The increasing weight of corporate governance, more stringent regulatory processes and outdated Board structures are preventing Boards from adequately engaging in and setting appropriate risk management cultures within their organisations, according to a new global survey by Thomson Reuters.
As regulators demand greater risk oversight, the survey found a quarter of Boards are not actively engaged in this process – often hampered by time constraints and the significant pressures associated with reviewing an increasing number of Board materials.
The survey finds that on average organisations prepare 92 board books annually; each an average of 116 pages. This amounts to over 10,000 pages per year, representing a 50% uplift from the average of 5,940 pages reported the prior year.
Several organisations surveyed prepare more than 300 board books per year, close to six board books per week.
An increased expectation of good governance drives Board members to seek additional outside sources of strategic context and financial insights.
Over 70% of respondents reported a need for competitor insights, financial analytics and industry information. These are sought outside of traditional board materials.
Risk oversight by Boards varies substantially and there is a wide range of behaviors. Nearly 25% of respondents state that their Boards don't actively engage in risk oversight. This stands in stark contrast to the 55% of Boards that actively set a risk culture and cascade its policy to management
Almost half of the respondents indicated that they never encrypt their Board materials, and eighteen percent indicated that they only occasionally encrypt their information.
Only thirty percent of respondents were confident that Board members destroy all copies of Board-related emails and documents in accordance with document retention policies.
The study also finds that over half of the respondents indicated that they had been in a situation where Board members had left sensitive documents in public places or had heard of instances of sensitive Board materials being left in public places.
"Corporate governance is becoming ever more complex due to the fluctuating economy, increased regulatory requirements and greater regulatory scrutiny," says Mark Schlageter, managing director, Governance, Risk & Compliance, Thomson Reuters. "This is placing increased responsibility on the Board of Directors and greater demands on accountability and transparency. It is therefore essential that Boards have all the strategic business and industry intelligence they need at their fingertips to ensure they understand the entire picture when making decisions and to have better risk oversight across their organisation."
Greater volume of Board materials
Increased focus on board governance appears driving the volume of board materials to new heights and is presenting a real challenge for Directors and Company Secretaries alike.
The challenge of producing and reviewing board books is growing.
On average, among respondents, 92 board books are created annually, each with an average of 116 pages. This means that Company Secretaries prepare and distribute an average of over 10,000 pages of confidential material to their Boards every year. This number is more than 50% higher than the previous year's survey.
An increased expectation of good governance drives Board members to seek additional sources of strategic context and financial insights. Over 70% of Directors reported a need for competitor insights, financial analytics and industry information – all of which are sought outside of traditional Board materials.
Need for better risk mitigation
Most major corporations surveyed were found to have significant security gaps leaving sensitive board-level information open to information theft and hacking.
In particular, it was found that the majority of respondents are regularly sending confidential board material to their members via courier or through unsecure, noncommercial email addresses.
In addition, the percentage of respondents reporting board members' loss of computing devices or mobile devices to misplacement or theft grew by nearly 100%.
Two-thirds of board documents and communications were also reported to be distributed through a variety of devices and servers, up sharply from the corresponding 2011 survey.
Another vulnerable area is in risk oversight and regulation with a quarter of respondents stating that their boards don't actively engage in risk oversight.
In addition, while over three quarters of respondents acknowledge that their board seeks to remain up to speed on major areas of regulation, only thirty two percent point to the board's adoption of policies, some of which were referred to as "gold-plated".
Board security more critical
Board members are expected to deal with a wide range of issues at both a local and global level and their responsibility for cross-border issues continues to grow. As a result, the majority of board documents and communications are likely contained across a variety of devices and servers (sixty eight percent this year), up from fifty two percent in the 2011 survey.
Board materials are also put at risk by a common Board member practice of printing and carrying documents originally sent electronically, futher exposing an organisation to risk of theft or loss of commercially sensitive documents.
The results also suggest that Directors are using an increased number of mobile devices to access board materials and that most organisations are not tracking all the various computing devices that Board members are using to retrieve and save board documents.
Private mobile devices dominate the use of mobile technology by Boards. Over seventy percent of respondents indicated a BYOD (Bring Your Own Device) reality at the board level, as organisations did not supply Board members with mobile devices specifically for the purpose of board communications. This is an area of considerable risk for Company Secretaries who are not only charged with the creation but also the destruction of confidential board materials.