We have seen a long dry spell that included 2008 with just 43 IPOs and a first quarter 2009 that saw a single offering. 2010 is poised for a possible recovery with 53 companies that entered registration in 4th quarter 2009, the most new registrants in two years. (data gleaned from Ernst & Young’s latest IPO pipeline report) Technology claims the largest number of new registrants but the group as a whole cuts through all sectors. Average fund raising target is $190 million. but 24 of the new registrants are smaller companies seeking to raise less than $100 million.

I gave my first directors and officers (D&O) liability insurance presentation to a board of directors in 1996. The CFO of this publicly traded company asked me to discuss the highlights of its recently renewed D&O insurance program. The presentation lasted less than five minutes—and not one question was asked by any of the board members present. In fact, most of them were engaged in other conversations that they must have deemed more important or more interesting than insurance. My presentation was a mere formality: the board essentially rubber-stamped the CFO’s insurance
decisions.

Since then, a board’s involvement in insurance decisions, like D&O coverage, has changed dramatically. Now our firm presents to its client public company boards and audit committees at least once a year. Board members are no longer passive and disinterested when it comes to insurance. Instead, most are well informed about the liabilities directors face and want to fully vet their D&O insurance protection—specifically its structure, limits and scope of coverage. Questions often arise about insurance carrier solvency, the importance of differences in conditions A-side coverage, appropriate coverage limits and the terms and conditions of the policy. A decade ago, CFOs generally made all these decisions; in today’s ever-litigious corporate environment, many executives now defer these important decisions to their entire boards for input and formal approval before finalizing major insurance placements.

Risky business

Boards are also becoming more engaged in risk management, specifically enterprise risk management (ERM). Traditional risk management identifies exposures to loss, examines various techniques to address the risk and then selects the most appropriate techniques to control it. Note that risk management focuses only on accidental losses, not all losses. A key technique used in risk management is insurance or risk transfer; however, insurance is only one facet of risk management. It’s been suggested that the paradox of insurance is that it is a good first and last response to managing risk, but is not always the most appropriate response. There are other important risk management tools, such as risk avoidance, self insurance, loss prevention, loss control, contractual risk transfer and alternative forms of risk financing.

All-encompassing risk

In contrast, enterprise risk management deals with all aspects of an organization’s risk, not just accidental loss. The Risk and Insurance Management Society defines ERM as “a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.” The Committee of Sponsoring Organizations of the Treadway Commission defines ERM as a “process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Both definitions are mouthfuls, but the point is that ERM is all-encompassing and comprises the spectrum of organizational risk. Note the key takeaway that ERM is a process “effected by an entity’s board of directors.” Since the recent financial and economic meltdown, the board’s involvement in ERM has grown significantly. Boards are expected to more effectively identify and assess risks across the organization, driven in large part by anxious shareholders and other stakeholders who want to ensure that both the balance sheet and shareholder value is properly protected. As such, the board’s role in ERM is one of the hottest topics in corporate governance.

Proposed rules

In July 2009, the Securities and Exchange Commission (SEC) took these responsibilities even further by proposing new disclosure rules regarding board oversight of ERM, which could impact how boards approach and manage risk in the future. The proposed amendments include newly mandated disclosures on the boards’ increasing involvement with ERM. If you thought directors of a public company had a tough enough job fulfilling traditional fiduciary and stewardship duties, imagine how those directors must feel knowing they could be held responsible for not accurately identifying and assessing all entity risks and for not properly planning a response for each one. If the SEC proposal passes, Christmas will come early and often to the plaintiff’s bar.

More responsibility?

The process of identifying and managing traditional and known risks is certainly doable for directors. But should they also be held accountable for the highly improbable “Black Swan”? According to Black Swan author Nassim Nicholas Taleb, “a Black Swan is a highly improbable event with three principal characteristics: It is unpredictable; it carries a massive impact; and, after the fact, we concoct an explanation that makes it appear less random, and more predictable, than it was.” He considers 9/11 the prime example of this phenomenon. Think about being responsible for identifying something that is unpredictable, something that has a huge negative impact, and after the fact, experts assert that you should have predicted it. That is one tough exercise for anyone. Boards need to be well equipped to deal with these increasing responsibilities, relying heavily on outside professional service providers to guide them through the labyrinth that is ERM. Whether or not the proposed SEC risk management oversight rules are enacted, ERM will become a recurring theme in boardrooms across America. In fact, it just moved to the top of the agenda.

by Spence Hoole

- Diversified Insurance Group was a title sponsor of the Summit 2009 Director & Officer Conference –

SALT LAKE CITY – December 11, 2009 –

“Requirements for today’s corporate directors and officers are evolving more quickly than ever before,” said David W. Steuber, partner in Howrey LLP, Los Angeles, Calif. Steuber joined a capacity group of more than 140 leading executives who participated in the 9th Annual Summit Conference for Directors and Officers (www.summitconf.org) at Stein Eriksen Lodge in Park City, Utah last week. SageCreek Partners, Ernst & Young and Diversified Insurance, along with several additional business support organizations, co-hosted the event.

“The Summit Conference is an event that is well worth attending,” Steuber continued.”It is a practical program for the director and officer who is serious about understanding cutting edge corporate governance issues and implementing measures designed to meet the ever-evolving legal, ethical, and social requirements imposed upon today’s businesses.”

Additional presenters at the event included Reatha Clark King, Ph.D, a member of the board of directors of Exxon Mobil, and Doyle Arnold, the Chief Financial Officer at Zions Bancorp. Working panels and topics included discussions of new SEC regulation, accounting changes and strategies for dealing with risk in organizations and industry. Keynotes included a discussion via satellite with U.S. Senator Bob Bennett. Additional presentations included keynotes by Bob Gay of Huntsman-Gay Capital and Lynn Blodgett, CEO of Affiliated Computer Systems, who spoke about company culture and the importance of being a good human while returning value to shareholders.

The Annual Summit Conference has featured senior management from the SEC, Nasdaq, PCAOB, CALSTERS and ISS, as well as leading industry executives and even a few controversial figures such as now-disbarred plaintiff’s class-action lawyer Bill Lerach. At the Summit, directors and officers of public or nearly public companies meet to receive updates on legal, financial, regulatory and business trends so that they can focus on their responsibilities in their professional roles.

I help organize the Summit Director and Officer Training Conference that is held every year in Deer Vally, Utah. While doing a bit of research on topics for this year’s conference I found a well-written paper by Steve Wagner and Maureen Errity on the Risk Intelligent Board: Viewing the World through Risk-Colored Glasses. It’s a topic of keen relevance in today’s business world.

Analyze the demographics of most corporate boards and you’ll find a heterogeneous collection of exceptional talent. The skills members bring to the table reflect a wealth of experience, knowledge and wisdom. Yet despite this extraordinary diversity of viewpoints, it is important that every member of the board don a pair of risk-colored glasses.

These days, you can’t even sit on a public company board without giving at least cursory attention to risk. The New York Stock Exchange requires the audit committee of all listed companies to annually discuss the company’s financial risk exposures and understand how management addresses such risks. Several shareholder ratings services and institutional investors now include risk management in their corporate evaluations. And, of course, the potential for out-of-pocket settlements paid by board members or costly shareholder suits against the company have driven home the point in boardrooms across the land — risk has become personal.

To meet their fiduciary responsibilities, directors must share a common vision of risk and adopt a framework to support their risk oversight activities.

Boards are generally not negligent when it comes to risk. Quite the contrary; most board members make careful deliberations and bring to bear their best judgment. They summon the chief risk, strategy and audit executives, along with the external auditor and others who manage exposures to risk and related policies, to appear before the board. They listen to presentations, ask tough questions, and review reports.

Boards are under pressure — regulatory, legal, fiduciary, stakeholder — to oversee the risk management activities of the company. But many board members are unsure how to approach their risk-related responsibilities. They are uncertain about roles and delineation of responsibility. They wonder where to start and how to bring all the disparate pieces together.

Merely putting risk on the agenda for discussion starts a process that will spur creative thinking and generate illuminating discourse. Whether the initial conversation takes place at a committee level, at the full board level, or both is not as important as getting the discussion started. The topic of risk should be placed on the full board meeting agenda on a regular basis, perhaps several times per year.

By broaching the risk discussion at the board level, one pervasive problem is immediately confronted — the tendency for risk management activities to take place in “silos.” Most companies spread risk management across the organization. Treasury manages credit risk; IT oversees technology and information risk; facilities handles real property risk. This level of specialization is essential to effective risk management. But problems can arise if these risk specialists remain in isolation, never venturing from their bunkers. Among the potential concerns: the “big picture” remains out of focus; disparities arise in the terminology used to talk about risk and the metrics used to measure it; and risks in combination and cascading risk scenarios don’t enter into the discussion.

To combat these problems, the board can act as a catalyst to bridge the silos. By bringing various risk managers into the same room to present their perspectives and strategies on risk, the board is creating an environment that will jump-start a collaborative and synchronized approach to risk management.