BDO in the Boardroom

Key Takeaways:As with any insurance, directors and officers need to have a clear understanding of the purpose of D&O insurance and what it is designed to cover and what is not included – e.g., deliberate fraud, criminal acts, and uninsurable fines and penalties as well as other exclusions or limitations including thresholds for triggering coverage.The velocity, volatility, and interconnectedness of risk evolves over time even though D&O policies are typically written for one year terms. Does your company have a framework for evaluating risk, risk tolerance, and risk mitigation in the longer term?It’s not uncommon for companies –particularly when in an early stage - to make concessions on the amount or scope of coverage in order to manage pricing. But it’s important that those decisions are anchored in an awareness of the external and internal risk landscape, and contemplate future strategic and financial objectives for the company. Traditionally, most securities class actions involve financial misrepresentations, but boards should be aware that in the past several years there has seen a significant increase in ‘event driven’ securities litigation. These claims can often be classified as “ESG-related events” given the broadness of the category.

Key Takeaways: Shareholder proposal trends to anticipate continuing into 2023: Increasing shareholder proposals – made easier by prior years’ SEC regulations allowing more access for shareholders Certain commitments made by companies in previous periods (e.g., racial equity audits, DEI and other social aspects) likely to be scrutinized by shareholders, reflective of societal concernsIndividual directors expected to be held accountable on a variety of issues (e.g., lack of movement on commitments made previously, over boarding of directors, etc.) through ‘no’ votes for re-election Prepare your investor engagement strategy on a “clear day” (advanced warning system before issues arise), based on stage and profile of company, to take in information from investors to inform the strategyEstablishing a robust board evaluation and refreshment process will allow companies to both satisfy changing needs of the company AND more easily “comply with or explain” via increasing disclosure expectations for how board composition is determined and why this composition makes sense for the company.Beware of ESG “fatigue” - Don’t allow yourself to get side-tracked by confusion over timing/content of regulatory direction. Boards need to look critically at, and articulate, the material ESG factors impacting their companies and how these are managed with respect to ERM and strategy.

Key Takeaways:Data protection, which encompasses data governance, data privacy and cybersecurity, should be considered as part of the board’s oversight of risk and strategyThe board’s responsibilities related to data protection include identifying director(s) or advisor(s) with the appropriate skills and experience, stating explicit accountability within the board, keeping management accountable and ensuring compliance with laws and regulations. Board best practices in their oversight of data protection include good data governance hygiene, frequent and robust communications, expertise, and continuing education. Resources:The Board’s Role in Data Protection (practice aid)Board Oversight of Cybersecurity (publication and resources)BDO Digital 2022 Cybersecurity Month ResourcesBDO Digital Governance, Risk & Compliance

Key TakeawaysFlexibility is dynamic way of operating business across workplaces, spaces and time with strategic coordinated intention to achieve high levels of performance and engagement.Lead with the what (not the where): Flexibility is about organizing around the work itself and how, when and where it happens best, no longer around the workplace.Boards and management teams, who have already instilled strong core values and a culture of innovation, experience fewer challenges in executing flexibility strategies.Not simply a human resource policy: A flexibility strategy requires the mind shift from “I” to “we” – requiring a framework that includes full leadership buy-in, organization-wide training, communication and the permission to experiment and innovate.

Key Takeaways:Each change to a business represents new strategic opportunities, but those changes also present new potential risk of and to the corporate strategy. Boards need to understand how the executive team approaches risk informed decision making to assess effectiveness. Streamlining and optimizing risk management require proper structure, process, and timing of risk assessment and mitigation activities and programs (e.g., insurance, internal audit, product recall, business continuity, cybersecurity, etc.) Corporate culture should include enterprise-wide risk awareness to consistently identify and address emerging and rapidly evolving risks (e.g., COVID, Russia, etc.). Macroeconomic trends in risk management should be part of regular dialogue with the executive team and include consideration of bringing in leading experts to educate and advise in particular areas of risk.Directors should challenge organizations to make appropriate investments in risk management while building incentives for managing rapidly evolving risks.

Key Takeaways:Audit committees can ensure smooth ICFR implementation by encouraging early planning, helping secure adequate resources, being familiar with management’s process to identify risks and management’s processes and controls in place to manage those risks.Boards should be particularly focused on controls addressing areas of the business that are inherently higher risk.IT systems are critical and thorough evaluations of the IT environment and the IT general controls should be done early to avoid the late detection of control flaws over systems and relevant data that may have pervasive impacts on the effectiveness of the entire internal control environment.Depending on the severity of any deficiencies, the board should understand the root cause of the deficiency and what management’s plans are to remediate; and further, hold management accountable to their remediation plans.Board should ensure that the control environment is continually reviewed and that management takes into account, among other things, changes in risks, policies and procedures that may require enhancements to the controls environment.

Key Takeaways:Today’s organizations are being called to contribute positively as part of the greater ecosystem, which is compelling directors to embrace the role of change catalysts and “intraprenuers.”People, as our greatest assets, need board directors to oversee the creation of work environments that value employees to allow them to ‘bring their whole selves to work.”Assembling a board composition strategy today needs to begin with a robust review of the skills matrix to ensure attributes such as curiosity, digital savviness and enterprise risk management, among others, are part of the consideration of current and future directors.

Join BDO's Center for Corporate Governance Amy Rojik as she and her colleague Todd Simmens, National Managing Partner of Tax Risk Management, to discuss how the board’s oversight of corporate strategy and risk management would be remiss without an understanding and consideration of evolving global and domestic tax regulations anticipated to significantly impact decision-making at the board level. Key Takeaways:Companies are advised to continue to remain abreast of legislative activity to inform on-going scenario planning, inclusive of the tax department and appropriate advisors. Tax implications need to be considered early on in contemplation of transactions as well as operational decisions and human resource matters.Expectations for a robust tax bill in 2022 under the Biden Administration’s ‘Build Back Better’ plans may have lost sight of the power that individual members of the House and Senate can have.Mid-term U.S. political elections may put some of the more contentious progressive tax increases being considered on the back burner.With regard to Biden’s budget (aka the Green Book): As a reminder, certain of the Jobs Act provisions expire in 2025/2026; other provisions are permanent (e.g. Corporate Tax Rate increase from 21% to 28%, individual rates and capital gains as well as international regulations and policy changes such as the replacement of BEATS and onshoring of taxes) and would require legislation to enact tax changes.Internationally, companies are advised to be in tune to the OECD’s agendaThe IRS continues to experience operational challenges including staffing issues, processing, refund delays and extended communication response times. Filers are advised to communicate with the IRS using certified mail or other form to demonstrate proof on communications. It is the responsibility of board of directors to be very aware of what tax professionals have to say about what is going on at the business level. Resources:2022 BDO Tax Outlook Survey

Join BDO's Center for Corporate Governance Amy Rojik as she and her colleague Mike Stiglianese, who serves as the Managing Director in BDO Consulting’s Technology Advisory Services Practice, discuss the SEC’s recently proposed rules on cybersecurity risk management, strategy, governance and incident disclosure and the impacts and considerations these rules may have on those charged with governance. Key Takeaways:The SEC proposed cybersecurity disclosure rules are intended to formalize currently expected disclosures around aspects of cybersecurity that are useful to investorsThe board will be required to provide disclosure about the cyber expertise that exists within the organization’s governance structureCybersecurity should be thought of and treated as necessary risk management processes and proceduresCyber incident response plans need to be planned in advanced, involve key stakeholders, be well thought out and practiced and be adjusted continually to reflect the changing risk landscapeDocumentation by the organization of the cyber risk management program is critical – including the identification, protection and disposal of data – along with testing of the programProcess and metrics shared with the board needs to be at the right level – By analogy: The audit committee wants to see the financial statements not the general ledger…Resources:SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Join BDO's Center for Corporate Governance Amy Rojik as she and her colleague Dan Fuller, Managing Partner Tax ESG Strategy and Services Leader, discuss opportunities to align the board’s oversight of ESG strategy with taxation considerations to be truly impactful in corporate decisions-making in this evolving area. Key Takeaways:Where is the “T” in ESG? – Given that the majority of business transactions, including those involving ESG factors, have related tax impacts to consider, tax directors want to be included in the company’s evolving discussions around ESG and can be highly valuable to the board.For those companies outlining or updating their integration of tax into their ESG journey, three critical steps need to occur:Outline your approach to tax by defining regulatory compliance and interaction with tax authoritiesEstablish a robust tax governance, control and risk management framework to support the company’s sustainability strategyQuantify and provide qualitative context around an organization’s total tax liability to meet demand for transparencyFrom a governance and risk management lens, proper tax governance can ensure that there is appropriate oversight over an organization’s tax strategy and decisions, ensuring they align with overarching business objectives and stakeholder communications around tax reporting.Leverage the BDO ESG Tax Cipher to strengthen risk awareness, improve decision-making on risk mitigation, and increase transparency, accountability and strategy.Tax strategy can often be a “solution” in the ESG space – through credits, mitigation strategies, etc.Resources:Navigating the Intersection of Tax & ESGBDO Center of Excellence