I recently moderated an address by Andrew Fastow, the former CFO of Enron, and followed up by delivering a keynote on the role of the board in ethics, tying in aspects of Mr. Fastow’s speech. What follows—10 ways that boards should oversee ethics—is based on that keynote and also draws on my work with boards on ethics oversight.
1. Ask the right questions. Good questions for boards to ask of management when faced with an ethically problematic action, are: (i) How will this action impact our reputation? (ii) How will it impact us over the long term? (iii) What are its aggregate effects? (iv) How will objective parties view it? (v) Does this action meet the principle or spirit of applicable guidelines and rules? and (vi) Are we doing the right thing?
2. Have a line of sight over ethics, integrity, reputation and culture. Behavioural and integrity controls must go far enough and should be independently audited. Good companies are measuring and assuring reputation, integrity and risk culture for boards. It is important that this assurance reach the board unfunneled by reporting management.
3. Use executive sessions, questions and information as your leverage touchpoints. Have the authority in your board and committee charters to obtain any information, to interview any personnel, and to obtain any outside assistance that you need to in order to fulfill your duties. Meet directly with auditors, consultants, the risk function and the compliance function, including without any manager in the room. Only then will you hear what others hear.
4. Make sure your lawyer is independent. The person drafting the above charters should not be the general counsel or the external counsel who works for management. Neither of these parties is independent. Just like auditors and compensation consultants must be independent, so should the board’s counsel.
5. Address whistleblowing defects. If the point of contact for a whistleblowing program is any manager, the policy is defective. The point of contact must be an independent person or party who reports directly to the audit committee. Only then will anonymity be preserved and the channel be fully used.
6. Pay for conduct and performance. Pay drives behaviour, including ethics. Many pay committees underutilize their executive pay toolbox and control over management. If risk management or the Code of Conduct is breached, executive pay should not vest and be clawed back if it has vested.
7. Oversee the oversight functions. Your eyes and ears in the company are internal audit, risk and compliance. These functions must now have reporting channels right into the boardroom. Just as in the early 2000s when the audit committee began to hire, fire and pay the external auditor, now the audit and other committees and the board hire, fire and pay risk, compliance and internal audit.
8. Speak up and recruit a board challenger. When directors and chairs are chosen on the basis of preexisting relationships, these directors will not speak up or ask tough questions, as they are owned by their extra-boardroom relationships. Recruit directors who have no pre-existing relationship to any other director or manager. This includes female directors.
9. Recruit independent, competent directors with courage. There are directors on boards who are well out of their depth, know little about the actual business and cannot or will not challenge because they are captured. Only when a director is truly independent and competent can that director then challenge.
10. Set the ethical tone at the top. It is the board, not just management, which sets tone. Boards are fond of explaining unethical conduct by saying “we missed it.” Yet if boards and management teams are truly honest, they know they should not have missed it and that the actions were those of an employee operating within the culture that was accepted.
Richard Leblanc is an associate professor, governance, law & ethics, at York University’s Faculty of Liberal Arts and Professional Studies and a member of the Ontario Bar. E-mail: firstname.lastname@example.org.