Advisory Council Reports

Fall 2021 Risk Oversight Advisory Council Meeting Brief: Boards Need to Prioritize

By NACD Staff

10/16/2021

Audit Committee Risk Committee Advisory Council Brief

Member-Only Content

For full access, please log in, or explore membership options.

JOIN NACD

 

 

In the fall of 2021, NACD, with PwC, Sidley Austin, and the Center for Audit Quality, brought together risk and audit committee chairs from Fortune 500 companies to learn more about recent key Delaware Chancery Court decisions, explore gaps in board process and structure in relation to these cases, and examine the implications for board oversight of mission-critical risks. They also discussed the board’s role in cybersecurity, the ways in which boards structure their cyber-risk oversight, and the reporting they receive from management about risk.

THE BOARD’S ROLE IN MISSION-CRITICAL RISK OVERSIGHT IS EVOLVING.

When it comes to risk and oversight, the role of the director has been evolving, starting with the Caremark case 25 years ago—the outcome of which stated that boards have a duty to oversee corporate compliance with regulations. Over the past several years, the Delaware courts have made clear that boards need to focus more on overseeing mission-critical risks. In key cases, the board of an airplane manufacturer was sued by shareholders for failing properly to oversee airplane safety and the board of an ice cream manufacturer was sued for failing to properly oversee food safety. In both cases, the courts found that the boards had failed to have appropriate focus and processes, which may have helped to mitigate the events in question. In these cases, the courts found that the boards did not exercise sufficient oversight over what was happening inside the company—the boards did not implement adequate processes to ensure that they received critical information and did not satisfactorily address the risks of which they were aware.

So what does all of this mean for boards now? “The Delaware courts say that boards have a fiduciary obligation to focus on mission-critical risks,” said Dr. Paul E. Kalb, a partner at Sidley Austin. “Boards in highly regulated industries have a heightened duty to oversee mission-critical risk. . . . This will affect board structure, processes, and composition. Do these boards have the right structure and committees? The right processes? The right people on the board to interpret and act on data?” Boards will need to make all of these a priority. “There’s no question that our world is evolving, and we have to evolve with it,” added one delegate. “So the role of director needs to change to dig in more deeply as complexity continues to grow.”