Now that oversight of the entity’s “culture” has reached the boardroom, where do you start if culture hasn’t really been on the radar? As you might know, for example, whereas the new COSO ERM framework lists culture and governance at step one, it doesn’t go into too much detail or guidance about what these might include, but leaves it for every organization to decide for itself what enterprise risk management will involve and include in these and other areas and steps. If the organization’s culture really hasn’t been on the radar, I suggest that you consider or start with the employee handbook and policies, and the code(s) of conduct – evaluate whether those are currently sufficient or need updating, and then run through the ERM process for the conduct described or listed. Of further interest, below I have pasted snapshots of a current NACD website page discussing culture (and that you can obtain a NACD discussion paper online), a summary of a possibly ERM process (significantly based on the new COSO ERM framework), some additional governance, ERM and audit committee items, and a link to a new Norman Marks discussion “Do we understand what a Risk Event is?
Thanks for reading, and best to you. David Tate, Esq., Royse Law Firm (Menlo Park, California, office) – I have also posted this discussion to http://lawriskgov.com.
Norman Marks “Do we understand what a Risk Event is: https://wordpress.com/read/feeds/254243/posts/1658495448
The Business Judgment Rule
In summary, as a general principle the business judgment rule provides that a director should undertake his or her duties:
-In good faith, with honesty and without self-dealing, conflict or improper personal benefit;
-In a manner that the director reasonably believes to be in the best interests of the corporation and its shareholders; and
-With the care, including reasonable inquiry, that an ordinarily prudent person in a like position with like expertise would use under similar circumstances. The rule itself doesn’t require a particular level of expertise, knowledge or understanding; however, as you might be aware, public company audit committee members do have such a requirement, and you can at least argue that, depending on the facts and circumstances, a board or committee member should have or should obtain a certain unspecified level of knowledge or understanding to be sufficiently prepared to ask questions, evaluate information provided, and make decisions.
Reliance Upon Other People Under the Business Judgment Rule
In the course and scope of performing his or her duties, a director must necessarily obtain information from and rely upon other people. An independent director is not involved in the day-to-day operations of the business. The director provides an oversight function. Pursuant to the business judgment rule, a director is entitled to rely on information, opinions, reports or statements, including financial statements and other financial data, prepared or presented by any of the following:
-Officers or employees of the corporation whom the director reasonably believes to be reliable and competent in the relevant matters;
-Legal counsel, independent accountants or other persons as to matters that the director reasonably believes are within the person’s professional or expert competence; or
-A committee of the board on which the director does not serve, as to matters within that committee’s designated authority, so long as the director acts in good faith, after reasonable inquiry as warranted by the circumstances, and without knowledge that would cause reliance to be unwarranted.
That’s it for now. Thanks for reading. David Tate, Esq., Royse Law Firm, Menlo Park office, with offices in the San Francisco Bay Area and Los Angeles