Emerging Risks for Corporate Boards - NACD BoardVision
Is your board taking the necessary precautions to mitigate emerging risks from cybersecurity to global currency risk? Dennis T. Whalen, partner in charge and executive director of KPMG’s audit committee institute, and Douglas L. Maine, limited partner at Brown Brothers Harriman & Co., suggest tools and practices directors can use to navigate today’s volatile business environment.
Christopher Clark: When it comes to emerging risks, I'm going to quote Sam Palmisano of IBM. Stuff happens. I'm joined today by Dennis Whalen of KPMG and Doug Main who is a corporate director of three public companies. Dennis and Doug, I want to ask you a very simple question. Why is NIST vitally important to board members?
Dennis Whalen: Well, I'll start by saying cyber risk and the focus on cyber risk today isn't going away anytime soon. Businesses have been spending a really long time integrating technology in virtually everything they do. So, the challenges that we have today around cyber are a function of that transformation of businesses and imbedding technologies. NIST is one of the tools people tend to be thinking about today as trying to level the playing field and helping people get a sense, are you at least meeting some minimum requirements. It's a good start but I don't think it gets you to the promise land. I think the first thing you've got to realize is that, while cyber is a function of technology, it's a business issue more than it's a technology issue. So, I think you got to think about it. The solution's got to come from different parts of the organization and everybody needs to be in the conversation. Then next part that I think's equally important, before you even get to how do you have a conversation about NIST with a board is you've got to sit back and say where in the board construct is the conversation and the responsibility for cyber risk going to sit? Is it full board? Is it the audit committee? Is it the risk committee? Is it the technology committee?
Christopher Clark: Now Doug, I know this is a passion point for you, both cyber security and NIST. What are your thoughts?
Doug Maine: My advice to boards is either adopt it, or, at a minimum, reconcile your own framework to NIST and determine are there things that you're missing.
Christopher Clark: Let me ask this. Is there any reason not to adopt it?
Doug Maine: Well, you may have a separate framework on your own that's working for you. But again, there may be some holes in that and that's why I would reconcile to it.
Christopher Clark: Doug, in terms of volatility risk, let's address the, kind of the global currency risk you probably know the countries where it's most risk. But, gives us an overall umbrella.
Doug Maine: Turning to the boards why this is a concern, of course, it's really multifaceted. It includes hedging. It includes financial reporting. It includes customer contracts, are all susceptible what what's a currency risk. And, I do believe that this is something that should be on the board agenda or, at a minimum, on the audit committee agenda.
Christopher Clark: Compared to what Doug just said, and you might even want to pretend he's one of your clients, what should his board also be thinking about when it comes to these currency [inaudible]?
Dennis Whalen: I watched currency a lot during 14, watched the euro move, watched the price of oil, so commodities moved, and they have an impact on currencies. But, in early 2015, so, in January when a lot of companies were starting to give guidance around revenues for 2015, it was relatively startling the number of major U.S. companies who were showing significant drops in revenues because of negative currency movements, you know, strength of the dollar. And so, the question that I think boards or audit committees need to make sure they're thinking about, and even compensation committees, is what are you managing, how are you managing management and how are you rewarding management, and what incentives or disincentives have you put in to do the right thing around currency? You don't want to, necessarily, give them a pass. But, you also don't want to put them into a position where they create high risk speculative strategies around certain currencies.
Doug Maine: There's an investor issue, that's over and above, I think, everything else that we've spoke about. And that's how do you report on currency? Now, as Dennis will certainly tell you GAP does not allow you to report any other way than per GAP. But, many companies, and my alma mater is IBM, actually does not report in the press releases, but, they'll report an investor, conference calls on not only as reported IE GAP numbers but also in constant currency numbers. And, as an example, the last quarter, IBM's, as reported, revenue was down 12% but on a constant currency basis it was down 2%. So, given that level of magnitude, it's important in my mind for investors to know how the company's really performing net of currency issues.
Christopher Clark: If you'd like to learn more about emerging risks or any other risk subject, I encourage you to do three things. Read NACD Directorship Magazine, go to the NACD website, or go to the KPMG website and you'll be very pleasantly surprised. I'm Chris Clark and this is BoardVision.
View Other NACD BoardVision Episodes by TopicBoard Composition, Evaluation & Director Succession
Strategy & Risk
List all NACD BoardVision Episodes