during ethical failure, when I ask about directors’ greatest regret, the answer is consistently, “I should have spoken up when I had the chance.” Speaking up is incredibly important when it comes to tone at the top. If you are uncomfortable, “speak up” is the best advice I could give a director. Chances are, several of your colleagues are thinking the exact same thing.

Why integrity is good for business, and the role that boards play

“We didn’t know.” “We missed it.” “It was a rogue employee.” There is not an excuse I have not heard for ethical failure. But when I investigate a company after allegations of fraud, corruption or workplace wrongdoing, almost always there is a complacent, captured or entrenched board that did not take corrective action. In a few cases, boards actually encouraged the wrongdoing.

The first myth is that the board is a “good” board. There is no relationship between the “glow” or profile of directors and whether the board is “good.” Often times, there is an inverse relationship, as trophy or legacy directors typically lack industry and risk expertise in recognizing fraud or understanding what proper compliance looks like, are not really independent, are coasting and not prepared to put in the work, or they themselves may not possess integrity.

How important is integrity? Extremely. Three factors make for a good director or manager: competence, commitment and integrity, with integrity ranking first. Otherwise, you have the first two working against you.

Integrity needs to be defined, recruited for, and enforced. “Does your colleague possess integrity?” “Yes” is an answer to this perfunctory question. Full marks. But when I define integrity to include avoiding conflicts of interest, consistency between what is said and done, ethical conduct, and trustworthiness – and guarantee anonymity, I get a spread of performance scores. Those who do not possess integrity in the eyes of their colleagues are poison and should are extracted from any board or a senior management team. They never should have been elected or hired in the first place, which is a recruitment failure.

Fraud, toxic workplaces, bullying, harassment and pressure do not occur in a vacuum. Many people in the company know. The issue will not go away, will only get worse, and is a latent legal, financial and reputation risk.

For bad news to rise, boards need to ensure that protected channels exist and are used – including for a director or executive to speak up in confidence, and for an independent consequential investigation to occur.

Ethical reporting also needs to assure anonymity to the fullest possible extent to receive reliable information. If a whistle-blowing program has any manager as the point of contact, it is not effective. Whistle blowing, culture surveys, and ethics audits should be conducted independently and reported directly to the board without management interference.

Frequently, I find ethical design and implementation failure are the culprits, with codes of conduct, conflict of interest policies, whistle-blowing procedures, culture and workplace audits, and education and communication being perfunctory at best, overridden by management at worst, and not taken seriously by employees or key suppliers, with minimal assurance and oversight by the board.

Complacent boards and executives are the last to know and deny any wrongdoing, having creating the conditions for fraud to flourish. Shockingly, lacking any pride, in full denial, and further reinforcing their entitled self-serving mindset, they refuse to resign.

After ethical failure happens, executives argue that it is a lone rogue employee or an isolated incident. Nothing could be further from the truth. It is an employee who reflects the true and actual culture, internal control environment, and practices of the organization, and who is attracted to and flourishes within them. There is no such thing as a rogue employee. It is a board that approved the conditions that management proposed within which employees operate. The board’s leverage of approval, documentation and questions went unused and unasserted. They are the very people who should not be overseeing subsequent reforms, as they are assessing their own shoddy work.

This lax control environment, where self-interest is pursued and where pressure is applied, is the heart of ethical failure.

There is a shocking lack of internal controls over employee and agent behavior that I have found in corrupt jurisdictions in which Western firms do business. This means, not only is the potential for fraud rampant, but also that costs of compliance are being borne by companies who do not bribe and have proper controls. They are penalized for doing things right.

Furthermore, there are corrupt jurisdictions whose companies and government officials offer and receive bribes and advantage themselves over Western counterparts, including in Russia, China, India and MENA. The most recent example is bribery allegations at FIFA. This unequal playing field puts Western companies – in the US, UK, Canada and elsewhere – at a disadvantage, when competing for business, opportunities and contracts.

This is why Western governments are seeking to put their countries and companies in the most competitive position possible. They are enforcing anti-corruption laws using long arms of justice to prosecute bribery. They are also debarring companies from government contracts who commit ethical breaches. This debarment is a powerful motivator to spur investment to internalize the costs of internal controls over integrity.

Western industry will mistakenly argue that integrity laws will disadvantage them or cost their industry jobs, but the reality is the opposite. Tough integrity laws will prevent substandard competitors from offering bribes, will disincent recipients from receiving bribes, and will strengthen Western companies who compete on the basis of price, quality and service.

Richard Leblanc is a governance consultant, lawyer, academic, speaker and advisor to leading boards of directors. He can be reached at rleblanc@boardexpert.com or followed on Twitter @drrleblanc.

When does it become unethical for a director to continue to serve?

I spoke to corporate and not-for-profit directors in Dallas, Texas, today, about board dynamics and board renewal. The subject of the length of board service and director retirement arose. I said there was a recent study that the optimal service for a director was nine years, beyond which firm value was adversely affected. Many directors serve beyond nine years. The most excessive example of long service occurred once when a director of a community bank board said, “Richard we have four directors who have been on our board for over 50 years.” I mistakenly thought that this was 50 years in total, among the four directors. But I was wrong. There were four directors who had been on the board for over 50 years, each.

Many directors hang on to directorships for far too long. I counted several directors who have been on corporate boards for 10, 15, 20 and 25 years. This blocks board renewal, up-skilling, and diversification. Incumbent directors offer reasons for staying: how they know the company, enjoy serving, etc., and are skillful at wiggling, raising the retirement age to 71, 72 and now 75 (from 69 and 70).

The academic evidence however does not support excessively long-serving directors, or directors who are serving on multiple boards (known as “over-tenured” and “over-boarded” directors, respectively). Firm value is adversely affected for over tenured directors (inverted U shape in relation to firm value); and oversight and long term performance are compromised by “consistent and convincing results” (according to Stanford researchers) for busy boards composed of over-boarded directors.

Often the most vocal directors are those who are the least relevant or most affected by renewal. When you do a proper board review, it is apparent who is performing and who is not. There is resistance to an expert third party board evaluation by underperforming directors for fear of being found out. Directors know who the non-performers are. I said to the audience this morning that every board has one (or more) underperforming or dysfunctional directors, and if you don’t know who it is on your board, then it is you.

If boards do not solve their lack of renewal, regulators will do it for them. It is already starting. Regulators in the UK, Australia, India, Hong Kong, Singapore and other countries are imposing term limits on directors of between 9 and 10 years, beyond which independence is questioned. Regulators are imposing diversity requirements on boards. In the UK, even auditors are subject to tendering every five years. Regulators read the press reports of directors serving 40 years, auditors even serving up to 100, and communicate with academics on what the empirical research findings are.

The fact of the matter is that boards, as self-policing bodies, may be incapable of solving the renewal issue on their own because of entrenchment and self-interest. And herein lies the ethical question, posed to me by a director today: “When does hanging on or digging in breach a fiduciary duty by the director to act in the company’s best interest, rather than the director’s?” When should doing what is right; putting oneself at risk; having proper succession planning; mentoring, coaching and developing the next generation of directors; and letting go gracefully and honorably, matter?

This is an integrity issue. If – or perhaps when – a director becomes irrelevant, or is destroying value, is it ethical for that director to continue? Is it ethical for the board to allow that director to continue? The problem is doing what is ethical vs. acting out of self-interest can get commingled in an under performing director’s mind, or even a founder’s mind, or even other directors’ minds (who have been captured by the entrenched director colleague), without an objective measurement. This is neither person-proofing governance, nor in the interests of the company and its shareholders.

Aggrandizing long service, referring to “god fathers,” compounds this renewal problem and wearing as a badge of honor how many boards one has served on, or does serve on. As one “godfather” recently remarked in open session at a corporate governance conference, “We did virtually no research.” Well, maybe research should be looked to more when policy is developed. Firm value and the oversight of shareholder investment are at stake.

Eventually, a director fights redundancy and relevance. A tipping point is reached if there is indefinite service. It is inevitable. No one wants to be irrelevant. If there is no policy or, better yet, no measurement of actual performance and follow up accordingly, self-interest is perpetuated and complacency is allowed to continue, by the very people who should be leading by example. Directors need to know when it is time to go. And if they do not, regulators will.

 

What boards and individual directors can learn from Toronto Mayor Rob Ford and managing conflicts of interest

What is the lesson here for boards of directors and individual directors and officers? Avoid conflicts of interest at all times, but if and when they do occur, the test is perception and process. Every board should have a conflict of interest statement that applies to officers and directors, and to a control person or significant shareholder if applicable. It should cover identification and resolving of the conflict. If you are in doubt as to whether you have a conflict, you must disclose and cannot influence or take part in a decision, transaction, arrangement or otherwise in which you: can be perceived to have an interest, direct or indirect; cannot be seen to be impartial from an outsider point of view; or receive a benefit not shared by other shareholders. If you do take part in the decision, or do not disclose the potential conflict, or attempt to influence the vote, you risk detailed legal scrutiny after the fact to show your conduct was improper and did not conform to best practice. Records of the matter should be kept, a special committee may need to be formed composed only of directors who are seen to be independent in all ways from the matter and the director or officer or shareholder with the conflict, and expert independent advice should be sought. These best practices will protect the board as well as yourself and your reputation that you acted prudently, exercised your duty of care, were transparent, and acted only in the best interest of the company and all shareholders.

Regulators turning up anti-bribery heat on corporate boards: But will practices change?

Russia is one of the most corrupt nations in the world (see a recent anti-corruption story on Russia by the New York Times). It ranks 143rd of all 182 countries on Transparency International’s corruption perception index, with a score of 2.4. Canada ranks the 10th least corrupt country in the world with a score of 8.7. New Zealand is the least corrupt country globally, ranking first with an overall score of 9.5. The US ranks 24th and the UK 16th, with scores of 7.1 and 7.8 respectively. See the “Full Table and Rankings,” where countries can be searched via the table. Lower rankings and higher scores mean the country is perceived as being less corrupt.

Prime Minister Harper visited China, India and Brazil to enhance trade with these countries, which are also some of the most corrupt nations in the world, ranking in at 95th, 75th and 73rd respectively. Libya, which involved the alleged Montreal-based SNC Lavalin bribes of some $56 million, comes in at 168. Within these countries, the governments themselves are the net beneficiaries of much of the corruption, so these politicians are far from motivated to impose reform.

Is it realistic to expect that Anglo-American nations, such as the US, UK and Canada, can impose “Western” will on the very way business is done, and has been done, in some countries for centuries? And if things will not or perhaps cannot change, should home country boards of directors be held responsible for systemic local corruption that may be beyond their control?

Regulators are taking corruption and the role of boards and senior management very seriously. The Securities and Exchange Commission and Department of Justice recently released 130 pages of guidance (see the PDF and other coverage here and here) on the Foreign Corrupt Practices Act (“FCPA”). The US has had the FCPA since 1977. Enforcement and penalties have gone up dramatically in recent years. The UK Bribery Act, from 2010, has some of the most stringent bribery laws in the world. In Canada, we have The Corruption of Foreign Officials Act (since 1999) and the recent guideline from the OSC for issuers operating in emerging markets (see the PDF).

Emerging economies are future markets for Canadian companies. The Prime Minister has a vision for Canada to be an energy supplier superpower. For this to happen, Canada will shift its trade to markets with 100s of millions or billions of consumers and much higher growth rates than our current major trade partner, the US, which could be coping with austerity due to its debt for years to come. Harper was in India last week to boost trade.

What is clear is that there is an enormous disconnect between the home country regulations now being imposed, and host country actual practices on the ground.

What should boards that have operations in emerging market jurisdictions do? Six things. First, if you are doing business in such a market, you need a director with extensive on-the-ground experience at the board table, who can tell you and management what the hotspots are. You should move a board meeting to the jurisdiction once a year so directors can get a first hand look. Second, boards must make it crystal clear to management that if the company is not going to bribe, management must walk away from certain business. And the board must support this and not have incentives that promote bribery. Third, the internal controls over financial reporting must be as strong in the emerging market as it is in the home market. Investment and resource commitments need to be made. Fourth, boards must have their own experts to scrutinize off-balance sheet and related-party transactions and complex structures; validate and assure internal controls; and provide foreign language document translation. Fifth, local auditors should have the same oversight, scrutiny, and as necessary direct contact with the audit committee that the home auditors have. Lastly, there needs to be zero tolerance by the board communicated to each employee and supplier. The UK is even banning facilitating payments, which are regarded as a “tip,” as these may be bribes in disguise.

Companies and politicians are feeling the pain, including on Canadian shores. The Wal-Mart bribery probe has widened beyond Mexico to include China, Brazil and India. The RCMP is investigating the SNC Lavalin bribery allegations, on which I advised a law firm suing the company. I blogged about Sino-Forest, a case of alleged Chinese fraud by a Canadian-listed company. In Quebec, the corruption inquiry has cost the Mayors of Montreal and Laval their jobs and this is only the beginning. There are allegations of kickbacks in cash that may reach other more senior politicians. And Ontario is not immune either. A senior Canadian director remarked that Ontario has a reputation for being “the best place to carry out a stock fraud in the industrialized world.”

Clearly, more work needs to be done. Canada’s corruption ranking on Transparency International may go down in 2012 instead of up.

Trust and integrity in corporate governance

I served on a panel this week with the CEO of a financial institution, among other panelists. We were talking about compliance with emerging governance regulations. The audience was primarily lawyers. Towards the end of the discussion, the CEO made a brief remark about the importance of trust on a board. “Trust is not in any of the regulations,” he said. Quite true. We didn’t have time to elaborate during the panel, but I want to expand on this issue by defining trust and integrity and outlining three types of governance relationships requiring trust, with examples, below.

Trust is crucial in a board environment to promote transparency and accountability. Without trust, there are gaps in oversight and information flow. Decision-making failure can result.

Trust, however, is underpinned by personal integrity. Integrity is the building block of trust.

“Integrity” has a very specific meaning in the governance context. “Integrity” means consistency between what a director says, writes and does. It means authenticity, candor, reliability, confidentiality, solidarity, and a willingness to accept personal accountability and be bound by board decisions and a director’s own role within them.

Most importantly, “integrity” means putting the interests of the organization above your own, and even putting your own reputation or that of the organization at risk in doing so. It means having the courage to take significant principled action when necessary, for the ultimate good of the company. “Integrity” also means using power appropriately and always acting in a way that withstands the harshest scrutiny. Integrity is one of the highest bars in the governance game because the opportunities for self-interest and enrichment are so plentiful.

If a manager or director has defects in integrity, in any of the above examples, others will not trust them.

There are at least three major types of trust in the governance context: (i) Board-CEO, (ii) CEO-C-Suite, and (iii) Director-Director trust.

(i)       Board-CEO trust

First, the board needs to trust the CEO to bring full disclosure and transparency into the boardroom. The CEO will not disclose fully if one or more directors do not possess integrity or the CEO does not. A CEO needs to trust a board that directors will react to candid thoughts and pre-plans in a mature, measured and confidential way. A CEO’s integrity is equally important. If a CEO is defensive, holding cards close to the vest, and selectively disclosing, a board will know this and get frustrated. Crucially, if a CEO ever holds back key information, or misleads the board, there is only one chance. The Board-CEO relationship will be permanently impaired.

I remember one meeting I observed when the CEO sat with arms folded, with a laptop (a barrier as no other directors had a laptop), and was interrupting directors, in an almost antagonistic way. My debrief with the board chair was that there was agreement among directors that they are left with a sense they are not being told everything. I developed a coaching program with the CEO based on improved board-CEO relations, proper disclosure and information flow, and improved body language and technique for board meetings. I also recommended adjusting the CEO’s compensation to include, among other factors, improved board-CEO relations. This worked in the short term, but the CEO still was not trusted by the board and was replaced.

(ii)      CEO-C-Suite trust

Second, trust is important between the CEO and C-Suite. If the CEO is not trusted by the troops, they cannot lead. The board should know what the views are of the CEO by direct reports. In a board review I undertook recently, I canvassed the views of all direct reports to the CEO, otherwise known as a “360 review.” I recommended to the independent Chair that all directors see these views. The C-Suite also had opportunity to express views on the directors and where they could improve, which was very helpful (and eye-opening) to directors. The directors had opportunity to express views on the CEO. What ultimately occurred was dissatisfaction by the C-Suite in the CEO and specifically a lack of trust. The CEO was replaced by the board soon after.

(iii)     Director-Director trust

Third, trust is also important between and among directors. Directors need to trust each other that each director will support board decisions once they occur, will respect confidentiality, will be consistent and honest in what they say and do, and will act only in the best interests of the company. If a director or chair acts out of self-interest, directors will not work as a coherent team. Issues will be avoided because of undue influence, entrenchment and self-gain.

I conducted a peer review recently (directors assessing each other) and it was apparent that one director had integrity concerns by many others. I convened a meeting with the board chair and governance committee chair. Without breaching confidence, I advised of this gap and ultimately the director who had the low integrity rankings was asked to resign.

So building an effective board takes a key step: “Integrity” is an important attribute in directors and officers and contributes to trustworthiness and “doing the right thing” in the interests of the company.

Integrity is so important that it should be recruited for, developed, and assessed. Don’t avoid assessing and having internal controls over integrity. It can be done. And if a director or manager doesn’t possess integrity, they need to go. In the words of Warren Buffet:

In looking for someone to hire, you look for three qualities: integrity, intelligence, and energy. But the most important is integrity, because if they don’t have that, the other two qualities, intelligence and energy, are going to kill you.

Recruit directors and officers with the utmost integrity and replace those who do not have it. Your board will be better for it.

SNC Lavalin and RBC in the News

If the CEO of SNC Lavalin allegedly over-rode his own CFO and breached the company’s code of ethics in authorizing $56 million of questionable payments to undisclosed agents that the federal Canadian police are now investigating, did the board of directors of SNC Lavlin have a role to play?

If the RBC (formerly Royal Bank of Canada) is alleged by a US regulator to have made “material false statements” in connection with non-arms length trades, reported in the Wall Street Journal to be “a scheme of massive proportion,” did the board of directors of RBC have a role to play?

The answer is “it depends” in these and similar cases. Speaking generally, as all allegations have yet to be proven, it is not credible to argue that boards do not have a role to play in compliance and reputational oversight. A board is the only body that has the legal authority and power to control management and designate all compliance and control systems. It alone acts or fails to act. A board is paid, handsomely paid at the senior most levels in Canada, to take all reasonable steps consistent with best practices, to ensure that it does know.

More regulation now, such as the UK Bribery Act, and the SEC Whistle-Blower Rule, are attempting to hold directors responsible and accountable for failing to direct proper anti-corruption and whistleblowing systems. The SEC rule enables employees to report wrongdoing directly to the regulator, thereby completely bypassing toxic work cultures where whistleblowing is neither independent nor anonymous. This legislation is putting the heat on boards and senior management, or at least it should be.

The Ontario Securities Commission last month released a scathing report about governance, risk management, internal control and auditing failures in companies operating in emerging markets.

In SNC Lavalin’s case, how could anomalous payments of this magnitude and internal controls be allegedly manually over-ridden, as is being reported, and would payments of this nature require explicit board or committee approval? SNC’s own internal report reveals a lack of disclosure of contracting parties and improper documentation and passwords. The board chair, Gwyn Morgan, said that the board wasn’t “able to really determine the use of those payments.” Back in 2010, federal minister Stockwell Day had signaled that certain aspects of SNC’s pricing were “absolutely unacceptable.”

The former CEO, Pierre Duhaime, is receiving almost $5 million dollars. A portion of this is stock options awarded before an independent review was completed, as is reported in the press. Basel includes (at page 38 of this report) a malus scheme whereby vesting occurs only if there is no breach of the code of conduct. Boards may wish to consider comprehensive – and independently drafted – malus or clawback clauses that include similar provisions.

It may be highly unlikely for fraud, bribery or ethical breaches to occur in a vacuum. Employees may have knowledge. The 2011 National Business Ethics Survey reveals that those who reported bad behavior they saw reached a record high of 65% and retaliation against employee whistleblowers rose sharply to more than one in five employees. The Conference Board’s Directors Notes, in “Lessons for Boards from Corporate Governance Failures” (see the PDF at page 3), reveals defects in whistleblowing systems that include lack of anonymity, lack of independence, lack of communication and training, lack of incentive, and lack of a proper investigation. These defects are exactly what the SEC rule is designed to address. As Chairwoman Schapiro has argued, “I find that many of the business ethics problems severe enough to be investigated by us are the result less of individual greed than of individuals succumbing to pressure from their peers.”

Whistle-blowing defects may be faults of a board. If a board is getting its information only from management, this is a red flag. Management may not even possess accurate knowledge, as we see in cybercrime. Independent assurance over anti-fraud and whistle-blowing procedures must occur for any prudent board. And “independence” does not mean the company auditor or legal counsel who assess their own or their firm’s work, nor any firm who does, has done, or seeks to do work for company management. Any assurance provider in this area could likely recommend action adverse to incumbent management or service providers.

Directors and boards themselves also need to step up. This includes international directors, moving board meetings to emerging markets, understanding corrupt business practices, structured deep engagement by directors, receiving third party assurance and disconfirming information (including culture surveys), and using alerts and social media.  See “What Better Directors Do,” by NACD Directorship.

Both SNC Lavalin and RBC received governance recognition and were among the top twenty-five companies in the Globe and Mail’s Board Games for 2011. SNC Lavalin was the 2007 award winner from the Canadian Coalition for Good Governance.

The question therefore, is, could occurrences such as these happen on other boards of directors? If you are a director on a board and cannot reasonably answer “no,” to this question, perhaps you should consider some of the above recommendations.

Defective Penn State Governance: What Corporations Can Teach Universities

“As the graduate assistant put the sneakers in the locker, he looked into the shower. He saw a naked boy, Victim 2, whose age he estimated to be ten years old, with his hands up against the wall, being subjected to anal intercourse by a naked Sandusky. … The graduate assistant left immediately, distraught.”

I apologize to all readers for quoting this alleged abhorrently heinous criminal conduct from the Grand Jury report to what is reputed to be several young boys.

Universities are historic institutions, steeped in tradition. Many however have sorely outdated governance practices. Penn State is a good example. What can we learn?

Penn State prides itself on not changing the size or composition of its board since 1951. What this means is that the entire organization is not keeping up with the times.

Thirty-two directors is not a board: it is a theatre. A board this large means management dominates and decisions are made in advance rather than at the table.

The board of trustees should immediately disestablish the Executive Committee chaired by the President. An executive committee means a “real” board where management controls rather than the board and its committees.

The board size should be reduced to half: sixteen directors maximum and preferably fewer. Multi national corporations have fewer directors.

The university president, or any other member of management, should have no influence whatsoever into director selection.

Penn State does not even have an audit or risk committee. What good board does not have an audit committee? The audit/risk committee should oversee conduct and compliance reporting. Where is this obligation overseen by a committee of the Penn State board, I wonder? No committee charters are available, which is another red flag.

A nominating and governance committee should also be established. So should a human resource committee. It is remarkable that audit, nominating or HR committees do not exist and this again suggests undue influence by management who does not want this oversight.

Penn State’s governance statements are verbose, pompous, self serving and ineffective, as are those of many colleges and universities, deliberately so and written by management who write for a living. Key governance documents are missing, such as the competencies and skills of each director linked to their responsibilities; the code of conduct; compliance procedures for the code; whistle-blowing provisions; a position description for the president; and position descriptions for the board and committee chairs.

These are now requirements for publicly listed companies all over the world and leading not-for-profit institutions. Is Penn State or are other universities immune from such best practices?

If these governance and ethics oversight practices exist, they should be documented and accessible on Penn State’s website. That they are not leads me to believe they are ineffective or non-existent. (Note: the Penn State website appears to have changed slightly as of Sunday, November 13, 2011, to include backgrounds of 32 (was 35) directors.)

Next, more to the alleged sexual assaults on campus property by football coach Sandusky.

There needs to be greater rotation and succession planning at many universities and Penn State is no exception. The same director, employee, coach, dean, or otherwise at the helm for 20-30+ years – regardless of performance or money or donations being attracted – is wrong governance. Joseph Paterno was coach for 45 years and is 85 years old.

Inadequate succession planning like this would never fly in public companies, where CEO tenure is 4-5 years and good board tenure is 9. People don’t have time to get comfortable and start capturing people but need to do their job. On boards, retirement age is 72+ and good tenure is 9. In professional service firms, it is even earlier, from late 50s to early 60s to make way for the next generation of leaders.

No one is irreplaceable or larger than an institution. Incumbents create power and fiefdoms, currying favors – such as free sports tickets and equipment to young boys (as was alleged) – or protecting colleagues (also being alleged) – where they become so dominant they cannot be resisted, within pockets of toxic culture and risk – with management and even boards of trustees acquiescing instead of governing.

All allegations have yet to be proven, but if true this is likely what happened here: People become afraid to speak. If they speak, they will suffer enormous reprisals, even loss of their jobs or banishment. The board is at fault if this is the case as a result of a flawed structure (see above) and decisions it took or did not take.

At least half of the Penn State board should be businesspeople with clout. The board should have the same transparent recruitment that companies how have, with directors who are independent, have run businesses and can tell colleges who are behind the times, or who resist reform, that this is what has to happen. Having alumni, the governor, or even agricultural societies (likely a historical artifact) appoint or elect directors does not necessarily result in competent directors being at the table or staffing key committees. There needs to be a greater link – clear and transparent – between directors, their skills, and what is required to govern. The days of ceremonial appointments should be over. Clearly they are not.

Next, all colleges should have whistle-blowing procedures at the same level or above as companies are now obliged to do. This puts the heat under management to have proper procedures, as employees can go directly to an external ombudsperson or the regulator to get protection.

A code of conduct should be developed by all colleges and universities, as is the case for any leading organization. It should be signed off on by each and every trustee, employee and key supplier and be a condition of serving and employment, including for the president. Code compliance should be part of the president’s contract. Everyone has to sign that they do not know of any wrongdoing, directly or indirectly, anywhere on campus, every year. The sign-off statement should include obligations on how to report, protection mechanisms, and assurances of a proper independent investigation.

All code compliance should be reported directly to the audit committee of the Penn State board (note: non-existent at Penn State), and independently assured. The code must include conflicts of interest statements, treatment of assets, fair dealing and harassment. Training and education should also occur, for each employee. The code should be paramount and override defensive union agreements or guises of academic freedom.

Lastly, Penn State’s internal audit charter – if it exits – should be available on its website. The design and effectiveness of internal controls, including approvals, access to restricted rooms, campus security and lighting, keys, locks, areas of vulnerability, and potential for override – most of which were likely deficient in this case – should be reported directly to and overseen by the audit committee.  The audit committee should be able to insist upon independent assurance for any risk, based on the audit report. Good audit committees know and do all this. They direct the president, CFO and finance and risk personnel to comply with best practices.

Why would Penn State management do all this, under this resistance? Simple. The board tells them to. Or they get fired. This is why a strong board is so essential. The tone at the top starts – and stops – with the board. Sandusky is not a rogue any more than a rogue trader is at a bank. He is operating within a defective system, put in place by defective management and overseen by a defective board.

Conclusion: Reform to collegiate governance

Educational institutions are complex organizations, with interdependent stakeholders and many moving parts. They are sometimes more complex to run than a large company. In the vast majority of cases, they are staffed by committed and well-meaning people. They are however, hard to manage and especially difficult to govern, given defensive unions, historic tradition and tenured, specialized academics and staff. They are however taxpayer-funded entities from which leadership and accountability are expected. Indeed, they are supposed to set the example and practice what they teach.

It is very important that governance standards and practices be current and not myopic, and this is why colleges need strong, proper, effective independent boards to counteract resistance, have the clout to direct management and staff, and impose proper governance, risk management and internal controls are is being done for public companies.

Here, Penn State, and perhaps many other universities have much to learn.

Back to top