Oversight Overload: Be prepared with a comprehensive corporate governance framework

Friday, July 17, 2015 - 11:44

In November 2014, the National Association of Insurance Commissioners (NAIC) formally adopted the Corporate Governance Annual Disclosure Model Act and Corporate Governance Annual Disclosure Model Regulation. Collectively, these acts require a company to file a Corporate Governance Annual Disclosure (CGAD), which provides insight as to the operations of the board of directors and executive management as it relates to monitoring, oversight and governance. While the NAIC is leading the charge in the corporate governance arena, in today’s “best practices” regulatory environment it is not uncommon for regulators to mimic one another. While not a formal prognostication, it would not be surprising to see one or all of the following regulators follow suit: CFPB, FFIEC (FDIC, OCC, FED, NCUA), and/or SEC.

The initial reaction should be, don’t we do this already? Seemingly, as each year passes a new regulation is passed, and with each new regulation, the cost of compliance increases. In today’s economy, everyone is being asked to do more with less. The next regulation to emerge will no doubt have a cost of compliance, but there is a way to soften the blow. By implementing a comprehensive corporate governance framework the benefits are twofold. There is a cost and time savings due to efficiency/readiness for oversight. This includes building internal awareness of governance expectations, management/board reporting requirements, conducting annual control self-assessments, and establishing a repository of “frequently requested items” to support the audit/exam function. Just as important in today’s regulatory environment is the preparedness to react to emerging regulation by applying an established framework rather than through ad hoc special projects.

The challenge is how to revise the current governance framework to provide more internal transparency, leverage internal efficiencies and satisfy regulatory expectations without creating unnecessary financial burden. Governance in most organizations is composed of significant effort by many experienced people, performed through various mediums, and often maintained in various places. Enhancing the governance framework provides the company the advantage of maximizing leverage on work already being done. The only work product that should be created is a document that summarizes all governance activity, defined for the insurance industry by the NAIC as the CGAD as noted above. While this may only be a requirement in the insurance industry, the ability to provide a regulator, external auditor, internal auditor, shareholder or incoming board member with a single point of contact for all things governance should be a goal of any regulated company regardless of industry.

Governance Overview

A starting point for compiling a deliverable will be all previously published filings, such as SEC filings, board reports, internal audit reports, enterprise risk reports, and any industry-specific regulatory filings. There is no sense in recreating the wheel; it is much more effective to leverage work already done. As it relates to what information should be included in the disclosure, consider its intent. The disclosure is meant to provide the reader with an overview of the governance framework, its application and any specific circumstances relating to governance in the organization. The paramount agent of governance in any organization is the board of directors, followed by committees of the board and executive management.

It’s important to start by providing a comprehensive outline of the board of directors, all of which is known information, but may not be compiled and readily available, such as:

  • mission – what is the charge of the BOD;
  • policy – the board policy or charter guiding operations;
  • size – number of members;
  • structure – board roles, rotation, management participation;
  • nominating function - nominating committee, term limits, election/reelection process function, diversity policy;
  • independence requirements – how independence is maintained;
  • meeting schedule – frequency, attendance and agendas;
  • qualifications, skills & experience – skills requirements, such as a CPA to interpret financial statements or an industry executive possessing functional knowledge;
  • roles – specifically of the board chair in the organization, both operationally and functionally;
  • evaluation process – how is the BOD being evaluated, what is the product of the evaluation;
  • training – annual training agenda, key compliance items, new board member onboarding;
  • reporting – define what is reported to and/or approved by the board.

Once a comprehensive overview of board operations has been established, the deliverable should delve into the policies and practices of executive management. As with the BOD, a company should describe the process for validating executive and management background, experience and integrity. Key topics to cover are background checks, references, experience verifications, credential verifications, key standards per position, job descriptions, newly created executive roles, and changes in officer suitability/ standards. Once the framework is outlined, the disclosure should detail the executive performance evaluation process.  When describing executive performance evaluation, several factors must be considered, such as the board’s role in evaluation and the pillars of the compensation program. The compensation program should be evaluated periodically to ensure that performance metrics are aligned with strategy and that performance is balanced with risk. Linked to evaluation, compensation protocols must also be considered, specifically, the presence of a compensation program, compensation committee, the BOD’s role in compensation, executive compensation clawback provisions, and stock option compensation.

The high-level framework and expectations of executive management as well as the quantifiable metrics of company performance and executive compensation are high-priority considerations. One other facet of executive framework that often doesn’t receive as much attention is human capital management. As was noted by a senior director from the National Association of Corporate Directors, we are currently experiencing a “war on talent.” Human capital management includes education and development – and the oft-maligned succession planning. While the two functions may be separate, collectively they speak to a company’s ability to attract, retain and develop high-potential employees into leaders in the organization. This in turn speaks to a company’s commitment to both growth and sustainability.

Lastly, the disclosure should highlight responsibilities and process for reporting on key risk areas such as:

  • risk management - if the company has prepared an enterprise risk report and delivered it to the BOD, it should provide all requisite information and suffice. At minimum, this should include personnel, scope/purview, risk appetite, risk assessment methodology, key inputs and their sources, reporting and monitoring, as well as the status of any pending litigation;
  • debt/investments – highlighting key exposures relating to financing, capital requirements, liquidity and fair value measurement;
  • business strategy – strategic planning committee/working group, financing processes including debt issuances & equity structure/issuances, budgeting, capital projects and IT steering;
  • regulatory compliance – role in the organization, training program, reporting lines, current projects, most recent and next-scheduled examination, exam remediation;
  • financial reporting – describe the personnel, skills, credentials, systems, process; and
  • internal audit – describe the function, reporting lines, schedule, results, any trends identified and how they speak to organizational tone.
Preparedness

By aligning the efforts of the BOD, its committees and executive management, the organization has established a concise framework. As new regulations go into effect, they can be integrated into the framework, allocated to an internal owner and their requirements met. The ability to onboard new regulatory requirements into an effective process rather than initiating an ad hoc special project will undoubtedly lead to a saving of both time and expenses.

Another pillar of an effective corporate governance framework is to create a repository of “frequently requested items.” This repository is bifurcated between periodic management and board reporting and audit/examination requests. The management and board-reporting section would include financial statements, operational reporting, trend analysis, exception reporting, audit/exam findings, portfolio analysis, enterprise risk reporting, user access lists and transaction logs. The audit/exam section would be composed of account reconciliations, transaction/journal entry logs, internal audit workpapers, evidence supporting remediation of prior audit/exam findings, network vulnerability scan and penetration test reports, system restore test results, vendor due diligence documentation, etc. Having such a repository of ready-to-deploy documentation will minimize the collateral required to be generated upon receiving a request. Instead, the employee responsible for compiling the documentation can assemble a deliverable file shortly after receipt reducing both turnaround time and internal level of effort. From experience, the source of audit/exam fee overages is often a result of start/stop time and delays in providing documentation. Building a process to ensure documentation is readily available upon request will reduce the time to compile the documentation and ensure the requesting party is satisfied expeditiously.

Summary

Corporate governance is on display to varying degrees in all companies, increasingly so in highly regulated industries. The key focus of emerging corporate governance regulation is to validate the impact of the governance function on an entity. Our position is the current state of governance is more impacted by the need for alignment than the performance of new tasks. The most effective way to support that alignment is to prepare a corporate governance disclosure to provide an overview of the governance framework, its application and any specific circumstances relating to governance of your organization. The documentation to support the governance framework is already maintained in charters, organization charts, policies and procedures documents, meeting minutes, board presentations and appendices, investor reports and strategic plan documents. The key is going to be pulling all the source documents together and interpreting them into a concise deliverable. The benefit of aligning the corporate governance framework is an increased awareness of governance expectations, timely implementation of emerging regulation, availability of management reporting and an efficient approach to the audit process, each yielding a more efficient use of time and reduction in cost related to outsourced services.

Russell Sommers is a senior manager in Baker Tilly’s Financial Services Group. He has more than 10 years of accounting, information technology, and audit experience with a core competency in the area of enterprise risk management governance, risk and compliance. Kevin Sullivan is a director in the Financial Services Group. He has more than 30 years of experience, including the outsourcing and co-sourcing of internal audit, corporate governance and risk management services. He has particular expertise in risk management, having provided ERM and internal audit services to insurers, credit unions and regulatory agencies. They can be reached at russell.sommers@bakertilly.com and kevin.sullivan@bakertilly.com.