Corporate Governance Best Practices

s p e c i a l r e p o r t Corporate Governance Best Practices A Blueprint for the Post-Enron Era SR-03-05 The Conference Board creates and disseminates knowledge about management and the marketplace to help businesses strengthen their performance and better serve society. Working as a global, independent membership organization in the public interest, we conduct research, convene conferences, make forecasts, assess trends, publish information and analysis, and bring executives together to learn from one another. The Conference Board is a not-for-profit organization and holds 501 (c) (3) tax-exempt status in the United States. About the Global Corporate Governance Research Center The Conference Board’s Global Corporate Governance Research Center (Center) brings together corporations and institutional investors. The Center’s objective is to assist corporations to enhance their governance processes and thereby inspire confidence and facilitate capital formation in today’s globally competitive marketplace. Members of the Advisory Board BP plc (UK) California Public Employees’ Retirement System (CalPERS) The Chubb Group of Insurance Companies Heidrick & Struggles Jones Day KPMG McKinsey & Company Merrill Lynch & Co., Inc. Pfizer Inc PricewaterhouseCoopers Teachers Insurance and Annuity Association— College Retirement Equities Fund (TIAA-CREF) Members of the Center Baxter International Inc. The Coca-Cola Company Computer Associates International, Inc. CSX Corporation Equiserve Fried, Frank, Harris, Shriver & Jacobson Georgeson Shareholder Communications Inc. Southern Company Services, Inc. Standard Life Investments Ltd. (UK) For further information regarding the Center, please contact Diane Insolia, Center Coordinator at 845 Third Ave., New York, NY 10022 Tel: 212 339 0392 Fax: 212 836 9711 e-mail: diane.insolia@conference-board.org Disclaimer This report is intended for educational purposes only. Nothing contained in this report is to be considered as the rendering of legal or accounting advice. Readers are responsible for obtaining legal advice from their own legal counsel or accounting advisors. Corporate Governance Best Practices A Blueprint for the Post-Enron Era by Carolyn Kay Brancato and Christian A. Plath About this report Materials for this report were gathered at a series of nation-wide roundtables held during 2002 in New York; Washington, D.C. (hosted by Potomac Electric Power Company); Stanford, California (hosted by Heidrick & Struggles International, Inc., and the Stanford Law School’s Executive Education Program); Chicago (hosted by Baxter International Inc.), the University of Delaware (hosted by the John L. Weinberg Center for Corporate Governance); and at the offices of TIAA-CREF in New York. Roundtable project sponsors THE CHUBB GROUP OF INSURANCE COMPANIES Sponsor/participants Arch Chemicals, Inc. Avon Products, Inc. Corn Products International, Inc. Footstar Inc. Oak Technology Spectrum Brands Wellmark, Inc. The member insurers of the Chubb Group of Insurance Companies form a multi-billion dollar organization providing property and casualty insurance for personal and commercial customers worldwide through 5,000 agents and brokers. Chubb’s global network includes branches and affiliates throughout North America, Europe, Latin America, Asia, and Australia. Chubb is a leading provider of directors and officers (D&O) liability insurance. Contributors Baxter International, Inc. Gibson, Dunn & Crutcher LLP PFIZER INC Heidrick & Struggles International, Inc. Potomac Electric Power Company Stanford Law School’s Executive Education Program TIAA-CREF The University of Delaware’s John L. Weinberg Center for Corporate Governance Pfizer Inc discovers, develops, manufactures, and markets leading prescription medicines for humans and animals and many of the world’s best-known consumer brands. Additional sponsors KPMG Audit Committee Institute PricewaterhouseCooopers LLP 4 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Corporate Governance Best Practices A Blueprint for the Post-Enron Era contents 7 A New Framework for Corporate Governance Corporate Governance Practices 10 13 14 16 18 21 23 24 26 29 30 32 34 Role of the Board Corporate Governance Guidelines Board’s Access to Information Board’s Mix of Skills and Individual Director Qualifications Board Independence Board Leadership Board Committee Structure and Size Role of the Nominating/Corporate Governance Committee Role of the Compensation Committee Chief Governance Officer Measuring Company Performance Board and Director Performance Evaluation Succession Planning and Leadership Development Audit Practices 36 38 40 43 45 47 Audit Committee Role and Responsibilities Audit Committee Charter Audit Committee Composition and Independence Audit Committee Communication and Reporting Oversight - Internal Audit Oversight - External Audit Disclosure, Compliance and Ethics 51 54 57 59 63 Disclosure Practices Internal Controls Risk Assessment and Management Director and Officer Liability and D&O Liability Insurance Ethics Oversight Appendices 66 94 96 99 100 102 106 110 112 1 2 3 4 5 6 7 8 9 Legislation and Proposed Exchange Standards Comparison Chart Hypothetical, Inc., Corporate Governance Principles Independence Comparisons Sample Corporate Governance Committee Charter (General Electric Corporation) Sample Director Self-Assessment Worksheet Sample Chief Executive Officer Evaluation Form Sample Audit Committee Charter and Responsibilities Checklist (Microsoft Corporation) KPMG Audit Committee Institute Basic Principles for Audit Committees Excerpt from Internal Control: Guidance for Directors on the Combined Code Report by The Institute of Chartered Accountants in England and Wales Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 5 About the authors Dr. Carolyn Kay Brancato is the Director of The Conference Board’s Global Corporate Governance Research Center and the Directors’ Institute. She also served as Director of The Conference Board’s Commission on Public Trust and Private Enterprise. She is the author of two books on corporate governance: Getting Listed on Wall Street and Institutional Investors and Corporate Governance (both published by Business One Irwin). Dr. Brancato has appeared as a guest speaker at major corporate governance programs in the United States, United Kingdom, France, Germany, Australia, Sweden, Brazil, Chile, India, Singapore, Hong Kong, Thailand, Indonesia, Japan, Malta, and Oman. Christian A. Plath is a Senior Corporate Governance Consultant with the Conference Board’s Global Corporate Governance Research Center. He was formerly the director of global corporate governance research at the Investor Responsibility Research Center (IRRC) and both writes and speaks widely on corporate governance issues. Acknowledgments Participating companies and organizations Aksys Ltd. APAC Customer Services, Inc. ArchChemicals Asian Venture Capital Journal Avon Products, Inc. Baxter International, Inc. The Boeing Company Brobeck, Phleger & Harrison Brunswick Corporation The Business Roundtable CDW Computer Centers, Inc. Chasm Group Corn Products International, Inc. CSX Corporation Davis & Harman LLP Deere & Company DelMonte Foods Company Diamond Cluster International, Inc. D.J. Hill & Associates, Inc. Embassy of France Equity Office Properties Trust Footstar, Inc. Freddie Mac Fordham University School of Law Friedman, Billings, Ramsey & Co., Inc. Gear Holdings, Inc. Genentech, Gibson, Dunn & Crutcher LLP Grubb & Ellis Co. H & Q Asia Pacific Halo Branded Solutions Heidrick & Struggles International, Inc. J.P. Morgan Partners Asia KPMG Marriot International, Inc. Masters Governance Consulting, LLC McKinsey & Co., Inc. Mercer Delta Consulting, LLC Merrill Lynch & Co., Inc. Methode Electronics, Inc. Monsanto Company Motorola Newell Rubbermaid Oak Technology, Inc. Olin Corporation Paul, Hasting, Janofsky & Walker LLP PeopleSoft, Inc. Pfizer Inc Potomac Electric Power Company PricewaterhouseCoopers LLP Real Networks Richards, Layton & Finger Sequoia Capital Singapore Institute of Management Skadden, Arps, Slate, Meagher & Flom LLP Spectrum Brands Taiwan Semiconductor Manufacturing Company, Ltd. TIAA-CREF Tribune Company United Stationers, Inc. U.S. Chamber of Commerce USG Corporation Weil, Gotshal & Manges, LLP Wellmark, Inc. Wink Communications WKB Advisory Services Woodhead Industries, Inc. A number of facilitators and subject matter discussants provided special input at the various sessions including: William K. Brown Jr., Catherine T. Dixon, John W. Edwards II, June Eichbaum, Anthony S. Galban, Randolf Hurst Hardock, R. William Ide III, Cary I. Klafter, Richard Koppes, Jon J. Masters, Nicholas G. Moore, Ronald Mueller, David Nygren, John F. Olson, Scott A. Reed, Laraine Rothenberg, Alan Rudnick, Richard Steinberg, Mark C.Terrell, John T. Thompson, William Torgerson, and Carol Ward. We are also grateful to Professor Charles E. Elson for inviting the following members of the Delaware courts to give us their perspectives: Vice Chancellor Stephen P. Lamb, Justice Myron T. Steele, Vice Chancellor Leo E. Strine, and Justice Joseph T. Walsh. Finally, we would like to thank Donovan Hervig and William K. Brown for providing draft materials for this report. Timothy Dennison editor Peter Drubin design Pam Seenaraine production 6 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board A New Framework for Corporate Governance The Enron bankruptcy, accompanied by the WorldCom debacle and other corporate scandals, has caused a sea change in the attention given corporate governance and in how directors are viewed by the public, shareholders, employees, and the courts. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 7 Directors need to be sensitive and responsive to this new level of scrutiny and exposure. To address this new emphasis on corporate governance, The Conference Board’s Global Corporate Governance Research Center convened a major Director/Senior Executive Roundtable Project. Meetings were held throughout the year 2002 in New York; Washington, D.C.; Stanford, California; Chicago; and Wilmington, Delaware. More than 100 directors and executives took part in sharing their thoughts on evolving corporate governance “best practices” in the post-Enron era. Parallel to these efforts, in June 2002, The Conference Board convened a Commission on Public Trust and Private Enterprise (Commission on Public Trust)1 to address the circumstances which led to the corporate scandals that were widely reported during 2001-2002 and the subsequent decline of confidence in companies, their leaders and American capital markets. The Commission’s work articulates a series of principles and best practice suggestions in three major areas— executive compensation, corporate governance, and audit and accounting issues—as they relate to publicly held corporations.2 This blueprint best practices report is the result of both the Roundtable Project and the Commission’s work and is intended to serve as a compendium of leading corporate governance practices boards and management should consider within the context of each company’s unique circumstances. “Corporate governance” is defined in this report as a system of checks and balances between the board, management and investors to produce an efficiently functioning corporation, ideally geared to produce long-term value. There are several aspects to this governance system that should be noted at the outset: 1 Any governance system throughout the world is the product of a series of legal, regulatory, and best practice elements. Each country’s regulatory and corporate law system will shape the specifics of its corporate governance. Corporate governance systems in the United States have been shaped by sets of pressures from: the Securities and Exchange Commission (SEC) with its regulatory oversight, stock exchanges with their listing requirements; the U.S. Congress enacting wide sweeping federal legislation; the courts, especially those in Delaware that, with case law, set precedents; and institutional investors engaging in dialogue with corporations and which use certain proxy voting tactics such as the filing of shareowner proposals. 1 The 12-member Commission—co-chaired by Peter G. Peterson, Chairman of The Blackstone Group and Chairman of the Federal Reserve Bank of New York, and John W. Snow, former Chairman and CEO of CSX Corporation and former Chairman of The Business Roundtable— included prominent leaders from business, finance, public service, and academia. Although the Commission was sponsored and supported by The Conference Board, it enjoyed absolute independence and authority in its findings and recommendations, and was financially supported by the Pew Charitable Trusts. 2 The Commission issued its first set of findings and recommendations, Part 1: Executive Compensation, on September 17, 2002. Part 2: Corporate Governance and Part 3: Audit and Accounting were released on January 9, 2003. The full text of the Commission’s report and recommendations and a full list of the Commission’s members can be found at www.conference-board.org/knowledge/governCommission.cfm 8 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 2 Global corporate governance research at The Conference Board concludes that corporate governance models do not necessarily vary by country (e.g. there is no one “U.S.” model of corporate governance compared to an “Asian” model, or a “European” model). Governance systems are largely determined by the ownership structure of the company, regardless of its geographic location. Thus, wherever the corporation is located, certain best practice elements, such as the number of “independent” directors, will vary depending on key ownership structures such as: • How can corporate governance processes be used to help keep our company viable and restore public confidence in the capital markets? • How will instituting corporate governance best practices reduce corporate risk? The catastrophic corporate failures of Enron, WorldCom, and other companies have eroded confidence and shaken corporate America to the core. The result is that corporate governance is more likely than ever to move from something done as a result of external pressures to something boards can not afford to dismiss if they want to properly manage risk, provide internal efficiencies in running the corporation, and assure growth. Of course, the landmark enactment of the SarbanesOxley Act and the listing requirement changes proposed by the major U.S. stock exchanges provide a rigorous framework for a whole host of federally mandated internal controls and corporate governance reforms3 (see Appendix 1). This document is intended to go beyond what is required by law and capture best practices4 for internal corporate governance reform; in short, it is intended to be a blueprint for success. • companies with widely held and dispersed shareholders; • companies which are closely held by blocks of investors; • companies which are family-owned businesses; and • newly privatized businesses where the government retains a residual investment. 3 Whatever the regulatory framework and the company’s overall governance structure, this project suggests there are a series of best practices which companies can and should consider to generate long term value for the corporation. It is fair to say that many boards have begun to embrace good governance, although the collegial format that is the basis for board interaction still tends to discourage open disagreement. Change therefore tends to come either if there is an individual director/CEO/senior executive who is a corporate governance champion or if there is a crisis. Post-Enron, companies can no longer look upon corporate governance as something thrust upon them from the outside. In every boardroom around the country, directors are asking themselves questions such as: 3 • Is the board managed as effectively as the company is managed? 4 The New York Stock Exchange (NYSE) and NASDAQ have both proposed changes to their listing standards and are expected to be updated to conform to final SEC regulation at which point they will be resubmitted to the SEC for final review, public comment, revision (if required), and final approval. This document provides an overview of leading practices related to corporate governance and, although references are made to issued or proposed changes to regulations and listing standards, is not meant to provide a comprehensive review of these changes. The impact of the Sarbanes-Oxley Act and any final and proposed rules of the major U.S. stock exchanges and the SEC have been closely tracked by many law firms, accounting firms, consultants and other organizations. (See for example, KPMG LLP, Sarbanes-Oxley: A Closer Look, January 2003 – available at www.kpmg.com/aci – for discussion of some of the elements of the Sarbanes-Oxley Act impacting audit committees and the status of related issued or proposed SEC regulation.) Audit committees and senior management should consult with legal counsel and accounting advisors in the application of the Sarbanes-Oxley Act and any final and proposed rules of the major U.S. stock exchanges and the SEC. • What processes do we need to put in place to make us more aware of “red flags” in company operations? • How do we fulfill our monitoring role and yet rely on management and external experts such as accountants, attorneys, and consultants? Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 9 Corporate Governance Practices Role of the Board A strong and effective board should have a clear view of its role in relationship to management. The board’s duty is to focus on guidance and strategic oversight, while it is management’s duty to run the company’s business, with the goal of increasing shareholder value5 for the long term. CEOs and management need to work with the board to establish the right kind of processes and communications to ensure that the company is running effectively and in accordance with the board’s basic fiduciary oversight requirements. The ultimate responsibility for directing the company, however, lies with the board, since most state corporation statutes generally provide that the business of the company shall be managed under the direction of the board. The specifics of the board’s role will vary with size, stage and strategy of the company, and talents and personalities of the CEO and the board. Corporate governance best practices are based on two basic legal requirements that shape the fiduciary role of the director: • the duty of care to be informed and exercise appropriate diligence in making decisions and to oversee the management of the corporation; and • the duty of loyalty to put the interests of the corporation before those of the individual director. In defining a system of board practices that leads to board effectiveness, it is clear that instituting governance best practices will provide the company with an internal effectiveness structure and a tool to manage corporate risk. The key to accomplishing this is to: make certain that the company’s board is managed as well as the company itself is managed. Each board will be run differently according to the company’s stage of development, ownership structure and size, and the mix of skills, and personalities of the individual directors. The “one size doesn’t fit all” rule clearly applies. On the other hand, there are basic legal requirements, as well as “management” skills that boards can and should adopt no matter their configuration. 5 U.S. corporate law dictates that companies be run for the benefit of shareholders, while European companies have more of a “stakeholder” focus. Most U S. observers note, however, that companies can not create shareholder value without taking stakeholders into consideration. A full discussion of the shareholder versus stakeholder debate is beyond the scope of this report. 10 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board As defined by the American Law Institute, The Business Roundtable (BRT), the National Association of Corporate Directors (NACD), and other relevant bodies, general board responsibilities should include: • approving a corporate philosophy and mission; • selecting, monitoring, advising, evaluating, compensating, and—if necessary— replacing the CEO and other senior executives and ensuring orderly and proper management succession; To ensure maximum board effectiveness, boards need to shift their entire emphasis—they can no longer be just “advisors” who wait for management to come to them. Their new role requires they provide active oversight of the company’s business to minimize corporate risk and promote creation of shareholder value. In the wake of the corporate scandals, the new challenge for boards will be to go beyond their traditional advisory role and increasingly focus on their oversight role. As fiduciaries, boards must be active monitors of management. Board dynamics need to be right for directors to add real value to the company. While boards need and value collegiality, this should not turn into complacency. Directors need to feel that they can raise objections and still be seen as team players. An effective board plays an integral role in the strategic planning process. Management develops the strategic plan, while the board reviews and approves it. Directors require a host of both internally-produced and externally-gathered information (see box) to effectively review and evaluate strategy. Sufficient board time should be devoted to discussing the strategic plan— openly and regularly with the CEO and in executive board sessions—so that all board members understand it well enough to track its progress in an informed manner. In addition, the board should spend one “retreat” session per year on strategic oversight. The fundamental strategic questions boards should ask themselves: • reviewing and approving management’s strategic and business plans, including developing an in-depth knowledge of the business being served, understanding and questioning the plan’s assumptions, and reaching an independent judgment as to the probability that the plans can be realized; • reviewing and approving the corporation’s financial objectives, plans, and actions, including significant capital allocations and expenditures; • reviewing and approving material transactions not in the ordinary course of business; • monitoring corporate performance against the strategic business plans, including overseeing operating results on a regular basis to evaluate whether the business is being properly managed; • ensuring ethical behavior and compliance with laws and regulations, auditing and accounting principles, and the corporation’s own governing documents; • Is our board managed as well as our company is managed? • assessing its own effectiveness in fulfilling these and other board responsibilities; and • Does our board have the strengths it needs to achieve our strategic goals? • performing such other functions as are prescribed by law, or assigned to the board in the corporation’s governing documents.6 • How well does our board track our company’s success in reaching its goals? 6 National Association of Corporate Directors (NACD), Report of the NACD Blue Ribbon Commission on Director Professionalism, 2001 Edition, p. 1. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 11 Information Boards Need to Fulfill Strategy-Related Responsibilities Internally produced Alternate strategies options considered by management and with comparative analysis. Strategic plan clear statement of proposed strategy and how management plans to implement. Performance measures targets for key non-financial and financial measures. In subsequent years, the board will use these measures to evaluate the strategy’s success. Major risk factors internal and external factors that could prevent the company from achieving the strategy, including likelihood and magnitude of the risks and means by which management will address them. Major interdependencies related strategic initiatives with suppliers, customers or partners, along with associated risk information. Resources and investments required including people, capital, and capacity and tied to the sources of funding for any major new investments called for the strategy. Divestiture of existing businesses required should be identified and addressed. Strategic alliances, partnerships, and acquisitions those needed for successful implementation must be identified with implementation plans. Technology implications dependence on, need for, and opportunities related to expanded use of technology, with its high level of associated risk. Electronic commerce issues should be clearly highlighted. Best, worst, and most likely case scenarios related to the assessment of risks inherent in the strategy. Evaluation of past strategies including identification of successful strategies and an analysis of elements that were not successful. From external sources Current and evolving customer demand with focus on future. Company’s current market position i.e., its major products and services, as well as its sources of competitive advantage. Competitor intelligence major current and expected future competitors and a comparison of relative strengths, competitive advantages, and strategies. Industry information and trends including the expected impact of technology and electronic commerce. Analysis of potential stakeholder reaction including shareholders, to the proposed strategy, considering major stakeholder response to similar past moves. Information on concerns expressed by market analysts and the media. The last two items should include management’s plans to address significant concerns that might arise from these sources. Source: PricewaterhouseCoopers, Corporate Governance and the Board – What Works Best?, May 2000, p. 5. 12 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Corporate Governance Guidelines The board should have a set of corporate guidelines in place to lay down the framework for the governance of the company and it should review the guidelines at least annually. By elaborating on the board’s and directors’ basic duties, the guidelines help both the board and individual directors understand their obligations and the general boundaries within which they will operate. A carefully-constructed set of governance guidelines7 will: Director responsibilities These responsibilities should clearly articulate what is expected from a director, including basic duties and responsibilities with respect to attendance at board meetings and advance review of meeting materials. Director access to management and, as necessary and appropriate, independent advisors Director compensation Director compensation • delineate responsibilities of the board, management, directors, and committees; • address important issue areas such as director selection criteria, board size limits, meeting procedures, board access to senior management, and independence requirements; • incorporate new legal and exchange requirements; • be regularly refreshed, usually on an annual basis; and • be made publicly available (Web site, proxy, etc.). The New York Stock Exchange (NYSE) has proposed rules which will require companies to adopt and publicly disclose8 their corporate governance policies. Specifically, the following subjects must be addressed in the guidelines: Director qualification standards These standards should, at a minimum, reflect the proposed independence requirements.9 Companies may also address other substantive qualification requirements, including policies limiting the number of boards on which a director may sit and director tenure, retirement, and succession. guidelines should include general principles for determining the form and amount of director compensation (and for reviewing those principles, as appropriate). The board should be aware that questions as to directors’ independence may be raised when directors’ fees and emoluments exceed what is customary. Similar concerns may be raised when the company makes substantial charitable contributions to organizations to which a director is affiliated, or enters into consulting contracts with (or provides other indirect forms of compensation to) a director. The board should critically evaluate each of these matters when determining the form and amount of director compensation, and the independence of a director. Director orientation and continuing education Management succession Succession planning 7 8 See Appendix 2 for a model set of corporate governance guidelines. In order to promote understanding of a company’s policies and procedures and encourage stricter adherence by directors and management, each listed company’s Web site must include its corporate governance guidelines, the charters of its most important committees (including at least the audit, compensation, and nominating committees), and the company’s code of business conduct and ethics. Each company’s annual report must state that the guidelines are available on the company’s Web site and that the information is available in print to any shareholder who requests it. See page 18-19 and Appendix 1 for a summary of the NYSE’s independence requirements. should include policies and principles for CEO selection and performance review, as well as policies regarding succession in the event of an emergency or the retirement of the CEO. Annual performance evaluation of the board The board should conduct a self-evaluation at least annually to determine whether it, its committees, and individual directors are functioning effectively. 9 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 13 Board’s Access to Information The effectiveness of the board ultimately depends on the quality and timeliness of information directors have at their disposal. Information going to the board should be on the strategic monitoring level, which will help the board understand the big picture, and directors should ensure they have a thorough understanding of this information. Both formal and informal communication and information channels and cross-linkages need to be developed with the full support of the CEO. The primary ways in which directors receive information about the state of the company are through: Formal channels financial and other management reports, board and committee meetings, executive sessions, direct communication with management, technical means (raw data, intranet, etc.), factory and facility visits Informal channels phone or e-mail discussions responsible and intimately familiar with each major corporate center, and can obtain a more accurate overall picture of corporate performance, and, by the same token, the chief executive’s performance, independently from the chief executive. This independent source of information is imperative for achieving an accurate assessment of performance and ultimately protecting shareholder value.11 Although directors receive, and should expect to receive, the bulk of their information from management, they need to be able to receive input from other sources, particularly when there is a lack of information or where the information is perceived as being overly-filtered. Directors therefore need to apply common sense and ask thoughtful and inquisitive questions. Commented one roundtable participant: “The best examples I have seen are those individuals who just ask the questions— they have the personality and the relationship to ask things like: what do I not know; what have you not told me; and what have you told me that is in the small print that I need to focus on?” Directors should have access to top management other than the CEO. Protocol needs to be established where a director informs/asks permission of the CEO to speak with employees to avoid feeling that the director is going behind the CEO’s back. Noted one roundtable participant: “There is no way a good board can function if board members don’t take responsibility for getting the information that they need—and if they can’t get it from the CEO, you had better be able to get it from somebody else in the company.” Conversely, directors need to ensure they are accessible to management and that they are reviewing key information provided by management to the board. 11 among directors between meetings, conversations with managers, pre-meeting dinners, etc. The board needs to establish a solid information framework beginning with a thorough briefing of the annual plan and an overview of the significant risk/reward elements involved with the plan to actively monitor it continuously during the year. Boards should also set a calendar around board meetings where certain types of information such as quarterly results are required by the time the board meets. This serves to establish a routine whereby if information is late or is missing, members of the board realize it and a red flag is raised. Management must also adequately explain new developments to directors, such as key acquisitions, new products, etc. as the year progresses. To assure independence of thought and unvarnished perspectives,10 the board must have key information flowing from senior managers directly to the board, as well as to the CEO. For example, the heads of the legal, finance/accounting, human resources, and regulatory (if applicable) departments, and of any major business division, should regularly meet with the board (or a committee of the board). In this manner, the board receives information from those more directly 10 Many CEOs have historically followed a practice that all communication of information to the board from senior managers would flow first through the CEO, who would then relay that information to the board. This has the potential to obstruct information flow to the board. R. William Ide, “Post-Enron Corporate Governance Opportunities – Creating a Culture of Greater Board Collaboration and Oversight,” Mercer Law Review, Volume 54, Number 3 (March 2003), p. 838. 14 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Conduct of board meetings Boards should adopt the Executive sessions Executive sessions of the indepen- following best practices to ensure effective decisionmaking and exchange of information and ideas at meetings of the full board and various committees: dent directors should: • promote open dialogue among the independent members and free exchange of ideas, perspectives and information; • Independent directors should be able to place issues on the board agenda, with time for adequate discussion and consideration, and determine the type and quality of information flow required for effective board action. Last minute add-ons to the agenda, especially for weighty issues, should be discouraged. • have a feedback mechanism to the CEO for important issues that may surface; • be scheduled at regular intervals (for example, before full board meetings) to negate any negative inferences from the convening of these sessions; and • Management should provide quality materials to boards that effectively explain the situation of the company. Appropriate feedback mechanisms between management and the board should be developed to ensure that the materials are useful, timely, and of appropriate depth. Meeting materials should contain a cover letter highlighting the most important issues that directors should know. • be supplemented by additional off-line informational channels (such as dinners before board meetings) to help build trust and relationships among the independent directors. The NYSE’s proposed rules would require the regular convening of executive sessions of non-management directors.12 According to the proposals, executive sessions should: (1) be held without management present; (2) be regularly scheduled to prevent negative inferences being attached to the calling of these sessions; (3) disclose the presiding director’s name in the annual proxy statement, if one is chosen, or the procedure by which the presiding director is selected; and (4) disclose mechanisms for interested parties to make their concerns known to the non-management directors as a group. NASDAQ’s proposals would require regularly convened executive sessions of the independent directors. Board’s access to external advisors The board and board • Meetings should be structured to encourage participation and dialogue among the directors. • Directors have an obligation to ensure nearperfect attendance at meetings and actively participate in the meetings, including asking the hard questions. • Management should endeavor to expose directors to senior management at meetings and field trips so that directors can, with knowledge of top management, delve into issues necessary to carry out their functions. • The NYSE has proposed that the company’s selected mechanisms pertaining to attendance at meetings and advance review of meeting materials would be addressed in the company’s governance policy, which must be disclosed in the proxy. committees should, as needed, hire external experts such as counsel, consultants, and other expert professionals, and investigate any management activities they believe are required to fulfill the board’s duty of care. These external experts and consultants should have a direct line of communication and reporting responsibility to the board and not management. 12 The NYSE defines “non-executive” directors as those who are not company officers, and includes such directors who are not independent by virtue of a material relationship, former status or family membership, or for any other reason. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 15 Board’s Mix of Skills and Individual Director Qualifications The skill set of a board should be linked to the company’s strategic vision. It may, however, vary according to the stage of company growth and should be reviewed as the company changes. Though the precise mix of director qualifications will depend on these factors, at a minimum, directors should: • possess knowledge and expertise to fulfill an appropriate role within the mix of capabilities the board and the nominating committee have decided are appropriate; and Boardroom dynamics are difficult to prescribe, as groups of people gather together to make informed decisions about the direction of the company. Although the level of knowledge, integrity, and independence necessary to carry out the functions of director are difficult to summarize, the behavioral characteristics of a good director should include: • exercise diligence, including attending board and committee meetings and coming prepared to provide thoughtful input at the meetings and during communications in between meetings. The composition of the board should be tailored to meet the needs of the company and its stage of development. However, every board needs to have certain essential ingredients, with the individual directors possessing knowledge in core areas such as: • asks the hard questions; • works well with others; • has industry awareness; • provides valuable input; • is available when needed; • is alert and inquisitive; • has business knowledge; • contributes to committee work; • attends meetings; • speaks out appropriately at board meetings; • prepares for meetings; • makes long-range planning contribution; and • provides overall contribution. The NYSE recommends a listing of director qualification standards be included in the company’s corporate governance guidelines. These standards should, at minimum, reflect the proposed independence requirements.13 Companies may also address other substantive qualification requirements, including policies limiting the number of boards on which a director may sit, and director tenure, retirement and succession. • accounting and finance • technology • management • marketing • international markets • industry knowledge Director selection criteria should be codified in the company’s corporate governance guidelines. A skills matrix, which lists desirable competencies versus those actually present on the board, is a useful tool in determining where the “holes” exist on the board and which skills complement each other. 13 See page 18-19 and Appendix 1 for a summary of the NYSE’s indepen- dence requirements. 16 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Directors need to devote the proper amount of time and attention and develop the broad-based and specific knowledge required to fulfilling their obligations. In order to ensure a high level of commitment, directors should: • carefully assess and guard against potential entanglements such as service on an excessive number14 of boards; • prepare for and attend all board and committee meetings, and consider travel requirements for these meetings (in particular for foreign-based directors); • actively participate at meetings; • develop and maintain a high level of knowledge about the company’s business; Every director should receive appropriate training, including his or her duties as a director when he or she is first appointed to the board. This should include an orientation-training program to ensure that incoming directors are familiar with the company’s business and governance practices. Equally important, directors should receive ongoing training, particularly on relevant new laws, regulations, and changing commercial risks, as needed. Both the NYSE and NASDAQ proposals recognize the importance of initial and ongoing education. NASDAQ is developing rules for continuing education, while the NYSE urges companies to establish education programs for new directors. In the wake of the many corporate scandals, boards may have greater difficulty attracting and retaining qualified directors. Increased scrutiny of boards, a potential for greater liability, and the due diligence required to ensure integrity at the management level may make qualified directors more reluctant to join new boards. This may be particularly true of active CEOs and lead directors concerned with serving on too many boards. However, the opportunity to gain knowledge, add value, and the prestige of the position will continue to serve as important motivators. • keep current in the director’s own specific field of expertise; and • develop broad knowledge about the role and responsibilities of directors, including legal responsibilities. The chairman of the nominating committee should certify in the proxy that the committee has reviewed the qualifications of each director—both standing for election and on the board generally—and that they fit into the mix of qualifications the board deems necessary to achieve diligent oversight. The Commission on Public Trust’s Recommendation Every board should tailor the mix of directors’ qualifications for its particular requirements. Each board should collectively have knowledge and expertise in business, finance, accounting, marketing, public policy, manufacturing and operations, government, technology, and other areas that the board believes are desirable. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board, 2003, p. 9. 14 For example, in general, the National Association of Corporate Directors (NACD) believes current CEOs and senior executives should hold no more than one or two additional directorships, other individuals with full-time positions should hold no more than three or four additional directorships, and other candidates should hold no more than five to six additional directorships. See NACD, Report of the NACD Blue Ribbon Commission on Director Professionalism, 2001 Edition, pp. 14-15. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 17 Definitions of Independence in NYSE and NASDAQ Board Independence An independent, effective, vigorous, and diligent board of directors is the key to a corporation’s corporate governance. Boards must clearly move from their traditional role as fraternal advisors (whether perceived or actual) to become active fiduciaries exercising their oversight responsibilities. To accomplish this, directors must not only be independent according to evolving legislative and stock exchange listing standards but also independent in thought and action – qualitatively independent. Such qualitative aspects of independence will ensure that directors think and act independently without regard to management’s influence. A critical element of an effective board is its independence from management, in both fact and perception by the public. In considering independence, it is necessary to focus not only on whether a director’s background and current activities qualify him or her as independent, but also whether that director can act independently of management. Most of the recent high profile corporate scandals involved boards comprised principally of directors who, by background and activity, qualified as independent. Nonetheless, it is clear that some of these boards of directors failed to act as a strong independent check on management leadership. Qualitative aspects of director independence should include: NYSE Under the NYSE proposal, the board of directors must affirmatively determine, taking into account all of the “relevant facts and circumstances,” that a director has no material relationship with the company (either directly or indirectly) in order for a director to be considered independent.a The basis for a board’s determination that a relationship is not material is required to be disclosed in the company’s annual proxy statement.b The NYSE proposal, however, also sets forth the following relationships that would automatically result in a director not being deemed independent: • No director who is a former employee of the listed company can be “independent” until five years after the employment has ended. A director who receives, or has an immediate family member who receives, more than $100,000 a year in direct compensation from a listed company (other than director and committee fees, and pension or other forms of deferred compensation for prior service) is presumed not to be independent for five years following the year in which more than $100,000 in annual compensation was received.c Practitioners are advising that all relationships, no matter how seemingly immaterial, should be disclosed to a board of directors in order to allow for a comprehensive determination as to a director’s independence. The presumption of non-independence is rebuttable – a director may be deemed independent if the board, including all the independent directors, determines that the relationship is not material. Any such determination must be specifically explained in the company’s proxy statement. The board may adopt and disclose categorical standards to assist it in making determinations of independence and may make a general disclosure if a director meets these standards. Any determination of independence for a director who does not meet these standards must be specifically explained. • a b c • the will and the ability (in terms of knowledge and expertise) to ask the hard questions required to provide effective oversight and • character and integrity, in general and especially in dealing with potential conflict of interest situations. 18 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Proposed Listing Rule Amendments NASDAQ • No director who is an executive officer or employee, or if the director’s immediate family member is an executive officer, of another company and: (1) that company accounts for the greater of 2 percent or $1 million of the listed company’s consolidated gross revenues; or (2) the listed company accounts for the greater of 2 percent or $1 million of the other company’s gross annual revenues. No director who is, or in the past five years has been, affiliated with or employed by a (present or former) auditor of the company (or of an affiliate) can be “independent” until five years after the end of either the affiliation or the auditing relationship. No director can be “independent” if he or she is, or in the past five years has been, part of an interlocking directorate in which an executive officer of the listed company serves on the compensation committee of another company that employs the director. Directors with immediate family members in the foregoing categories must likewise be subject to the five-year “cooling-off” provisions for purposes of determining “independence.”d Employment of a family member in a non-officer position does not preclude a board from determining that a director is independent. Under NASDAQ’s proposed rules, “independent” means a person other than an officer or employee of the company or its subsidiaries or any other individual having a relationship, which, in the opinion of the company’s board of directors, would interfere with the exercise of independent judgment in carrying out the responsibilities of a director. In addition, the following persons are not considered independent: • • A director who is employed by the corporation or any of its affiliates for the current year or any of the past three years. A director who accepts, or who has an immediate family member who accepts, any payments from the corporation or any of its affiliates in excess of $60,000 during the current or previous three years, other than compensation for board service, benefits under a tax-qualified retirement plan, or non-discretionary compensation. A director who is a member of the immediate family of an individual who is, or has been in any of the past three years, employed by the corporation or its affiliates as an executive officer. A director who is a partner in, or a controlling shareholder or an executive officer of, any organization, including charities, to which the corporation made, or from which the corporation received, payments (other than those arising solely from investments in the corporation’s securities) that exceed 5 percent of the corporation’s or organization’s consolidated gross revenues for that year, or $200,000, whichever is more, in the current year or any of the previous three years. A director who is employed or was employed in any of the previous three years as an executive of another entity where any of the company’s executives serve on that entity’s compensation committee. A director who was a former partner or employee of the outside auditor who worked on the company’s audit engagement in any of the previous three years. • • • • d • • • Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 19 The NYSE and NASDAQ have proposed rules that will require all listed companies, subject to a single exception,15 to have a board comprised of a majority of independent directors. The approaches proposed by the NYSE and NASDAQ recognize that it is not possible to predict, or provide for, all situations and relationships that may compromise a director’s independence, and, therefore, require that the board of directors consider all factors that may bear upon a director’s independence in connection with the determination of whether or not a person is independent. The NYSE and NASDAQ also recognize that certain relationships compromise a person’s independence; therefore, both the NYSE and NASDAQ provide for a list of relationships that are incompatible with a finding of independence. The NYSE and NASDAQ have both proposed practices to empower non-management directors and to establish procedural requirements that enhance their ability to act free from management influence. For example, both the NYSE and NASDAQ propose that boards of directors meet at regularly convened executive sessions16 without management or employee directors. A major purpose of this requirement is to establish a procedural norm that facilitates open discussion among non-management directors. In addition to the NYSE and NASDAQ, many different organizations such as The Business Roundtable, the California Public Employees Retirement System (CalPERS), the National Association of Corporate Directors (NACD), and the Teachers Insurance and Annuity Association-College Retirement Equities Fund (TIAA-CREF) have propounded various criteria of independence. Boards need to ensure they meet the baseline independence requirements of the exchange listing rules, but may also want to consider the growing number of corporate governance ratings systems, such as the Institutional Shareholder Services (ISS) system,17 that may penalize the company for a perceived lack of independence. Appendix 3 compares the independence proposals of the NYSE and NASDAQ, and the independence guidelines from other key organizations. The chairman of the nominating committee should certify in the proxy as to the independence, including qualitative factors of independence, for each director. In accordance with the NYSE proposals, boards may adopt and disclose standards to assist it in determining director independence, and may make a general disclosure if a director meets these standards. A determination that a director does not meet the independence standards must be explained. The Commission on Public Trust’s Recommendations Directors should display the character, independence, integrity, and will to assert their points of view. They must demonstrate loyalty exclusively to the corporation and its shareowners. Every board should be composed of a substantial majority of independent directors. This goes beyond proposals by the NYSE to have only a majority of independent directors. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board, 2003, p. 9. 15 The NYSE and NASDAQ proposals do not require that a controlled com- 17 In June 2002, ISS released its corporate governance rating system, called pany (i.e. a company in which more than 50 percent of the voting power is held by an individual, group, or another company) have a majority of independent directors on its board. In addition, the NYSE does not require controlled companies to have independent compensation and nominating/governance committees. 16 Executive sessions of independent directors are discussed in greater detail on p. 15. the “Corporate Governance Quotient” (CGQ). ISS analyzes 51 different metrics in seven general areas—board structure and composition, charter and bylaw provisions, state laws of incorporation, executive and director compensation, qualitative factors such as financial performance, stock ownership of directors and officers, and director education—for companies in the Russell 3000 Index. Both raw scores and percentile scores are assigned. 20 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Board Leadership Boards should consider whether to separate the positions of Chairman and CEO to help ensure a balance of power and authority and to potentially enhance the objectivity and functionality of the board. Where the two positions are combined, boards should consider other corporate governance best practice approaches such as the creation of a Presiding or Lead Independent Director. Any approach adopted should seek to achieve the goals of: 1 strengthening the independence and oversight role of the board; 2 providing appropriate “checks and balances” between the board and management; and 3 improving the relationship and flow of information between the board, CEO, and senior management. The primary function of the board is to carry out its responsibilities in the best long-term interests of the company and its shareowners. Typically, the CEO is a member of the board, but he or she is also a part of the management team the board oversees. This dual role can present a potential for conflict, particularly in cases where the CEO attempts to dominate the management of the company and operations of the board. Therefore, a crucial challenge for companies is striking the appropriate balance between managing the corporation and providing the independent directors with the necessary powers and resources to carry out their role. Proponents of combining the positions of Chairman and CEO argue that a single CEO and Chairman may be more effective at leading management and the board of directors, thereby achieving better operation and oversight of the corporation. The Business Roundtable, for instance, believes that most American corporations are “well served” by a structure with a single CEO and chairman, since the “CEO serves as a bridge between management and the board, ensuring that both act with a common purpose.” According to The Corporate Library, approximately 75–85 percent of US corporations currently have a single individual who serves as CEO and Chairman. Critics of combining the positions of Chairman and CEO contend that combination of these positions may lead to an undue concentration of power in the CEO position; may erode the ability of independent directors to fulfill their management oversight responsibilities; and may create a conflict of interest, since the CEO, who is responsible for managing the daily operations of the corporation, is overseen and evaluated by the board of directors, which is led by the Chairman. Essentially, the Chairman of the board is allowed to evaluate himself or, as one Roundtable participant put it, “grade his own homework.” Companies may wish to consider adopting one of the following principal approaches to improve the functioning of the board and management: Clearly separating the two roles, with an independent director as Chairman This approach clearly delineates the roles and responsibilities of the Chairman and CEO and provides the most potential for creating appropriate checks and balances between the board and management. In this scenario, the Chairman would have such responsibilities as presiding at board meetings, having ultimate approval over board agendas, and coordinating CEO and board evaluations. Appointing a “lead” or “senior” independent director This approach could be employed where the roles of Chairman and CEO are split but where the Chairman is not an independent director. In this scenario, the Lead Director should not be a member of management or have any conflicting ties to the CEO. The Lead Independent Director (or other equivalent designation) would have such responsibilities as chairing executive sessions, serving as the principal liaison between management and the independent directors, and working closely with the Chairman to finalize board meeting agendas. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 21 Appointing a presiding director This approach could be employed where the roles of Chairman and CEO are combined. In this scenario, the Presiding Director would preside at meetings of independent directors and have approval of information flow to the board. Creating new senior management roles In this scenario, new positions at the very top levels of organization, such as President or Chief Operating Officer (COO) would be created to divide power and responsibilities appropriately and improve the flow of information between the board and senior management. In determining the appropriate structure that best fits the company and its stage of development, boards should recognize the panoply of structures that exist and that no one structure has yet proved itself as the model for guaranteeing corporate success. As indicated above, any approach that is eventually adopted should have clearlydefined roles and achieve the goals of (1) strengthening the independence and oversight role of the board; (2) providing appropriate “checks and balances” between the board and management; and (3) improving the relationship and flow of information between the board, the CEO, and senior management. Companies should make appropriate disclosures for choosing a particular structure and how the structure meets these objectives. The Commission on Public Trust’s Recommendations The board should establish a structure that provides an appropriate balance between the powers of the CEO and those of the independent directors. Three principal approaches are recommended: separating the offices of Chairman and CEO; having a non-executive Chairman and a Lead Independent Director; or, if the Chairman and CEO are the same person, establishing a Presiding Director position for leadership of the independent directors.* Where boards do not adopt any of these approaches, they should disclose how their board structure provides the appropriate balance. Each board of directors should adopt processes to ensure that the ability of the independent directors to be informed, to discuss and debate issues they deem important, and to act objectively on an informed basis is not compromised. The roles of Chairman, Lead Independent Director, and Presiding Director should be clearly defined. Where companies have a non-independent Chairman, the Lead Independent Director or the Presiding Director should have ultimate approval over information flow to the board, meeting agendas, and meeting schedules to ensure that the independent directors have sufficient time for discussion of all agenda items. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board, 2003, p. 9. * Commissioner Biggs dissented (see page 35 of the Commission’s full report). The full text of the Commission’s report and recommendations can be found at www.conference-board.org/knowledge/governCommission.cfm 22 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Board Committee Structure and Size Boards should establish independent board committees that will enhance the overall effectiveness of the board and promote meaningful discussion on substantive issues. Directors must realize, however, that the mere presence of committees does not allow directors to relinquish or delegate their fiduciary responsibilities to the committees. Having different committees to deal with specific areas can be useful for boards, particularly if they are large. Meeting in smaller groups can increase the possibility of meaningful discussion taking place, particularly on issues that may get overlooked or pushed to the bottom of the agenda during the larger board meetings. Getting the balance right, however, is the key issue as too many committees can be difficult to administer and may reduce the input and effectiveness of the full board. An effective committee structure will possess the following key elements: Under the proposed NYSE requirements, companies must have the three committees that have long been part of corporate governance best practice, namely audit, compensation, and nominating/corporate governance committees.18 These committees must (1) be composed entirely of independent directors and (2) have written charters addressing the committees’ purpose, general responsibilities, and how the annual performance evaluation of the committee will be conducted. NASDAQ’s proposed rules strengthen independent oversight of nomination and compensation decisions, but do not require the formation of these committees. The size of the board demands careful consideration. Boards need to be large enough to accommodate the necessary skill sets but still small enough to promote cohesion, flexibility, and effective participation. Argued one roundtable participant: “When you’ve got a 20 or 30 person corporate board, it’s one way of assuring that nothing is ever going to happen that the CEO doesn’t want to happen. If you’ve got a small board, eight to 10 people, people do get involved.” • Each committee will have a charter to delineate committee duties and decision-making responsibilities from those of the full board and other committees so as to ensure nothing “falls between the cracks.” • Each charter will focus on tasks that can actually be accomplished and should be refreshed when needed and at least annually. • Committees will be structured to best suit underlying responsibilities and should be revised as needed, both in terms of types of committees and committee membership/chairmanships. • Audit, compensation, and nominating/corporate governance committees will be composed entirely of independent directors. • Committees will ensure they report regularly and appropriately to the full board. 18 See page 24-25 for the detailed list of the NYSE recommendations pertaining to nominating/corporate governance committees, page 26 for recommendations for compensation committees, and page 36 for recommendations for audit committees. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 23 Role of the Nominating/Corporate Governance Committee Companies should have an entirely independent nominating/corporate governance committee to enhance the independence and quality of director nominees and the transparency and integrity of the nomination process. This committee also should take responsibility for shaping and overseeing all matters of corporate governance for the corporation. At a minimum, the nominating/corporate governance committee should: In accordance with the NYSE proposals, the nominating/ corporate governance committee must have a written charter19 that addresses: • oversee board organization, including committee assignments; • the committee’s purpose—which, at minimum, must be to identify individuals qualified to become board members and to select, or to recommend that the board select, the director nominees for the next annual meeting of shareholders; and develop and recommend to the board a set of corporate governance principles applicable to the corporation; • determine qualifications for board membership, including matters such as independence, term limits, age limits, and ability of former employees to serve on the board; • identify and evaluate candidates for nomination to the board; • oversee director orientation and training; • oversee evaluation of the board, of board committees and of each individual director; • the committee’s goals and responsibilities – which must reflect, at a minimum, the board’s criteria for selecting new directors, and oversight of the evaluation of the board and management; and • determine an appropriate slate of nominees for election; • develop and recommend corporate governance principles for adoption by the full board; and • an annual performance evaluation of the committee. • oversee CEO succession and approve management succession planning for senior positions. 19 See Appendix 4 for a sample nominating/corporate governance commit- tee charter (General Electric Corporation). 24 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board The NYSE suggests that the nominating/corporate governance committee charter should also address the following items: committee member qualifications; committee member appointment and removal; committee structure and operations (including authority to delegate to subcommittees); and committee reporting to the board. NASDAQ also recognizes the importance of the process of selecting qualified independent directors in ensuring an effective board of directors and believes that the process should be controlled by independent directors. Its corporate governance proposals require that director nominations be approved by either an independent nominating committee or by a majority of the independent directors.20 Professional outside advice (for example, through an executive search firm) can “professionalize” the board’s nominating process and be useful to widen the pool of potential candidates and affirm director independence. The NYSE’s proposed rules state the nominating/corporate governance committee’s charter should give the nominating/corporate governance committee sole authority to retain and terminate any search firm to be used to identify director candidates, including sole authority to approve the search firm’s fees and other retention terms. Though legislation and stock exchange regulations make clear the baselines for governance practices, the nominating/governance committee of each board of directors should determine which additional governance practices and committee responsibilities are necessary and that will best suit the corporation’s business and corporate culture. The Commission on Public Trust’s Recommendation Every board should establish a nominating/governance committee composed of independent directors. This committee should monitor all governance matters for the board, as well as be responsible for nominating qualified candidates to stand for election. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board , 2003, p. 9. 20 A single non-independent director would be permitted to serve on an independent nominating committee if: (1) the individual is a shareholder owning more than 20 percent of the issuer’s securities (even if that person is also an officer of the company); or (2) pursuant to “exceptional and limited circumstances.” An “exceptional and limited circumstances” exception is available for an individual who is not an officer, current employee, or a family member of such a person. Additionally, such an exception may only be implemented following a determination by the board that the individual’s service on the committee is in the best interests of the company and its shareholders. The issuer is also required to disclose the use of such an exception in the next annual proxy statement, as well as the nature of the individual’s relationship to the company and the basis for the board’s determination. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 25 Role of the Compensation Committee Companies should have an entirely independent compensation committee that should take primary responsibility for ensuring that the compensation programs, and values transferred to management through cash pay, stock, and stock-based awards, are fair and appropriate to attract, retain, and motivate management, and are reasonable in view of company economics, and of the relevant practices of other, similar companies. The committee should also recognize the potential conflict of interest in management’s recommending its own compensation levels. Companies should have an independent compensation committee, composed solely of directors who are free of material relationships with the company (except for compensation received in their role as directors) and its management and who can act independently of management in carrying out their responsibilities. Under the proposed NYSE rules, all listed companies would be required to have a compensation committee composed entirely of independent directors. NASDAQ’s proposed rules do not expressly require companies to have a compensation committee if compensation decisions are made by a majority of independent directors. If a company does have a compensation committee, a single, non-independent director may serve on the committee subject to an “exceptional and limited circumstances” exception.21 The compensation committee should vigorously exercise continuous oversight over all matters of executive compensation policy and all aspects of executive officers’ compensation arrangements and perquisites. In addition, the chair of the compensation committee should “take ownership” of the compensation committee’s activities and be available at shareholders’ meetings to respond directly to questions about executive compensation. The proposed NYSE rules would require the compensation committee to have a charter addressing its purpose, which, at a minimum, must be to discharge the board’s responsibilities relating to compensation of the company’s executives, and to produce an annual report on executive compensation for inclusion in the company’s proxy statement, in accordance with applicable rules and regulations. The compensation committee charter should also address committee member qualifications, committee member appointment and removal, committee structure and operations (including authority to delegate to subcommittees), and committee reporting to the board. The minimum duties for the compensation committee should include: • reviewing and approving CEO compensation and evaluating and setting CEO compensation based on meeting performance goals; and • making recommendations to the board with respect to incentive and equity-based compensation plans. 21 Available for an individual who is not an officer or current employee or family member of such a person. The exception may only be implemented following a determination by the board that the individual’s service on the committee is in the best interests of the company and shareholders. The company must disclose the use of such an exception in the next annual proxy statement, including the nature of the individual’s relationship to the company and the basis for the board’s determination. 26 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board The compensation committee should hold executive sessions as required (for example, to determine CEO pay and stock option grants), and the committee should exercise its power to schedule meetings and set its own agenda. Compensation policies set by the committee should include compensation arrangements that link compensation to long-term company performance and strategic goals. Such incentives should be linked to strategic performance measurements such as cost of capital, return on equity, economic value added, compliance goals, quality improvements, etc., and awards should be linked to achievement of specific strategic goals. The compensation committee should exercise independent judgment in determining the proper levels and types of compensation to be paid unconstrained by industry median compensation statistics or by the company’s own past compensation practices and levels. The committee should also be mindful of the differences in compensation levels throughout the corporation in setting senior executive compensation levels. The proposed NYSE rules specify that, in determining the long-term incentive component of CEO compensation, the committee should consider the company’s performance and relative shareholder return, the value of similar incentive awards to CEOs at comparable companies, and the awards given to the listed company’s CEO in past years. No compensation arrangement should be permitted that creates an incentive for top executives to act contrary to the company’s best interests or which could be interpreted as an attempt to circumvent either the requirements or the spirit of the law or accounting rules. Similarly, the compensation committee should approve any compensation arrangement for a senior executive officer involving any subsidiary, special purpose entity or other affiliate. Because of the significant potential for conflicts of interest, these compensation arrangements should be permitted only in very special circumstances. If the compensation committee retains any outside consultants who advise it, then the outside consultants should report solely to the committee. The proposed NYSE rules state the compensation committee charter should give that committee sole authority to retain and terminate the consulting firm, including sole authority to approve the firm’s fees and other retention terms. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 27 The Commission on Public Trust’s Key Recommendations on Executive Compensation 1 The compensation committee should exercise independent judgment in determining the proper levels and types of executive compensation to be paid unconstrained by industry median compensation statistics or by the company’s own past compensation practices and levels. The committee should also be mindful of the differences in compensation levels throughout the corporation in setting senior executive compensation levels. The compensation committee should retain any outside consultants who advise it. The outside consultants should report solely to the committee. Performance-based compensation tied to specific goals can be a powerful and effective tool to advance the business interests of the corporation. The use of performance-based compensation tools should be encouraged in a balanced and cost-effective manner. The compensation committee should establish, with the concurrence of the board, performance-based incentives that support and reinforce the corporation’s long-term strategic goals set by the board. Examples of these goals include cost of capital, return on equity, economic value added, market share, quality goals, compliance goals, environment goals, revenue and profit growth, cost containment, cash management, etc. The award of these incentives should be linked to achievement of specific strategic goals. The compensation committee should be responsible for all aspects of executive officers’ compensation arrangements and perquisites, including approval of all employment, retention, and severance agreements. The compensation committee should approve any compensation arrangement for a senior executive officer involving any subsidiary, special purpose entity or other affiliate, and they should be disclosed in filings with the SEC. Compensation policies should encourage a meaningful financial stake in the corporation through long term “acquire and hold” practices by key executives and directors. This practice provides an additional incentive to serve the long-term best interests of the corporation. Compensation decisions should be based on the effectiveness of various forms of compensation to achieve company goals and their respective relative costs, rather than simply on their accounting treatment.a The costs associated with equity-based compensation should be reported on a uniform and consistent basis by all public companies in order to provide clear and understandable comparability. 8 2 Fixed-price stock options should be expensed on financial statements of public companies.b The costs associated with equity-based compensation should be reported on a uniform and consistent basis by all public companies in order to provide clear and understandable comparability. In addition, the compensation committee must disclose in conspicuous ways the effective costs passed on to shareholders through dilution or share repurchases to limit dilution. Shareholders should have control over potential equity dilution resulting from compensation practices. Existing equity compensation arrangements should not be materially modified, including the repricing of options, without shareholder approval. Companies should make conspicuous disclosure of the size, costs, and effects of stock options on both earnings per share after dilution and the proportion of future shareholder value that such equity compensation plans would provide to executives and employees. A corporation’s public disclosures should include a conspicuous statement highlighting both earnings per share after dilution and the proportion of future shareholder value that equity-based compensation plans would provide to executives and employees. Such disclosure should be in plain English and in plain sight. Executive officers should be required to give advance public notice of their intention to dispose directly or indirectly (e.g., by hedging or other similar arrangement) of the corporation’s equity securities. In this connection, the compensation committee, with the assistance of experts as required, should develop and publish appropriate methods by which disclosure of such intentions must be made. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board , 2003, pp. 6-7. 3 9 4 10 5 11 6 a 7 The Commission on Public Trust recognizes that accounting expertise and standards-setting authority resides with bodies such as the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (IASB) and urges these bodies to move expeditiously to determine appropriate accounting treatment for equity-based compensation consistent with the Commission on Public Trust’s recommendations. Commissioners Volcker and Grove dissented (see pp. 13-14 of Report). The full text of the Commission on Public Trust’s report and recommendations can be found at www.conference-board.org/knowledge/ governCommission.cfm b 28 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Chief Governance Officer 22 Considering the increased corporate governance-related responsibilities, greater director liability and heightened investor, stakeholder and public concern in the wake of Sarbanes-Oxley and the major U.S. stock exchange proposals, a growing number of companies are considering the appointment of a chief governance officer (CGO). These companies view the potential benefits of a CGO position as helping to: • Helping to ensure adherence to corporate governance and ethics policies and key committee charters. • facilitate board processes; • promote communication internally and with shareholders and stakeholders to identify and mitigate governance-related risks; and • Facilitating board processes, including agenda setting and timely distribution, facilitating communication across committees and from management, helping the board focus on its responsibilities, and assisting with board and director performance evaluations. • demonstrate a commitment to corporate governance (and thereby instill confidence in shareholders and other stakeholders). In general, the CGO would assume a portion of the corporate governance-related functions of the chief executive, general counsel, corporate secretary, head of investor relations and other corporate officers, thereby allowing these officers more time to focus on their core responsibilities. The CGO would also help to ensure important governance-related responsibilities of corporate officers do not “fall between the cracks,” and would promote accountability since these functions would largely be centralized in one position. Companies will, however, need to consider specific responsibilities, reporting lines, and specific titles to match their own unique situations. Specific duties of the CGO position might include: • Keeping directors and senior management current on the latest corporate governance issues and trends and speaking authoritatively on governance-related issues. • Assisting with recruitment and training of independent directors and offering continuing support once on board. • Serving as part of the team that meets with insurance underwriters in connection with securing directors and officers (D&O) liability insurance and related forms of liability coverage, such as employment practices liability insurance. • Communicating with employees regarding potential corporate governance-related concerns. The CGO position should be of sufficiently high stature and credibility to have direct access to the Chairman, the CEO, and other corporate officers and board members when needed. Tone at the top is therefore vital in ensuring the success of the position. The personality of the individual filling the position is also critical. The CGO needs to be able to work well with management and board members, foster a sense of trust among them, and be able to communicate effectively both internally and externally. • Liaising with external consultants, the institutional investor community, corporate governance ratings agencies and others outside the company on matters concerning corporate governance, and communicating governancerelated concerns from external parties to senior management and the board. 22 Relatively few companies make a formal designation for chief governance officer (CGO) because governance authority is generally spread among offices of legal counsel and corporate secretary. The formal designation is less important than whether the functions of a chief governance officer are accomplished. Most important is whether corporate governance rises to the board level, governance functions are coordinated among departments and are accorded sufficient importance within the company. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 29 Measuring Company Performance The board must devise ways to effectively and continuously monitor the company’s progress against the stated goals. Strategic performance measures that track both financial and non-financial progress (such as quality improvements, intellectual capital, customer satisfaction, etc.) are critical to understanding the strategic direction of the company and to monitoring its progress. The board should have a limited number of “dashboard” measures of success to make certain that the company is on track to meet its goals or to highlight areas that may require additional attention. These measures should include both traditional financial (quantitative) and nonfinancial (qualitative) measures (see box) and should be built into the strategic performance measurement system. Certain new metrics (and the methods to collect them) may have to be created, but many companies are already collecting much of the data they require to track strategic performance measurements. Consensus among boards, management and other company personnel as to which measures track the strategic success of the company is just as important as which measures are actually chosen. These measures should be appropriate for the level of oversight responsibility. For example, a senior executive would be responsible for broad oversight of a particular area while a line manager would have responsibility for tracking specific performance goals within his or her responsibilities. While it is the board who should oversee management’s development of the measurements the company will use to evaluate performance, it is the CEO and the executive management team who have responsibility for driving the measures and goals down into the organization. The board should provide input to the policy framework and then review management implementation regularly. Financial and Nonfinancial or “Strategic” Performance Measures Financial Measures Sales Pretax profits Rate of return on investment Stock price appreciation Earnings per share EVA (net cash return on equity capital, measured by taking a company’s after-tax operating profit, deducting its weighted cost of capital, then multiplying the result by the company’s total capital) MVA (difference between the total market value [the amount investors have put into the company] and show how much wealth has been created [or destroyed] over the lifetime of the company) Nonfinancial or “Strategic” Measures Quality of output Customer satisfaction/retention Employee turnover Employee training Level of intellectual capital R&D investments R&D productivity New product development Market growth/success Environmental compliance Other measures specific to each company Source: Carolyn Kay Brancato, Institutional Investors and Corporate Governance: Best Practices for Increasing Corporate Value (Chicago: Business One Irwin, 1998), p.45. 30 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Such performance measurements may also be used as the basis for considering executive and employee performance bonuses or other stock-based incentive plans. Compensation plans may include performance measures reflecting not only the company’s overall achievements, but also specific contributions within the executive’s or employee’s scope of influence. Core Principles Underlying Effective Performance Measurement Link measurements to value drivers, strategies and tactics Use a reliable measurement selection process Automate measurement and reporting • Key drivers of shareholder value need to be clearly defined and understood Measures should support and link to the drivers of shareholder value Measures should be derived from and directly linked to strategies and tactics and should be amended when strategies change • A small set of measures should be selected using a structured approach that builds consensus Measures should be easy to understand, linked to strategies and support current business processes Appropriate measures should be selected for each level of the organization • • • Measures and reports should be automated and should support drill down and aggregation capabilities Data warehousing and data mining alternatives should be utilized where appropriate for reporting measures and performing detailed cause and effect analysis Shareholder value modeling should be performed to determine optimal performance alternatives Systems should highlight control limits and exception reporting where possible • • • • Set and monitor goals Balance measurements across scorecard and key processes • • Measurement sets should be balanced across the key scorecard categories such as operations, customer, employee, and finance/shareholder Measurement sets should be balanced across the key value chain processes for the company Quantifiable goals or targets should be set for all measurements at least annually Progress toward achieving goals should be assessed and commented on regularly Measures should be externally benchmarked wherever possible • • • • Link measurement to compensation • Ensure consistent measurement and reporting Balance measurement viewpoint • • Measurement sets should highlight predictive, processoriented measures as well as results-oriented measures (leading and lagging) Measurement sets should be both internally and externally focused Measures should use consistent definitions across locations or groups Reports should be formatted using consistent organizational dimensions (e.g., function, geography), presentation, level of detail and time periods Measures that support the key drivers of value and strategies should be linked to the compensation system for a wide range of employees Compensation programs should emphasize both unit and overall company performance Source: PricewaterhouseCoopers, Corporate Governance and the Board – What Works Best?, May 2000, p. 32. • • • Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 31 Board and Director Performance Evaluation All directors, management, and employees should be evaluated on an annual basis. In this context, corporations should consider a three-tier director evaluation mechanism which includes a means to evaluate the performance of the board as a whole, the performance of each committee, and the performance of each individual director. Accountability is an important element of board effectiveness. While shareholders elect the directors, they likely lack sufficient knowledge of the inner workings of the boardroom to properly perform any or all of the three tiers of evaluation. Therefore, boards should develop and disclose their mechanisms and processes to annually evaluate, the performance of the board as a whole, the performance of each board committee, and the performance of each individual director. There is no “one size fits all” approach to evaluating the performance of the board, its committees and individual directors. Therefore, the board of each corporation should determine a process of evaluation that best satisfies its needs. At a minimum, the director performance evaluation process should ensure that each director meets the board’s qualifications for membership when the director is nominated or re-nominated to the board. Evaluation of the board and committees should also determine whether each has fulfilled its basic, required functions. Especially important is the board’s role in the evaluation of the independence of outside directors. Under the proposed NYSE rules, boards are required to conduct a self-evaluation23 at least annually to determine whether the board and board committees are functioning effectively. The mechanisms adopted by the company should be addressed in the company’s corporate governance guidelines, which would be made publicly available. Elements of a successful board and director evaluation process: 1 It will be controlled by the outside directors. • Affirms the board’s autonomy to set and apply its own standards. • Enables acknowledgement of each member’s distinctive capabilities. 2 It will be confidential and collegial. • The process itself depends on atmosphere of candor and trust. • Confidentiality will encourage openness and cooperation. 3 Someone (in conjunction with Chairman) will champion the process and share the results, such as: • a Non-CEO chairman; • the lead Independent Director or equivalent; or • the head of the nominating/governance committee. 23 See Appendix 5 for a sample director self-evaluation worksheet. 32 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 4 It will identify needed areas of improvement in areas such as: 5 Individual director performance will also be evaluated. • It will be done through self-assessment and peer review. • the balance of power between the board and management; • focusing the board more on long-term strategy; • more effectively fulfilling the board’s oversight responsibilities; • It will take into account specific board roles. • It will be used to determine suitability for re-election. • the adequacy of committee structures; and • whether the evaluation process itself needs to be updated. • It will include consideration of independence, level of contribution, and attendance. The Commission on Public Trust’s Recommendation Each board should develop a three-tier director evaluation mechanism. This should include evaluation of the performance of the board as a whole, the performance of each committee, and the performance of each individual director, as necessary. At a minimum, director evaluation should ensure that each director meets the board’s qualifications for membership when the director is nominated or renominated to the board. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board , 2003, p. 10. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 33 Succession Planning and Leadership Development Hiring the CEO and planning for CEO succession are two primary responsibilities of the board. The board should institute a CEO succession plan and selection process, through an independent committee or overseen by a designated director or directors. A successful succession planning process will: • be a continuous process; • be driven and controlled by the board; • involve CEO input; • be easily executable in the event of a crisis; • consider succession requirements based on corporate strategy; • be geared toward finding the right leader at the right time; As with director candidates, boards may find it increasingly difficult to attract and retain qualified CEOs in the wake of the many recent, high-profile corporate scandals. Short-term profit pressures continue to shorten the lifespan of sitting CEOs, and greater public and shareholder scrutiny along with new civil and criminal liability fears may make CEO candidates more reluctant about joining new companies and thereby diminish the pool of qualified candidates. These pressures exemplify the need to have a carefully considered succession planning process in place and talent pools developed on lower rungs of the corporate ladder. • develop talent pools at lower levels; and • avoid a “horse race” mentality that may lead to the loss of key deputies when the new CEO is chosen. General Motors’ Corporate Governance Guidelines: Leadership Development Formal evaluation of the Chairman and the Chief Executive Officer The full Board (independent Directors) should make this evaluation annually, and it should be communicated to the Chairman and the Chief Executive Officer by the Chairman of the Committee on Director Affairs. The evaluation should be based on objective criteria including performance of the business, accomplishment of longterm strategic objectives, development of management, etc. The evaluation will be used by the Executive Compensation Committee in the course of its deliberations when considering the compensation of the Chairman and the Chief Executive Officer. Succession planning There should be an annual report by the Chief Executive Officer to the Board on succession planning. There should also be available, on a continuing basis, the Chairman’s and the Chief Executive Officer’s recommendation as a successor should he/she be unexpectedly disabled. Management development There should be an annual report to the Board by the Chief Executive Officer on the Company’s program for management development. This report should be given to the Board at the same time as the succession planning report noted previously. 34 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board The NYSE’s proposals state that companies should develop policies for succession planning in the company’s corporate governance guidelines. These plans should include policies and principles for CEO selection and performance review,24 as well as policies regarding succession in the event of an emergency or the retirement of the CEO. The board may wish to seek outside advice and expertise to assist with the succession planning process and to benchmark against outside talent and peers. Where a search committee has been charged with the task, the entire board, especially the independent directors, should be involved. Once a new CEO has been appointed, the whole board is responsible for helping that individual to assimilate to their new role. A new CEO needs to be informed of the board’s expectations in terms of performance as well as communication. Asking questions such as: Which decisions do directors need to know about? What level of detail will they require? 24 See Appendix 6 for a sample CEO evaluation worksheet. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 35 Audit Practices Audit Committee Role and Responsibilities The audit committee plays a critical role, standing at the intersection of management, independent auditors, internal auditors, and the board of directors. In the wake of the corporate scandals, the new challenge for audit committees will be to fulfill all of the new duties and responsibilities assigned it under legislation and exchange rules and to shift to a more proactive oversight role. Audit committees therefore need to ensure accountability on the part of management, the internal and external auditors, make certain all groups involved in the financial reporting and internal controls process understand their roles, gain input from the internal auditors, external auditors and outside experts when needed, and safeguard the overall objectivity of the financial reporting and internal controls processes. The Sarbanes-Oxley Act has defined the audit committee as “A committee (or equivalent body) established by and amongst the board of directors of an issuer for the purpose of overseeing the accounting and financial reporting processes of the issuer; and audits of the financial statements of the issuer.” The Act sets out requirements for audit committees in the following areas:25 submission of concerns by employees (“whistle blowers”) regarding questionable accounting or auditing practices; • the audit committee is empowered to engage independent counsel and other advisors at its discretion; and • the audit committee is responsible for the appointment, compensation and oversight of any registered public accounting firm employed by the company employed for audit and related work, including the resolution of any disagreements between management and the outside auditors regarding financial reporting; • the audit committee can require the company to provide appropriate funding for the payment of compensation to the registered public accounting firm hired to prepare an audit report and any other advisors employed by the audit committee. The NYSE proposals require companies to have a standing audit committee composed of a minimum of three directors and increase the responsibilities of the audit committees, granting it sole authority to hire and fire independent auditors and pre-approve all non-audit services it provides. At a minimum, committees must assist board oversight of the integrity of the financial statements; compliance with legal and regulatory requirements; qualifications and independence of the internal auditor and the performance of both the internal audit function and independent auditors. Committees are also charged with preparing the SEC-required Audit Committee Report to Shareholders that must be included in the company’s proxy. • external auditors must report directly to the audit committee; • each member must be an independent26 board member; • the audit committee must establish procedures for the receipt and treatment of complaints regarding auditing, internal accounting and accounting matters, and the confidential 25 Subject to SEC elaboration no later than April 26, 2003. 26 Defined under the Act (for audit committee purposes) as a director who is neither affiliated with the issuer or subsidiary and who does not receive compensation (including consulting and advisory fees) from the issuer other than for board or audit committee service. 36 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board NASDAQ’s proposed rules harmonize its listing standards with the Sarbanes-Oxley Act by requiring audit committees to: • review and approve related party transactions; and • engage and determine funding for independent counsel and other advisors and establish procedures for the receipt, retention and treatment of complaints received by the company regarding accounting, internal accounting controls or auditing matters. • have the sole authority to appoint, determine funding for and oversee outside auditors; • approve permissible non-audit services by the auditor in advance; Summary of KPMG’s Basic Principles for Audit Committees 1 Recognize that the dynamics of each company, board, and audit committee are unique—one size does not fit all. The board must ensure that the audit committee comprises the “right” individuals to provide independent and objective oversight. The board and audit committee must continually assert that, and assess whether, the “tone at the top” embodies insistence on integrity and accuracy in financial reporting. The audit committee must demand and continually reinforce the “direct responsibility” of the external auditor to the board and audit committee as representatives of shareholders. 5 • Audit committees must implement a process that supports their understanding and monitoring of: the specific role of the audit committee in relation to the specific roles of the other participants in the financial reporting process (oversight); critical financial reporting risks; effectiveness of financial reporting controls; independence, accountability, and effectiveness of the external auditor; and transparency of financial reporting. Note: The full text of Basic Principles for Audit Committees has been reprinted as Appendix 7 to this publication. 2 • • • • 3 4 Source: KPMG Audit Committee Institute, Basic Principles for Audit Committees, 2002. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 37 Audit Committee Charter The audit committee should have a charter in place that sets out guidelines for the duties of the audit committee versus those of the full board. It should be reviewed, at least on an annual basis. By elaborating on the basic duties of the audit committee, the charter serves to help both the full board and committee members understand their obligations and the general boundaries in which they will operate and will ensure compliance with new legal and exchange requirements. A carefully-constructed audit committee charter will: The NYSE proposals require the audit committee to have a written charter that addresses the committee’s purpose. At a minimum, the audit committee should assist board oversight of: (1) the integrity of the company’s financial statements, (2) the company’s compliance with legal and regulatory requirements, (3) the independent auditor’s qualifications and independence, and (4) the performance of the company’s internal audit function and independent auditors. The charter should also set out the duties and responsibilities of the audit committee – which, at minimum, should be to: • delineate responsibilities of the board and those of the audit committee; • cover important areas such as structure, process, and membership; • incorporate new legal and exchange requirements; • assert the committee’s authority to hire and fire internal auditors and external advisors to the audit committee; • be regularly refreshed, usually on an annual basis; and • retain and terminate the company’s independent auditors (subject, if applicable, to shareholder ratification); • be disclosed to shareholders to promote transparency.27 • at least annually, obtain and review a report by the independent auditor describing: (1) the firm’s internal quality-control procedures; (2) any material issues raised by the most recent internal quality-control review, or peer review, of the firm, or by any inquiry or investigation by governmental or professional authorities, within the preceding five years, and any steps taken to deal with any such issues; and (3) all relationships between the independent auditor and the company (to assess the auditor’s independence); 27 See Appendix 7 for a sample audit committee charter and duties check- list (Microsoft Corporation). 38 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board • discuss the annual audited financial statements and quarterly financial statements with management and the independent auditor; • discuss earnings press releases, as well as financial information and earnings guidance provided to analysts and rating agencies; • as appropriate, obtain advice and assistance from outside legal, accounting, or other advisors; • discuss policies with respect to risk assessment and risk management; NASDAQ’s proposals require the audit committee to have a written charter that outlines the scope of the committee’s responsibilities (including structure, processes, and membership requirements), including all required duties under the Sarbanes-Oxley Act. The charter should also specify the audit committee’s responsibility for ensuring the receipt from the external auditor of a formal, written statement delineating all relationships between the auditor and the company and for actively ensuring the audit committee take action to safeguard the independence of the external auditors. The committee must assess annually the need for revisions to the charter. • meet separately, with management, with internal auditors (or other personnel responsible for the internal audit function) and with independent auditors on a periodic basis; • review with the independent auditor any audit problems or difficulties and management’s response; • set clear hiring policies for employees or former employees of the independent auditors; • report regularly to the board of directors; and • review annually the performance of the audit committee. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 39 Audit Committee Composition and Independence Given the audit committee’s place at the intersection of management, independent auditors, internal auditors, and the board of directors and its responsibility for overseeing the financial reporting process, boards need to ensure committee members have the requisite independence and expertise to ensure the objectivity and overall effectiveness of the committee. As with membership on the full board, independence from management, in both fact and perception by the public, is essential. An independent committee greatly increases the objectivity and therefore the overall effectiveness of the committee. Perhaps the most important aspects of independence include: (1) having the will and the ability (in terms of knowledge and expertise) to ask the hard questions required to provide effective oversight; and (2) having the character and integrity, in general and especially in dealing with potential conflicts of interest situations. The NYSE requires each company to have, at a minimum, a three-person audit committee composed entirely of independent directors. Beyond the NYSE’s standard definition of independence,28 audit committee members are subject to the requirement, under the Sarbanes-Oxley Act, that directors’ fees are the only compensation members can receive from the company. An audit committee member may receive his or her fee in cash and/or company stock or options or other in-kind consideration ordinarily available to directors, as well as all of the regular benefits that other directors receive. Because of the significantly greater time commitment of audit committee members, the NYSE proposal states they may receive compensation greater than that paid to the other directors (as may other directors for time-consuming committee work). The NYSE proposal, however, disallows the following forms of compensation: The Sarbanes-Oxley Act requires30 that every member of the audit committee must be unaffiliated31 with the company. NASDAQ’s proposals state that directors cannot serve on an audit committee if they are deemed an affiliated person of the issuer or any subsidiary. Members are prohibited from owning more than 20 percent of the issuer’s voting securities, or such lower threshold as may be established by the SEC in its rulemaking. Committee members are required to meet NASDAQ’s new independence requirements.32 Also, they should not receive payment other than that for board and committee service. True independence, of course, is hard to define. The definition of independence must assume the ability to make objective decisions that may be in conflict with the interests of management. It is up to the board to decide on the integrity and independence of an audit committee candidate, so every member’s appointment is an occasion for careful deliberation.33 29 Under the NYSE proposals, foreign private issuers would be required to • fees paid directly or indirectly for services as a consultant or a legal or financial advisor, regardless of the amount; and comply with the independence standards for audit committee members in Section 301 of the Sarbanes-Oxley Act, which requires that the NYSE mandate compliance with these standards as a condition of listing. However, foreign private issuers would not be required to comply with any additional NYSE independence standards and could instead continue to disclose significant ways in which their home-country corporate governance practices differ from those of domestic listed companies. 30 Effective upon SEC action of implementing rules; can be no later than • compensation paid to such a director’s firm for such consulting or advisory services even if the director is not the actual service provider.29 270 days after July 30, 2002. 31 Defined under the Act as a director who is neither affiliated with the issuer or subsidiary and who does not receive compensation (including consulting and advisory fees) from the issuer other than for board or audit committee service. 32 See p. 19 for a detailed list of NASDAQ’s proposed independence 28 See p. 18-19 for a detailed list of the NYSE’s proposed independence requirements. 33 KPMG LLP, Shaping the Audit Committee Agenda, 1999, p. 34. requirements. 40 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Knowledge and skills As with the full board, committee members should have the requisite skill sets to ensure they can make a valuable contribution. Ideally, members will possess core competencies such as a broad business background, knowledge of the company’s operations and industry knowledge, along with specific skills such as accounting expertise. Additionally, upon appointment to the board, committee members should receive an orientation covering such topics as key risks and accounting policies as well as ongoing development and education. Commitment Audit committee members should ensure The SEC, in its final rule implementing the requirements of the Sarbanes-Oxley Act requires issuers to disclose whether the audit committee has or does not have at least one “audit committee financial expert”34 (and if not, why not), the name of the audit committee financial expert, (if applicable) and whether the audit committee financial expert is independent of management. The rule also defines the qualifications of the audit committee financial expert as having all of the following attributes: • An understanding of generally accepted accounting principles and financial statements. they can devote the time and energy required for service on the committee. The NYSE proposals state each prospective member should examine carefully existing obligations, and in particular, other committee memberships, before joining an audit committee. The proposals require boards to determine that a prospective member’s other audit committee memberships are not an impediment to committee service if the prospective member serves simultaneously on the audit committee of more than three public companies and disclose such determinations in the proxy. Financial expertise Since the audit committee has over- • The ability to assess the general application of such principles in connection with the accounting for estimates, accruals and reserves. • Experience preparing, auditing, analyzing, or evaluating financial statements that present a breadth and level of complexity of accounting issues that are generally comparable to the breadth and complexity of issues that can reasonably be expected to be raised by the registrant’s financial statements, or experience actively supervising one or more persons engaged in such activities. sight responsibility for the financial reporting process, knowledge of financial statements and accounting is important. For this reason, the major U.S. stock exchanges have traditionally built in requirements that members possess financial “literacy” and more recently, that one member should possess financial “expertise.” Many feel, however, that although financial literacy is important, the ability and willingness of committee members to ask the tough questions of management is of greater importance. • An understanding of internal controls and procedures for financial reporting. • An understanding of audit committee functions. 34 The SEC final rule No. 34-47262 (Final Rule: Certification of Management Investment Company Shareholder Reports and Designation of Certified Shareholder Reports as Exchange Act Periodic Reporting Forms; Disclosure Required by Sections 406 and 407 of the Sarbanes-Oxley Act of 2002, January 27, 2003) introduced the term “audit committee financial expert” to make clear that the financial expertise functions are relevant to the audit committee. The SEC notes this term suggests more pointedly that the designated person has characteristics that are particularly relevant to the functions of the audit committee, such as: a thorough understanding of the audit committee’s oversight role; expertise in accounting matters as well as understanding of financial statements; and the ability to ask the right questions to determine whether the company’s financial statements are complete and accurate. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 41 Under the final rules, the person must have acquired such attributes through any one or more of the following: 1 Education and experience as a principal financial officer, principal accounting officer, controller, public accountant or auditor or experience in one or more positions that involve the performance of similar functions; 2 Experience actively supervising a principal financial officer, principal accounting officer, controller, public accountant, auditor or person performing similar functions; 3 Experience overseeing or assessing the performance of companies or public accountants with respect to the preparation, auditing or evaluation of financial statements; or 4 Other relevant experience. The Commission on Public Trust’s Recommendations Audit Committees should be vigorous in complying with the numerous new requirements imposed by the Sarbanes-Oxley Act and by the proposed listing standards of the New York Stock Exchange. Boards should not underestimate these new requirements with respect to Audit Committees and should devote sufficient resources and time to implement them. Members of the Audit Committee must be independent and have both knowledge and experience in auditing financial matters. Also, the board should understand the obligations under the Act that the company must disclose whether or not one or more members of the audit committee qualify as financial experts within the meaning of regulations promulgated pursuant to the Act and, if not, why not. There should be an orientation program for each member of the Audit Committee. Members of the Audit Committee should participate regularly in continuing education programs. Compliance with the Sarbanes-Oxley Act will require scrutiny and evaluation by top management and the board of issues such as the company’s control environment, business risks, information and communication systems, and monitoring processes. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board, 2003, p. 11. 42 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Audit Committee Communication and Reporting As with the full board, the effectiveness of the audit committee ultimately depends on the quality and timeliness of information the committee has at its disposal, obtained through both formal and informal channels. The audit committee chairman should take responsibility for ensuring management and the board is apprised of audit committee developments. As with the flow of information to the full board, the quality and timeliness of information to the audit committee provided by management plays a large part in determining the overall effectiveness of the audit committee. A Spring 2002 KPMG survey found that 19.2 percent of respondents did not believe management had provided (the audit committee with) the information to understand the critical accounting policies and judgments and estimates used in financial reporting.35 It is the responsibility of the audit committee to make the inquires necessary to ensure they are receiving the information required to effectively provide oversight to the financial reporting process. Information the audit committee should obtain through discussions with management and written reports includes: • The company’s foreign operations, including locations, and controls over financial reporting. • Insurance coverage for directors and officers, and other related forms of liability insurance such as employment practices liability insurance. • Extent of work performed for governments and compliance with related contractual terms. • The company’s policies and procedures for reviewing officers’ expenses and perquisites.36 Although committee members receive, and should expect to receive, the bulk of their information from management, they need to be able to receive it from other sources, both internal and external, including the internal and external auditors as well as external advisors when needed. • Management’s assessments of the business risks the company faces, and its planned responses to those risks. Reporting to management and the board The audit committee chairman plays a key coordinating role between the audit committee, board and internal and external auditors. The Chairperson should maintain close contact with the financial managers and the board to apprise them of audit committee developments. The audit committee chairman must also establish a good working relationship with the chief financial officer (CFO) to ensure effective information exchange on all relevant matters. The Chairperson should be in contact with the external auditors and kept abreast of auditrelated issues and consider the extent and frequency of communications with the head of internal audit. • Controls over treasury activities, including cash management, hedging, foreign currency transactions, and use of new or unusual financial instruments. • The legal environment, including the status of pending lawsuits or administrative proceedings and related accruals, if any, and the status of product and environmental liability and warranty reserves. • Industry-specific issues, such as regulatory issues or information about the competitive environment. • The effect new tax laws and other regulations may have on the company. In order for the board to be informed of the work and findings of the audit committee, the committee should report to the board on a regular basis. The audit committee chairman should also present a report to the full board at least annually covering the work and findings 35 KPMG’s Audit Committee Quarterly, Fall 2002, p. 28. 36 PricewaterhouseCoopers, Audit Committee Effectiveness – What Works Best?, November 2000, p. 17. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 43 of the audit committee during the year. These reports should include an overview of significant discussions with management, internal and external auditors, conclusions on the effectiveness of the internal audit function, and other key items. The committee should also consider providing the board with meeting minutes to keep the board apprised throughout the year. The NYSE’s proposals suggest that the audit committee should review with the full board any issues that arise with respect to the quality or integrity of the company’s financial statements, the company’s compliance with legal or regulatory requirements, the performance and independence of the company’s independent auditors, and the performance of the internal audit function. Meetings As with meetings of the full board, careful plan- Access to external advisors Audit committees should have access, as needed, to external advisors without ties to the management, including special counsel, consulting accountants, and other advisors, and access to these advisors should be codified in the audit committee charter. These advisors can be useful to delve deeper into areas of concern to the audit committee, provide unbiased advice, and increase the overall effectiveness of the committee. For example, these advisors could serve as a resource for the committee to evaluate and report back to the committee on the numerous new tasks being allocated to it such as the hiring and firing of the independent auditors, and to provide specialized experience on the complex financial issues the committee must consider. However, these experts are not a substitute for the audit committee fulfilling its duties. The Sarbanes-Oxley Act affirms the audit committee’s access to external advisors. The NYSE proposals also allow audit committees to access outside legal counsel or other advisors as needed. NASDAQ’s proposals state audit committees must have authority to consult with and retain legal, accounting and other experts “in appropriate circumstances.” ning needs to go into the preparation of audit committee meetings. Meetings should be structured to encourage maximum participation and dialogue among participants. In addition to the audit committee members, participants in these meetings commonly include the CFO or controller, and may include the CEO, other top management, and internal and external auditors as needed. Best practice generally calls for committees to meet at least four times per year, usually coinciding with the reporting cycle. As for the length of these meetings, the acid test is whether committee members are satisfied they have thoroughly addressed all significant agenda items, without feeling undue pressure to rush discussions.37 Private sessions Audit committee members should meet The Commission on Public Trust’s Recommendation The Audit Committee should, if necessary, retain professional advisors to assist it in carrying out its functions. These professional advisors should have no other ties to the company. Because of the scope and magnitude of their responsibilities, Audit Committee members may require additional expertise as well as additional staff assistance to fulfill their new responsibilities. periodically with management in private sessions to discuss sensitive matters such as the reappointment or dismissal of the external auditors. In addition, the audit committee should provide for executive sessions of committee members to promote open dialogue among committee members and the free exchange of ideas and should be scheduled at regular intervals. Private sessions with management, and with the internal and external auditors are also required in the NYSE proposals. The committee also needs to build in a feedback mechanism whereby someone—usually the committee chairman— can communicate any concerns raised to the CEO or CFO and ensure the concerns are addressed. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board, 2003, p. 12. 37 PricewaterhouseCoopers, Audit Committee Effectiveness – What Works Best?, November 2000, p. 54. 44 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Oversight—Internal Audit Boards should examine company practices relating to the internal audit function to ensure compliance with relevant legislation and exchange guidelines. Among other key issues, boards should ensure that: such a function exists within the company; the audit committee is receiving the requisite information from internal auditors such as key risks facing the company; the internal audit function is structured to promote operational independence; appropriate lines of communication exist between the internal auditors, management and the audit committee; and a forum is provided where internal auditors can raise concerns without fear of management retribution. The NYSE proposals would require each company to have an internal audit function. According to the NYSE, companies would not need to establish a separate internal audit department or devote full-time employee resources, only to have appropriate control measures in place to review and approve internal transactions and accounting. Companies would also be allowed to outsource the function to an outside firm. If the function is outsourced, the company should use a different firm than the firm used for the external audit. Communication The audit committee requires information from the internal auditors to gain an overview of the strategic, operational, and financial risks facing the company and the assessment of the controls put in place by management to manage these risks. The report from the internal auditors should be prepared periodically and broadly address the adequacy of internal controls, rather than being limited to financial controls. The head of internal audit should also, at least annually, present a report on the state of the company’s internal control processes to senior management and the audit committee.38 Meetings and private sessions The head of internal audit should have a direct reporting line to the audit committee, including participating at audit committee meetings and in private sessions. These meetings build trust and provide a forum for issues to be raised. Meetings should be held as a matter of course. Discussions with the internal audit director may include issues such as areas of principal concern to the audit director and performance of the external auditors. Private meetings play an important role given the internal auditors’ unique role within the company—both employed by management but also reviewing management’s conduct. Private meetings provide a forum where issues can “bubble to the surface” and internal auditors can speak candidly about their concerns. Conversely, audit committee members need to ask probing questions during these sessions to ensure all relevant issues are surfaced. Ensuring independence The internal audit function should be structured to ensure operational independence and should have full and direct access to the audit committee and top management. In addition, the internal audit director should report directly to the audit committee. To promote independence, the Institute of Internal Auditors (IIA) recommends the audit committee include certain provisions in its charter pertaining to the internal audit function: • The audit committee should ensure the internal audit function is structured in a manner that achieves organizational independence and permits full and unrestricted access to top management. • The audit committee should review the internal audit function’s charter and ensure unrestricted access by internal auditors to records, personnel, and physical properties relevant to the performance of the engagements. • The audit committee should review and approve the annual internal auditing budget and assess the appropriateness of the resources allocated to internal auditing. 38 Internal audit reporting to senior management and the audit committee is discussed in greater detail on page 43-44. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 45 • Decisions regarding hiring or termination of the Chief Audit Executive (CAE) should require endorsement by the chairman of the audit committee. • The chairman of the audit committee should also be appropriately involved in the performance evaluation and compensation decisions related to the CAE. Rotation Audit committees may wish to consider a rotation policy for both the head of internal audit and internal audit staff to promote independence. For instance, the company could institute a policy whereby internal audit staff are rotated every three or five years. Staff rotation allows for a new and fresh perspective and guards against complacency—an important factor since, at many companies, the positions are used as a steppingstone to senior financial manager positions. • The audit committee should regularly provide the CAE and the external audit with the opportunity to confer privately with the committee, without the presence of management.39 The Commission on Public Trust’s Recommendation All companies should have an internal audit function. This should be established regardless of whether it is an “in-house” function or one performed by an outside accounting firm that is not the firm that acts as the company’s regular outside auditors. Public companies should revise their internal controls to reflect a broad risk-based approach and to support the certification process for both financial reports and internal controls. The internal auditor should have a direct line of communication and reporting responsibility to the audit committee. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board, 2003, p. 11. 39 Institute of Internal Auditors, Position Paper Presented by The Institute of Internal Auditors to the U.S. Congress, April 8, 2002, pp. 5-6. 46 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Oversight—External Audit Audit committees should examine their policies with regard to the external audit process to ensure compliance with relevant legislation and stock exchange guidelines. To ensure the independence and objectivity of the external audit process, audit committees should ensure a forum exists in the form of audit committee meetings and private sessions, and consider the performance of the external auditor and the audit committee’s relationship with the external auditor on an annual basis. The requirements of the Sarbanes-Oxley Act40 make it clear that the audit committee is directly responsible for the oversight of any public accounting firm employed by the company. Specifically, the audit committee is responsible for the appointment, compensation, and oversight of the work of the external auditor, including the resolution of disagreements between management and the auditor regarding financial reporting, in the conduct of issuing an audit report or related work. The external auditor is also required to report directly to the audit committee. Additionally, all non-audit services still permitted by Sarbanes-Oxley41 that are provided by the external auditor must be pre-approved by the audit committee. Both the NYSE and NASDAQ proposals grant the audit committee the sole authority to hire and fire the external auditor and approve fees and terms of the audit and non-audit services. Audit process The NYSE proposals explicitly state that Under the NYSE proposals, the audit committee should also review with the external auditor any audit problems or difficulties encountered during the course of the auditor’s work and management’s response. Specifically, the audit committee should regularly review with the external auditor potential “red flag” areas (see box on page 48) such as accounting adjustments noted by the auditor but approved by management, communications between the audit team and the audit firm’s national office related to audit and accounting issues presented by the engagement, and reportable deficiencies in the design or operation of internal controls over financial reporting. The NYSE proposals specify this review should also include a discussion of the responsibilities, budget and staffing of the company’s internal audit function. Audit committee members need to ask detailed questions related to the external auditors’ report and about the audit process. Such areas the audit committee may wish to cover include: the audit committee should review: • major issues regarding accounting principles and financial statement presentations; • application of generally accepted accounting principles; • analyses prepared by management and/or the internal auditor setting forth significant reporting issues and judgments made in the preparation of the financial statements; • changes to accounting principles and significant adjustments; • applicability of accounting principles to competitor companies; • the effect of regulatory and accounting initiatives and off-balance sheet structures on the financial statements; and • estimates and judgments used in the financial statements; and • earnings press releases and financial information/earnings guidance provided to analysts/rating agencies. • emergence of financial or non-financial risk areas. 40 Subject to SEC elaboration no later than April 26, 2003. 41 A number of non-audit services were disallowed by Sarbanes Oxley including: bookkeeping and related services, management and human resources consulting, and appraisal and valuation services. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 47 Financial Reporting “Red Flags” and Key Risk Factors • • • Complex business arrangements not well understood and appearing to serve little practical purpose. Large last-minute transactions that result in significant revenues in quarterly or annual reports. Changes in auditors over accounting or auditing disagreements (i.e., the new auditors agree with management and the old auditors do not). Overly optimistic news releases or shareholder communications, with the CEO acting as an evangelist to convince investors of future potential growth. Financial results that seem “too good to be true” or significantly better than competitors without substantive differences in operations. Widely dispersed business locations with decentralized management and a poor internal reporting system. Apparent inconsistencies between the facts underlying the financial statements and Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) and the President’s letter (e.g., the MD&A and letter present a “rosier” picture than the financial statements warrant). Insistence by the CEO or CFO that he/she be present at all meeting between the audit committee and internal or external auditors. A consistently close or exact match between reported results and planned results—for example, results that are always exactly on budget or managers who always achieve 100 percent of bonus opportunities. • Hesitancy, evasiveness, and/or lack of specifics from management or auditors regarding questions about the financial statements. Frequent instances of differences in views between management and external auditors. A pattern of shipping most of the month’s or quarter’s sales in the last week of last day. Internal audit operating under scope restrictions, such as the director not having a direct line of communication to the audit committee. Unusual balance sheet changes, or changes in trends or important financial statement relationships—for example, receivables growing faster than revenues or accounts payable that keep getting delayed. Unusual accounting policies, particularly for revenue recognition and cost deferrals—for example, recognizing revenues before products have been shipped (“bill and hold”) or deferring items that normally are expensed as incurred. Accounting methods that appear to favor form over substance. Accounting principles/practices at variance with industry norms. Numerous and/or recurring unrecorded or “waived” adjustments raised in connection with the annual audit. Source: Report of the NACD Blue Ribbon Commission on Audit Committees, Appendix E, 2000. • • • • • • • • • • • • • • 48 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Evaluation Final SEC rules implementing certain provisions of the Sarbanes-Oxley Act require the external auditor to report, prior to the filing of its audit report with the SEC, to the audit committee: • all critical accounting policies and practices used by the issuer; • all material alternative accounting treatments of financial information within GAAP that have been discussed with management; and • other material written communications between the accounting firm and management. The NYSE proposals state the audit committee should obtain and review a report by the external auditors assessing, among other areas, internal quality control, material issues raised by the most recent peer review or investigations/inquiries made by governmental or professional authorities in the preceding five years (and measures taken to address these issues), along with a review of all relationships between the company and its external auditor. This report can serve as a basis for evaluating the auditor’s performance, qualifications, and independence. The audit committee should take into account the opinion of management and internal auditors when making the decision to reappoint the firm. Independence The audit committee should develop mea- Non-audit services Audit committees should examine company policies in relation to the provision of nonaudit services by the external auditor. The SarbanesOxley Act makes it unlawful for the external audit firm to contemporaneously provide both audit and certain non-audit services. The prohibited non-audit services are identified in the Act and include bookkeeping and related services, management and human resources consulting, and appraisal and valuation services.42 The Act further stipulates that all non-audit services must be pre-approved by the audit committee, and any non-audit services approved must be disclosed to shareholders. The implementing SEC provisions further define the types of non-audit services specified in the Act and clarify that an accountant would not be independent if the audit partner received compensation based on the partner procuring engagements with that client for services other than audit, review, and attest services. Auditor independence and rotation considerations Audit committees should evaluate their current public accounting firm at least annually, and perform a more thorough evaluation and review at least every five to seven years. The audit committee may wish to consider other public accounting firms as part of this evaluation and review. sures to ensure the objectivity and independence of the external auditors. Material relationships that may impact the independence of the external auditors should be considered by the audit committee. Under the SarbanesOxley Act, the external auditors cannot render audit services to the company if the company’s CEO, Chief Financial Officer (CFO), Chief Accounting Officer (CAO), or controller was previously employed by the auditor or participated in the audit of the company in any capacity during the one year prior to the date of the initiation of the audit. The NYSE proposals require audit committees to set clear hiring policies for current and former employees of the external auditor to safeguard independence and to consider all relationships between the external auditor and company when deciding whether the audit firm should be reappointed. Audit committees should consider changing audit firms if there is a service issue or circumstances exist that would call into question the audit firm’s objectivity. (See the Commission on Public Trust’s recommendation on auditor rotation.) The primary emphasis in choosing an audit firm should be the demonstrated experience, quality and depth of knowledge of all audit personnel to be assigned to the audit, specific industry expertise, the scope of work to be performed, and any inspection reports available about the audit firm. 42 Specifically, the Act stipulates prohibited non-audit services include the following: bookkeeping or other services related to the accounting records or financial statements of the audit client; financial information systems design and implementation; appraisal or valuation services, fairness opinions, or contribution-in-kind reports; actuarial services; internal audit outsourcing services; management functions or human resources; broker or dealer, investment advisor, or investment banking services; legal services and expert services unrelated to the audit; and any other service that the board determines, impermissible. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 49 The Sarbanes-Oxley Act includes measures to ensure auditor independence by clarifying “prohibited services” that can be provided by the external auditor, placing a time limit before audit firm personnel can be employed by an audit client in a senior position, and requiring fiveyear rotation of certain of the firm’s partners who have participated in the audit. One of the most important elements of the Act impacting auditor independence is the requirement for the audit committee to pre-approve all non-audit services and for the auditor to report directly to the audit committee. The NYSE proposals stipulate that, in addition to assuring the regular rotation of the lead audit partner as required by law, the audit committee should further consider whether to set a policy for the rotation of the external audit firm. The Government Accounting Office (GAO) will be performing an additional study related to the rotation of independent auditors as required by the Sarbanes-Oxley Act. Meetings and private sessions Similar to the internal auditor, the external auditors should have direct access to the audit committee, including participating in audit committee meetings and private sessions. These meetings build trust and provide a forum for issues of concern to be raised. Meetings should be held as a matter of course and should include, at a minimum, the engagement partner. Additionally, many believe it is also useful to include the “review partner” and other key members of the audit engagement team to provide additional indepth information. Discussions with the external auditors may include concerns about management and the internal auditors and other matters the external auditors may wish to discuss. In turn, audit committee members need to ask probing questions during these sessions to ensure all relevant issues are surfaced. Examples of some useful questions committee members should ask are: • Do you believe your scope is broad enough? • In your opinion, are investors receiving enough information to understand this company? • Have you had any disputes with management, and if so, what were they and how were they resolved? The Commission on Public Trust’s Recommendation Audit Committees should consider rotating audit firms when there is a combination of circumstances that could call into question the audit firm’s independence from management. The existence of some or all of the following circumstances particularly merit consideration of rotation: (1) the audit firm has been employed by the company for a substantial period of time (e.g., over 10 years); (2) one or more former partners or managers of the audit firm are employed by the company; and (3) significant non-audit services are provided to the company—even if they have been approved by the audit committee. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board, 2003, p. 12. 50 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Disclosure, Compliance, and Ethics Disclosure Practices Boards should examine the company’s practices with regard to financial and other disclosures to ensure the company meets the requirements of the new legislation and proposed stock exchange listing rules and that it maximizes benefits to the company that can be gained from instituting a sound disclosure policy. Besides ensuring compliance under existing or proposed rules, boards need to take stock of the company’s disclosure practices for a variety of reasons: Responsibilities The board is responsible for the over- • The Sarbanes-Oxley Act and proposed stock exchange rules require greater disclosure in certain areas (and sets out penalties if these disclosures are not made). • Companies are subject to new criminal penalties and face greater exposure to civil claims under the Sarbanes-Oxley Act. sight of financial reporting and all public disclosures and typically delegates these responsibilities to the audit committee. Management has responsibility for implementation. The audit committee needs to take steps to ensure the quality, timeliness, and accuracy of all disclosures and ensure they are complete, fairly represent material information, and comply with all relevant rules and regulations. Committee members need to feel comfortable with the information presented to them, including asking the hard questions when necessary. Under the NYSE proposals, the audit committee is charged with preparing the Audit Committee Report to Shareholders that SEC rules require be included in the company’s annual proxy statement; discussing the annual audited financial statements and quarterly financial statements with management and the independent auditor, including the company’s disclosures under “Management’s Discussion and Analysis of Financial Condition and Results of Operations” (MD&A); and discussing earnings press releases, as well as financial information and earnings guidance provided to analysts and rating agencies. • A transparent disclosure approach indicates a commitment to good corporate governance and helps to build trust with shareholders and stakeholders. • Poor disclosure practices can adversely impact cost of capital and share price. • Companies have ever-growing and more cost-effective means (Internet, etc.) of communication with shareholders and stakeholders. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 51 New disclosure requirements New SEC rules add to • Requires companies to disclose their Web site address in the annual report, whether annual, quarterly, and current reports (and all amendments to these reports) are made available free of charge (and if not, why not), and, if not, whether the company will provide electronic or hard copies of reports free of charge upon request. The Sarbanes-Oxley Act requires the CEO and the CFO to certify in each annual or quarterly report filed that: the list of items that must be disclosed, tighten filing deadlines and require public companies to set up and maintain a disclosure control system to collect, process, and disclose information. Among the new rules:43 • Adds 11 items to the list of events that require a company to file a current report on Form 8-K. • Shortens the filing deadline for Form 8-K to two business days (formerly five business days or 15 calendar days depending on the event) after an event triggering the form’s disclosure requirement. • the signing officer has reviewed the report; • based on the officer’s knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements not misleading; and • Accelerates filing deadlines for annual reports (10-K) from the current 90 days to 60 days after fiscal year end,44 and quarterly reports (10-Q) from the current 45 days to 35 days after fiscal year end45 over a three year phase-in period. • Stipulates signing officers are responsible for: (1) establishing and maintaining a system of disclosure controls, which should cover a broader range of information covered by “traditional” controls over financial reporting; (2) designing disclosure controls and procedures to ensure material information is communicated; (3) evaluating the effectiveness of these disclosure controls and procedures as of a date within 90 days prior to the filing date of all periodic reports; and (4) presenting in the report their conclusions about the effectiveness of the disclosure controls and procedures based on the required evaluation of that date. • based on such officer’s knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issuer as of, and for, the reporting period(s). In addition to greater responsibilities for financial disclosures, companies face a host of new disclosure requirements under Sarbanes-Oxley and the major U.S. stock exchange proposals. As discussed throughout this report, required or proposed disclosures would include making available board committee charters and activities, corporate governance and ethics policies, any waivers of the ethics code, and reports on internal controls and significant risk factors. 43 Applies to companies that have a public float of at least $75 million, that have been subject to the Exchange Act’s reporting requirements for at least 12 calendar months and that previously have filed at least one annual report. 44 The annual report deadline will remain 90 days for year one and change from 90 days to 75 days for year two and from 75 days to 60 days for year three and thereafter. 45 The quarterly report deadline will remain 45 days for year one and change from 45 days to 40 days for year two and from 40 days to 35 days for year three and thereafter. 52 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Implementing disclosure practices In light of the new • preparing a detailed disclosure preparation timetable which reviews on a week-by-week or month-by-month basis for at least the next year, critical dates and deadlines in the disclosure process and addressing specific topics such as law firm and outside auditor review of filings and recipients of draft reports; requirements, and as suggested by the SEC, companies may wish to establish a separate “disclosure committee” with oversight responsibility for the company’s entire disclosure regime. Committee members could include the general counsel, head of investor relations, the chief risk officer, and the committee should be chaired by the CFO or another relevant corporate officer. The committee would review all public reports, with each committee member reviewing the portion in his/her expertise area, and the committee would report directly to the CFO or CEO. Other processes companies may wish to consider include: • establishing definitive personnel responsibility for portions of filings to relevant officers and business unit heads, where portions of filings are reviewed and data gathered by the relevant personnel; and • designating a single individual to be responsible for the operational aspects of disclosure procedures and who would report to the disclosure committee; • clarifying the roles of the company’s external counsel and external auditors, including filings or portions of filings to be reviewed and levels of involvement beyond traditional areas.46 • preparing written guidelines outlining the company’s disclosure processes and procedures and responsibilities for disclosure; 46 Fried, Frank, Harris, Shriver & Jacobson, Client Memorandum, September 6, 2002. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 53 Internal Controls As part of its duty of care, the board needs to play an active oversight role in the area of internal controls by ensuring the company has an effective internal control framework in place, including the assessment and management of key financial and non-financial risks and an effective monitoring and oversight process, supported by timely and accurate information and clear communication channels. The board should clearly define its role vis-à-vis senior management, the audit committee, internal and external auditors, and other parties that may be involved in establishing, maintaining, or evaluating the internal controls process. Internal control is a process designed to provide reasonable assurance that an organization is achieving its objectives by helping to: A sound internal controls framework will be composed of an effective control environment, an assessment of key risks, control activities, timely and effective information and communication processes, and an oversight/ monitoring process. The control environment is the foundation for the other aspects of the internal control system. It includes factors such as integrity, ethical values, and the competence of personnel. The risk assessment process allows management to identify and manage risks relevant to achieving the organization’s objectives. Control activities are policies and procedures • protect its assets and shareholders’ investments; • ensure it is not overly exposed to risks; • improve the reliability of internal and external reporting; • promote compliance with applicable laws and regulations; and • improve the effectiveness and efficiency of operations. Internal controls can be broadly classified into three categories: Financial reporting controls Covers the preparation of reliable financial statements and other financial information. Operational controls Addresses a company’s that help ensure management directives are carried out properly and in a timely manner. These include segregation of duties, approval processes, security of assets and controls over information systems. Timely and effective information and communication processes allow those within the organization to carry out their respective responsibilities. This includes preparing reports of operational, financial, and compliancerelated information as well as day-to-day communication processes among employees, supervisors, and senior management. basic business objectives, including adherence to performance standards and the safeguarding of resources. Compliance controls Covers laws and regulations to which a company is subject to avoid damage to a company’s reputation or other negative consequences.47 47 Presentation by Mark Lastner, Vice President, Audit & Control, Marsh & McLennan Companies, Inc. at The Conference Board Chief Governance Officer Workshop in’ Boston, MA, January 27, 2003. 54 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board An effective monitoring and oversight process allows senior management and the board to assess whether controls are functioning as intended and whether they are modified when necessary to accommodate changes in conditions. This can be accomplished through ongoing monitoring activities, separate evaluations of internal control such as self assessments and internal audits, or a combination of the two.48 Roles and responsibilities for internal controls Management has primary responsibility for developing and instituting an effective system of internal control. Management delegates responsibility to each area of the company’s operations and assigns responsibilities as appropriate to implement the control system. Most commonly, the heads of business units and the CFO are responsible for establishing internal controls, the internal and external auditors test various components of internal controls, and the CFO, board/audit committee, and internal and external auditors consider the results of internal controls testing. The board (and in particular the audit committee) is responsible for protecting and enhancing the long-term value of the corporation as part of its duty of care. The Delaware Chancery Court in In re Caremark International Derivative Litigation49 noted that directors have a duty of oversight and monitoring of the company’s activities. Both senior management and the audit committee should obtain information from the internal auditors to obtain their view of the strategic, operational, and financial risks facing the company and the assessment of the controls put in place by management to manage these risks. The report from the internal auditors should be prepared periodically and broadly address the adequacy of internal controls, rather than being limited to financial controls. The head of internal audit should also, at least annually, present a report on the state of the company’s internal control processes to senior management and the audit committee. The Institute of Internal Auditors (IIA) states that, in order to provide comprehensive information and to ensure multiple viewpoints are considered, the report on controls should be based on information from a variety of sources including: • independent evaluations of risk and control systems performed by internal auditors; • reviews of internal controls performed during the external audit; • management opinions on significant risks and the sufficiency of controls and associated reports provided to the board of directors; and • the results of special investigations or other activities that could have a material impact on the board’s consideration of risk management and the sufficiency of internal controls.50 During the course of their work, the audit committee should also obtain information from the external auditors on the adequacy of the company’s internal controls, including the internal audit function. 48 Presentation by Mark Lastner Vice President, Audit & Control, Marsh & 50 Institute of Internal Auditors, Position Paper Presented by The Institute of McLennan Companies, Inc. at The Conference Board Chief Governance Officer Workshop in Boston, MA, January 27, 2003. 49 698 A.2d 959 (Del. Ch. 1996). Internal Auditors to the U.S. Congress, April 8, 2002, p. 4. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 55 The audit committee has responsibility for insuring any reported deficiencies in the internal controls are addressed and that the necessary actions are being taken to address the deficiencies in a timely fashion. Equally important, it needs to ensure follow-through by requesting progress reports from management or other means. The audit committee should also address whether deficiencies identified warrant a more through evaluation of the system of internal controls. CEO and CFO certification The Sarbanes-Oxley Act • disclosing to the issuer’s auditors and the audit committee of the board of directors (or equivalent function): (1) all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize, and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; and (2) any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls; and requires annual reports contain an internal control report which: (1) states the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contains an assessment, as of the end of the most recent fiscal year, of the effectiveness of the internal control structure and procedures for financial reporting. In addition, the CEO and the CFO must certify they have taken responsibility for: • indicating in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses. Internal control limitations A sound system of internal • establishing and maintaining internal controls; • designing such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared; • evaluating the effectiveness of the issuer’s internal controls as of a date within 90 days prior to the report; • presenting in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date; control reduces, but cannot eliminate, the possibility of poor judgment in decision-making; human error; control processes being deliberately circumvented by employees and others; management overriding controls; and the occurrence of unforeseeable circumstances. A sound system of internal control therefore provides reasonable, but not absolute, assurance that a company will not be hindered in achieving its business objectives, or in the orderly and legitimate conduct of its business, by circumstances which may reasonably be foreseen. A system of internal control cannot, however, provide protection with certainty against a company failing to meet its business objectives or suffering material errors, losses, fraud, or breaches of laws or regulations.51 51 The Institute of Chartered Accountants in England and Wales, Internal Control, Guidance for Directors on the Combined Code, September 1999, p. 7. 56 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Risk Assessment and Management Management and boards should give thoughtful consideration to the benefits of implementing a robust and effective risk management system which include: greater flexibility, less frequent and severe sudden shocks, and greater investor confidence. It is management’s responsibility to assess and manage the various risks facing the company while boards must ensure that a system is in place; that the key risks are identified and transparent; that the system is robust, independent and fully aligned with the overall strategy; and that the company develops and supports a true risk management culture. In a McKinsey & Company survey conducted during April and May of 200252 of over 200 directors serving on the boards of 500 companies, 43 percent of directors indicated that the boards on which they serve have either an ineffective process or no process at all for identifying, safeguarding against and planning for key risks. As a result, 36 percent of directors felt that they lacked a full understanding of the key risks facing the companies they oversee. Boards need to fully understand their role and that of management in the area of risk management. Management is responsible for assessing and managing the company’s exposure to the various risks facing the company, and assigns responsibilities to different areas. (See the box on page 58 and Appendix 9, which provides a list of questions which the board may wish to consider when assessing the effectiveness of the company’s risk management and internal controls processes.) The board is responsible for ensuring that the company has a process in place to assess and manage risks and to ensure that both the management and the board receives timely and accurate information on key risk areas, that steps are taken to manage these risks, and that the system is re-evaluated on a regular basis. Typically, the board delegates responsibility for risk management oversight to the audit committee, although it may assign it to another committee. The NYSE proposals would require the audit committee to discuss the guidelines and policies by which the company governs risk, along with the company’s major financial risk exposures and the steps management has taken to monitor and control such exposures. There are four key processes that boards should monitor in the area of risk assessment and management: 1 The company’s overall risk strategy is defined and clearly articulated. • Management defines the risks that should be taken, the level of risk and the benchmark returns required for undertaking these risks. • Management defines how the company’s risk appetite should be communicated, both internally and externally to ratings agencies, equity analysts and investors. • Management should continually test whether the risk strategy is understood and being implemented. 2 The risks faced by the company are identified and made fully transparent. • Key risk areas such as strategic, operational, and financial risk areas are identified, along with specific risks in each major category. • Management develops a “dashboard” measure, such as a “heat map” to help management and the board assess standard types of risk for each business unit and the overall firm and to facilitate board and management discussions about key risks. 3 The risk organization and process is robust, independent, and fully aligned with the company’s overall strategy. • The roles of management, board, audit committee, internal and external auditors, and other groups/individuals involved in the risk management process are defined and understood by all parties involved in the process. 52 McKinsey & Company Discussion Document, “Current Issues In Board Governance and Risk Management,” November 11, 2002, pp. 5-6. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 57 • The chief risk officer should be of sufficient stature to ensure effective voice and should report directly to the CEO or CFO and to the audit committee or full board. • Management holds employees accountable for violations of the company’s risk policy.53 The Institute of Internal Auditors (IIA) recommends high risk areas be targeted for special consideration or reviews, including areas involving accounting estimates, reserves, off-balance sheet activities, material open items from internal and external audit reports and areas rated unsatisfactory, special-purpose entities, major subsidiaries, contingent liabilities and pending litigation, closing/adjusting entries, and accounting practices differing from standard industry practices.54 The company may also wish to create a checklist of potential “red flag” areas to assist the internal auditors in highlighting, documenting, and reporting significant potential problem areas. • There should be a separation of duties between risk policy setting, monitoring and control on one hand, and business and management on the other. 4 The company instills a true risk management culture throughout the organization. • The board, CEO, and senior management are clearly supportive of the process (“tone at the top”) and management makes appropriate investments in risk management professionals and infrastructure. • Risk identification and management is an ongoing process, with new risks identified as they emerge and incorporated into the overall risk framework. 53 Source: McKinsey & Company Discussion Document, “Current Issues In Board Governance and Risk Management,” November 11, 2002. 54 Institute of Internal Auditors, Position Paper Presented by The Institute of Internal Auditors to the U.S. Congress, April 8, 2002, p. 3. Responsibilities for Risk Management Business unit line managers Directly responsible for identifying, managing, and reporting critical risk issues upstream. Some CFOs use models relating shifts in risk factors such as interest rates or commodity prices to movements in share value. Also, acts on behalf of the chief executive spearheading implementation of the risk management architecture. An increasing number of CFOs play a key operating role, and are well positioned to drive their companies to competitive advantage through leading-edge risk management. Chief Risk Officer Acts as line managers’ coach, helping them implement a risk management architecture and work with it ongoing. As a member of the senior management team, the CRO monitors the company’s entire risk profile, ensuring major risks identified are reported upstream. Legal counsel Typically reports to top management and the board on significant external exposures (from lawsuits, investigations, government inquiries) and internally generated matters (criminal acts, conflicts of interest, employee health and safety issues, harassment). These reports help complete the picture of company risks. Internal audit Monitors how well business units manage their risk, in coordination with the CRO. Increasingly, internal audit functions are focusing attention on business units’ risk management and control activities, bringing their skills and added value to the business. They also leverage knowledge of the line’s risk management architecture in targeting audit activity. Chief Executive Brings the power of the CEO office to risk architecture implementation. The CEO needs to support, and be perceived as clearly supporting, the necessary focus on risk management. Chief Financial Officer Handles risk management activities traditionally falling within the CFO’s purview, such as treasury and insurance functions. Applies concepts of value-based management and linking risk to value through performance. Source: PricewaterhouseCoopers, Corporate Governance and the Board – What Works Best?, May 2000, p. 17. 58 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Director and Officer Liability and D&O Liability Insurance It is essential for every corporation to review the changing climate for potential liability of directors and officers and resulting effects on the D&O Liability Insurance underwriting marketplace. Corporations need to identify the areas of potential risk–including corporate governance-related risks—that involve potential personal D&O liability and then to consider how such liability can be minimized. The consulting firm of Tillinghast-Towers Perrin, in announcing the results of its 2001 Directors and Officers Liability Survey, as of June 2002, reported “alarming increases in the costs of litigation against directors and officers, particularly shareholder litigation, as well as widespread concerns about high-profile bankruptcies and the quality of corporate accounting and financial reporting which are among the principal reasons for a dramatic increase in D&O liability insurance premiums.”55 Similar trends of litigation against corporations and their directors and officers are reported in other recent studies,56 indicating increased frequency and severity of such cases and resulting settlement amounts. The Sarbanes-Oxley Act and associated SEC rules have created additional areas of potential liability for directors and corporate officers, about which directors and officers need to be aware. They include the following: • Tighter disclosure standards, which require companies to make additional disclosures on a “rapid and current basis” potentially creates additional evidence around which plaintiffs may build a case. Furthermore, the additional evidence may assist plaintiffs in surviving a motion to dismiss (for failing to prove fraud with adequate specificity). • A more stringent SEC enforcement regime, such as the requirement under the Sarbanes-Oxley Act for the SEC to review public company disclosures at least every three years, which may lead to a greater number of SEC enforcement actions. This may in turn result in concurrent civil actions by private litigants. • An extended statute of limitations period will result in longer class periods, which in turn may potentially result in higher damage awards during the class period. Plaintiffs now have until the earlier of two years from discovery of a violation and five years from the act itself to bring a claim. The previous statute was within three years of the act, or one year of the discovery of the act. • Greater responsibilities for directors and, especially, audit committee members to play a more active oversight role, which may increase their exposure to liability. • CEO and CFO certifications verifying the accuracy of the company’s financial statements and internal controls, which may be used as evidence in the event of a legal proceeding. 55 Tillinghast – Towers Perrin Press Release, June 17, 2002. 56 See, for example, PricewaterhouseCoopers LLP 2001 Securities Litigation Study. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 59 In addition to the heightened exposure to liability as a result of the new legislation, the Delaware courts have clearly signaled the intent to apply a greater focus on corporate governance issues and the conduct of independent directors, in particular. These observations are supported by recent Delaware Supreme Court rulings, observations made by Chief Justice E. Norman Veasey and articles written by other Delaware judges. For example, Chief Justice Veasey observed: “If directors claim to be independent by saying, for example, that they base decisions on some performance measure and don’t do so, or if they are disingenuous or dishonest about it, it seems to me that the courts in some circumstances could treat their behavior as a breach of the fiduciary duty of good faith.”57 These developments are important, given the large percentage of companies incorporated in Delaware and because other courts take their cue from the Delaware courts on corporate law matters. A January 2003 Weil, Gotshal & Manges memorandum observes that plaintiffs arguing on the grounds that directors breached their fiduciary duties by not acting in “good faith” in the conduct of their oversight responsibilities may ask courts to decide such questions as: • Could directors have had a good faith belief that a chief executive officer would have left the corporation or not performed up to his or her potential if he or she were offered less money than the millions or tens of millions of dollars the compensation committee agreed to pay? • Could directors who have full time jobs and/or serve on multiple boards (and/or multiple audit committees) have had a good faith belief that their multiple obligations provided them enough time to exercise sufficient oversight over the affairs of each corporation they serve?58 Impact on the D&O Liability Insurance marketplace The increased frequency and severity of claims involving the D&O underwriting marketplace—as well as the regulatory response to recent corporate scandals—is resulting in: • a contraction of the direct and reinsurance underwriting market and a reduced availability or unavailability of coverage, particularly for companies in high-risk industries such as technology or telecommunications; • Could directors have had a good faith belief that they devoted enough board and/or committee time to oversight in light of the size and scope of the corporation’s activities and—with 20-20 hindsight—what went wrong? • reduced policy limits; • increased deductibles, self-insured retentions, and other provisions requiring the insured to assume a participation in the risk; • Could directors have had a good faith belief that an audit committee of a multi-billion dollar multi-national corporation that meets for an hour or two quarterly (and possibly with some members participating by phone) devoted enough time and attention to oversight? • increased premiums; • revisions of policy terms; • the addition of specific exclusions, such as exclusions for restatements, and exclusions arising from bankruptcy or insolvency; and • a general tightening of the application process— whether for new or renewal business—with increased underwriting and documentation requirements, a longer time for the underwriting review process, and the need for senior executives and directors of the applicant company to be involved in the process. 57 See Chief Justice Veasey’s full remarks in “What’s Wrong With Executive 58 Weil, Gotshal & Manges LLP Client Memorandum, “Director Liability Compensation?” Harvard Business Review, Volume 81, Number 1 (January 2003), pp. 75. Warnings from Delaware,” January 10, 2003, pp. 2-3. 60 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board The new liability climate will also continue to impact the D&O Liability Insurance marketplace. Companies may fall under greater pressure to settle lawsuits quickly rather than face the larger expense—and larger potential damage awards—of having the case decided, damage to the company’s and executives’ reputation, and for the fear of producing additional evidence that could damage defendants in any parallel proceedings. In addition, defense costs may increase given the number of forums in which companies may face litigation and the number of lawyers required for the defense of both civil and criminal cases. These factors will continue to exert upward pressure on premium costs as long as companies continue to face legal challenges. Process suggestions The first step in the review process must be for individual corporations, through their risk management structure, to identify the areas of risk that involve potential personal D&O liability and then to consider how such liability can be minimized. For most public corporations this second step will include: • confirming that the organization has implemented whatever limitation of liability provisions are available under state law, through charter or by-law; According to the Tillinghast-Towers Perrin surveys and other studies, D&O Liability Insurance is purchased by a high percentage of corporations of all sizes, characteristics and industry categories. However, especially in the current unsettled market conditions, the insurance must be constantly reviewed and considered as part of an overall risk management program for the corporation and its management. Commentaries from the Conference Board Round-tables also indicate a continued need for better understand- ing of this specialized insurance product by its purchasers. A particularly timely and important area for consideration is the impact recent legislative and regulatory developments such as the Sarbanes-Oxley Act and proposed NYSE listing requirements can have on D&O policy provisions and application requirements, so review of this area with corporate counsel is critical. Board and audit committees should also consider having D&O policies reviewed by independent legal experts knowledgeable about this type of coverage. Finally, it is essential to review in advance how the insurance will operate in the event of a claim to get a feel for the respective parties that will be involved and for the various types of scenarios that may play out. Even in these difficult conditions, the state of the market is such that opportunities do exist for negotiation of coverage proposals with secure underwriting facilities. The challenge is for applicant corporations to differentiate themselves according to quality of risk, including implementation of new governance guidelines. Best practices require that the corporation carefully identify its particular needs for a D&O insurance program, including its tolerance for assumption of risk, and also the relationship to other areas of corporate coverage. Other specific areas of consideration should include: • confirming that the organization has provided the broadest provisions for mandatory or permissible indemnification of directors and officers under state law; and • reviewing the use of directors and officers liability insurance as a protection for corporate assets in the event of indemnification payments and, most importantly, for protection of the assets of individual directors and officers in cases where corporate indemnification is not permissible or otherwise unavailable. • appropriate policy limits; • what individuals and entities should be covered; • whether coverage should extend to the direct liability of the corporate entity itself; • whether the D&O contract should include related areas of risk such as Employment Practices Liability, or whether separate insurance programs are preferable; and • whether separate and independent limits of coverage should be provided for the directors and/or officers. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 61 This process should involve coordination of information and planning among the risk management, financial, legal, and corporate governance elements of the corporation, and the use of outside resources including insurance brokerage and underwriting representatives who should be able to provide information on market conditions and peer group data relevant to the individual corporation. One especially important area for boards to consider is the quality of disclosures made to the insurance underwriters when applying for coverage. As with disclosures made to the investing public, disclosures made to underwriters should be full, timely, and accurate, since the provision of inaccurate or misleading information to the underwriter could result in denial of coverage, regardless of the intent on the part of directors or officers. Especially important are financial disclosures, which are used by the underwriter to evaluate the financial risk profile of the company, and disclosures of other relevant information that may give rise to a future claim. Directors and officers should also review their D&O policies to determine whether the policy includes a severability clause that will protect them from a denialof-coverage claim based on inaccurate or misleading information provided by the company. Similarly, directors and officers should review the policies to ensure that if coverage is denied based on the actions of one director or certain directors, the insurance will continue to provide coverage for the other innocent directors. Corporate governance-related process suggestions Corporate governance questions are increasingly being entered into the review process. In addition to provision of the company’s financial statements, the application may include the minutes of board and audit committee meetings, information about the company’s executive compensation policies, to what extent the company uses its external auditors to perform non-audit services, and the like. In general, the more engaged the board, the less potential liability the company will face and the fewer difficulties the company will have with its D&O policy. Chief Justice Veasey’s comments in the January 2003 issue of the Harvard Business Review underscore this point. He remarked: “I would urge boards of directors to demonstrate their independence, hold executive sessions, and follow governance procedures sincerely and effectively, not only as a guard against the intrusion of the federal govenment but as a guard against anything that might happen to them in court from a properly presented complaint.” Furthermore, “directors who are supposed to be independent should have the guts to be a pain the neck and act independently.”59 59 See Chief Justice Veasey’s full remarks in “What’s Wrong With Executive Compensation?” Harvard Business Review, Volume 81, Number 1 (January 2003), pp. 75-76. 62 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Ethics Oversight As ethical conduct is vital to a corporation’s sustainability and long-term success, boards should undertake greater responsibility for overseeing ethical conduct throughout the corporation, including oversight, development, review and monitoring of the company’s code of business conduct and ethics, ensuring compliance with the code and establishing appropriate “whistleblowing” procedures to encourage employees to report misconduct without fear of reprisal. Good ethics practices originate at the top and flow down through an organization. Increasingly, boards have an affirmative requirement to ensure a strong ethics framework is in place. A growing body of evidence suggests that ethical conduct, including adherence to applicable legal and regulatory standards, contributes to corporate sustainability and to long-term sustainable success in several ways, including enhancing organizational effectiveness (e.g., through heightened trust and cooperation, enhanced creativity, and improved efficiency), reducing the risk of damaging misconduct, and strengthening the corporation’s reputation among its core constituencies.60 Code of conduct The board should undertake responsibil- ethics for such officers. In addition, the NYSE and NASDAQ proposals would require listed companies to adopt and disclose a code of conduct. The NYSE and NASDAQ proposals also set forth minimum requirements61 that must be included in such code and require prompt approval62 and disclosure of any waivers to such code for directors and executive officers. Besides developing a code of conduct, the board and the CEO have the responsibility to ensure that all employees understand and abide by the corporation’s ethical principles and rules of conduct. These goals should be reinforced as an important and explicit part of each director’s and each employee’s annual review. Code implementation and compliance monitoring As ity for overseeing the development, review and monitoring of the company’s code of business conduct and ethics. The code of conduct can focus the board and management on areas of ethical risk, provide guidance to personnel to help them recognize and deal with ethical issues, provide mechanisms to report unethical conduct, and help to foster a culture of honesty and accountability. However, the board should realize that the code of conduct cannot replace the thoughtful behavior of an ethical director, officer or employee. A code of conduct may set the parameters but directors and management set the tone. The Sarbanes-Oxley Act and the proposed NYSE and NASDAQ rules recognize the importance of ethics to a company. The Act contains provisions requiring companies to disclose whether they have adopted a code of ethics for senior financial officers (and if not, why not) and whether there have been any waivers of the code of with the development of the code of conduct, the board should become involved in the development of the company’s policies and practices for implementing ethical behaviors and for determining that appropriate behaviors are understood and followed. “Tone at the top” is critical to appropriate behavior throughout the corporation, and, therefore, ethical standards should be among the core qualifications for CEO and other senior management. 61 The NYSE proposals state companies should, at a minimum, address the following topics in the code charter: conflicts of interest; corporate opportunities; confidentiality; fair dealing; protection and proper use of company assets; compliance with laws, rules and regulations (including insider trading laws); and encouraging reporting of illegal/unethical behavior. Under the NASDAQ proposals, codes must address, at a minimum, conflicts of interest and compliance with applicable laws, rules and regulations, with an appropriate compliance mechanism and disclosure of waivers to directors and officers. 62 The NYSE would require waivers of the code for executive officers 60 See Lynn Sharp Paine, Value Shift: Why Companies Must Merge Social and Financial Imperatives to Achieve Superior Performance, (New York: McGraw-Hill Trade, 2002), Chapter 5. or directors be made only by the board or a board committee, while NASDAQ would require waivers be granted by independent directors. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 63 Among the practices which boards should consider for establishing an ethical corporate culture are: • Continued and repeated emphasis by the board and the CEO of the importance of ethical conduct to the corporation and its business. • Ensuring that employees throughout the corporation at all levels understand the code of ethics and its application to the workplace. • Establishing processes that make it safe and easy for employees to report possible violations of the company’s code of conduct. • Development of a culture in which it is socially acceptable to report ethical lapses. • Prompt investigation of complaints and allegations of violations of the code of conduct. • Disciplining violations of the code of conduct promptly. Like any other required business activity, companies should have ethics-related measurements to determine whether ethics initiatives and activities have succeeded or need improvement. These measurements should be designed to measure employees’ understanding of, and compliance with, the company’s ethics code. For example, one common measurement is employee usage of company hotlines/helplines. However, because of the variety of businesses, working situations, geographic differences, and, often, global business activity, each organization must develop its own measures of success in implementing ethics programs designed for its own business and circumstances. To help build and maintain the corporation’s credibility with investors, insurers, and creditors and help emphasize to officers and employees the importance of ethical conduct, the company should consider making the measurements used publicly available. The board must then ensure these kinds of disclosures do not turn into “safe,” boilerplate statements whose value is then diluted. “Whistleblowing” procedures The recent scandals • Including ethical conduct as a criterion in an employee’s annual performance review. Boards may wish to employ the following tools to assist the company in the systematic implementation of ethical conduct: • develop and utilize metrics designed to measure employees’ understanding of, and compliance with, the corporation’s ethical requirements; • consider establishment of an ethics officer or ombudsman position; demonstrate the importance of encouraging employees to report misconduct as soon as they become aware of it without fear of reprisal. However, it is clear that some employees are currently afraid to report misconduct— many are fired after reporting unlawful conduct or may face on-the-job harassment or unfair discipline. Companies must therefore design a system tailored to the company’s particular situation, which allows employees to report suspected wrongdoing without fear of reprisal. Such a system may involve the following reporting mechanisms: • designate a board committee with responsibilities for overseeing ethics issues; and • an internal reporting channel as well as an external channel through an outside consultant accountable directly to the board or a subcommittee of the board; • disclose the practices and procedures that the company has adopted to promote ethical behavior. • anonymous helplines/hotlines; • an ethics ombudsmen; • corporate ethics offices; • a procedure for anonymous email submissions; • reporting channels for misconduct, including channels to the board of directors; and/or • a designated outside director for ethics concerns. 64 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board The Sarbanes-Oxley Act and NASDAQ proposals require the audit committee to establish procedures for the receipt, retention and treatment of complaints received by the issuer regarding accounting, internal accounting controls or auditing matters and confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters. The NYSE proposals specify companies should encourage employees to talk to supervisors, managers or other appropriate personnel when in doubt about the best course of action in a particular situation. Additionally, employees should report violations of laws, rules, regulations or the code of business conduct to appropriate personnel. To encourage employee reporting and participation, the company must ensure that employees know that the company will not allow retaliation for reports made in good faith. Hiring special investigative counsel The recent spate of corporate scandals has raised the question of whether a company’s regular outside counsel is capable of conducting a truly independent investigation of the client’s business dealings. This dilemma is particularly acute when regular outside counsel is called upon to investigate matters related to, or stemming from, substantive work those attorneys have performed for the company. Typically, lawyers and law firms with the assistance of other specialists are in the best position to conduct investigations, and care must be taken that these investigations are conducted thoroughly, vigorously, and objectively. It is important, therefore, that investigative counsel be chosen by and report directly to the board. To assure that special counsel’s interests are not aligned with, or influenced by, management, special counsel should not be one of the corporation’s regular outside counsel or a firm that receives a material amount of revenue from the company. If a significant investigation is needed , the board may wish to designate a committee composed solely of independent directors to select and retain outside counsel to better ensure the necessary investigation will be conducted vigorously and objectively. The Commission on Public Trust’s Recommendations Boards should be responsible for overseeing corporate ethics. A major challenge to corporations and their leaders is to create a “tone at the top” and a corporate culture that promotes ethical conduct on the part of the organization and its employees. The single most important factor in creating such a culture is the quality of corporate leadership, especially the “tone at the top” set by boards, CEOs, and senior management. Leaders must also put in place appropriate management systems and processes to achieve and regularly monitor these results. Ethical conduct should be encouraged and reinforced by including it as an important and explicit part of each employee’s annual review. Corporations should work to support responsible behavior and build environments in which employees are encouraged and feel safe to take the initiative to address misconduct rather than waiting until after the damage is done. Prevention is the best cure for malfeasance. If an independent investigation is reasonably likely to implicate company executives, the board and not management should retain special counsel for this investigation. Investigative counsel should be chosen by, and report directly to, the board and should not be one of the corporation’s regular outside counsel or a firm that receives a material amount of revenue from the company. Source: Commission on Public Trust, Executive Summary: Findings and Recommendations, The Conference Board, 2003, p. 10. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 65 66 Appendix 1 Legislation and Proposed Exchange Standards Comparison Chart Board Independence NYSE Proposals Definition applied consistently throughout the proposals, save for the additional restriction on compensation for audit committee members (see below). A majority of the board must be independent. Controlled companies (more than 50 percent of the voting power held by an individual, group, or another company) are exempt. 5 years for: 3 years for: A majority of the board must be independent. Controlled companies are exempt. Definition applied consistently throughout proposals. NASDAQ Proposals Business Roundtable Principles Listing standards of major securities markets relating to audit committees provide useful guidance in determining whether a director is independent. A “substantial majority” of directors should be independent, in both fact and appearance, as determined by the board. Issue Sarbanes-Oxley Definition of Independence Defined for audit committee purposes (see below). Independent Majority Not addressed. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era “Cooling-Off” Period Not addressed. Not addressed. • former employees; • former affiliates or employees of (present or former) auditors of the company (or of an affiliate); • former employees (company or affiliate); • receipt of payments in excess of $60,000 by director or family member other than for board service; • interlocking compensation committee relationships; • family members who have been employed as executive officers (company or affiliate); The Conference Board • immediate family in the foregoing categories;2 and members1 • interlocking compensation committee relationships; and • receives, or immediate family member receives, direct payments from the company in excess of $100,000.3 • former partners or employees of outside auditor of company. 1 An “immediate family member” includes a person’s spouse, parents, children, siblings, mothers and fathers-in-law, sons and daughters-in-law, brothers and sisters-in-law, and anyone (other than employees) who shares such person’s home. 2 Employment of a family member in a non-officer position does not preclude a board from determining that a director is independent. 3 The presumption of non-independence is rebuttable – a director may be deemed independent if the board, including all the independent directors, determines that the relationship is not material. Any such determination must be specifically explained in the company’s proxy statement. Issue A director cannot be considered independent if the director is an executive officer or employee or if the director’s immediate family member is an executive officer, of another company and: (1) that company accounts for the greater of 2% or $1 million of the listed company’s consolidated gross revenues or (2) the listed company accounts for the greater of 2% or $1 million of the other company’s gross annual revenues A director cannot be considered independent if the company makes payments to an entity where the director is an executive director and payments exceed the greater of $200,000 or 5% of the company’s gross revenues. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Independent directors should be free of any relationship with the corporation or its management that may impair, or appear to impair, the directors’ ability to make independent judgments. Independent director relationships with nonaffiliated not-for-profits and their effect on independence should be assessed by the board or corporate governance committee on a case-by-case basis, taking into account the corporation’s contributions to the organization and nature of the independent director’s relationship. Material Relationships Not addressed. Stock Ownership Stock ownership not a bar to independence finding. Limit placed on stock ownership by audit committee members (see below). Not addressed. A “meaningful portion” of director’s compensation should be in the form of longterm equity. Corporations may wish to consider establishing a requirement for directors to acquire and hold stock in an amount that is “meaningful and appropriate” for each director for as long as the director remains on the board. Executive Sessions Regular convening of non-management directors required. Sessions should: Not addressed. Regular convening of independent directors required. Controlled companies exempted. • be held without management present; • be regularly scheduled; • disclose the presiding director’s name in the annual proxy statement, if one is chosen, or the procedure by which the presiding director is selected; and Independent directors should have the opportunity to meet outside the presence of the CEO and other management directors. • disclose mechanisms for interested parties to make their concerns known to the presiding director or non-management directors as a group. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 67 68 Nominating and Compensation Committees NYSE Proposals Companies must have independent nominating/governance and compensation committees (in addition to audit committees—see below) or independent committees that serve these functions. Controlled companies are exempt. All committee members must be independent. A single non-independent director may serve on the nominating/corporate governance committee (if applicable) if (1) the individual is an officer owning/controlling more than 20% of the voting securities or (2) pursuant to an “exceptional and limited circumstances exception.”4 A single non-independent director may serve on the compensation committee (if applicable), for two years, subject to the same “exceptional circumstances” exception. Audit committees mandated (see below). Nominating/corporate governance and compensation committees not required if nominating/compensation decisions made by majority of independent directors. Controlled companies are exempt. NASDAQ Proposals Business Roundtable Principles All public companies should have committees addressing nominating/corporate governance and compensation issues. Issue Sarbanes-Oxley Establishment of Committees Audit committees mandated (see below). Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Independence Not addressed. Committees addressing nominating/ corporate governance and compensation issues should be comprised solely of independent directors. The Conference Board 4 Available for an individual who is not an officer or current employee or family member of such a person. The exception may only be implemented following a determination by the board that the individual’s service on the committee is in the best interests of the company and shareholders. The company must disclose the use of such an exception in the next annual proxy statement, including the nature of the individual’s relationship to the company and basis for the board’s determination. Issue Both the nominating/corporate governance committee and compensation committees must have a written charter that spells out the committee’s purpose, goals and responsibilities, and annual evaluation. Not addressed. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Committees should have charters or there should be a board resolution establishing the committees. The responsibilities of the nominating/ corporate governance committee include: Charter/Duties Not addressed. • The minimum duties of the nominating/ corporate governance committee should include: • recommending nominees to the board; • recommending directors for appointment to board committees; • identifying individuals qualified to become board members; • monitoring and safeguarding board independence; • selecting, or recommending for selection, director nominees for the next annual meeting; • overseeing and reviewing processes for providing information to the board; • overseeing the evaluation of the board; and • developing and recommending to the board a set of corporate governance principles. The minimum duties for the compensation committee should include: • developing and recommending a set of corporate governance principles; and • overseeing the evaluation of the board and management (separate committee comprised of independent directors may also be formed for this purpose). The responsibilities of the compensation committee include: • discharging the board’s responsibilities • relating to executive compensation; • producing an annual report on executive compensation for inclusion in the company’s annual report; • overseeing the corporation’s overall compensation programs and setting CEO and senior management compensation; • taking a broad look at the company’s overall compensation structure to ensure appropriate incentivization for employees at all levels; and • reviewing and approving CEO compensation and evaluating and setting CEO compensation based on meeting performance goals; and • encouraging a diverse mix of compensation for management and the board. • making recommendations to the board with respect to incentive and equitybased compensation plans. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 69 70 Audit and Audit Committees NYSE Proposals No new requirements. Audit committee members cannot receive compensation other than for board service. Disallowed forms of compensation include: Audit committee members should not receive payment other than for board service. Small Business issuers no longer exempt from audit committee requirements. NASDAQ Proposals Business Roundtable Principles All public companies should have an audit committee. Audit committees should be comprised solely of independent directors. Issue Sarbanes-Oxley Establishment of Committee Prohibits listing of companies that do not have an audit committee. Independence All members of the audit committee must be “independent,” defined by the Act as not receiving fees from the company other than for board service and being otherwise affiliated with the company and subsidiaries. • fees paid directly or indirectly for services as a consultant or a legal or financial advisor and • compensation paid to such a director’s firm for such consulting or advisory services even if the director is not the actual service provider. Audit committee members may not control more than 20% of the company’s voting securities, or such lower number as may be established by the SEC. Not addressed. Limits time non-independent directors can serve on the committee pursuant to the “exceptional and limited circumstances” exception to two years and prohibits these persons form serving as chairman. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Employment Prohibitions Audit committees must set clear hiring policies for current and former employees of the external auditor to safeguard independence and to consider all relationships between the external auditor and the company when deciding whether the audit firm should be reappointed. External audit firm cannot provide audit services to the company if the company’s CEO, CFO, or CAO (Chief Accounting Officer) or controller was previously employed by the auditor or participated in the audit of the company in any capacity during the one year prior to the date of the initiation of the audit. Audit committees should consider whether to adopt policies on the hiring of auditor personnel such as “cooling off” periods. Any policy should be flexible enough to allow for exceptions (only if approved by the audit committee). The Conference Board SEC Rulemaking: Jan. 29, 2003 SEC final rule implements this provision in full. Issue Not addressed. Companies required to consider whether a person has, through education and experience as a public accountant or auditor or a principal financial officer, comptroller, or principal accounting officer of an issuer or from a position involving the performance of similar functions, sufficient financial expertise in the accounting and auditing areas specified in the Sarbanes-Oxley Act. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Audit committee members should meet minimum financial literacy standards, and at least one member should have accounting or financial management expertise, as required by exchange listing standards. Financial Literacy/ Expertise Companies required to disclose whether the audit committee has at least one “financial expert” and, if not, the reasons for the absence. The SEC rule must consider whether the person has, as the result of education and prior experience as a public accountant or auditor, principal financial or accounting officer of an issuer, comptroller of an issuer, or analogous position: • an understanding of generally accepted Requires that all audit committee members be able to read and understand financial statements at the time of their appointment rather than “within a reasonable period of time” thereafter. accounting principles (GAAP); • experience preparing or auditing the Of greater importance than financial expertise is the ability of committee members to understand the corporation’s business and risk profile and apply their business experience and judgment to the issues for which the committee is responsible with an “independent and critical eye.” financial statements of comparable companies; • experience in the application of GAAP principles for estimates, accruals and reserves; • experience with internal accounting con- trols; and • knowledge of audit committees and their functions. SEC Rulemaking: Jan. 28, 2003 SEC final rule introduces term “audit committee financial expert” to clarify the expertise functions are relevant to the audit committee. In addition, the rules: • require issuers to disclose whether the audit committee has or does not have at least one audit committee financial expert (and if not, why not); • require disclosure of the name(s) of the Corporate Governance Best Practices: A Blueprint for the Post-Enron Era audit committee financial expert(s), if applicable; • require disclosure of whether the audit committee financial expert is independent of management; and • define the qualifications of the audit com- The Conference Board mittee financial expert. 71 72 Issue Board must determine that a prospective member’s other audit committee memberships are not an impediment to committee service if the prospective member serves simultaneously on the audit committee of more than three public companies and disclose such determinations in the proxy. Not addressed. Not addressed. Audit committee must have a charter addressing the committee’s purpose and minimum requirements, which should be to assist the board’s oversight of: Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Commitment Not addressed. Charter/Duties Not addressed. Committees should have charters, or there should be a board resolution establishing the committees. The primary functions of the audit committee include: • the integrity of the company’s financial statements; Audit committees should have a written charter that outlines the scope of the committee’s responsibilities (including structure, processes, and membership requirements), including all required duties under the Sarbanes-Oxley Act. • the company’s compliance with legal and regulatory requirements; • understanding the company’s risk profile and overseeing the company’s risk assessment/management practices; • the independent auditor’s qualifications and independence; and • supervising the company’s relationship with its external auditor; • the performance of the company’s internal audit function and independent auditors. Audit committee must also prepare the report that SEC rules require be included in the company’s annual proxy statement. • safeguarding external auditor independence; Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The charter should also specify the audit committee’s responsibility for ensuring the receipt from the external auditor of a formal, written statement delineating all relationships between the auditor and the company and for actively ensuring the audit committee take action to safeguard the independence of the external auditors. The committee must assess annually the need for revisions to the charter. • reviewing and discussing critical accounting policies and judgments with management and the external auditors; The Conference Board • understanding the company’s system of internal controls and reviewing the adequacy of internal controls with the internal and external auditors on a periodic basis; • reviewing the company’s procedures relating to compliance with the law and important corporate policies, including the governance and ethics codes (unless these functions are performed by another committee); • reviewing and discussing the company’s annual financial statements with management and the external auditors; Issue Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles • overseeing the company’s internal audit function; • providing a channel of communication to the board from internal/external auditors and other officers; and • considering policies for hiring auditor personnel. Audit committee has the sole authority to hire and fire the external auditor and approve fees and terms of the audit and non-audit services. Audit committee has the sole authority to hire and fire the external auditor and approve fees and terms of the audit and non-audit services. Audit committee is responsible for supervising the company’s relationship with its external auditors, including recommending the audit firm, evaluating the audit firm’s performance and considering whether to periodically rotate the audit firm or its senior personnel. External Auditor and Audit Services Audit committee is directly responsible for appointment, oversight, and compensation of the external auditor, including the resolution of disagreements between management and the auditor regarding financial reporting, in the conduct of issuing an audit report or related work. The external auditor is also required to report directly to the audit committee. All auditing services must be pre-approved, including underwriting comfort letters or statutory audits required for insurance companies. SEC Rulemaking: Jan. 29, 2003 SEC final rule requires the accounting firm to report, prior to the filing of its audit report with the Commission, to the audit committee: • all critical accounting policies and practices used by the issuer; • all material alternative accounting treatments of financial information within GAAP that have been discussed with management; and Corporate Governance Best Practices: A Blueprint for the Post-Enron Era • other material written communications between the accounting firm and management. The Conference Board 73 74 Issue Audit committee has sole authority to approve terms and fees for non-audit services. Audit committee must pre-approve terms and fees for non-audit services. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Audit committee should develop policies for the provision of non-audit services by the external auditor. When making the determination, the committee should consider the appropriate degree of review/oversight for new/existing services and consider the nature and dollar amount of services provided. Non-Audit Services External audit firm may not simultaneously provide both audit and non-audit services. The prohibited non-audit services include bookkeeping and related services, management and human resources consulting, and appraisal and valuation services.5 All nonaudit services must be approved by the audit committee and disclosed to shareholders. SEC Rulemaking: Jan. 29, 2003 SEC adopts final rules to strengthen auditor independence and improve disclosures to investors about services provided by external audit firms. The rules: • define the nine prohibited types of non- audit services specified in the Act; Corporate Governance Best Practices: A Blueprint for the Post-Enron Era • establish rules that an accountant would not be independent if the audit partner received compensation based on the partner procuring engagements with that client for services other than audit, review, and attest services; and • include a de minimis exception for provi- sion of non-audit services. The Conference Board Rotation of Audit Firm and Partners Rotation of lead audit partner required. Audit committee should further consider whether to set a policy governing rotation of the external audit firm. Companies required to change lead audit partner or second review audit partner every five fiscal years. Not addressed. SEC Rulemaking: Jan. 29, 2003 SEC final rule requires the lead and concurring on the audit engagement team rotate after a five-year “cooling off” period. Other significant audit partners will be subject to a seven year rotation requirement with a twoyear “cooling off” period. Audit committee should decide whether periodic rotation for external auditor or senior audit personnel is necessary based on annual due diligence assessments and should make a recommendation to the board based on its conclusions. 5 Specifically, the prohibited non-audit services include the following: (1) bookkeeping or other services related to the accounting records or financial statements of the audit client; (2) financial information systems design and implementation; (3) appraisal or valuation services, fairness opinions, or contribution-in-kind reports; (4) actuarial services; (5) internal audit outsourcing services; (6) management functions or human resources; (7) broker or dealer, investment advisor, or investment banking services; (8) legal services and expert services unrelated to the audit; and (9) any other service that the board determines, by regulation, impermissible. Issue Audit committee should have access to advice and assistance from outside counsel, accounting, and other advisors without having to obtain board approval. Audit committees should meet separately, periodically, with management, internal auditors (or other personnel responsible for the internal audit function), and external auditors. Not addressed. Audit committees must have authority to consult with and retain legal, accounting, and other experts “in appropriate circumstances.” Board and committee access to outside advisors is an important element of an effective corporate governance system. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Access to External Advisors Audit committee should have access to external counsel and other advisors. Meetings and Private Sessions Not addressed. Audit committee meetings should be held frequently enough to allow the committee to appropriately monitor the annual and quarterly financial reports and should be of sufficient length to permit and encourage active discussions with management and the internal and external auditors. Audit committees should meet with the internal and external auditors without management present at every meeting and communicate with them between meetings as necessary. Internal Audit All listed companies must have an internal audit function. Not addressed. Not addressed. Not addressed. Not addressed. Audit committee should oversee the internal audit function. Not addressed. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Improper Influencing of Audit Unlawful for company officers, directors, or affiliated persons to fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant engaged in auditing the company’s financial statements, for the purpose of rendering such financial statements materially misleading. The Conference Board 75 76 Financial Reporting/Disclosures NYSE Proposals Audit committees must discuss the annual audited financial statements and quarterly financial statements with management and the independent auditor, including the company’s disclosures under “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Not addressed. NASDAQ Proposals Business Roundtable Principles Senior management is responsible for the integrity of the company’s financial statements and for putting in place and supervising the operation of systems that allow the company to produce financial statements that fairly present the company’s financial condition. The board, through the audit committee, should have a broad understanding of the company’s financial statements, including a rationale for use of certain accounting principles, which key judgments and estimates were made and why, and the impacts of such judgments on the company. Issue Sarbanes-Oxley Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Financial Reporting Financial reports required to be prepared in accordance with GAAP under the Securities Exchange Act of 1934 and filed with the SEC should reflect all material correcting adjustments that have been identified by a registered public accounting firm in accordance with GAAP and SEC rules. SEC to issue final rules providing that pro forma financial information included in any periodic or other report filed with the SEC pursuant to the securities laws, or in any public disclosure or press or other release, shall be presented in a manner that: (1) does not contain an untrue statement of a material fact or omit to state a material fact necessary in order to make the pro forma financial information, in light of the circumstances under which it is presented, not misleading and (2) reconciles it with the financial condition and results of operations of the issuer under GAAP. The Conference Board SEC Rulemaking: Nov. 5, 2002 SEC proposed new Regulation G, which would apply whenever a public company discloses or releases material information containing a “non-GAAP financial measure.”6 Regulation G would prohibit material misstatements or omissions that would make the presentation of the material non-GAAP financial measure misleading and would require a quantitative reconciliation of differences of the non-GAAP financial measure presented and the comparable financial measure(s) calculated and presented in accordance with GAAP. SEC also proposed amendments to existing rules to address the use of non-GAAP financial information in filings to the Commission. 6 Defined by the Commission as “a numerical measure of a registrant’s historical or future financial performance, financial position or cash flows that (1) excludes amounts or is subject to adjustments that have the effect of excluding amounts, that are included in the comparable measure calculated and presented in accordance with GAAP in the statement of income, balance sheet or statement of cash flows (or equivalent statements) if the issuer; or (2) includes amounts, or is subject to adjustments that have the effect of including amounts, that are excluded from the comparable measure so calculated and presented. “ Statistical and operating measures are not covered. Issue Not addressed. Requires going concern qualification in an audit opinion be disclosed through issuance of press release. Harmonizes NASDAQ rule on disclosure of material information with SEC Regulation FD so that issuers may use Regulation FD compliant methods (conference calls, press releases, etc.) so long as public is provided adequate notice and is grated access. Not addressed. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles “Real Time” Disclosures Companies must disclose on a “rapid and current basis” additional information concerning material changes in their financial condition or operations, in “plain English.” SEC Rulemaking: Sept. 5, 2002 SEC final rule accelerates filing deadlines for annual, quarterly, and periodic reports for “accelerated filers.”7 The rule shortens the filing deadlines for annual reports from 90 to 60 days and quarterly reports from 45 days to 35 days after the company’s fiscal year end over a three-year phase-in period and accelerates the filing deadline for Form 8-K to two business days (formerly 5–15 days depending on the event) after the required disclosure event occurs. Accelerated filers are also required to disclose their Web site address in the annual report, whether annual, quarterly, and periodic reports are made available free of charge (and if not, why not), and, if not, whether the company will provide electronic or hard copies of the reports free of charge upon request. Not addressed. Not addressed. Not addressed. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era SEC Review of Financial Disclosures SEC to review disclosures made by issuers reporting under Section 13(a) of the Securities Exchange Act of 1934 (including reports filed on Form 10-K), and which have a class of securities listed on a national securities exchange or traded on an automated quotation facility of a national securities association, on a regular and systematic basis for the protection of investors. Such review shall occur no less often than once every three years and include a review of an issuer’s financial statement.8 The Conference Board 7 Defined by the Commission as public companies that have a common equity public float that was $75 million or more as of the last business day of its most recently completed second fiscal quarter, have been subject to the Exchange Act’s reporting requirements for at least 12 calendar months and have previously filed at least one annual report. 8 77 For purposes of scheduling these reviews, the SEC shall consider, among other factors: (1) issuers that have issued material restatements of financial results; (2) issuers that experience significant volatility in their stock price as compared to other issuers; (3) issuers with the largest market capitalization; (4) emerging companies with disparities in price to earning ratios; (5) issuers whose operations significantly affect any material sector of the economy; and (6) any other factors that the Commission may consider relevant. 78 Issue Not addressed. Not addressed. Not addressed. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles CEO and CFO must certify in each annual or quarterly report filed that: CEO/CFO Certification of Financial Statements • the signing officer has reviewed the report; • based on the officer’s knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements not misleading; and • based on such officer’s knowledge, the Corporate Governance Best Practices: A Blueprint for the Post-Enron Era financial statements and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issuer as of, and for, the reporting period(s). SEC Rulemaking: Aug. 29, 2002 SEC final rule requires the principal executive and financial officers to certify the above-listed information in the company’s annual and quarterly reports. The Conference Board Issue Audit committee must discuss annual and quarterly financial statements with management and the internal auditor and must discuss earnings press releases, as well as financial information and earnings guidance provided to analysts and rating agencies. Not addressed. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Audit committees should review and discuss the company’s annual financial statements with management and the external auditors and, based on these discussions, recommend to the board that the financial statements should be approved. Disclosure Controls Not directly addressed. SEC Rulemaking: Aug. 29, 2002 SEC adopted new Exchange Act Rules requiring the principal executive and financial officers to certify the following in the company’s annual and quarterly reports: • that the certifying officers are responsible for establishing and maintaining “disclosure controls and procedures” (a newlydefined term reflecting the concept of controls and procedures related to disclosure embodied in Section 302(a)(4) of the Sarbanes-Oxley Act) for the company; • have designed such disclosure controls and procedures to ensure that material information is made known to them, particularly during the period in which the periodic report is being prepared; • have evaluated the effectiveness of the issuer’s disclosure controls and procedures as of a date within 90 days prior to the filing date of the report; and • have presented in the report their conclu- Corporate Governance Best Practices: A Blueprint for the Post-Enron Era sions about the effectiveness of the disclosure controls and procedures based on the required evaluation as of that date. The Conference Board 79 80 Internal Control/Compliance/Risk Management NYSE Proposals Audit committee must obtain and review a report by the external auditors assessing, among other areas, internal quality control, material issues raised by the most recent peer review or investigations/inquiries made by governmental or professional authorities in the preceding five years (and measures taken to address these issues), along with a review of all relationships between the company and external auditor. Not addressed. NASDAQ Proposals Business Roundtable Principles Companies should have an effective system of internal controls providing “reasonable assurance” that books and records are accurate, that its assets are safeguarded, and that it complies with applicable laws. The internal control system should be periodically reviewed and updated. The audit committee should understand and be familiar with the company’s system of internal controls and should review the adequacy of the system periodically with internal and external auditors. Issue Sarbanes-Oxley Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Internal Controls Requires SEC to prescribe rules requiring each annual report required by Section 13(a) or 15(d) of the Securities Exchange Act of 1934 to contain an internal control report, which: (1) states the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting and (2) contains an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. Each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement. The Conference Board Issue Not addressed. Not addressed. Not addressed. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles CEO/CFO Certification The signing officers (CEO and CFO) must certify they have taken responsibility for: • establishing and maintaining internal con- trols; • designing such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared; • evaluating the effectiveness of the issuer’s internal controls as of a date within 90 days prior to the report; • presenting in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date; • disclosing to the issuer’s auditors and the audit committee of the board of directors (or equivalent function): (1) all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize, and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; and (2) any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls; and Corporate Governance Best Practices: A Blueprint for the Post-Enron Era • indicating in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses. The Conference Board 81 82 Issue Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles SEC Rulemaking: Aug. 29, 2002 SEC adopted new Exchange Act Rules requiring the principal executive and financial officers to certify the above-listed information in the company’s annual and quarterly reports. Audit committee must discuss policies with respect to risk assessment and risk management. Not addressed. Senior management identifies and manages the risks the company undertakes in the conduct of its business and manages the company’s overall risk profile. The audit committee should understand the company’s risk profile and oversee risk assessment and management practices. Risk Assessment and Management The CEO and senior management assess and manage the company’s exposure to risk, but the audit committee must discuss guidelines and policies to govern the process by which this is handled. The audit committee should discuss the company’s major financial risk exposures and the steps management has taken to monitor and control such exposures. Audit committees required to establish procedures for the receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls or auditing matters. Committees required to ensure that complaints are treated confidentially and anonymously. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Not addressed. Employee “Whistleblowing” Procedures The company should proactively promote ethical behavior. The company should encourage employees to talk to supervisors, managers, or other appropriate personnel when in doubt about the best course of action in a particular situation. Additionally, employees should report violations of laws, rules, regulations, or the code of business conduct to appropriate personnel. To encourage employees to report such violations, the company must ensure that employees know that the company will not allow retaliation for reports made in good faith. Audit committees must establish procedures to receive, retain, and treat complaints and handle whistleblower information regarding questionable accounting or auditing matters. Employees should have a means of alerting management and the board to potential misconduct without fear of retribution. The Conference Board Employees of issuers and accounting firms extended “whistleblower protection,” prohibiting the employer from taking certain actions against employees who lawfully disclose private employer information to, among others, parties in a judicial proceeding involving a fraud claim. Whistleblowers are also granted a remedy of special damages and attorney’s fees. Issue Not addressed. Not addressed. Not addressed. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Attorney “Whistleblowing” Procedures Requires the SEC to issue rules setting forth minimum standards of professional conduct for attorneys appearing and practicing before the SEC in any way in the representation of public companies. The rules must: • require an attorney to report to the chief legal officer (CLO) or CEO of the company any evidence of a material violation of securities law or breach of fiduciary duty, or similar violation, by the company or its agents and • require the attorney to report the evidence to the audit commit- tee of the board of directors of the company or to another committee of the board of directors comprised solely of outside directors. if the counsel or officer does not respond appropriately to this evidence. SEC Rulemaking: Jan. 29, 2003 SEC adopts final rules relating to “standards of professional conduct for attorneys appearing and practicing before the Commission in any way in the representation of issuers.” The key rules: • require attorneys to report “evidence of material violations” (deter- mined according to an objective standard) to, initially, the CLO or CEO of the company or the equivalent positions; • require the reporting attorney to report “up the ladder” to the audit committee, another committee, or the full board in the event an appropriate response if the CLO or CEO does not respond appropriately to the evidence; • allow an issuer to establish a “qualified legal compliance commit- tee” (QLCC) as an alternative procedure for reporting evidence of a material violation. The QLCC would consist of at least one member of the audit committee or equivalent committee of independent directors and two or more independent board members, and would have the responsibility, among other things, to recommend that the company implement an appropriate response to evidence of a material violation; Corporate Governance Best Practices: A Blueprint for the Post-Enron Era • set forth specific circumstances under which an attorney does not violate attorney/client privilege, such as disclosure of confidential information to the Commission; and • state that the rules govern in the event of a conflict with state law The Conference Board but will not preempt the ability of a state to impose more rigorous obligations consistent with the rules. 83 84 Conflicts of Interest/Insider Transactions NYSE Proposals Not addressed. Prohibits loans to officers and directors through the adoption of a rule that mirrors provisions of the Sarbanes-Oxley Act. Not addressed. NASDAQ Proposals Business Roundtable Principles Issue Sarbanes-Oxley Loans to Directors and Officers Generally unlawful for companies to extend credit to any director or executive officer, subject to certain exceptions (e.g., consumer credit companies may make home improvement and consumer credit loans and companies may issue credit cards to directors and executive officers) if it is done in the ordinary course of business on the same terms and conditions made to the general public. Personal loans already in existence may continue in effect provided no material modifications to terms or renewal made. As enacted, overrides laws of some states (e.g. Delaware Corporations Law Section 143), which allows companies to extend credit to corporate officers. Not addressed. Audit committee or comparable body must review and approve all related party transactions. Exploring requirement for accelerated disclosure of insider transactions that would harmonize and reinforce Sarbanes-Oxley provisions and SEC rules. Not addressed. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Related Party Transactions The Conference Board Amends Section 16(a) of the Securities Exchange Act of 1934 to require enhanced disclosures by management and principal stockholders. Directors, officers, and 10% owners must report designated transactions by the end of the second business day following the day on which the transaction was executed. Designated disclosures must be filed electronically and posted in near real time on the SEC’s and company’s own Web site. Issue Not addressed. Not addressed. Not addressed. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Off-Balance Sheet Transactions Requires SEC to issue final rules providing that each annual and quarterly financial report shall disclose all material off-balance sheet transactions, arrangements, obligations (including contingent obligations), and other relationships of the issuer with unconsolidated entities or other persons that may have a material current or future effect on financial condition, changes in financial condition, results of operations, liquidity, capital expenditures, capital resources, or significant components of revenues or expenses. SEC Rulemaking: Jan. 27, 2003 SEC final rule to implement relevant provisions of the Act: • specifically addresses the types of disclo- sure that companies must provide in the MD&A section of the company’s disclosure documents – arrangements that are likely to have a current or future effect on the company’s financial condition, changes in financial condition, revenues or expenses, results of operations, liquidity, capital expenditures, or capital resources that is material to investors; • requires a company to include these dis- closures in a separately-captioned subsection of the MD&A section in its disclosure documents; and • requires registrants to provide an overview Corporate Governance Best Practices: A Blueprint for the Post-Enron Era of its overall contractual obligations in a tabular format and an overview of its contingent liabilities in either a textual or tabular format. The Conference Board 85 86 Code of Ethics NYSE Proposals Listed companies must adopt and disclose a code of business conduct and ethics for directors, officers, and employees and the code must be made publicly available. Companies must have a code of conduct, and the code must be publicly available. NASDAQ Proposals Business Roundtable Principles Companies should have a code of conduct with effective reporting and enforcement mechanisms. Issue Sarbanes-Oxley Code of Ethics SEC to issue rules requiring each company, together with periodic reports required pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, to disclose whether or not (and if not, why not) the company has adopted a code of ethics9 for senior financial officers, applicable to its principal financial officer and comptroller or principal accounting officer, or persons performing similar functions. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era SEC Rulemaking: Jan. 28, 2003 Final SEC rule requires a company to disclose whether it has a code of ethics10 that applies to its principal executive officer as well as its senior financial officers, and if not, why it has not done so. The final rules give companies the option to choose between alternative methods of disclosing the ethics code: • filing a copy of its code that applies to the principal executive, financial and accounting officer or controller as an exhibit to the annual report; • posting the code on its website and The Conference Board disclosing the Internet address in the appropriate SEC filings; or • disclosing in the appropriate SEC filings that it will provide a copy of the code without charge upon request. 9 Defined as standards as are reasonably necessary to promote: (1) honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships; (2) full, fair, accurate, timely, and understandable disclosure in the periodic reports required to be filed by the issuer; and (3) compliance with applicable governmental rules and regulations. 10 Defined as “written standards that are reasonably designed to deter wrongdoing and to promote: (1) honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships; (2) full, fair, accurate, timely, and understandable disclosure in documents that a company files with, or submits to, the Commission and in other public communications made by the registrant; (3) compliance with applicable governmental rules and regulations; (4) the prompt internal reporting of code violations to an appropriate person or persons identified in the code; and (5) accountability for adherence to the code.” Points 4 and 5 supplement the requirements of the Sarbanes-Oxley Act. Issue Listed companies must publish codes of business conduct and ethics and key committee charters. Each company may determine its own policies, but all listed companies should address the most important topics, including: Code should address, at a minimum, conflicts of interest and compliance with applicable laws, rules, and regulations, with an appropriate compliance mechanism and disclosure of any waivers to executive officers and directors. Not addressed. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Code Content Not addressed. • conflicts of interest; • corporate opportunities; • confidentiality; • fair dealing; • protection/proper use of company assets; • compliance with laws/rules/regulations (including insider trading); and • encouraging reporting of illegal/ unethical behavior. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Code Waivers Code of ethics must require that any waiver for executive officers or directors be made only by the board or a board committee and be promptly disclosed to shareholders. SEC to amend its rules to require the immediate disclosure, by means of the filing of a form, dissemination via the Internet, or by other electronic means, of any change in or waiver of the code of ethics of the company. Waivers can only be granted by independent directors and must be publicly disclosed. Not addressed. The Conference Board 87 88 Compensation Review and Approval NYSE Proposals Compensation committee’s responsibilities include review and approval of corporate goals and objectives relevant to CEO compensation, evaluating the CEO’s performance in light of those goals and objectives, setting the CEO’s compensation level based on this evaluation, and making recommendations to the board with respect to incentive-compensation plans and equity-based plans. Independent director approval of other executive officer compensation required (either by independent committee or by majority of independent directors in a meeting at which CEO may be present). Independent approval of CEO compensation required (either by independent compensation committee or by majority of independent directors meeting in executive session). NASDAQ Proposals Business Roundtable Principles Equity compensation should be carefully designed to avoid unintended incentives, such as an undue emphasis on short-term market value changes. Generally, an appropriate compensation package for management includes a carefully designed mix of long term and short term incentives. Management compensation packages should be designed to create a commensurate level of risk and opportunity based on business and individual performance and should link the interests of management, individually and collectively, to the long-term interests of shareholders. Compensation committees should determine whether the benefits provided to senior management, including post-employment benefits, are proportional to management contributions. Shareholders must be given the opportunity to vote on all stock-option plans. Excluded are employment-inducement options, option plans acquired through mergers, and tax-qualified plans such as ESOPs and 401(k)s. Brokers may vote customer shares on proposals for such plans only pursuant to customer instructions. Shareholder approval required for adoption of all stock option plans and for any material modification of plans. Excluded are inducement grants to new employees if such grants are approved by an independent compensation committee or majority of independent directors and certain tax-qualified plans (e.g., ESOPs) and for assumption of pre-existing grants in connection with acquisition or merger. Existing option plans unaffected unless material modifications are made. Not addressed. Issue Sarbanes-Oxley Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Executive Compensation Not addressed. Shareholder Approval of Stock Plans Not addressed. The Conference Board Enforcement/Penalties NYSE Proposals Not addressed. Not addressed. Not addressed. NASDAQ Proposals Business Roundtable Principles Issue Sarbanes-Oxley Criminal Penalties Creates new crimes and penalties in the following areas: • CEO or CFO knowingly filing a false certifi- cation is open to a fine of up to $1 million and imprisonment of up to 10 years. The fines and imprisonment increase to $5 million and 20 years for knowing violation is made “willfully.” • Destruction, alteration, or falsification of records with intent to impede or influence a federal investigation or bankruptcy proceeding punishable by fine and imprisonment of up to 20 years. • Knowingly executing a scheme to defraud investors punishable by imprisonment of up to 25 years. • Increases maximum fines and prison sen- tences for other existing securities-related crimes. The NYSE may issue a public reprimand letter for violation of a corporate governance standard, in addition to the existing penalty of delisting. CEO must certify each year that he or she is not aware of any violation of NYSE listing standards. Not addressed. Clarifies that a material misrepresentation or omission by an issuer may result in delisting. Clarifies the authority of NASDAQ to deny relisting based upon a corporate governance violation that occurred while that issuer’s appeal of the delisting was pending. Not addressed. Not addressed. Not addressed. Corporate Governance Violations Not directly addressed. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Service Bans Lowers the threshold for barring an individual from service as an officer or director of a company to if any “unfitness” has been found and permits the SEC to issue the bar order if, after notice and hearing, it has found that the individual has violated (or is about to violate) the general anti-fraud provision. The Conference Board 89 90 Issue Not addressed. Not addressed. Not addressed. Sarbanes-Oxley NYSE Proposals NASDAQ Proposals Business Roundtable Principles Reinstatement Penalty CEO and CFO must forfeit bonus or other incentives received and any profits realized from sale of securities if the issuer is required to restate due to noncompliance with financial reporting requirements. Not addressed. Not addressed. Not addressed. Civil Liability Amends bankruptcy code to prevent use of bankruptcy to avoid liability incurred due to federal or state securities law violations. Extends statue of limitations for private securities actions involving a claim of “fraud, deceit, manipulation, or contrivance” from one to two years after the discovery of the facts and increases the absolute ban on litigation from three to five years after the occurrence of the alleged fraud. Not addressed. Not addressed. Not addressed. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era SEC Rulemaking SEC given authority to promulgate rules and regulations in furtherance of the Act. The Conference Board Other Provisions NYSE Proposals All listed companies urged to establish an orientation program for new board members. In conjunction with leading authorities, the NYSE will develop a Directors Institute. Not addressed. Clarifies that NASDAQ will presume that a change of control occurs when an investor acquires 20% of an issuer’s outstanding voting power, unless a larger ownership and/or voting position exists after the transaction by: (1) a shareholder or an identified group of shareholders that is unaffiliated with the investor; or (2) the issuer’s officers and directors that are unaffiliated with the investor. Not addressed. Mandates continuing education for all directors, pursuant to rules to be developed. NASDAQ Proposals Business Roundtable Principles Companies should provide educational opportunities to directors on an ongoing basis to enable them to better perform their duties and to recognize and address issues that arise. Issue Sarbanes-Oxley Director Training Not addressed. Change of Control Provisions Not addressed. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 91 92 Non-U.S. Companies NYSE Proposals Applies to all NYSE-listed non-U.S. companies. Requires underlying shares of Small-Cap issuers with listed ADRs satisfy the same publicly held shares and shareholder requirements that are applicable to domestic issuers. Companies must satisfy the SmallCap initial and continued listing requirements for bid price and market value of publicly held shares that are currently applicable to domestic issuers, subject to an 18-month phase-in period. Applies to all NASDAQ-listed non-U.S. companies. Not addressed. NASDAQ Proposals Business Roundtable Principles Issue Sarbanes-Oxley Applicability Applies to all companies that have registered equity or debt securities with the SEC under the Securities Exchange Act of 1934, as amended. Subject to any exemptions the SEC might grant, the Act applies to companies (organized within or outside the U.S.) who have registered a public offering of their securities in the U.S. (and therefore incurred a reporting obligation under Section 15(d) of the Securities Exchange Act, regardless of whether the securities thus offered were ever sold or trade in the U.S. public markets), although in such cases compliance may be required only during the period when they have such reporting obligation, which will continue, at the least, until the fiscal year of the company following the fiscal year in which it registered its offering of securities. Companies must disclose any significant ways in which their corporate governance practices differ from those followed by domestic companies under NYSE listing standards. Summary of differences can be a brief statement and must be made publicly available on the company’s Web site and/or annual report. Materials provided must be in English. Companies required to disclose exemptions to NASDAQ’s corporate governance requirements, permissible under the SarbanesOxley Act or SEC rules, at the time the exemption is received and on an annual basis thereafter along with any alternative measures taken in lieu of the waved requirements. Requires companies file with the SEC and NASDAQ all interim reports filed in their home country and, at a minimum, a semiannual report, including a statement of operations and interim balance sheet prepared in accordance with the home country’s requirements. Materials provided must be in English. Not addressed. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Disclosure / Transparency Not addressed. The Conference Board Sources: Heidrick & Struggles; Institute of Internal Auditors Research Foundation; Weil, Gotshal & Manges, LLP Implementation Timeline Important Time Periods Unless otherwise specified, all periods begin as of final SEC approval of an exchanges’ proposal 4 Months (NASDAQ) April 2003 (SOA) All SOA provisions listed above 24 Months (NYSE) Majority Independence Only independent directors on the mandatory committees All changes regarding board composition at the first annual meeting (following the 4 months) Final SEC approval of Exchange Proposal Regular meetings of only nonmanagement/independent directors Establish mandatory committees, with charters Increase power of audit committee Establish internal audit function Adopt corporate governance guidelines and code of business conduct and ethics 6 Months (NYSE) 12 Months (NYSE) At least one independent director per mandatory committee Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board Source: Heidrick & Struggles 93 Appendix 2 Hypothetical, Inc., Corporate Governance Principles Corporate Governance Topics 1 Separation of Chairman and CEO1 Board policy and the Company’s by-laws allow flexibility to separate or consolidate these positions as the Board, from time to time, may determine to be best for governance and effective Board and Company functioning. Appointment of Lead Director There is no position of “lead director,” and the appropriate committee chairman leads the discussion in executive sessions when/if the Chairman of the Board is not present. Any director is free to contact the appropriate committee chairman to request a special committee meeting or to contact the Chairman of the Board for a discussion of an issue at a full Board or executive session. Number/Structure of Committees Committees are formed, filled, modified, and terminated as part of the organizational and governance work of the Governance and Nominating Committee and the full Board. In any event, the Company would have at a minimum three committees, namely, a Governance and Nominating Committee, an Audit Committee, and a Compensation Committee. Assignment and Rotation of Committee Members Board committee assignments and committee chairmanships are reviewed annually and rotated periodically, usually every three to five years, consistent with the directors’ interests, areas of expertise, and regulatory requirements. 6 2 Executive Sessions The Board meets in executive session (the outside directors and the Chairman and Chief Executive Officer) at every Board meeting. The Chairman and Chief Executive Officer leave these sessions during the annual review of his/her performance or when the independent directors feel it is appropriate; however, the independent directors will meet at least twice each year. Director Compensation and Review The Governance and Nominating Committee reviews director compensation annually. The Committee then makes recommendations to the Board for action. Stock-based compensation is an important component of the director compensation program. Size of Board The Certificate of Incorporation authorizes a Board of seven to 17, allowing flexibility for sizing the Board as structure, organization, activity, and availability dictate. The Governance and Nominating Committee will review and recommend changes as needed. Independence of the Board The Board is committed to having a substantial majority of independent, non-employee directors. Periodic review is done to assure compliance with this commitment and with SEC, IRS, and NYSE requirements as to filling committee assignments with independent, non-employee directors. Board Membership Criteria and Selection The Governance and Nominating Committee is responsible for developing criteria for Board membership and guidelines for Board tenure (attached). Using these, when director nominees are needed, the Committee develops and reviews candidates, makes recommendations to the Board, and oversees the process of selection and nomination. 7 3 8 9 4 10 5 Frequency, Length, and Agenda for Meetings The Board meeting schedule and agenda are developed with direct input from directors. Meeting lengths vary as business dictates. Teleconference meetings may be used between regularly scheduled meetings to assure continuity of Board information flow and actions. Annually, each committee reviews its performance. Then, in consultation with the committee executive, it agrees upon a meeting schedule (including frequency and length of meetings) and tentative agenda for the upcoming year. Agenda items are added and deleted over the coming year at the members’ requests and as business developments warrant. 1 For a discussion on separating the positions of Chairman and CEO, see pp 21-22. 94 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 11 Board Evaluation The Governance and Nominating Committee establishes criteria for evaluation of Board performance and effectiveness (attached). Annually, the Board and each of its committees conduct an evaluation of their performance. Retirement Age for Directors Board policy requires outside directors to retire no later than the annual meeting following their 70th birthday. Employee directors, including the CEO, are required to retire from the Board upon retirement as an employee, unless the Board determines otherwise in unusual circumstances. Change in Director’s Position Individual directors who change the primary job responsibility they had when last elected to the Board tender their resignations so that the Governance and Nominating Committee and the Board can determine, on a case-by-case basis, whether their Board membership would continue to be free from conflict of interest and is otherwise appropriate. Term Limits The Board does not impose term limits, as this could unnecessarily interfere with the continuity, diversity, developed experience and knowledge, and the long-term outlook the Board must have. Stock Ownership Guidelines for Directors No specific minimum shareholding is required, except a director must own some shares within sixty days of joining the Board. However, directors receive a minimum of one-half their annual retainer in stock or stock-equivalent units and director deferral programs include stock or stock-equivalent units as investment options. 16 12 Formal Evaluation of the CEO The independent, non-employee directors, under the leadership of the chairman of the Governance and Nominating Committee, conduct an evaluation of the CEO annually and may do so on a less formal basis from time to time during the year. The evaluation is timed to coincide with the Board’s action on the performance pay program and is tied to the Company’s annual performance and the CEO’s delineated personal objectives. The CEO and Outside Boards The primary obligation of the CEO is to the Corporation, but it is recognized that service by the CEO on outside boards can be beneficial. Prior to accepting an outside director position, the CEO is expected to discuss with the Board his/her desire to hold a position on another board. The Governance and Nominating Committee will be responsible for determining the consensus of the Board on this matter. The number of outside boards upon which the CEO may serve will be determined on a situational basis. 17 13 14 18 Board Interaction with Investors, the Press, Customers, and Others In general, management speaks for the Company. Inquiries from the press, shareholders, or others are referred to management for response. Management regularly presents reports to security analyst groups, and provides key analyst reports to the Board. 15 19 Confidential Shareholder Voting All voted proxies are handled to protect employee and individual shareholder privacy. No vote is disclosed except: as necessary to meet any legal requirements, in limited circumstances such as a proxy contest, to permit certification of the vote, and to respond to stockholders who send written comments with their proxy cards. Source: Hypothetical Case Study presented by Alfred C. DeCrane, Jr., former Chairman and CEO, Texaco Inc., at The Conference Board’s Directors’ Institute, New York, May 7–9, 2003. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 95 96 Appendix 3 Independence Comparisons Criteria for Director Independence NASDAQ Not discussed2 Not discussed Not discussed Not discussed Not discussed ALI* AFL-CIO CalPERS** CII*** NACD**** Not discussed Criteria NYSE1 Independence affirmatively determined by BOD? 3-year cooling off period from end of employment. A former employee is never considered independent. Not discussed Not discussed 3-year cooling off period for partners or employees of outside auditor who worked on a company’s audit engagement. 3-year cooling off period from end of compensation committee interlock. A director who is an officer of a firm on which the company’s chairman or CEO is also a board member is not considered independent. A director who is related to an executive or director of the company is not considered independent. Not discussed Not discussed 2-year cooling off period from end of employment. 5-year cooling off period from end of employment in an executive capacity. Yes Employee 5-year cooling off period from end of employment. 5-year cooling off period from end of employment in an executive capacity. Not discussed A former employee is never considered independent. Not discussed Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Affiliated with present or former auditor of company 5-year cooling off period from end of affiliation or end of auditing relationship. Interlocking directorship 5-year cooling off period from end of compensation committee interlock. A director who is employed by a company at which the executive officer of the company is also a board member is not considered independent. A director who is a member of the immediate family of any person in these seven categories is not considered independent. 5-year cooling off period from end of interlocking directorship. Not discussed The Conference Board Family Member A director who is a member of the immediate family of an individual who is, or has been in any of the past three years, employed by the corporation or any of it affiliates as an executive officer. Directors with immediate family members in the above categories are subject to the same 5-year cooling off period.3 2-year cooling off period if immediate family member was senior executive. 5-year cooling off period if relative was an executive of the company. A director who is a relative of any employee of the company is not considered independent. *American Law Insititue **California Public Employees’ Retirement System ***Council of International Investors ****National Association of Corporate Directors 1 The Sarbanes-Oxley Act provides that in order for an audit committee member to be considered independent, such member may not accept any consulting, advisory or other compensation from the issuer. 2 Both the NYSE and NASDAQ criteria listed in this appendix refer to the proposed standards and not existing standards. 3 Employment of a family member in a non-officer position does not preclude a board from determining that an officer is independent. Criteria 3-year cooling off period for a director who receives, or whose family member receives, payments, other than directors’ fees, in excess of $60K. A director who receives commercial payments during either of the previous two years in excess of $200K is not considered independent. A director that has a personal services contract with the company is not considered independent. A director that has a personal services contract with the company is not considered independent. A director that has a personal services contract with the company is not considered independent. NYSE1 NASDAQ ALI AFL-CIO CalPERS CII NACD Fees other than directors’ fees 5-year cooling off period for a director who receives, or whose immediate family member receives, direct payments from the company in excess of $100,000.4 A director who receives any compensation from the company other than directors’ fees is not considered independent. Not independent for purposes of the audit committee A director is not independent if he or she is a director, controlling shareholder or executive of, any organization to which the company made, or from which the company received, payments that exceed the greater of 5% of the organization or company’s revenues for that year, or $200K, in the current or previous three years. A director who is a principal manager of an organization that receives payments that exceed the greater of 5% of company’s revenues or $200K, during either of the two preceding years is not considered independent. A director who is a significant customer or supplier is not considered independent. A director who is a significant customer or supplier is not considered independent. A director who is, or was in the past 5 years, a significant customer or supplier is not considered independent. Not discussed Affiliated with customers or suppliers of the company A director is not independent if the director is an executive officer or employee, or if the director’s immediate family member is an executive officer, of another company and: (1) that company accounts for the greater of 2% or $1 million of the listed company’s consolidated gross revenues; or (2) the listed company accounts for the greater of 2% or $1 million of the other company’s gross annual revenues. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 4 The presumption of non-independence is rebuttable—a director may be deemed independent if the board, including all the independent directors, determines that the relationship is not material. Any such determination must be specifically explained in the company’s proxy statement. 5 97 NASDAQ defines an “independent director” for purposes of serving on the audit committee as a person other than an officer or employee of the company or its subsidiaries or any other individual having a relationship which, in the opinion of the company’s board of directors, would interfere with the exercise of independent judgment in carrying out the responsibilities of a director. 98 Criteria A director who receives, or whose family member receives, payments, other than directors’ fees, in excess of $60K is not independent. Audit committee members are prohibited from receiving any compensation except for board or committee service. A director is not independent if the company makes payments to a charity where the director is an executive officer and such payments exceed the greater of $200K or 5% of either the company’s or the charity’s gross revenues. Not discussed A director that is employed by a foundation or university that receives grants or endowments from the company is not considered independent. A director that is affiliated with a notfor-profit entity that receives significant contributions from the company is not considered independent. A director affiliated with a foundation, university, or other non-profit receiving significant grants or endowments from the company is not considered independent. A director is not considered independent if affiliated with a law firm that is the primary legal adviser or investment banking firm, either of which was retained by the company within the preceding two years. A director who is employed by a firm that is one of the company’s paid advisers or consultants is not considered independent. A director who is affiliated with a company that is one of the company’s paid advisers or consultants is not considered independent. A director who is, or in the past 5 years has been, affiliated with a firm that is one of the company’s paid advisers or consultants is not considered independent. NYSE1 NASDAQ ALI AFL-CIO CalPERS CII NACD Affiliated with Paid Advisers5 Would likely disqualify a director from serving on the audit committee. A director that is affiliated with any organization providing major services to the company is not considered independent. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era Affiliated with nonprofit organizations receiving money from company Not discussed, but practitioners are advising that all relationships, no matter how seemingly immaterial, should be disclosed to a board of directors in order to allow for a comprehensive determination as to a director’s independence. Not discussed The Conference Board Source: Simpson Thacher & Bartlett Appendix 4 Sample Corporate Governance Committee Charter (General Electric Corporation) Nominating and Corporate Governance Committee Charter The nominating and corporate governance committee of the board of directors of General Electric Company shall consist of a minimum of four directors. These should include the chairs of the audit and the management development and compensation committees. Members of the committee shall be appointed and may be removed by the board of directors. All members of the committee shall be independent directors, and shall satisfy the proposed New York Stock Exchange standard for independence for members of the audit committee. The purpose of the committee shall be to assist the board in identifying qualified individuals to become board members, in determining the composition of the board of directors and its committees, in monitoring a process to assess board effectiveness, and in developing and implementing the company’s corporate governance guidelines. In furtherance of this purpose, the committee shall have the following authority and responsibilities: 1 To lead the search for individuals qualified to become members of the board of directors and to select director nominees to be presented for shareowner approval at the annual meeting. The committee shall select individuals as director nominees who shall have the highest personal and professional integrity, who shall have demonstrated exceptional ability and judgment and who shall be most effective, in conjunction with the other nominees to the board, in collectively serving the long-term interests of the shareowners. To review the board of directors’ committee structure and to recommend to the board for its approval directors to serve as members of each committee. The committee shall review and recommend committee slates annually and shall recommend additional committee members to fill vacancies as needed. To develop and recommend to the board of directors for its approval a set of corporate governance guidelines. The committee shall review the guidelines on an annual basis, or more frequently if appropriate, and recommend changes as necessary. To develop and recommend to the board of directors for its approval an annual self-evaluation process of the board and its committees. The committee shall oversee the annual self-evaluations. To review on an annual basis director compensation and benefits. The committee shall have the authority to delegate any of its responsibilities to subcommittees as the committee may deem appropriate in its sole discretion. The committee shall have the authority to retain any search firm engaged to assist in identifying director candidates, and to retain outside counsel and any other advisors as the committee may deem appropriate in its sole discretion. The committee shall have sole authority to approve related fees and retention terms. The committee shall report its actions and recommendations to the board after each committee meeting and shall conduct and present to the board an annual performance evaluation of the committee. The committee shall review at least annually the adequacy of this charter and recommend any proposed changes to the board for approval. 2 3 4 5 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 99 Appendix 5 Sample Director Self-Assessment Worksheet* In evaluating your individual performance as a Director, and the performance of the Board as a whole, you and the Board should examine factors such as independence, experience, judgment and knowledge, time commitment, and teamwork. In assessing your performance as a member of the XXXX Board of Directors, and in preparation for discussions with the Chairman of the Board, please describe yourself in response to the questions below. For each of the questions covering your activities and performance, please identify areas that you consider to be your relative strengths and weaknesses. Add additional sheets if the comments space is insufficient. Please return the completed form to YYYY prior to the (date) Board meeting. Director’s name: _________________________________________________________ 1. DIRECTOR INDEPENDENCE, OBJECTIVITY, AND OVERSIGHT: A Director’s participation in Board deliberations should be objective, fair, and forthright, and be based on independence of judgment. A Director should constructively test and challenge management’s plans and recommendations and provide advice, counsel, and direction in fulfilling the Director’s oversight role. How do you evaluate yourself with respect to these attributes and responsibilities? Comments: _______________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ 2. KNOWLEDGE AND EXPERTISE: A Director should be able to draw on his or her past experience relevant to significant issues facing the Corporation, such as technology, non-U.S. operations, and finance. A Director should have the ability to assess the Corporation’s strategy, business plans, and key issues and to evaluate the performance of management. How do you evaluate yourself in using your experience as an aid and a tool in addressing the Corporation’s plans, operations, and management? Comments: _______________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ 3. BOARD TEAMWORK: Directors should be team players as well as team leaders. A Director must be able to work with fellow Directors, while not necessarily always agreeing with them. What are the roles you play on the Directors’ team, and are those your best positions? Comments: _______________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ * This evaluation is in a descriptive format. Other options include taking similar questions and having directors score themselves for each element on a scale of 1-5 (with 1 being the highest). Then, directors are asked to rate the importance of each element on a scale of 1-5. By comparing the “importance” score with the “elements” score, directors will be able to “zero in” on areas in greatest need of improvement. 100 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 4. BOARD LEADERSHIP: How effective is the Board’s leadership, both at the Board and the Committee level? How effective is each Committee and the Lead Independent Director function? Comments: _______________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ 5. BOARD GOALS: Are the Board’s goals, expectations, and concerns honestly and effectively communicated to the CEO? What is your role in setting and expressing these goals and concerns? Comments: _______________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ 6. BOARD CONTACT WITH EMPLOYEES: Is the contact between the Board and senior staff and operating management adequate and appropriate? Is the Director site visit program being used by you? What additional contacts, if any, would you want? Comments: _______________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ 7. INFORMATION TO THE BOARD: Is the quality, quantity, and timing of information sent to and presented to Directors adequate? Are scheduled Board meeting sufficiently frequent to allow Directors to discuss the company’s performance and major issues that could affect its future? Is enough time devoted to reviewing strategic issues? What additional data input do you want to receive? Comments: _______________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ 8. MY BOARD CONTRIBUTIONS: Overall, I believe that my areas of greatest and least likely contributions to the Board are: _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ 9. PARTICIPATION AND INPUT: For the coming year, I plan to increase my participation and contribution to Board activities through: _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________________ Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 101 Appendix 6 Sample Chief Executive Officer Evaluation Form Process: • • • • • Evaluation sheet distributed (date) to active independent board members Completed evaluation sheets returned to xxx by (date) Xxx will summarize input and pass on anonymously to yyy yyy will circulate to the Board and preview with zzz, adding his own feedback Active independent board members discusses evaluation with zzz at (date) board meeting Evaluation: Your name: ___________________________________(will be removed by xxx) Please return to xxx prior to (date) Section A: Primary Responsibilities of the CEO Consider the factors listed below when forming your evaluation. Provide relevant examples when possible. 1. Development of the primary strategy and objectives of the company • Appropriateness given the external environment • Clarity & consistency of the strategy • Process that encourages effective strategic planning Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 2. Tone and structure of how the company operates • Appropriateness of organizational structure to the primary strategy • Alignment of management with the strategy • Clearly communicated with a process for identifying and measuring progress toward the strategy • Timely adjustments in strategy when necessary • Fosters a culture of ethical behavior that includes effective compliance programs, strong auditing, and financial controls Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 102 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 3. Leadership and development of the management team • Succession planning in place at higher levels that includes an effective plan for developing candidates for the long term • Turnover of management • Energy of management team • Motivates and inspires employees to realize the company’s vision • Effective role mode for the organization Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 4. Relationship with the board • Keeps the board fully informed of important aspects of the company • Practices and encourages open, honest, and timely communication • Effective presentations • Ability to raise and explain key issues • Ability to draw on past experiences in issues facing the corporation Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ Section B: Performance to (Company) values The CEO should set the tone by role modeling (Company) values. Please consider the CEO’s strengths, areas for development as well as the factors listed below. Provide relevant examples when possible. 1. Results Orientation • Sets challenging and competitive goals • Focuses on output • Assumes responsibility • Constructively confronts and solves problems • Executes flawlessly Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 103 2. Risk Taking • Fosters innovation and creative thinking • Embraces change and challenges the status quo • Listens to all ideas and viewpoints Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 3. Discipline • Conducts business with uncompromising integrity and professionalism • Makes and meets commitments • Properly plans, funds, and staff projects • Learns from our successes and mistakes Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 4. Quality • Strives to achieve the highest standards of excellence • Does the right things right • Continuously learns, develops, and improves Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 5. Customer Orientation • Listens and responds to our customers, suppliers, and stakeholders • Clearly communicates mutual intentions and expectations • Delivers innovative and competitive products and services Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 104 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 6. Great Place to Work • Style: open and direct • Works as member of a team with respect and trust for each other • Recognizes and rewards accomplishments • Manages performance fairly and firmly • Makes (Company) an asset to our communities worldwide Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ Section C: Overall Summary. 1. Greatest strength as a CEO Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 2. Major highlights and lowlights of the past 12 months Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 3. Words of advice to the CEO Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ 4. Overall Performance Grade (check one) q Outstanding q Good q Needs Improvement Comments/examples: _______________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ ___________________________________________________________________________________________________________________________ Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 105 Appendix 7 Sample Audit Committee Charter and Responsibilities Checklist (Microsoft Corporation) Microsoft Corporation Audit Committee Charter As part of the commitment of the Company and the Board of Directors to good governance practices, the Audit Committee regularly reviews its charter and recommends to the Board changes to the charter. The Board adopted changes to the charter in August 2002, in part to take into account the adoption of the Sarbanes-Oxley Act of 2002. Role The Audit Committee of the Board of Directors assists the Board of Directors in fulfilling its responsibility for oversight of the quality and integrity of the accounting, auditing, and reporting practices of the company, and such other duties as directed by the Board. The Committee’s role includes a particular focus on the qualitative aspects of financial reporting to shareholders, and on the company’s processes to manage business and financial risk, and for compliance with significant applicable legal, ethical, and regulatory requirements. The Committee is directly responsible for the appointment, compensation, and oversight of the public accounting firm engaged to prepare or issue an audit report on the financial statements of the company. Education The company is responsible for providing the Committee with educational resources related to accounting principles and procedures, current accounting topics pertinent to the company and other material as may be requested by the Committee. The company shall assist the Committee in maintaining appropriate financial literacy. Authority In discharging its oversight role, the Committee is empowered to investigate any matter brought to its attention, with full power to retain outside counsel or other experts for this purpose. Membership The membership of the Committee shall consist of at least three directors who are generally knowledgeable in financial and auditing matters, including at least one member with accounting or related financial management expertise. Each member shall be free of any relationship that, in the opinion of the Board, would interfere with his or her individual exercise of independent judgment. Applicable laws and regulations shall be followed in evaluating a member’s independence. The chairperson shall be appointed by the full Board. Responsibilities The Committee’s specific responsibilities in carrying out its oversight role are delineated in the Audit Committee Responsibilities Checklist. The responsibilities checklist will be updated annually to reflect changes in regulatory requirements, authoritative guidance, and evolving oversight practices. As the compendium of Committee responsibilities, the most recently updated responsibilities checklist will be considered to be an addendum to this charter. The Committee relies on the expertise and knowledge of management, the internal auditors, and the public accounting firm in carrying out its oversight responsibilities. Management of the company is responsible for determining the company’s financial statements are complete, accurate, and in accordance with generally accepted accounting principles. The public accounting firm is responsible for auditing the company’s financial statements. It is not the duty of the Committee to plan or conduct audits, to determine that the financial statements are complete and accurate and are in accordance with generally accepted accounting principles, to conduct investigations, or to assure compliance with laws and regulations or the company’s internal policies, procedures, and controls. Communications/Reporting The public accounting firm shall report directly to the Committee. The Committee is expected to maintain free and open communication with the public accounting firm, the internal auditors, and the company’s management. This communication shall include private executive sessions, at least annually, with each of these parties. The Committee chairperson shall report on Audit Committee activities to the full Board. 106 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board MICROSOFT CORPORATION Audit Committee Responsibilities Checklist WHEN PERFORMED Winter 1. The Committee will perform such other functions as assigned by law, the Company’s charter or bylaws, or the Board of Directors. 2. The Committee shall have the power to conduct or authorize investigations into any matters within the Committee’s scope of responsibilities. The Committee shall be empowered to retain independent counsel, accountants, or others to assist it in the conduct of any investigation. 3. The Committee shall meet four times per year or more frequently as circumstances require. The Committee may ask members of management or others to attend the meeting and provide pertinent information as necessary. 4. The agenda for Committee meetings will be prepared in consultation between the Committee chair (with input from the Committee members), Finance management, the General Auditor and the public accounting firm. 5. Provide an open avenue of communication between the internal auditors, the public accounting firm, Finance management and the Board of Directors. Report Committee actions to the Board of Directors with such recommendations as the Committee may deem appropriate. 6. Review and update the Audit Committee Responsibilities Checklist annually. 7. Provide a report in the annual proxy that includes the Committee’s review and discussion of matters with management and the independent public accounting firm. 8. Include a copy of the Committee charter as an appendix to the proxy statement at least once every three years. 9. Appoint, approve the compensation of, and provide oversight of the public accounting firm. 10. Review and approve the appointment or change in the General Auditor. 11. Confirm annually the independence of the public accounting firm, and quarterly review the firm’s non-audit services and related fees. 12. Verify the Committee consists of a minimum of three members who are financially literate, including at least one member who has financial sophistication. Audit Committee Meetings Spring Summer Fall A/N* X X X X X X X X X X X X X X X X X X X * As needed Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 107 WHEN PERFORMED Winter 13. Review the independence of each Committee member based on NASD and other applicable rules. 14. Inquire of Finance management, the General Auditor, and the public accounting firm about significant risks or exposures and assess the steps management has taken to minimize such risk to the Company. 15. Review with the General Auditor, the public accounting firm and Finance management the audit scope and plan, and coordination of audit efforts to assure completeness of coverage, reduction of redundant efforts, the effective use of audit resources, and the use of independent public accountants other than the appointed auditors of MS. 16. Consider and review with the public accounting firm and the General Auditor: a. The adequacy of the Company’s internal controls including computerized information system controls and security. b. Any related significant findings and recommendations of the independent public accountants and internal audit together with management’s responses thereto. 17. Review with Finance management any significant changes to GAAP and/or MAP policies or standards. 18. Review with Finance management and the public accounting firm at the completion of the annual audit: a. The Company’s annual financial statements and related footnotes. b. The public accounting firm’s audit of the financial statements and its report thereon. c. Any significant changes required in the public accounting firm’s audit plan. d. Any serious difficulties or disputes with management encountered during the course of the audit. e. Other matters related to the conduct of the audit which are to be communicated to the Committee under generally accepted auditing standards. 19. Review with Finance management and the public accounting firm at least annually the Company’s critical accounting policies. 20. Review policies and procedures with respect to transactions between the Company and officers and directors, or affiliates of officers or directors, or transactions that are not a normal part of the Company’s business. 21. Consider and review with Finance management and the General Auditor: a. Significant findings during the year and management’s responses thereto. b. Any difficulties encountered in the course of their audits, including any restrictions on the scope of their work or access to required information. c. Any changes required in planned scope of their audit plan. Audit Committee Meetings Spring Summer Fall A/N* X X X X X X X X X X X X 108 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board WHEN PERFORMED Winter 22. The Chairman of the Audit Committee will participate in a telephonic meeting among Finance management and the public accounting firm prior to earnings release. 23. Review the periodic reports of the Company with Finance management, the General Auditor and the public accounting firm prior to filing of the reports with the SEC. 24. In connection with each periodic report of the Company, review a. Management’s disclosure to the Committee under Section 302 of the Sarbanes-Oxley Act. b. The contents of the Chief Executive Officer and the Chief Financial Officer certificates to be filed under Sections 302 and 906 of the Act. 25. Review filings (including interim reporting) with the SEC and other published documents containing the Company’s financial statements and consider whether the information contained in these documents is consistent with the information contained in the financial statements before it is filed with the SEC or other regulators. 26. Monitor the appropriate standards adopted as a code of conduct for Microsoft Corporation. Review with Finance management and Legal and Corporate Affairs the results of the review of the Company’s monitoring compliance with such standards and its compliance policies. 27. Review legal and regulatory matters that may have a material impact on the financial statements, related Company compliance policies, and programs and reports received from regulators. 28. Meet with the public accounting firm in executive session to discuss any matters that the Committee or the public accounting firm believe should be discussed privately with the Audit Committee. 29. Meet with the General Auditor in executive sessions to discuss any matters that the Committee or the General Auditor believe should be discussed privately with the Audit Committee. 30. Meet with Finance management in executive sessions to discuss any matters that the Committee or Finance management believe should be discussed privately with the Audit Committee. Audit Committee Meetings Spring Summer Fall A/N* X X X X X X X X X X X X X X X X X X X X X X X * As needed Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 109 Appendix 8 KPMG Audit Committee Institute Basic Principles for Audit Committees 1 Recognize that the dynamics of each company, board, and audit committee are unique—one size does not fit all. The organization and operational approach followed by any audit committee should take into account the unique aspects of the organizational and governance structures of the company that the committee serves. In addition, the delegation of responsibilities to an audit committee by the board of directors must be explicit and responsive to the needs and culture of the company and the board as a whole. The basic responsibilities of an audit committee are to oversee the financial reporting process of the company as implemented and maintained by management, including risks and controls related to that process, and the internal and external auditors’ roles and responsibilities within the financial reporting process. The audit committee should not be overloaded with activities or the committee may (1) lose sight of its major objectives or (2) perform its duties superficially.1 Once delegated, the ongoing support of the board for the activities of the audit committee, including appropriate management interaction, is critical. 2 The board must ensure the audit committee comprises the “right” individuals to provide independent and objective oversight. It is the responsibility of the board of directors to ensure that audit committee members are independent, financially literate, and have the characteristics to serve as effective audit committee members. The 1987 Report of the National Commission on Fraudulent Financial Reporting (known as the “Treadway Commission Report”) captured the basic attributes that every audit committee should possess. The audit committee must be informed, vigilant, and effective overseers of the financial reporting process. To have those attributes, the individual members of the committee must possess certain characteristics. First, the individual should have a general understanding of the company’s major economic, operating, and financial risks. In addition, the individual should have a broad awareness of the interrelationship of the company’s operations and its financial reporting. Further, the audit committee member should understand the difference between the oversight function of the committee and the decision-making function of management. Audit committee members must have the ability to formulate and ask probing questions about the company’s financial reporting process. According to the 1999 Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees (Blue Ribbon Committee), a member’s ability to ask and intelligently evaluate the answers to the necessary questions hinges on intelligence, diligence, a probing mind, and financial literacy. In fact, perhaps the most important characteristic of a good audit committee member is a willingness to challenge management when necessary. This is the essence of independence. 1 Frank M. Burke and Dan M. Guy, Audit Committees: A Guide for Directors,Management, and Consultants, 2nd edition (New York: Aspen Publishers, Inc., 2002), p. 117. 110 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 3 The board and audit committee must continually assert that, and assess whether, the “tone at the top” embodies insistence on integrity and accuracy in financial reporting. The company must have the right tone at the top. What is the right tone at the top from the perspective of the audit committee and its oversight of the financial reporting process? The audit committee, as a check and balance on management, is the guardian of the company’s financial reporting integrity. Thus, in establishing the “right tone,” according to Michael R. Young, a litigation partner of Willkie Farr & Gallagher and counsel to the American Institute of Certified Public Accountants, the company must have an unrelenting insistence: 5 • • • • • Audit committees must implement a process that supports their understanding and monitoring of the: specific role of the audit committee in relation to the specific roles of the other participants in the financial reporting process (oversight); critical financial reporting risks; effectiveness of financial reporting controls; independence, accountability, and effectiveness of the external auditor; and transparency of financial reporting The audit committee process provides a framework for coordinating the activities of, and information provided by, the participants in the financial reporting process that support the audit committee’s understanding, and monitoring, of the “key risks and controls” related to the company’s financial reporting process. A strong audit committee process allows a company, including its shareholders, to benefit from the collective insight and experience of each member of the committee. The Blue Ribbon Committee described the participants in the financial reporting process as a “three-legged stool of responsible disclosure and active oversight.” The three legs are (1) management, including internal audit, (2) the independent external auditor, and (3) the audit committee. The audit committee must not only understand the specific and unique roles that each “leg” plays in the financial reporting process but also hold these participants accountable to the board and the audit committee. When a company establishes an audit committee and the board delegates oversight of the financial reporting process to the committee, implicit in that delegation decision is that the audit committee is thereby assigned oversight responsibility for financial reporting risks (including fraud risks) and controls related to those risks. Therefore, the audit committee must have an understanding of (1) significant risks related to financial reporting reliability and (2) the controls that the company has established to address those risks. With a well-defined process predicated on an understanding of the specific roles of management, including the internal auditor and the external auditor, the audit committee will have established the framework within which to exercise effective oversight—listen, ask, assess, and challenge. • • • on accuracy in financial reporting; that numbers and financial statements not be massaged or manipulated; and on truthfulness as the foremost objective of the company. Young says, “It is a tone that makes financial misreporting unthinkable.”2 4 The audit committee must demand and continually reinforce the “ultimate accountability” of the external auditor to the board and audit committee as representatives of shareholders. The ultimate accountability of the external auditor to the board and the audit committee must be more than words in the audit committee charter. The audit committee, external auditor, and senior management must all acknowledge this reporting relationship and allegiance by their actions and deeds. 2 Michael R. Young, Accounting Irregularities and Financial Fraud, 2nd edition (New York: Aspen Publishers, Inc., 2002), p. 231. Source: KPMG LLP, Basic Principles for Audit Committees, 2002. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 111 Appendix 9 Excerpt from Internal Control: Guidance for Directors on the Combined Code Report by The Institute of Chartered Accountants in England and Wales Assessing the effectiveness of the company’s risk and control processes Some questions which the board may wish to consider and discuss with management when regularly reviewing reports on internal control and carrying out its annual assessment are set out below. The questions are not intended to be exhaustive and will need to be tailored to the particular circumstances of the company. This Appendix should be read in conjunction with the guidance set out in this document. 1 • Risk assessment Does the company have clear objectives and have they been communicated so as to provide effective direction to employees on risk assessment and control issues? For example, do objectives and related plans include measurable performance targets and indicators? Are the significant internal and external operational, financial, compliance, and other risks identified and assessed on an ongoing basis? (Significant risks may, for example, include those related to market, credit, liquidity, technological, legal, health, safety and environmental, reputation, and business probity issues.) Is there a clear understanding by management and others within the company of what risks are acceptable to the board? 2 • • Control environment and control activities Does the board have clear strategies for dealing with the significant risks that have been identified? Is there a policy on how to manage these risks? Do the company’s culture, code of conduct, human resource policies, and performance reward systems support the business objectives and risk management and internal control system? Does senior management demonstrate, through its actions as well as its policies, the necessary commitment to competence, integrity, and fostering a climate of trust within the company? Are authority, responsibility, and accountability defined clearly such that decisions are made and actions taken by the appropriate people? Are the decisions and actions of different parts of the company appropriately co-ordinated? Does the company communicate to its employees what is expected of them and the scope of their freedom to act? This may apply to areas such as customer relations; service levels for both internal and outsourced activities; health, safety, and environmental protection; security of tangible and intangible assets; business continuity issues; expenditure matters; accounting; and financial and other reporting. Do people in the company (and in its providers of outsourced services) have the knowledge, skills, and tools to support the achievement of the company’s objectives and to manage effectively risks to their achievement? How are processes/controls adjusted to reflect new or changing risks or operational deficiencies? • • • • • • • 112 Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 3 • Information and communication Do management and the board receive timely, relevant, and reliable reports on progress against business objectives and the related risks that provide them with the information, from inside and outside the company, needed for decision-making and management review purposes? This could include performance reports and indicators of change, together with qualitative information such as on customer satisfaction, employee attitudes, etc. Are information needs and related information systems reassessed as objectives and related risks change or as reporting deficiencies are identified? Are periodic reporting procedures, including half-yearly and annual reporting, effective in communicating a balanced and understandable account of the company’s position and prospects? Are there established channels of communication for individuals to report suspected breaches of laws or regulations or other improprieties? 4 • Monitoring Are there ongoing processes embedded within the company’s overall business operations, and addressed by senior management, which monitor the effective application of the policies, processes, and activities related to internal control and risk management? (Such processes may include control self-assessment, confirmation by personnel of compliance with policies and codes of conduct, internal audit reviews, or other management reviews). Do these processes monitor the company’s ability to reevaluate risks and adjust controls effectively in response to changes in its objectives, its business, and its external environment? Are there effective follow-up procedures to ensure that appropriate change or action occurs in response to changes in risk and control assessments? Is there appropriate communication to the board (or board committees) on the effectiveness of the ongoing monitoring processes on risk and control matters? This should include reporting any significant failings or weaknesses on a timely basis. Are there specific arrangements for management monitoring and reporting to the board on risk and control matters of particular importance? These could include, for example, actual or suspected fraud and other illegal or irregular acts, or matters that could adversely affect the company’s reputation or financial position. • • • • • • • Source: The Institute of Chartered Accountants in England and Wales, Internal Control: Guidance for Directors of the Combined Code (London: Accountancy Books, 1999), pp. 13-14. Corporate Governance Best Practices: A Blueprint for the Post-Enron Era The Conference Board 113 The Conference Board, Inc. 845 Third Avenue New York, NY 10022-6679 Tel 212 759 0900 Fax 212 980 7014 www.conference-board.org The Conference Board Europe Chaussée de La Hulpe 130, box 11 B-1000 Brussels, Belgium Tel 32 2 675 5405 Fax 32 2 675 0395 www.conference-board.org/europe.htm The Conference Board of Canada 255 Smyth Road Ottawa, Ontario K1H-8M7 Canada Tel 613 526 3280 Fax 613 526 4857 www.conferenceboard.ca © 2003 by The Conference Board, Inc. All rights reserved. Printed in the U.S.A. The Conference Board and the torch logo are registered trademarks of The Conference Board, Inc. This document is printed on recycled paper.