Top Concerns for Directors in 2012

The SEC enforcement agenda and whistleblower bounty program, CEO succession, executive compensation, and IT risk were among the issues on audit committee members’ minds as they met in December and January at three audit committee peer exchanges hosted by the PwC Center for Board Governance. The exchanges were part of the 2011 Year-end considerations for audit committees seminar held in Arizona, New York and Florida.

PwC Vice Chair, Assurance, Tim Ryan facilitated the exchanges, which included over 200 audit committee members. Following are the major recurring themes at each of the venues.

Compliance

Among all the rulemaking and enforcement actions that have taken place over the past year, one that caused significant consternation among the audit committee members is the new SEC whistleblower bounty program. Many are concerned about the program undercutting existing company whistleblower programs that came into existence following the passage of the Sarbanes-Oxley Act in 2002. That law calls for public company audit committees to oversee whistleblower hotlines.

The SEC whistleblower bounty program under the Dodd-Frank Act takes the whistleblower process to a new level by offering a bounty to employees whose information leads to a successful conviction. “The whistleblower bounty program has the potential of getting out of control,” said one audit committee chairman. “It bypasses the [company’s] normal process.”

The final rules for the whistleblower bounty program do not require whistleblowers to report violations internally through companies’ compliance programs. However, there are measures in the rules to incentivize whistleblowers to utilize internal compliance and reporting systems when appropriate. For more information, read the PwC publication A Closer Look at The Dodd-Frank Wall Street Reform and Consumer Protection Act: SEC Adopts Final Rules Establishing Whistleblower Program.

Enforcement of the Foreign Corrupt Practices Act (FCPA) is also on the top of audit committees’ worry list entering 2012. This is understandable since the US Department of Justice and the SEC have ratcheted up FCPA investigations over the past two years. (As of December 2011 there were 150 open cases.) As a result, some companies expanded the role of internal audit in reviewing FCPA issues, especially when acquiring a foreign company.

Board leadership

While some directors believe the board chairman and CEO positions should be split, they don’t think companies that have the roles combined should contemplate a split during the tenure of a sitting CEO.

While there is no right answer to the question of whether the roles should be separated, the rationale behind separating the positions is to separate the leader of management’s oversight body from the leader of management. “Many boards are realizing how important it is to have a counter balance at the top of a company,” one director said.

“We have a split Chair/CEO at my company, and it works well,” a director said. “It requires the right people. But, in my opinion, it is best for an effective board.”

Many directors agreed there are several characteristics that successful split chairman/CEO roles should have. The two individuals understand and accept their respective roles, agree on a consistent vision of company strategy and key indicators of success, openly communicate about issues and challenges, and avoid mixed messages that may confuse other members of management.

CEO succession planning

Another area of discussion at the peer exchanges was CEO succession planning. Some directors were concerned not enough board time is given to that important board responsibility.

While boards prefer a planned succession, in an emergency succession they have to balance filling a short-term void with addressing a long-term need. During an emergency succession it’s not unusual for a lead director or board chairman to step in as acting CEO while the board decides on a permanent successor. During a planned succession, the sitting CEO and board regularly communicate about succession planning from within the company’s ranks by developing and assessing the skills of senior executives.

Management succession planning is not simple. PwC’s 2011 Annual Corporate Directors Survey shows only 64% of the 834 directors who responded are satisfied with the management succession plans at their companies while 59% would like to see their boards devote more time to the topic.

“It’s the board’s most important job to choose the right CEO and have a succession plan in place,” a participant said. “It’s a good idea to include succession planning as a recurring agenda item.”

Executive compensation

Following the accounting frauds of the early 2000s and the ensuing enactment of the Sarbanes-Oxley Act, audit committee members felt a target on their backs from the proxy advisory firms in the form of withhold vote campaigns. Some peer exchange participants have a view that there could be a similar target on the backs of compensation committee members for those companies whose shareholders failed to pass or weakly supported say on pay in year one. “I think the compensation committee chair is the toughest job on the board,” an audit committee chairman said. “I’d rather be the audit committee chair right now.”

Directors are certainly sensitive to the messages from shareholders delivered by the say on pay votes. In the PwC survey 32% of directors who responded said the compensation committee would reconsider the compensation of executives if 20%-35% of the votes were against the pay plan set out in the annual proxy statement.

In its US Corporate Governance Policy 2012 Updates, Institutional Shareholder Services (ISS) indicated its policy is to make voting recommendations for compensation committee elections and say on pay proposals on a case-by-case basis if the company received less than 70% support for its pay plan in the prior year. In making its determination, ISS will consider whether such companies sufficiently addressed shareholder concerns regarding compensation. The proxy advisor said it would take into account disclosures related to the company’s response to the previous say on pay vote, whether the issues raised are recurring, and the company’s ownership structure.

IT strategy and risk

The strategy and risks associated with information technology (IT) continue to worry audit committees, especially in the area of emerging technologies such as social media, cloud computing, and mobile devices. Some directors at the peer exchange indicated it is hard to keep up with the fast-paced nature of technology, while security continues to be an issue with the use of social media.

Most directors agreed their boards could be at a disadvantage if they don’t increase the amount of IT expertise either by adding board members with IT experience or hiring outside advisors. Recent surveys show only 8% of directors have IT expertise and only 15% use outside IT advisors.

Developing technologies, such as cloud computing and social media, create concerns for directors in understanding the risks created. Cloud computing, which replaces traditional servers with web-based storage and applications, allows companies access to the computing capacity they need.

Some of the risks related to cloud computing include:

• Data and applications that are outside the company’s firewall
• Temptation of users to work around the IT department when securing such services
• On-going security of customer data.

Risk considerations for social media include:

• Employee usage, which if not appropriately managed could harm a company’s reputation
• Potential disclosure of proprietary corporate information
• Unpredictability and resistance to controls.

Many directors at the peer exchange are aware of the need for boards to have an effective IT strategy for the next one to three years. They believe it would be dangerous not to consider IT in strategic planning, as the company could be at a competitive disadvantage without it.

As a side note, some participants observed that the SEC has issued new guidance on disclosure of cybersecurity risks in light of recent corporate breaches.