Corporate boards are deepening their involvement in company strategy and refining their oversight of the critical risks facing the company, according to a recent global survey from KPMG.
“Local and global volatility that we’re seeing—swings in commodity prices, uncertainty in geopolitical hotspots and currencies, a decelerating China, technology innovation, and disruptive business models—are clearly causing boards to sharpen their focus on strategy and risk,” said Jeyapriya Partiban, KPMG in Bahrain.
“The competitive landscape and risk environment demand it, investors increasingly expect it, and bringing value to the boardroom dialogue requires it,” she added.
Fifty-three percent of the directors and executives surveyed globally said their board has increased its involvement in the formulation of strategy alternatives, and 61 percent said the board has sharpened its focus on improving risk-related information. “Rather than an annual decision by management and the board, strategy is becoming an ongoing discussion, with continual assessment, evaluation, and adjustment as conditions change.” Partiban continued.
The survey responses—from more than 1,000 directors and senior executives in 28 countries— suggest that while many boards are deepening their involvement in strategy and risk, significant challenges remain, including linking strategy and risk, and addressing growing cyber security risks.
Among the key findings:
•Boards continue to deepen their involvement in strategy—including execution. Some 80 percent of survey respondents said the board has deepened its involvement over the past 2 to 3 years—in the formulation of strategy and consideration of strategic alternatives, monitoring execution, devoting more time to technology issues (including cyber security), and recalibrating strategy as needed.
•Effectively linking strategy and risk continues to elude many boards. Only half of survey respondents are satisfied that strategy and risk are effectively linked in the boardroom discussions. Risk-related decisions, many said, would be most improved by more closely linking strategy and risk, as well as having a more-clearly defined risk appetite, better assessment of risk culture, and giving greater consideration to the “upside of risk taking” (versus risk avoidance).
•Better risk information and access to expertise are (still) top of mind. Many boards have recently taken steps—or at least discussed ways—to strengthen their oversight of risk, mainly by improving risk-related information flowing to the board, but also by hearing more independent views and refreshing the board/recruiting expertise, coordinating (and reallocating) risk oversight responsibilities among the board’s committees, and/or changing the board’s committee structure.
•Cyber security may require deeper expertise, more attention from the full board, and potentially a new committee. Greater use of third-party expertise and deeper technology expertise on the board would most improve the board’s oversight of cyber security, survey respondents said. Nearly one in three respondents said cyber security needs to have more time on the full board’s agenda, and a quarter said formation of a new committee to address technology/cyber risks would be beneficial.
•Oversight of key strategic and operational risks could be more-effectively communicated among the board and its committees. Nearly half of survey respondents cite room to improve the communication and coordination among the full board and its committees on oversight of the company’s key strategic and operational risks—e.g., strategy, CEO succession, talent, regulatory compliance, cyber security and emerging technologies, and supply chain issues.