More on Culture/NACD, and Risk Management

I did some weekend reading. The following are two items of interest.

New NACD Report on Culture

The following is a link to the page for the NACD Commission Report on Culture as a Corporate Asset – the complimentary material (28 pages) is worthwhile reading if you are not a NACD member: https://www.nacdonline.org/Resources/Article.cfm?ItemNumber=48256

Of course, the NACD culture report doesn’t carry with it any force of law or requirement, and, although the report is fairly specific while at the same time also vague in that it often refers to comments by commission members who are unnamed, the report is significant because it is provided and supported by a leading board director organization as an indicator that entity culture is an important area for board oversight.

New Post by Norman Marks About Risk Management

And from part of a blog post by Norman Marks about risk management, which you can see at the following link  https://normanmarks.wordpress.com/2017/10/14/is-it-about-managing-risk/

” . . . board should be asking these questions:

  • How likely are we to achieve our objectives?
  • If the likelihood is less than acceptable, why? What can we do about it?
  • If there is a possibility of exceeding our objective, what can and should we do?
  • What assurance do we have that management is taking the right risks, making intelligent and informed decisions?
  • Are there any risks that we should be concerned about, that merit our attention and possibly our action?”
Advertisements

Discussions About The New COSO ERM Framework And Related Topics

By: David Tate, Esq., Royse Law Firm, Northern and Southern California (Silicon Valley/Menlo Park Office) http://rroyselaw.com/

I have pasted below four links in which the authors discuss enterprise risk management (ERM) and risk management, the new COSO ERM framework, and some aspects of internal audit.

I appreciate what the authors are discussing; however, my preference would have been to have more defined tasks or requirements in the new COSO ERM framework (I use the word “requirements” broadly because generally there is no mandated risk management framework that must be followed, although for some industries and businesses there are some risk management requirements that are mandated by law and which must be followed).

It is clear that whatever risk management framework or process a business uses will remain largely discretionary based on the business judgment of management and the board, and that in fact might be better for possible liability purposes; however, it is my belief that people and businesses usually will implement policies or processes or procedures (other than, for example, for how to design, develop and manufacturer a product or service that they provide) if they are required to follow or adopt certain specific requirements by law, statute, regulation, or rule, or perhaps as required by the expectations of the community or stakeholders. That having been said, we are where we are on this. And it is now also generally accepted (and in some instances mandated) that a business will adopt and implement risk management, the board will oversee risk management, sometimes audit committees and/or risk committees are required to be involved in or oversee risk management, and in some businesses the board will delegate risk management oversight to a committee of the board, to the extent that risk oversight can be delegated (I would maintain that the board still must oversee risk management with the help of the committee and that the board cannot delegate its overall responsibility to oversee risk management).

In my view, the components and principles outlined in the new COSO ERM framework are essentially only broad in nature, which allows for each business to decide how to design and implement, etc., enterprise risk management based on the business judgment of management and the board of that particular business, in light of the business’ mission, core values, business objectives, strategies, and views and evaluations of related risks.

Let me also say this, I do appreciate that the first of the five core components in the new COSO ERM framework is Governance and Culture, and that the fifth of the five components is Information, Communication, and Reporting which also includes principle 19 (Communicates Risk Information) and principle 20 (Reports on Risk, Culture, and Performance). I believe that including governance, culture, communication and reporting (if they are adopted – remember, no specific framework is mandated) will help to move ERM and risk management to a more visible position. And, it is my belief, based on recent business, nonprofit, and governmental entity shortcomings and failures, that governance, culture, communication and reporting need to be moved more front and center. In fact, COSO listed governance and culture as the first of the five core components because governance and culture can be central to the entirety of the entity’s ERM.

The following are the links to the four enterprise risk management, etc., discussions that I mentioned at the beginning of this post, and below those links I have copied and pasted from my September 7, 2017, post in which I discussed the new COSO ERM framework and which you can also read at http://wp.me/p75iWX-aQ 

The following are the links to the four additional discussions:

https://wordpress.com/read/feeds/254243/posts/1619082863

https://iaonline.theiia.org/2017/Pages/COSO-ERM-Getting-Risk-Management-Right.aspx

https://normanmarks.wordpress.com/2017/09/29/should-you-adopt-the-updated-coso-erm-framework-my-assessment/

https://www.protiviti.com/US-en/insights/bulletin-vol6-issue8?utm_medium=social&utm_source=ProSocial

COSO ERM Framework – Enterprise Risk Management – Integrating with Strategy and Performance (five components, and twenty principles)

I.  Governance and Culture Component:

Supporting Principles:

  1. Exercises Board Risk Oversight
  2. Establishes Operating Structures
  3. Defines Desired Culture
  4. Demonstrates Commitment to Core Values
  5. Attracts, Develops, and Retains Capable Individuals

II.  Strategy and Objective-Setting Component:

  1. Analyzes Business Context
  2. Defines Risk Appetite
  3. Evaluates Alternative Strategies
  4. Formulates Business Objectives

III.  Performance Component:

  1. Identifies Risk
  2. Assesses Severity of Risk
  3. Prioritizes Risks
  4. Implements Risk Responses
  5. Develops Portfolio View

IV.  Review and Revision Component:

  1. Assesses Substantial Change
  2. Reviews Risk and Performance
  3. Pursues Improvement in Enterprise Risk Management

V.  Information, Communication, and Reporting Component:

  1. Leverages Information and Technology
  2. Communicates Risk Information
  3. Reports on Risk, Culture, and Performance

Enterprise Risk Management (ERM) and internal controls work together and should complement each other. The following is the broad outline of the COSO 2013 Internal Control Framework.

Sarbanes-Oxley section 404 requires public company management and its external auditors to attest to the design and operating effectiveness of a company’s internal control over external financial reporting. Internal controls should also be designed and implemented for private company, nonprofit and governmental entities.

COSO 2013 Internal Control Framework – 5 Components, and 17 Principles

1.  Control Environment Component:

Mandatory Principles

  1. Demonstrate commitment to integrity and ethical values.
  2. Board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
  3. Management establishes, with board oversight, structures and reporting lines and appropriate authorities and responsibilities in the pursuit of objectives.
  4. Demonstrate commitment to attract, develop and retain competent individuals in alignment with objectives.
  5. Hold individuals accountable for their internal control responsibilities in the pursuit of objectives.

2.  Risk Assessment Component:

Mandatory Principles

  1. Specify objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
  2. Identify risks to the achievement of its objectives across the entity and analyze risks as a basis for determining how the risks should be managed.
  3. Consider the potential for fraud in assessing risks to the achievement of objectives.
  4. Identify and assess changes that could significantly impact the system of internal control.

3.  Control Activities Component:

Mandatory Principles

  1. Select and develop control activities that contribute to the mitigation of risks to the achievement of objectives and acceptable levels.
  2. Select and develop general control activities over technology to support the achievement of objectives.
  3. Deploy control activities through policies that establish what is expected and procedures that put policies into action.

4.  Information & Communication Component:

Mandatory Principles

  1. Obtain or generate and use relevant, quality information to support the functioning of internal control.
  2. Internally communicate information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
  3. Communicate with external parties regarding matters affecting the functioning of internal control.

5.  Monitoring Activities Component:

Mandatory Principles

  1. Select, develop and perform ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
  2. Evaluate and communicate internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

The Business Judgment Rule

The business judgment rule also is relevant on these topics (from Tate’s Excellent Audit Committee Guide). The business judgment rule provides a director with a defense to personal liability, holding that as a general principle of law, a director, including a director who serves as a member of a board committee, who satisfies the business judgment rule has satisfied his or her duties. Thus, the business judgment rule provides one standard of care, although other standards may very well also apply to specific tasks and responsibilities. The business judgment rule provides a very good overall approach for directors and audit committee members to follow, although the rule itself is lacking in specific detail. In some states the business judgment rule is codified by statute while in other states the rule is established by case law (see, i.e., Cal. Corp. Code §309 for California corporations, Del. Gen. Corp. Law §141 for Delaware corporations, in addition to relevant case law). The rule also applies to directors as board committee members.

The Business Judgment Rule

In summary, as a general principle the business judgment rule provides that a director should undertake his or her duties:

-In good faith, with honesty and without self-dealing, conflict or improper personal benefit;

-In a manner that the director reasonably believes to be in the best interests of the corporation and its shareholders; and

-With the care, including reasonable inquiry, that an ordinarily prudent person in a like position with like expertise would use under similar circumstances. The rule itself doesn’t require a particular level of expertise, knowledge or understanding; however, as you might be aware, public company audit committee members do have such a requirement, and you can at least argue that, depending on the facts and circumstances, a board or committee member should have or should obtain a certain unspecified level of knowledge or understanding to be sufficiently prepared to ask questions, evaluate information provided, and make decisions.

Reliance Upon Other People Under the Business Judgment Rule

In the course and scope of performing his or her duties, a director must necessarily obtain information from and rely upon other people. An independent director is not involved in the day-to-day operations of the business. The director provides an oversight function. Pursuant to the business judgment rule, a director is entitled to rely on information, opinions, reports or statements, including financial statements and other financial data, prepared or presented by any of the following:

-Officers or employees of the corporation whom the director reasonably believes to be reliable and competent in the relevant matters;

-Legal counsel, independent accountants or other persons as to matters that the director reasonably believes are within the person’s professional or expert competence; or

-A committee of the board on which the director does not serve, as to matters within that committee’s designated authority, so long as the director acts in good faith, after reasonable inquiry as warranted by the circumstances, and without knowledge that would cause reliance to be unwarranted.

David Tate, Esq., Royse Law Firm, California (Silicon Valley/Menlo Park office), with additional offices in San Francisco, Los Angeles and Orange County, http://rroyselaw.com/

* * * * *

New COSO ERM Framework – Enterprise Risk Management – Integrating with Strategy and Performance; COSO 2013 Internal Control Framework; the Business Judgment Rule

You may have heard or seen that the new COSO ERM Framework is out as of a day or two ago – Enterprise Risk Management – Integrating with Strategy and Performance. This is a project that COSO announced on October 21, 2014, so it is a longtime in the works. The original (first) framework was issued in 2004. Below I have provided the bare bones outline for the new ERM Framework, in addition to the bare bones outline for the COSO 2013 Internal Control Framework, and a summary of the business judgment rule. Why did I provide all three? Because for boards and audit committees, and for business entities and their executive officers, and sometimes for the employees also, all three are, or should be, tied together.

I will be commenting about and outlining the ERM Framework in detail in later posts (after I have had time to evaluate the detailed materials, and discuss them with colleagues). For now, all I can give you is the outline below. I do note – and I’m not being negative about this – that I have some concern that the five concepts and twenty principles, with the detail added, might be a lot for some small and mid-sized business entities, nonprofits and governmental entities to handle. But it is what it is. And as you may know, although it is now recognized that boards are responsible for oversight of risk management, many audit committees are responsible for risk management oversight pursuant to statute, regulation, or exchange requirements, and a typical audit committee charter lists oversight of risk management as an area of responsibility, generally there is no legally required or mandated risk management framework or process, although some industries (such as banks, for example) are heavily regulated for risk management purposes. It is possible that the new COSO ERM Framework will become the accepted framework to follow, although other frameworks do exist.

COSO (the Committee of Sponsoring Organizations of the Treadway Commission) is a private sector initiative, jointly sponsored and funded by the American Accounting Association, American Institute of Certified Public Accountants, Financial Executives International, Institute of Management Accountants, and The Institute of Internal Auditors.

The new COSO ERM Framework is organized into five interrelated primary or core components, which are supported by a set of twenty principles. The following is a broad outline of the five components and twenty principles. And as I stated above, in later posts I will be adding considerable detail. Below I have also provided an outline for the COSO 2013 Internal Control Framework, and a discussion about the business judgment rule.

Thanks for reading. David Tate, Esq., Royse Law Firm, Menlo Park office, with offices in the San Francisco Bay Area and Los Angeles

 

COSO ERM Framework – Enterprise Risk Management – Integrating with Strategy and Performance (five components, and twenty principles)

I.  Governance and Culture Component:

Supporting Principles:

  1. Exercises Board Risk Oversight
  2. Establishes Operating Structures
  3. Defines Desired Culture
  4. Demonstrates Commitment to Core Values
  5. Attracts, Develops, and Retains Capable Individuals

II.  Strategy and Objective-Setting Component:

  1. Analyzes Business Context
  2. Defines Risk Appetite
  3. Evaluates Alternative Strategies
  4. Formulates Business Objectives

III.  Performance Component:

  1. Identifies Risk
  2. Assesses Severity of Risk
  3. Prioritizes Risks
  4. Implements Risk Responses
  5. Develops Portfolio View

IV.  Review and Revision Component:

  1. Assesses Substantial Change
  2. Reviews Risk and Performance
  3. Pursues Improvement in Enterprise Risk Management

V.  Information, Communication, and Reporting Component:

  1. Leverages Information and Technology
  2. Communicates Risk Information
  3. Reports on Risk, Culture, and Performance

 

Enterprise Risk Management (ERM) and internal controls work together and should complement each other. The following is the broad outline of the COSO 2013 Internal Control Framework.

Sarbanes-Oxley section 404 requires public company management and its external auditors to attest to the design and operating effectiveness of a company’s internal control over external financial reporting. Internal controls should also be designed and implemented for private company, nonprofit and governmental entities.

COSO 2013 Internal Control Framework – 5 Components, and 17 Principles

1.  Control Environment Component:

Mandatory Principles

  1. Demonstrate commitment to integrity and ethical values.
  2. Board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
  3. Management establishes, with board oversight, structures and reporting lines and appropriate authorities and responsibilities in the pursuit of objectives.
  4. Demonstrate commitment to attract, develop and retain competent individuals in alignment with objectives.
  5. Hold individuals accountable for their internal control responsibilities in the pursuit of objectives.

2.  Risk Assessment Component:

Mandatory Principles

  1. Specify objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
  2. Identify risks to the achievement of its objectives across the entity and analyze risks as a basis for determining how the risks should be managed.
  3. Consider the potential for fraud in assessing risks to the achievement of objectives.
  4. Identify and assess changes that could significantly impact the system of internal control.

3.  Control Activities Component:

Mandatory Principles

  1. Select and develop control activities that contribute to the mitigation of risks to the achievement of objectives and acceptable levels.
  2. Select and develop general control activities over technology to support the achievement of objectives.
  3. Deploy control activities through policies that establish what is expected and procedures that put policies into action.

4.  Information & Communication Component:

Mandatory Principles

  1. Obtain or generate and use relevant, quality information to support the functioning of internal control.
  2. Internally communicate information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
  3. Communicate with external parties regarding matters affecting the functioning of internal control.

5.  Monitoring Activities Component:

Mandatory Principles

  1. Select, develop and perform ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
  2. Evaluate and communicate internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

 

The Business Judgment Rule

The business judgment rule also is relevant on these topics (from Tate’s Excellent Audit Committee Guide). The business judgment rule provides a director with a defense to personal liability, holding that as a general principle of law, a director, including a director who serves as a member of a board committee, who satisfies the business judgment rule has satisfied his or her duties. Thus, the business judgment rule provides one standard of care, although other standards may very well also apply to specific tasks and responsibilities. The business judgment rule provides a very good overall approach for directors and audit committee members to follow, although the rule itself is lacking in specific detail. In some states the business judgment rule is codified by statute while in other states the rule is established by case law (see, i.e., Cal. Corp. Code §309 for California corporations, Del. Gen. Corp. Law §141 for Delaware corporations, in addition to relevant case law). The rule also applies to directors as board committee members.

The Business Judgment Rule

In summary, as a general principle the business judgment rule provides that a director should undertake his or her duties:

-In good faith, with honesty and without self-dealing, conflict or improper personal benefit;

-In a manner that the director reasonably believes to be in the best interests of the corporation and its shareholders; and

-With the care, including reasonable inquiry, that an ordinarily prudent person in a like position with like expertise would use under similar circumstances. The rule itself doesn’t require a particular level of expertise, knowledge or understanding; however, as you might be aware, public company audit committee members do have such a requirement, and you can at least argue that, depending on the facts and circumstances, a board or committee member should have or should obtain a certain unspecified level of knowledge or understanding to be sufficiently prepared to ask questions, evaluate information provided, and make decisions.

Reliance Upon Other People Under the Business Judgment Rule

In the course and scope of performing his or her duties, a director must necessarily obtain information from and rely upon other people. An independent director is not involved in the day-to-day operations of the business. The director provides an oversight function. Pursuant to the business judgment rule, a director is entitled to rely on information, opinions, reports or statements, including financial statements and other financial data, prepared or presented by any of the following:

-Officers or employees of the corporation whom the director reasonably believes to be reliable and competent in the relevant matters;

-Legal counsel, independent accountants or other persons as to matters that the director reasonably believes are within the person’s professional or expert competence; or

-A committee of the board on which the director does not serve, as to matters within that committee’s designated authority, so long as the director acts in good faith, after reasonable inquiry as warranted by the circumstances, and without knowledge that would cause reliance to be unwarranted.

That’s it for now. Thanks for reading. Much, much more to come on these topics. David Tate, Esq., Royse Law Firm, Menlo Park office, with offices in the San Francisco Bay Area and Los Angeles

* * * * *

Updated Mediation and Dispute Resolution Questionnaire Attached

Greetings all. I have updated my mediation and dispute resolution questionnaire, which is a document that I wrote and use to obtain information that is helpful to facilitate dispute and case settlement. Click on the following link for the pdf, and go ahead and use the questionnaire and pass it to other people as you wish. Thank you. David Tate

Here is the link for the questionnaire: Mediation and Dispute Resolution Questionnaire, David Tate, Esq. 07302017

Here is a link to the Royse Law Firm, PC http://rroyselaw.com/

May 15, 2017, Preliminary Injunction Order Against Uber – A Lot Of People Should Take Personal Note – Officers, Directors, Employees, Agents, Suppliers And Consultants

You may have heard, this week on May 15, 2017, Judge William Alsup in the Waymo LLC v. Uber Technologies, Inc. case (U.S. District Court, No. District of California) issued his Order Granting In Part and Denying In Part Plaintiff’s Motion For Provisional Relief, i.e., for a preliminary injunction. The Order is 26 pages. Plaintiff has brought multiple claims in the case including for trade secret misappropriation, patent infringement and unfair competition, but the Order is for preliminary injunction only on the trade secret misappropriation claim. The trade secret claim is brought under both the California Uniform Trade Secrets Act and the federal Defend Trade Secrets Act.

I’m not going to go through the evidence in this post – as indicated above, the Order is 26 pages in length. The Order states that it is narrowly-tailored to balance the interests of the parties and the public. In summary, the decision whether or not to grant a preliminary injunction is based on the evidence now available, the legal claims alleged, the now perceived likelihood of the plaintiff prevailing at trial on the relevant claim or claims, and the interests of the parties and the public. Preliminary injunction motions are significantly based on the strength of the evidence now available and presented and the Judge’s view of that evidence. In this instance, in my view based on the Court’s Order, there was strong evidence that trade secret information possibly was misappropriated, but either no evidence or not particularly strong evidence that Uber had involvement in that possible misappropriation or that Uber had access to or used that information.

Here’s where the Court’s Order gets interesting – in the scope of relief granted. I have pasted below the wording from the Scope of Relief Granted part of the Order. In short aside from the provisions pertaining to Mr. Levandowski, and certain expedited discovery granted, the Order essentially requires Uber to conduct an extensive investigation and to file and disclose a detailed report and account by June 23, 2017, which is a very, very short time to conduct the investigation. In my view it is questionable whether the extent of the investigation can be completed and written-up to be filed in that short of time. And, as you will note, the investigation also includes, or example, all communications with any officer, director, employee, agent, supplier, or consultant of defendants on the relevant topics. Thus, Uber is required to conduct discovery upon itself in the form of the report and account to be filed, and depending on the documents and information obtained the report and account could well bring individual officers, directors, employees, agents, suppliers and consultants personally into focus in the case – if they haven’t done so already, all of those people should be expansively reviewing their possible involvement, if any, in the issues that are involved in the case and consulting with legal counsel about their possible exposure to legal action and personal liability, and how they should proceed.

For your further reading, below is the Scope of Relief Granted provision from the Order.

Best to you. David Tate, Esq.

  1. SCOPE OF RELIEF GRANTED.

Having considered the foregoing, the Court ORDERS as follows:

  1. The term “downloaded materials,” as used in this provisional order, means any and all materials that Anthony Levandowski downloaded from Waymo and kept upon leaving Waymo’s employment, regardless of how long he kept them for and whether or not any such materials qualify as trade secrets or proprietary or confidential information.
  2. Defendants must immediately and in writing exercise the full extent of their corporate, employment, contractual, and other authority to (a) prevent Anthony Levandowski and all other officers, directors, employees, and agents of defendants from consulting, copying, or otherwise using the downloaded materials; and (b) cause them to return the downloaded materials and all copies, excerpts, and summaries thereof to Waymo (or the Court) by MAY 31 AT NOON. Copies essential for counsel of record and their litigation experts to use in defending this civil action are exempted from the foregoing requirement.9
  3. With respect to Anthony Levandowski, defendants shall immediately (a) remove him from any role or responsibility pertaining to LiDAR; (b) take all steps in their power to prevent him from having any communication on the subject of LiDAR with any officer, director, employee, agent, supplier, consultant, or customer of defendants; and (c) prohibit him from consulting, copying, or otherwise using the downloaded materials in any way. Defendants shall instruct all their officers, directors, employees, agents, suppliers, consultants, and customers in writing of this prohibition, and further instruct them in writing to immediately report any suspected breaches thereof to the special master (or to the Court).
  4. With respect to all other persons, including those with Stroz Friedberg, defendants shall conduct a thorough investigation and provide a detailed accounting under oath setting forth every person who has seen or heard any part of any downloaded materials, what they saw or heard, when they saw or heard it, and for what purpose. In their investigation, defendants must do more than query servers with term searches. For example, they must interview personnel with particular focus on anyone who has communicated with Anthony Levandowski on the subject of LiDAR. Defendants’ accounting shall not be limited to Uber but shall include all persons who fit the foregoing description, including Levandowski and his separate counsel. The accounting may exclude, for only the time period after the commencement of this civil action, the attorneys of record and their staff and experts employed for this litigation. The accounting shall not be limited to downloaded materials that happened to make their way into some due diligence report but shall cover any and all downloaded materials. The accounting shall also identify the complete chains of custodians for every copy of any downloaded materials or due diligence report referencing downloaded materials. Defendants must also use the full extent of their authority and influence to obtain cooperation with the foregoing procedure from all involved. For example, if a potential custodian refuses to cooperate, then defendants’ accounting shall set forth the particulars, including all efforts made to obtain cooperation. The accounting must be filed and served by JUNE 23 AT NOON. The accounting may be filed under seal only to the extent that it quotes or appends downloaded materials.
  5. Also by JUNE 23 AT NOON, defendants shall provide Waymo’s counsel and the Court with a complete and chronologically organized log of all oral and written communications — including, without limitation, conferences, meetings, phone calls, one-on-one conversations, texts, emails, letters, memos, and voicemails — wherein Anthony Levandowski mentioned LiDAR to any officer, director, employee, agent, supplier, or consultant of defendants. The log shall identify for each such communication the time, place (if applicable), mode, all persons involved, and subjects discussed, as well as any and all notes or records referencing the communication.
  6. Waymo is hereby granted further expedited discovery in aid of possible further provisional relief. Subject to the protective order, and upon reasonable notice, Waymo’s counsel and one expert may inspect any and all aspects of defendants’ ongoing work involving LiDAR — including, without limitation, schematics, work orders, source code, notes, and emails — whether or not said work resulted in any prototype or device. With respect to its trade secret misappropriation claims only, Waymo may take seven further depositions on seven calendar days notice, may propound 28 reasonably narrow document requests for which the response time is reduced to 14 calendar days, and may propound 28 reasonably narrow interrogatories for which the response time is also reduced to 14 calendar days. If Waymo moves for further provisional relief before trial, then all its declarants in support of such motion must sit for depositions on an expedited basis. Otherwise, defendants may take only normal, unexpedited discovery. After Waymo has exhausted its expedited discovery, it may continue with normal discovery.
  7. Defendants shall keep complete and accurate records of their compliance with all of the foregoing requirements, including directives given to Anthony Levandowski and others. The special master shall monitor and verify said compliance. To that end, the special master shall promptly develop proposed monitoring and verification protocols with the parties’ input and then submit the proposed protocols to the Court for approval. The protocols shall provide for the special master to visit defendants’ facilities and monitor communications as necessary to ensure that Anthony Levandowski remains sealed off from LiDAR activities.

The foregoing provisional relief shall become effective upon the posting by Waymo of a bond or other security in the amount of FIVE MILLION DOLLARS.

* * * * *

New COSO Updated ERM Framework – Coming Soon – End of June, Perhaps – Could Be Very Important

Just a heads up, a source has suggested that the new long-anticipated COSO (Committee of Sponsoring Organizations of the Treadway Commission) ERM update might finally be out at the end of June. COSO is spending a very long time (since October 2014) preparing and vetting this “update” of the 2004 Enterprise Risk Management — Integrated Framework. COSO’s sponsoring organizations are the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the National Association of Accountants (now the Institute of Management Accountants [IMA]), and the Commission includes representatives from industry, public accounting, investment firms, and SROs (exchanges).

We’ll have to wait and see what we get with this “update,” which will either simply be a relatively unimpressive or vague tweak, or a useful, modernized, sufficiently detailed guide which might become the standard to achieve, or somewhere in between. I’m hopeful for the useful version – ERM needs a big boost – this “update” is important. I find that there really are only three ways to provide this type of boost: sponsorship and push by large or influential organizations and people, mandatory (i.e., by law, regulation or rule) adoption, or, sometimes, push and expectancy by the public.

Here is the link to the COSO website https://www.coso.org/Pages/default.aspx

Best to you, David Tate, Esq., Litigation, D&O, audit committees, etc., Royse Law Firm http://rroyselaw.com/

Evaluating Director Independence – Zynga Shareholder Derivative Suit

Thomas Sandys Derivatively on Behalf of Zynga, Inc. v. Pincus, et al., Delaware Supreme Court, Case No. 157,2016, December 5, 2016, highlights the sometimes difficulty, and the importance of evaluating director independence in the circumstance of a shareholder derivative suit.

In Zynga the plaintiff filed his shareholder derivative suit without first making a demand upon the board that the Company sue Company insiders that were alleged to have improperly sold Company stock. Instead of first making the demand upon the board, plaintiff argued that such a demand would have been futile because a majority of the nine person board members lacked independence.

In summary, the plaintiff alleged two derivative claims based on allegations that certain top managers and directors at Zynga were given an exemption to the Company’s standing rule preventing sales of stock by insiders until three days after an earnings announcement, and that the insiders who participated in the sale breached their fiduciary duties by misusing confidential information when they sold their shares while in possession of adverse, material non-public information. And plaintiff also asserted a duty of loyalty claim against the directors who approved the sale.

The holding in Zynga is that at the pleading stage there was sufficient evidence to suggest that a majority of the board did lack independence so as to excuse not making the demand upon the board. The holding is primarily interesting for the Court’s discussion about three particular board members, and the reasons why the Court determined that there was evidence to sufficiently suggest that those three directors did in fact lack independence to impartially consider a demand that the Company bring suit against the selling insiders, which resulted in a majority of the board also lacking independence, so as to excuse making the pre-suit demand upon the board.

To plead demand excusal the plaintiff must plead particularized factual allegations that create a reasonable doubt that, as of the time the complaint was filed, the board of directors could have properly exercised its independent and disinterested business judgment in responding to a demand. At the pleading stage, a lack of independence turns on whether the plaintiff has pleaded facts from which the director‘s ability to act impartially on a matter important to the interested party can be doubted because that director may feel subject to the interested party‘s dominion or beholden to that interested party.
With respect to one of the directors in question, the Court found troubling for the purpose of independence or lack thereof that the particular board member and her husband co-owned an unusual asset, an airplane, with Zynga’s former CEO and controlling stockholder, which the Court found was suggestive of an “extremely intimate personal friendship between their families.”

And with respect to the other two directors, the Court found troubling for the purpose of independence or lack thereof that the directors are partners at a prominent venture capital firm and that they and their firm not only controlled 9.2% of Zynga‘s equity as a result of being early-stage investors, but have other interlocking relationships with the controller and another selling stockholder outside of Zynga. More specifically the Court stated “Although it is true that entrepreneurs like the controller need access to venture capital, it is also true that venture capitalists compete to fund the best entrepreneurs and that these relationships can generate ongoing economic opportunities. There is nothing wrong with that, as that is how commerce often proceeds, but these relationships can give rise to human motivations compromising the participants’ ability to act impartially toward each other on a matter of material importance. Perhaps for that reason, the Zynga board itself determined that these two directors did not qualify as independent under the NASDAQ rules, which have a bottom line standard that a director is not independent if she has ―a relationship which, in the opinion of the Company‘s board of directors, would interfere with the exercise of independent judgment . . . .[Footnote #1: NASDAQ Marketplace Rule 5605(a)(2)] Although the plaintiff’s lack of diligence made the determination as to these directors perhaps closer than necessary, in our view, the combination of these facts creates a pleading stage reasonable doubt as to the ability of these directors to act independently on a demand adverse to the controller‘s interests. When these three directors are considered incapable of impartially considering a demand, a majority of the nine member Zynga board is compromised for Rule 23.1 purposes and demand is excused. Thus, the dismissal of the complaint is reversed.”

As you might correctly assume, board member independence can arise as an issue in several different corporate and governance related circumstances.

* * * * *