Professional Documents
Culture Documents
Professor David F. Larcker Corporate Governance Research Program Stanford Graduate School of Business
Copyright 2011 by David F. Larcker and Brian Tayan. All rights reserved. For permissions, contact: corpgovernance@gsb.stanford.edu.
Define the corporate strategy. Develop and test business model. Identify key performance indicators. Identify and develop processes to mitigate risk.
Board does not perform these tasks (management does). Board evaluates and tests the work of management to ensure that it appropriately builds and protects shareholder value.
Proposes
Reviews
Develops
Tests
Identifies
Monitors
Identifies
Reviews
Corporate Strategy
Identify the organizations overarching mission. Identify the process by which the company expects to create long-term value. - Scope: The activities the firm will participate in. - Markets: The markets it will participate in. - Advantage: The advantages that ensure it can compete. - Resources: The resources required to compete. - Environment: Market factors that influence competition. - Stakeholders: Internal/external constituents that influence firms activities.
Business Model
Develop a causal business model that explains how the corporate strategy translates into shareholder value. A business model links specific financial and nonfinancial measures in a logical chain to delineate how the firms activities create value. The business model lays out a concrete plans that can be tested through statistical analysis. It then provides the long-term basis for measuring management performance and awarding compensation.
Responsiveness
Trustworthiness
+ +
Knowledge
Nonfinancial KPIs Customer Satisfaction (8%) Service/Quality (6%) Strategic Goals (6%) Safety (3%) Employee Satisfaction (2%)
There does not appear to be a good reason. - 59% say that the company has undeveloped tools for analyzing such measures. If true, this is a serious lapse in oversight by boards.
Deloitte (2004, 2007). Sample includes 250 directors and executives at large international corporations. Stanford Graduate School of Business, Corporate Governance Research Program, http://www.gsb.stanford.edu/cgrp
Risk Management
Risk management is the process by which a company evaluates and reduces its risk exposure. COSO framework on risk management:
1. 2. 3. 4. 5. 6. 7. 8.
Internal Environment: Philosophy toward risk. Objective Setting: Evaluate strategy in this context. Event Identification: Examine risks of each opportunity. Risk Assessment: Determine likelihood/severity of each. Risk Response: Identify actions to deal with each. Control Activities: Policies to support each response. Communication: Create information system to track. Monitoring: Review data from system and take action.
Committee of Sponsoring Organizations (1990). Stanford Graduate School of Business, Corporate Governance Research Program, http://www.gsb.stanford.edu/cgrp
The board determines the risk tolerance of the company, in consultation with management, shareholders, stakeholders. The board evaluates the companys strategy and business model in the context of the firms risk tolerance. The board ensures the company is committed to operating at an appropriate risk level. It relies on risk KPIs to help make this assessment. The board should satisfy itself that management has developed necessary internal controls and that procedures remain effective.
2.
3.
4.
Risk management might be delegated to the audit or risk committee, but it is likely best handled by the full board.
The Conference Board(2007); AICPA (2010); The Economist (2009) Stanford Graduate School of Business, Corporate Governance Research Program, http://www.gsb.stanford.edu/cgrp
Bibliography
OECD. Principles of Corporate Governance. 2004. Available at: http://www.oecd.org/dataoecd/32/18/31557724.pdf. The Higgs Report on Non-Executive Directors: Summary Recommendations. 2003. Available at: http://www.dechert.com/library/Summary%20of%20Recommendations1.pdf. NACD. Public Company Governance Survey. 2009. Deloitte. In the Dark: What Boards and Executives Dont Know about the Health of Their Businesses. 2004. Available at: http://www.deloitte.com/assets/DcomNewZealand/Local%20Assets/Documents/In%20the%20dark(4).pdf. Committee of Sponsoring Organizations. 1990. Available at: http://www.coso.org. The Conference Board. Risky Business: Is Enterprise Risk Management Losing Ground? 2007. Available at: http://www.conference-board.org/. AICPA cited it: Alix Stuart. Theyll Take Their Changes: Many Companies Have No Intention of Adopting Enterprise Risk Management. 2010. CFO.com. Available at: http://www.cfo.com/article.cfm/14524925/c_14524808. Beyond Box-Ticking: A New Era for Risk Governance. 2009. The Economist. Available at: http://www.kpmg.com/LU/en/IssuesAndInsights/Articlespublications/Documents/Beyondbox-ticking.pdf.