Fall 2021 Risk Oversight Advisory Council Meeting Brief

In the fall of 2021, NACD, with PwC, Sidley Austin, and the Center for Audit Quality, brought together risk and audit committee chairs from Fortune 500 companies to learn more about recent key Delaware Chancery Court decisions, explore gaps in board process and structure in relation to these cases, and examine the implications for board oversight of mission-critical risks.

(Note: The meeting was held using a modified version of the Chatham House Rule, under which participants’ quotes (italicized) are not attributed to those individuals or their organizations, with the exception of cohosts.) They also discussed the board’s role in cybersecurity, the ways in which boards structure their cyber-risk oversight, and the reporting they receive from management about risk.

THE BOARD’S ROLE IN MISSION-CRITICAL RISK OVERSIGHT IS EVOLVING.

When it comes to risk and oversight, the role of the director has been evolving, starting with the Caremark case 25 years ago—the outcome of which stated that boards have a duty to oversee corporate compliance with regulations. Over the past several years, the Delaware courts have made clear that boards need to focus more on overseeing mission-critical risks. In key cases, the board of an airplane manufacturer was sued by shareholders for failing properly to oversee airplane safety and the board of an ice cream manufacturer was sued for failing to properly oversee food safety.