Program Oversight and Management

Printer Friendly, PDF & Email

APPENDIX 3-O: Web Conference Q&A: Not Your Father’s Board Training

The following Q&A responds to questions received during Donna Boehme’s EthicsPoint webinar (and by email) “Not Your Father’s Board Training: What Today’s Boards Need to Know About Ethics and Compliance,” on February 18th 2010. Nothing in this Q&A is intended to constitute legal advice. The webinar slides may be found in the previous appendix.



How fully do these governance challenges apply to non-profit boards?

Nonprofit boards are just as susceptible to stakeholder expectations for firm oversight over compliance and ethics. Some of the factors we mentioned in the webinar, such as SOX, refer to public companies, but many others such as the FSG refer to organizations, public or private, for profit or nonprofit. In addition, trust, the license to operate and reputation for nonprofits is an enormous asset and responsibility for their boards- witness ACORN, Covenant House, or any other charity that has run into serious problems. Many nonprofit boards lack the focus and rigor required for board members to understand and fulfill their oversight responsibilities, and similarly any formal programs for compliance and ethics- an untenable condition in today’s environment.

You mentioned one pending change to the FSG. Can you highlight other changes?

Other changes to Ch 8 (organizations) include a confusing highlight of document retention policies (in our view, not a silver bullet), and what companies should do as soon as they discover potential wrongdoing to qualify for leniency under the FSG, including consideration of a corporate monitor and prompt disclosure to authorities. There is a good article summarizing the proposed FSG amendments in which I am quoted on the CS website at under “In the Media.”

When you refer to the “board”, is it okay to give reports/ training to a committee of the board rather than the whole board?

Yes and no. The FSG and other guidances/regulations contemplate that oversight may be conducted by an independent committee of the board such as the Audit or Ethics Committee. For C&E reporting in large companies, independent committee oversight is the norm. (It is then the responsibility of the committee to keep the full board informed, which is a governance matter). However, certain training should be given to the entire board, such as role and responsibilities, code of conduct and potential risks created by the board. I recommend that the full Board receive at least one annual training so that they understand their role, risks, the code & the context and significance of the independent committee’s remit. Also important, in the event there are problems, the full board needs to be on the same page and have discussed how they will approach/resolve a major C&E issue.

What other non-helpline metrics can you suggest?

It will always vary by company, but the rule of thumb is to identify metrics that would be meaningful to the Board’s understanding of program progress and effectiveness. For instance, if the CECO has been successful in embedding c&e action items into the business operations (a best practice), then monitoring and measuring progress against these goals can be a very useful metric. Employee surveys are also useful, especially if the CECO has mastered the art and science as to how the questions are worded and how the surveys are administered in order for the results to be meaningful. When I work with clients, one of the goals is to identify these metrics early on in the process so that a baseline can be set and measured against.

Do you have a rough estimate (percent) of companies that have a separate ethics department from the compliance department?

There have been various surveys conducted over the years. In my view the best practice is an integration of ethics and compliance- neither can operate in a vacuum. There are many potential structures for doing this.

Can you give an example of some metrics that were deemed meaningful to certain boards?

See answer above. In addition, when looking at helplines, it is useful to understand more than just raw number of calls. Results such as process improvements and disciplinary action are useful.

Do you have an example of a dashboard/report card that you can share?

I may have something I have presented at conferences that I could post on my website- will check. It’s obviously fit to purpose for companies based on risk profile, industry, company structure, program stage etc.

Do we have to worry the board of the details which could be later be discovered in external audits/investigations?

This is a bit like the question of whether people should avoid risk assessments because if they find a risk then they might be on the hook for addressing it. Depending on circumstances, some Board briefings are privileged (such as when a report is in preparation of litigation). But under normal circumstances Board briefings (not just c&e) are subject to discovery. Finance, audit, security, environmental have always brought important data to the Board and it is at the heart of the Board’s role to review and evaluate the data, ask hard questions. The focus should be: 1) what does the board need to know in order to effectively discharge its oversight responsibility for compliance and ethics and 2) what does the Board do with the information? Would the Siemens board have been better off avoiding the details of corruption that were rampant in the company? At the end of the day, the Board will be responsible for what they knew or should have known. Hiding their heads in the sand is no longer a successful defense for either Boards or management.

How do you convey the board’s need to know about the company without rushing them into getting involved in actual management of the company?

Caremark and Stone have confirmed that directors are not required to “ferret out” wrongdoing absent red flags. At the same time, Stone emphasized that directors need sufficient information to conduct their oversight duties. After Stone, directors should consider expanding the type of information they receive- helpline stats alone clearly do not deliver what is needed for directors to be “knowledgeable” about the content and operation of their programs. CECOs must deliver a careful balance of necessary information, statistical & anecdotal, backing up the CECO’s opinion about risk, gaps, and program status and effectiveness. It’s useful to have a resolution escalating any alleged wrongdoing by senior management to Board attention (since those are the folks who most need oversight) and other areas which would be “red flags” that boards need to see. The content of those board resolutions can set forth the rule of thumb for what board needs to see. An experienced CECO will deliberate over board reports to maintain the careful balance you raise. The Corporate Secretary can sometimes be a good resource to discuss the content of Board reports in this area, but the CECO needs to make some independent judgments, without interference or pressure, about what the Board needs to know to exercise its oversight.

Who should conduct Board training- should we bring in an outside expert?

A few thoughts on this. First all Boards are unique and training needs to fit the need. If the CECO is strong and knowledgeable, with sufficient clout and standing within the company, she is probably in the best position to deliver focused, relevant Board training. For other Boards, an outside expert (perhaps working with the CECO to make it relevant) might be the right fit. The old (your father’s) Board training model conducted by a law firm partner (always happy to take your money and entry to the board) who bloviates about Enron/Worldcom, mile-high compliance discussion, scary big fines, is less effective than an experienced compliance and ethics professional who can give the board a much more relevant, balanced grounding in the basic issues and a ‘view from the trenches’. In many cases, an outside expert can help create the dialogue and get the Board’s attention, followed by ongoing periodic c&e reports from the CECO.

My updates to the Board are often “watered down” by the General Counsel. What do you suggest I do?

One reason I conducted this webinar is to give CECOs some ammunition to review with the PTB in their companies regarding Board training and direct, unfiltered access to the Board. The weight of the FSG, case law and other guidance is firmly on the CECO side of this argument. The fact that in the current proposed FSG amendments, one specific question asked by the Sentencing Commission on unfiltered access by the CECO shows that the tide is turning. As we discussed, the line CECOs need to draw is between filtering and accuracy. When I was in-house as a CECO, my rule was that C&E would discuss any factual inaccuracy (including work with the businesses to make changes that would “yield” different factual description in the final report- often a productive exercise if handled correctly), but that we would not change my opinion unless driven by the facts. The CECO is the SME of the program should be empowered to issue such opinion without undue pressure or concern about retaliation. But then, that’s a whole ‘nother topic for another day!

This document is only available to subscribers. Please log in or purchase access.