For a corporate director, developing and maintaining expertise in cybersecurity can be a challenge. A new book just published by Symantec Canada, Canadian Cyber Security 2018, will help. Eight renown Canadian CISO share their perspectives on a variety of risks encounteredRead More
The impact of accelerating changes on the role of the board has been on my mind for quite some time. I wrote an article on this topic in early 2016. Many changes today are occurring at an increasing pace in markets and industries, caused by the digital economyRead More
The topic of cybersecurity is coming up more and more frequently in my discussions with other fellow corporate directors. It is an indication of the increased concerns with regards to cyber-risk, and of the realisation that directors must play a more active role in cybersecurity oversight. With the growth of damaging cyber incidents, corporate directors understand it is not enough to rely on internal corporate expertise and that they themselves must be better prepared to ask the right questions, be able to understand and to challenge the answers they get on cyber-risks, and contribute significantly to improve its oversight.Read More
A friend giving a talk on digital transformation and digital cities asked me recently if I had any statistics on how many corporate boards understand the importance of having specific technology experts as board members. My first reaction was to think that this demand would be very easy to answer. I assumed there would be plenty of statistics on this topic, since new technologies are having a critical strategic impact on so many companies.
To my surprise, I could not find much data on this topic. The only relevantRead More
According to Webster, a simple definition of the word disruption is “to cause to be unable to continue in the normal way; to interrupt the normal progress or activity of”. By definition then, the board, which is responsible for the continuity of the organisation, is directly concerned by disruptions. This is even more true now that disruptions are accelerating and are happening in all areas of business. They are hitting more companies, changing the status quo, and requiring boards to modify modus operandi to be better equipped to act and react. Technology, cybersecurity and human resources are three primary sources of disruptions that require immediate attention from corporate directors because they directly impact business strategies and company growth.Read More
I have been asked recently on four different occasions for practical advice on how to handle conflicts of interest, by corporate directors that had followed governance courses. Although directors understand the theory behind conflicts of interest, when faced with an actual potential conflicting situation, they are still looking for practical advice on how to act.
One situation related to me is that of a corporate director on the board of a mid-size private company. His expertize is in production optimisation and ERP implementation and he feels his greatest contribution to the board is on this topic. He recently accepted a consulting mandate for a firm selling ERP and implementation services. The board he sits on has decided to embark on a process to choose a new ERP. He views this as a potential conflict of interest, since the firm he consults for could participate on the ERP bid processRead More
Cyber security makes headlines regularly as more and more large companies have become the targets of cyber attacks. In a recent BDO survey, twice as many public companies disclosed having experienced a cyber related security breach in 2014-2015 compared to 22% in the previous two years. Gartner reports that 60% of the companies that lost data are out of business five years later. And thus, at last, boards are becoming more involved in cyber security with 87% of directors confirming that they are briefed at least once a year on this topic. As board become more mature in understanding cyber risk, they will be compelled to get involved in cyber mitigation to ensure comprehensive mitigation plans are in place. This post will explore two emerging key mitigation measures that boards should both be aware of, and be preparing to implement: cyber resiliency and cyber liability insurance.Read More
Many member-based organisations choose to nominate their board of directors through an election. As the organisation matures, renewing the board nomination process becomes important to ensure board alignment with evolving corporate objectives. I was recently involved in board elections with three very different organisations. I was president of the election for Cercle des ASC, a member-based organisation that regroups certified corporate directors from the College des ASC. My name was on the ballot of CIRA, the Canadian organisation that manages .ca domain. Finally, a friend of mine was a candidate in the elections to the board of Fonds FTQ, a worker-based development investment fund managing $11.1 billion. Based on my experiences with these very different organisations, in both size and mandate, here are six governance aspects to consider when reviewing your board election process.Read More
The Internet of things, or IoT, is about to hit a tipping point. According to Gartner, 4.9 billion connected things will be in use in 2015, up 30% from 2014, and that number will reach 25 billion by 2020.
Just what is the IoT? Does it matter and as a corporate director, should you care?
The Internet of Things is merely the expression used to signify that now not only people can be connected to the internet but “things”, autonomous devices with intelligent sensors, can also be connected. These objects are able to send subsets of relevant data about the “things” to which they are connected and this data is used by companies to offer new products or services to consumers. Some examples include Fitbit, which collects exercise training data, and Nest, which collects home energy data. IoT is also being applied to industrial technology, as in microchips on the Siemens production floor. For a corporate directors, what is really important to understand is not the technology side of IoT, but the new business models it enables. These business models leverage data from objects and consumers and uses cloud computing to offer products and services that change the playing field of traditional companies. Think about what information technology did to traditional businesses by creating a new digital economy, new markets and new industries. IoT will have that same impact on current businesses, possibly on an even larger scale.
I had the pleasure of speaking at a Women Get on Board event in June on the topic of networking. This got me thinking about how and why I network as a corporate director, and wondering if networking is actually a director’s duty.
As an introduction to the panel, I gave the audience the advice that you not only have to dress for success for your next job now, but you have to start building the network for your next board position today. If you agree with that statement, the next logical step is to think about those directors currently sitting on large private or public company boards that are at the top of their game. Maybe they do not need to network as much since they are not actively seeking a board position or they know their reputation will be enough to attract interesting offers. Perhaps they mostly network with people like themselves. Those assumptions are wrong and I hope no director makes them. It is the duty of all directors to actively network with different types of people to meet oversight responsibilities. This is why:Read More
I’ve written about various aspects of risk including technology, strategy and reputation. And there is a personal aspect to risk management that I find myself continuously facing. As a mother, I tried to apply risk management principles to raising my adolescent children. I found myself trying to talk with them about the difference between controllable and uncontrollable risks. For example, I explained that wearing flip flops to take a public shower while attending the provincial basketball championship is a controllable risk, a choice that can be made. The fact that a door opens resulting in your toenail being ripped out since you had bare feet in the shower is an uncontrollable risk. (My daughter had chosen not to wear flip flops and missed the final game).
Controllable and uncontrollable risks are the heart of risk management. It is important to recognize the role not only of processes, but of people in controlling risks. People are a source of risk found in all business areas, but People Risk is a controllable risk and as a corporate director you can participate in mitigating that risk.Read More
Though cybersecurity can seem impregnable to many corporate directors because of the lingo and the technology slant put on discussions, like everything else it often boils down to good management practices, regular risk assessment and oversight leadership by the board.
A recent talk by PWC, given at a governance short course I attended, exemplified this fact. It highlighted the top 10 mistakes found in companies that were victims of cyber criminals. When I analysed the source of those errors from a board risk oversight perspective, I concluded that there are two initiatives that a board can take to have safer cyber environments: making certain that IT is not working in silos on cybersecurity and ensuring that the right procedures are in place and respected to mitigate risks.Read More
It is interesting to note in this top risk review publication that the top risks identified vary based on the role of the individual inside an organisation. CEO see more macro-economic risks, CFO see more operational risks and CRO see more operational and macro-economic risks. To get a good picture of the key risks in a company, you must understand all aspects of the business. Each of the individuals discussed look at the business based in their own responsibilities, the CEO looking outside, the CFO looking inside and the CRO seeing a bit both. The role of the board in these circumstances is to break the silos and ensure that all perspectives are incorporated in the risk evaluation exercise, including the perspective of mid-level management. The board will make certain all inputs are distilled into a shared universe of key risks and actionable mitigation plans. It will also ensure that executing those plans remains a priority amongst all the other operational tasks to be performed by the different business units.
To comment, go to LinkedIn - published April 10, 2015
It is interesting how sometimes business imitates life. In life, opposites often go together, pleasure and pain, love and hate. It’s the same in business as nothing is more evident than how opportunity goes with risk.
Risk and opportunity are two sides of the same coin. Great boards of directors will be able to manage both sides. If boards are motivated to define their risk appetite, they should also focus on their opportunity appetite, thus ensuring to always have both perspectives to guide their strategic decisions.Read More
Attending technology innovation and start-up events is always a great opportunity to stay abreast of what is coming up in technology, new products and ideas. As a corporate director, it is one of the ways I use to stay informed about the industry. I always leave these events with enthusiasm about the state of entrepreneurship in Canada having witnessed the passion of these individuals in starting technology-related businesses. It’s exciting to witness founders plunging into a start-up without all the answers.Read More