Corporate Culture Risk and the Board

Carey Oven is National Managing Partner at Deloitte & Touche LLP and Bob Lamm is Independent Senior Advisor at the Center for Board Effectiveness at Deloitte LLP. This post is based on their Deloitte publication.

Introduction: “Where was the board?”

Recent corporate scandals linked to problematic company cultures have resulted in questions such as “where was the board?” and “shouldn’t the board have known?” In some cases, board members themselves may have wondered why they were not informed of cultural problems and asked, “should we have conducted more due diligence?”

These and similar questions, and the responsibility to protect both their companies’ and their own reputations, are leading directors to look for ways to better monitor corporate culture and to understand potential cultural risks and address problems before they get out of control.

The purposes of this post are to help define “culture” and why it matters, and to provide practical suggestions for overseeing culture risk.

What is “culture” and why does it matter?

“Culture” can be defined in many ways. In the corporate context, culture is a system of values, beliefs and behaviors that shape how things get done within the organization. Some have referred to corporate culture as being set by the “tone at the top.” While it’s critical for company leadership, including the board, to demonstrate its commitment to a positive culture, a sound corporate culture should permeate the entire organization.

Culture matters, because a strong, positive corporate culture provides a framework not only for risk mitigation, but also for both short- and long-term value creation. It aligns values, goals, behaviors, and systems throughout the organization in ways that can have favorable impacts, both internally (for example, through positive employee engagement or by facilitating optimal performance or a strong safety record) and externally (through positive branding, reputation and competitive advantage).

On the other hand, a damaged or broken culture can create dysfunction throughout the organization and create risk to critical assets, including brand reputation, intellectual property, and talent. As recent developments demonstrate, these and other negative impacts can destroy value and, ultimately, the organization itself.

 Questions for the board to consider:

  1. What is management’s view as to the nature and strength of our culture?
  2. Do we understand that our culture is an asset that can help us to achieve short- and long-term growth and performance?
  3. Has management conducted any employee engagement or talent surveys or focus groups to get a better handle on the state of our culture? Are the results summarized and provided to the board at some level? If so, when was the last time we conducted such a survey? Is it time to conduct another?
  4. How do our compensation plans, programs, and practices reinforce our culture?
  5. Have we promoted people who demonstrate cultural leadership? Have we kept back, demoted, or terminated those who don’t?
  6. Should we discuss culture risk as part of our overall risk oversight process during board meetings?
  7. Does the board participate in site visits, and discuss anomalies with the board and management? (i.e. I visited one of our locations recently and found the staff unresponsive to customer concerns; have any other board members had similar experiences?)
  8. What are our employees, customers, suppliers, and communities saying about us on the web? In social media?
  9. Do our internal and external communications demonstrate the strong culture that we espouse?
  10. How can we get comfortable beyond just assertions on culture (through data/metrics, internal audit results, etc.)?

An important takeaway from the above is that a strong, positive culture is an important asset of any organization that should be supported and protected. It is not merely a “soft” issue of interest to investors and the media; rather, it can be critical to the company’s growth and performance.

Why the board?

The board, directly and through its committees, is responsible for overseeing strategy, risk, and performance. Recent scandals and other developments have made it increasingly apparent that culture is linked to all three of these oversight areas and that culture is a key asset. Accordingly, culture-related risk is a key risk that calls for board oversight. In recent years, investors and the media have also focused on the board’s role in overseeing corporate culture; as noted above, one of the first questions asked when a culture problem surfaces is “where was the board?” While investor and media attention are not (and should not be) the sole drivers for seeking board oversight of culture, they have caused directors and managements alike to think about culture and how best to support and protect it. [1]

How can the board oversee culture and culture risk?

Even the most diligent directors are, at best, part-timers. They attend board and committee meetings at company facilities, and some visit company facilities, but board members do not usually have the opportunity to observe the company’s culture up close and personal on a day-to-day basis. In addition, culture is an intangible asset. A director visiting a company plant may notice that it’s in disrepair; however, the director is not likely to be able to see a crumbling culture.

Moreover, directors may not know how to most effectively oversee culture and culture risk. Interestingly, management often has similar concerns; because culture is intangible, it’s difficult to measure or reward, and thus it can be difficult to prevent cultural problems or meltdowns.

There are, however, some general approaches to culture risk oversight that management and boards alike should consider:

  • Treat culture risk as part of an integrated process of oversight that addresses strategy, performance, and risk. There are many common elements across the spectrum of oversight, and treating culture risk as somehow separate and distinct may create the impression that it is different and/or less important than other forms of risk. Culture underpins all aspects of strategy, performance, and risk. Consequently, boards should consider making culture and culture risk regular board agenda items and topics for candid discussions between the board and management.
  • Be proactive. Waiting until a problem surfaces is likely to be less effective than nipping it in the bud. Perhaps more important, showing an interest in culture can demonstrate to others in the organization that the board is “walking the talk”—bridging the gap between what is espoused and what the board actually does—and that managing culture risk provides opportunities to reinforce a strong, positive culture. One important way of being proactive is to ask questions pertaining to culture and seek validation through data; see the call-out box for some questions that could be asked.
  • Be persistent. Although a responsible management team will welcome the board’s oversight of culture risk, some managements may resent a director—or even the full board—looking under rocks. And even where management welcomes the board’s involvement, there may be others who push back. For example, a director seeking to have a cultural assessment (discussed below) performed may encounter opposition from members of management or counsel—or even other directors—who may feel that conducting an assessment shows a mistrust of management or that an assessment may yield information that could increase board liability.

Who’s responsible?

Despite the importance of risk oversight, it can be difficult to assign responsibility for culture risk within the board. While it is customary for the full board to oversee risk generally, its committees often play a major role in risk oversight. For example, audit committees oversee various types of financial risk, and most have responsibility for compliance oversight; and compensation committees oversee compensation risk (i.e., incentives to engage in inappropriate actions).

There is no one “right” answer as to how a particular board should assign responsibility for culture oversight. Just as there is no one model for corporate culture, there is no one approach that all companies should follow. Each board should decide how it wants to oversee culture risk, whether at the full board level or otherwise. The important thing is to avoid letting culture risk slip through the cracks.

What tools and processes are available to implement culture risk oversight?

There are a number of practical tools and processes that boards and managements can use to assess culture, determine gaps, and address the resulting risks, as follows:

  • Diagnostics and focus groups: Various providers offer surveys and other tools to assess the degree of engagement—both internal and external—and evaluate the company’s culture and any gaps. These surveys can provide insights into areas such as whether employees feel comfortable reporting problems to their superiors, how they feel about management’s integrity (the “tone at the top”), their level of engagement with the organization, and other areas. In addition to the internal pulse on culture, external diagnostics and risk scanning tools can provide information as to how the company is perceived by those who deal with it—customers, suppliers, and the communities in which the company operates (for example, whether suppliers feel that the company has treated them fairly or whether customers have favorable views of their interactions with the organization). Focus groups can provide opportunities to drill down on survey responses and provide a more detailed roadmap as to potential problems and solutions.
  • Baseline assessments and periodic updates: The board should begin with a baseline knowledge of the company’s culture through the surveys and other tools referred to above. Once a baseline is set, these tools can be used periodically to assess employee engagement levels, particularly if there are corporate developments that might impact internal and external views, such as a reduction-in-force, the closing of a facility, or a major transaction that can impact employees and third parties alike. In addition, evaluating trends in internal and external sentiment over time can provide insights on the effectiveness of risk mitigation activities. The board should be kept informed as engagement levels vary over time, as changes may indicate a problem that needs to be addressed.
  • Management: The board should be satisfied that management is taking appropriate responsibility for culture on a day-to-day basis. Members of management can be tasked with assessing and monitoring roles in their respective areas of responsibility and encouraged to report back to the board as to the state of the company’s culture as well as any challenges or problems they observe. Culture can also be added as a component of the compensation process—not only at the C-suite level but also around incentives, sales, and other “routine” business activities—and succession planning.
  • Presence and observation: Even though board members are part-timers, when they visit company facilities, whether for board or committee meetings or otherwise, they should be “there”—i.e., present and engaged—and observant. Some cultural problems are readily observable, such as an employee who treats customers or other employees rudely (sometimes even during a board meeting!), and a director who observes this should take note. Of course, this is more easily done for certain types of companies, such as those engaged in retail operations and other consumer-facing businesses, but it can also be done during plant visits or other company functions.
  • Boards should also consider how internal audit departments, as the third line of defense often reporting directly to the audit committee and administratively to management, can be effectively used to provide assurance assistance on culture and risk mitigation strategies.
  • Technology: Directors should consider becoming conversant with the web and social media to track perceptions of their companies and their cultures. Using a search engine or following the company on a social media platform can reveal significant information about how the company is viewed by its employees and other stakeholders and valuable insights into its culture. There are also more sophisticated risk sensing tools available in the marketplace that should be considered by management as an ongoing technique to maintain awareness of external sentiment and organization brand and reputation that can certainly also impact and inform company culture.
  • Board diligence: Perhaps the most important tool is “simple” diligence. As noted above, culture risk is only part of a company’s risk profile. Accordingly, the board may want to address culture risk on a regular, periodic basis, as part of its general risk oversight process. Among other things, the board can perform diligence on assertions made by management on culture and seek validated data using traditional tools such as talent survey results, ethics and compliance data, as well as more sophisticated tools such as conduct monitoring, insider threat assessments, and behavior analytics.

How can a positive culture be reinforced?

One of the biggest challenges boards face in culture and other intangible areas is how to reinforce behaviors that strengthen a company’s culture and/or penalize behaviors that weaken its culture.

First, it is important that a company’s policies—and their enforcement—align with its culture. The failure to enforce a company policy effectively or consistently sends a strong signal to others that the policy does not matter, thereby encouraging continued, and possibly greater, violations. Moreover, from a liability standpoint, not enforcing a policy may be worse than not having a policy in the first place. [2]

Second, companies are increasingly seeking ways to reinforce good behaviors (and/or penalize bad ones) through compensation. This can be challenging, particularly for senior management, in an era when “pay-for-performance” can lead to rigid adherence to metrics and formulas and a reluctance to use discretion to reward or punish behavior. However, there are indications that some companies have begun to develop metrics by which to compensate individuals for cultural actions. And the tax legislation enacted in 2017 may ultimately provide companies with additional flexibility in this area. [3] Accordingly, the board or the committee with responsibility for culture risk oversight should consider coordinating with the compensation committee.

Management succession can also be an effective way to reward behaviors that support or reinforce a strong corporate culture.

Last, strong corporate communications with consistent messaging at all levels can affect internal and external perceptions of a company’s culture.

Tone at the top—i.e., the board itself

In overseeing culture risk, directors should bear in mind that their behavior—i.e., the culture of the board itself—is part of the “tone at the top” and that the board needs to conduct itself accordingly. For example, during meetings, do the directors behave in a collegial, courteous and respectful manner towards each other and towards members of management who are present? Do the directors convey that they have carefully and thoughtfully read the pre-reads that employees frequently spend great amounts of time preparing? When they visit the company’s headquarters and other facilities, do they demonstrate genuine interest in what they see, or do they convey the impression that they are just going through the motions? Directors should understand that their behavior is very visible and that employees who interact with them may take their cultural cues from the board.


A strong, positive corporate culture is a key asset and can yield many significant benefits, while a weak or broken culture erodes that asset and creates serious risks to brand and reputation—and even to the entire enterprise. Directors’ responsibilities with regard to risk oversight extend to culture risk, and boards are encouraged to execute this responsibility early and often.


1NACD 2017 Blue Ribbon Commission Report, “Culture as a Corporate Asset”.(go back)

2 back)

3 (go back)

Both comments and trackbacks are currently closed.