Lessons for Boards from the Deepwater Horizon Tragedy

Martin Lipton is a founding partner of Wachtell, Lipton, Rosen & Katz, specializing in mergers and acquisition and matters affecting corporate policy and strategy. This post is based on a Wachtell Lipton firm memorandum by Mr. Lipton and Benjamin M. Roth.

There is no doubt the oil industry, corporate America, the United States and foreign governments and people across the globe will learn many lessons from the tragic events in the Gulf of Mexico. For boards of directors across many industries, these events highlight the critical importance of effective board oversight of risk management.

Most companies face numerous layers of risk in their daily business activities. As we have previously written (see, e.g. “Risk Management and the Board of Directors,” available on the Forum here), the board’s role is not to manage a company’s day to day risk management processes and procedures, but rather to properly oversee the risk management functions of the company by setting the right “tone at the top”. The board should satisfy itself that the company’s risk management processes are designed and implemented consistent with corporate strategy and the associated level of risk tolerance and are functioning properly. The board should also satisfy itself that the company fosters a culture of risk-aware and risk-adjustment decision making.

Recent events provide an opportunity for boards of directors to reassess the adequacy of risk management policies and procedures, in particular those related to health, safety and the environment (HSE). Although applicable risks vary greatly across companies, industries and jurisdictions, and there is no “one-size-fits-all” when it comes to risk management, many of the fundamental elements of a sound risk management exercise are applicable to numerous businesses. Attached is a series of questions that may be helpful to boards of directors and general counsel embarking on an assessment of HSE matters as well as a set of basic principles that form the basis of an effective risk management culture.

Virtually all business activities involve risk – it is extremely difficult, and if not impossible, commercially impractical, to eliminate all risk. Companies must constantly balance risk and reward and it falls on a company’s board of directors and senior management to foster a culture and environment that encourages proper risk assessment and mitigation into business decision-making.

Fundamental Questions Pertaining to Risk Assessment

Risk Identification

  • What processes are employed to identify, on a continual basis, HSE risks?
  • How are identified risks reported up through the organization?
  • How, and to whom, are responsibilities allocated to manage these risks?

Response Preparedness

  • Are response plans in place with respect to identified risks?
  • How frequently are response plans reviewed? Are there “fire drills”?
  • How are HSE incidents and near misses reported up through the organization?
  • Does the senior officer(s) responsible for risk management have direct access to the CEO and the board of directors?
  • What policies and procedures are in place to investigate HSE incidents or near-misses? How are findings memorialized and reported?
  • What procedures are in place to incorporate findings from these investigations into practice as well as lessons learned from incidents with other companies, both within and outside of the company’s industry and peer companies?

Best Practices/Compliance

  • What procedures are in place to continually monitor industry standards and regulatory compliance?
  • In what circumstance would the company deviate from industry or company standards? How would this decision be reviewed and approved?
  • What steps does the company take to monitor best practices? How is this reported?
  • Are there circumstances when the company would deviate from best practices regarding HSE matters assuming applicable regulation would tolerate a lower standard? How would this decision be made and reviewed?
  • How often are written manuals and procedures, including incident response plans, reviewed?

Basic Principles

  • Set a proper “tone at the top” and reinforce the company’s commitment to HSE excellence through regular communications to the company’s workforce.
  • Lead by example. Managers should not simply direct work and monitor compliance but should encourage suggestions, motive staff and engage the workforce to solve HSE problems.
  • Rigorous HSE processes and procedures are not simply about legal compliance but make sound business sense and should be viewed as an integral part of productivity, competitiveness and profitability.
  • Encourage personnel to be creative and take business initiative to drive competitiveness and profitability but do not tolerate cutting corners when it comes to HSE matters.
  • Clearly define expectations, responsibilities and accountability for HSE compliance and failures.
  • Foster a positive, trusting and open environment to facilitate communication of HSE problems and issues.
  • Provide human and financial resources to ensure that safety procedures are effective and proper preventative measures can be taken.
  • Make safety initiatives strong, clear and concise but do not overload personnel with duplicative or overwhelming policies or materials.
  • Establish dynamic programs to continually monitor and evaluate hazards in systems to ensure prompt identification and rigorous analysis of such hazards.
  • Ensure timely and thorough inspections and investigations of incidents and near misses.
  • Conduct regular and rigorous safety process audits and fire drills and correct any deficiencies in a timely manner.
  • Ensure appropriate aggregation and evaluation of information gathered regarding HSE issues and risks.
  • Make clear throughout the organization that risk management is an ongoing and dynamic process – not one that is a finite project to be put to bed.
  • Be vigilant for learning opportunities, across industries and jurisdictions.
Both comments and trackbacks are currently closed.

One Comment

  1. Carter the Examiner
    Posted Wednesday, June 23, 2010 at 4:12 pm | Permalink

    “Oversight” is such a squishy term, and it is in disagreement with the basic wording of Delaware and UK corporate codes.

    CHAPTER 1. GENERAL CORPORATION LAW – Subchapter IV. Directors and Officers § 141(a) The business and affairs of every corporation organized under this chapter shall be managed by or under the direction of a board of directors.

    UK FRC Code: The board’s role is to provide entrepreneurial leadership of the company within a framework of prudent and effective controls which enables risk to be assessed and managed.

    Now the American Law Institute guide Section 3.02 says “Although the statutes literally seem to require the board to either manage or direct the management of the corporation, it is widely held that the board of a publicly held corporation normally cannot and does not perform those functions in the usual sense of those terms.”

    Interestingly, the bank supervisors have articulated a standard closer to the original meaning of the statutes. The recent BCBS consultative draft Principles for Enhancing Corporate Governance states “Principle 1 – The board has overall responsibility for the bank, including approving and overseeing the implementation of the bank’s strategic objectives, risk strategy, corporate governance and corporate values. The board is also responsible for providing oversight of senior management.”

    That seems better – that seems better: articulate and approve the parameters that management operates under, and THEN oversee.

One Trackback

  1. By Oil Spill News on Sunday, July 4, 2010 at 11:47 am

    […] the rest of this great post here Comments (0)    Posted in Oil Spill   […]