Most CFOs aren’t members of their companies’ boards, but they might as well be. They attend the greater portion of most board meetings and are asked for a lot of input. But are they always fully prepared? After all, a new hot item may pique a board’s interest at any time.
“If you’re caught flat-footed on whatever the current topic is, you look pretty stupid,” says Ellen Richstone, a former CFO, a longtime member of multiple boards, and current board member for the New England chapter of the National Association of Corporate Directors. “Looking back at my own time as a CFO, there were occasions when I should have known more about what the board was discussing.”
At almost any point in time, a board’s agenda most likely will include strategic planning and oversight, financial reporting, and corporate performance evaluation. Increasingly in recent years, the standard short list has grown to encompass risk oversight, compliance, globalization, and technology issues. But what, more specifically, is likely to be on the table in 2013? We talked to several experts, including Richstone, to find out what they think.
The Securities and Exchange Commission’s new regulations regarding “conflict minerals” are just one of the 398 rulemakings required by the Dodd-Frank Act (and one of 136 that have been finalized). But they promise to be prominent in boardroom discussions this year and perhaps next.
The SEC estimates that about 6,000 U.S. public companies will be subject to heavy new compliance requirements. Any company that sells products containing gold, tantalum, tin, or tungsten, or uses those substances in making products, must publicly report on the metals’ movement through the supply chain. The purpose is to determine whether the metals were mined in the Democratic Republic of Congo and surrounding countries, where warring parties have been looting mines for years and selling those substances in the global market to fund their violent activities.
The reporting requirement begins in May 2014, but companies’ initial reports must cover calendar-year 2013 supply-chain activities. Reports containing false or misleading statements could expose CFOs to liability under securities laws.
Most public companies in the aerospace, automotive, construction, electronics, industrial equipment and tools, jewelry, and medical-equipment industries will be subject to the rules. Privately held businesses could be at risk if they supply products to public companies. In the aggregate, companies will spend several billion dollars to comply with the regulations, says Dennis Whalen, executive director of KPMG’s Audit Committee Institute.
“It’s going to be an awful lot of work for companies,” says Richstone, noting that the matter did not get on many boards’ radar screens until fairly recently. At a board meeting where she first heard about it, she recalls, “we all sat there with our mouths hanging open, saying, ‘Is this for real?’”
Memo to CFOs: get ready to scour your supply chains. (For more on the new rules, see “Sources of Misery,” CFO, July/August 2011.)
To hear cloud-software vendors tell it, concerns over data security have waned. But, says Richstone, the topic has been featured at every board meeting she has attended in the past year. In fact, in a recent survey by Corporate Board Member and FTI Consulting, 48% of directors rated data security as a “major concern,” almost double the level found in a similar study four years earlier.
Directors in the survey were concerned that a security breach could profoundly damage a company’s business and reputation, and that Congress may enact laws for how companies should protect their data.
About the latter, says Francine Friedman, an attorney focused on public-policy issues with Akin Gump Strauss Hauer & Feld, many businesses say Congress should leave cyber security to them. “They can respond more quickly to the next type of cyber threat,” Friedman says. “It takes Congress so long to get anything done. Whatever they were to pass would most likely be obsolete by the time it’s implemented.”
Several lobbying initiatives funded by corporations are under way in Washington over the issue, most notably one spearheaded by the Direct Marketing Association, notes Friedman.
Spurred by board interest, Friedman says, “CFOs should look at what message their company is sending to consumers about protection of their information, and how it impacts the bottom line. And they should do a cost-benefit analysis: What kinds of protections are we paying for, and how secure do various types of data have to be? Is it worth it to have encryption over encryption over encryption?” Protecting e-mail addresses and passwords is crucial, phone numbers less so, and names lesser still, she says. (For more on data security, see “Unto the Data Breach,” CFO, October 2012.)
Social Media: It Giveth, It Taketh
Boards are sure to be debating both the pros and cons of social media. As to the pros, consultancy McKinsey recently estimated that social technologies could create at least $900 billion in value annually — and yet, only 3% of companies currently derive substantial benefits from them across all stakeholders, including customers, employees, and business partners.
“I am in general agreement with the proposition that companies are not getting great ROI on their social-media investments,” says Ronald McCray, a former executive with Kimberly-Clark and Nike who is now on three corporate boards. But there are some interesting exceptions, he adds, like Nike, which lets runners put a chip in their shoes that records speed and distance, load the information into a computer, and network with runners worldwide on a Nike social-media platform. (For more on social media and ROI, see our January/February 2012 cover story, “Who’s Out There?”)
As to the cons of social media, boards will be attuned to the potential for news that portrays the company in a poor light to spread virally — and not only that which originates externally. “What’s happening now, quite a lot, is that the CEO, for example, learns how to use Twitter, and he thinks it’s a great thing, and a lot of the employees follow right along,” says Fred Foulkes, a professor at the Boston University School of Management and another longtime member of corporate boards. “Suddenly someone is sending a Tweet about inside information, like a possible big order from a potential new customer.”
Boards, CEOs, and CFOs will be cooperating more to identify social-media-related risks and options for mitigating them and responding to bad news or attacks that go viral, Richstone says.
BRIC by BRIC
Globalization suggests a boiling cauldron of issues for boards and senior management alike: strategic risks, market entry, local competition, local cultures, exposure to new political and economic environments, operational risks, IP protection, finding and deploying talent, the complexity of managing an extended organization, and compliance hot spots.
“The ante is moving up,” Richstone says. That is partly because global sights are being more narrowly trained on the BRIC (Brazil, Russia, India, and China) countries, with their vast areas, populations, and poverty. And it is partly because of the recent strong step-up in enforcement of the Foreign Corrupt Practices Act, as well as the enactment of FCPA-like laws in many other countries.
“For the last 12 months, boards have been getting more and more [global] inputs from trusted advisers, putting more people on the streets, and doing more government evaluations,” says Richstone. “CFOs have got to be in front of those issues.”
KPMG’s Whalen adds that while boards understand how the company they oversee functions at headquarters and major domestic locations, “they’re trying to get a sense through their interactions with CFOs and others as to the culture in China or Russia or Brazil.”
At the same time, boards may be looking to do some retrenchment with regard to the outsourcing of processes to other countries. “I can’t say how much attention it will get overall, but I and some other directors are thinking about it,” says Ronald McCray.
Factors including the state of the U.S. economy, unemployment levels, technology advances, and, in some cases, higher quality levels available in the United States are all converging to make boards and company executives consider bringing back some of what was offshored. That suggests an important role for CFOs in terms of cost modeling — but more than that. Says McCray, “A strategic CFO is, for example, going to ask questions like, ‘Would our customers prefer American customer-service reps?’ That’s not about cost.”
There are many reasons why CFOs may be more focused on compliance in 2013, and one of them is that boards will be looking to limit the time they focus on the subject.
With the new conflict-minerals requirement, many more Dodd-Frank rulemakings expected to be finalized this year, and the FCPA, boards likely will be talking about how they can exercise proper compliance oversight but stay out of the weeds.
“A priority for boards will be not getting so diverted on compliance that they don’t spend enough time making sure the company has a solid strategy and the best executive team to implement it,” says Foulkes. “So compliance will be falling even more into the purview of the CFO.”
Whalen says many boards urgently want to get back to corporate strategy after years of focusing on Sarbanes-Oxley, the recession, and Dodd-Frank. “Boards were down in the weeds,” he says. “They still have to be involved in compliance. But if the company is, say, going into China for the first time, they also have to make sure at a very high level that the company has the resources to be successful there and is leveraging the right advisers so that they don’t find themselves in two years with a big China problem.”
Still, boards are also looking to free up part of the time internal auditors have been spending on compliance activities for the past decade. “We’re seeing internal audit teams being more involved in strategy rather than just financial controls and compliance,” Whalen says. “There’s a view that internal audit should be a resource that can help audit committees and boards fulfill their responsibilities.”
Same Old, with a Twist
Boards, says Whalen, increasingly are asking audit committees and finance chiefs to present a 1-page treatment of hot issues, and not just a 20-page PowerPoint presentation. Board members want to understand the thought process leading to decisions on things like valuing investments, measuring credit losses, and evaluating goodwill impairments. And they want to understand alternatives to the course management chose — to know, says Whalen, “if you moved one of your factors a point, would it have impaired hundreds of millions of dollars?”