Enterprise Risk Management, Board Governance and the Art of Cleaning Dirty Dishes

Old habits sometimes die hard. In my husband's case, he insists on soaking the dishes before putting them into the dishwasher. I prefer to scrub them with a sponge, rinse and put them aside until the current load is finished, the machine is emptied and there is room to add the next set. After twenty-two years of otherwise marital bliss, you would think that we would have the whole kitchen clean-up dance choreographed and down to a science. Yet, here we are on a Sunday night, talking about the best way to clean the dishes...again. The good news is that we have squeaky clean dishes. The less than good news is that it would be better in my view to discuss the issue thoroughly, agree on a process and then allocate work accordingly instead of each of us spending time on a basic task that should be easy enough to master without repeatedly going over the same thing.

Now if talking about cleaning dishes is the extent of disagreement in any relationship (marriage or otherwise), life is good. It does get you thinking however about interpersonal dynamics, leadership and how to accomplish a goal, especially when things are more complicated.

Managing enterprise risk management ("ERM") is a good example of a task that requires care and coordination and is arguably more complex than pulling out a scrub brush. According to a recent McKinsey & Company survey about improving board governance, others concur. In their August 2013 write-up of results, authors Chinta Bhagat, Martin Hirt and Conor Kehoe write that "...most boards need to devote more attention to risk than they currently do. One way to get started is by embedding structured risk discussions into management processes throughout the organization."

In "Risk Management and the Board of Directors" by Martin Lipton et al (Bank and Corporate Governance Law Reporter, February 2011), the role of oversight is distinguished from "day-to-day" risk management. The authors write "Through its oversight role, the board can send a message to the company's management and employees that comprehensive risk management is neither an impediment to the conduct of business nor a mere supplement to a firm's overall compliance program, but is instead an integral component of the firm's corporate strategy, culture and business operations."

According to a 2009 publication entitled "Effective Enterprise Risk Oversight: The Role of the Board of Directors" by the Committee of Sponsoring Organizations of the Treadway Commission ("COSO"), board oversight entails several important actions. These include the following:

  • Comprehend an organization's philosophy about risk and "concur with the entity's risk appetite," otherwise defined as its risk tolerance for alternative ways to create shareholder wealth;
  • Assess whether management has put effective risk management processes in place in order to identify, measure and manage key sources of uncertainty;
  • Regularly carry out a study of an organization's portfolio of risks in the context of stated risk tolerance goals; and
  • Evaluate whether management is "responding appropriately" to factors that could seriously erode enterprise value.

Hopefully, readers agree that the topic of risk management oversight should be important to pension plans and other types of institutional investors that invest in companies directly or by purchasing corporate stocks and bonds. Looking askance or ignoring the topic altogether is ill-advised.

In a recent conference call about vendor selection for a relatively large ERISA plan, I was surprised when one of the callers admitted to not having yet vetted the risk management controls in place for a candidate service provider. Worse yet, he thought doing so was a bad idea since "the numbers spoke for themselves."

Certainly insurance underwriters are taking a further look at their exposure. Professors David Pooser and Kathleen McCullough, on behalf of the Professional Liability Underwriting Society ("PLUS") Foundation, explain that more attention is being paid to the oversight role of directors in the aftermath of recent financial crises. In "How is Enterprise Risk Management Affecting the Directors' and Officers' Liability Exposure?" (September 1, 2013), they write that "Better governance control through ERM should make a firm a more appealing risk for D&O insurers to write. ERM becomes especially important if it signals that the corporation is less risky and better controlled than others, and therefore may be a useful tool to D&O insurers, regulators, and other monitors."

Understanding Directors and Officers ("D&O") oversight of a firm's enterprise risk management activities is not exactly the same thing as settling on how best to get the dishes clean. However, both activities are important, require that collaborative discussions take place and actions ensue.

Governance of Venture Capital Fund(s)

On March 1, 2010, Dr. Susan Mangiero, CEO of Investment Governance, Inc. sat down to talk to financial and strategy expert, Mr. Pascal Levensohn. In this fifth question of ten, read what this Investment Governance, Inc. Advisory Board member has to say about how venture capital firms govern themselves. Click here to read Mr. Levensohn's impressive bio.

SUSAN: How are venture capital ("VC") funds governed differently from the governance standards they apply to their portfolio companies?

PASCAL: This is a very important question. It starts with recognizing that VC funds, as partnerships, are governed quite differently from their portfolio companies which are typically set up as corporations. The VC fund may have one managing partner that sets the tone and controls the entire firm or it may have a collegial distribution of governance among several senior partners.  The best way to understand how a VC fund is governed begins with an analysis of the fund’s investment committee, its deal due diligence process, and the specific allocation of the fund’s investment capital among the individual partners.  An important question to ask is whether the partners evaluate themselves and each other on an annual basis, if at all. You might be surprised to learn that many VC funds lack an internal feedback loop, that the partners may not communicate openly among each other, and that the partners themselves may lack a formal measure of accountability among each other, even though the economics are laid out formally in the management company agreement.

Turning to portfolio companies, the board of directors is responsible for the governance of the company, and here we have a very interesting dynamic which often leads to board dysfunction. The VC directors have inherent conflicts of interest as representatives of their funds and as fiduciaries who must act in the best interests of all of the shareholders.  In addition there is a major tension and conflict between the management team and the VC directors. The management wants more share ownership. The common equity is at the bottom of the seniority stack behind the various series of preferred equity rounds. The VCs want capital efficiency, which means they want management to do more with less. Compounding the complexity is the fact that most VC-backed companies replace their CEOs twice between the founding and the liquidity event. So you can imagine that the VC boardroom governance equation is very complex and rife with opportunities for problems.