Does the notion of collective board responsibility place an impossible burden on those it involves?
Members of BP’s, Shell’s and Statoil’s boards, Google’s and the boards of nine FTSE companies alleged by Action Aid as illegally failing to disclose their ownership of “almost 150 offshore subsidiaries based in tax havens” might be wondering how effectively they carried out their duties.
Could they have prevented the embarrassing situations that their companies now find themselves in? What should their actions now be to mitigate corporate trauma?
Classic risk management teaches that boards should establish their risk appetite and tolerance and ensure the board has adequate oversight of risk.
But what if the board, or its non-executives, is simply not aware of critical company actions? What if, despite the best skills and efforts, information regarding questionable corporate activities never reaches the board?
It seems likely from the examples above that many boards simply do not understand fully the environment in which they operate. Information asymmetry can be a real problem. So are unknown knowns.
Assuming that problems will be prevented by the risk management team is simply not adequate. Senior risk professionals now openly discuss the warning signs, “that the risk management profession itself is in danger of being computerised”. And they can’t be expected to seek out risks that have their origins with the boss: they don’t want to be out of a job. Board performance evaluation, as it currently stands, also appears not to address such problems.
If Boards are to exercise control, and so be able to take collective responsibility they need new tools, a new lexicon and, probably, a fresh approach, otherwise this is indeed an impossible load. If they don’t they may find themselves hanging together.