The business and risk environment has changed rather dramatically over the past year. The economy is facing continued inflation, a looming recession, political instability, and a series of unconventional developments likely to impact corporate governance in 2023. These risks extend beyond the usual subjects of cybersecurity, environmental, social, and governance (ESG), and shareholder activism. Instead, they reflect a group of unique ethical, economic, technological, regulatory, and public health concerns poised to affect leadership in unanticipated ways.
The increasing complexity and interconnectedness of risks up the ante for boards to have a holistic view of risk management and perhaps pivot on certain strategic priorities.
Drawing on insights from numerous surveys of business leaders and directors, highlighted below are some trends for boards to consider in the coming year when setting their agendas along with key takeaways:
- Economic issues
- Talent and culture
- Risk management
- Cybersecurity and data privacy
- DEI
- Stakeholder governance & ESG
- Digital transformation
- Organizational culture
- Board effectiveness
Economic issues remain significant.
A tough global economic climate is anticipated in the coming year as growth projections are cut, and segments of the economy are forecast to contract. Uncertainty over central bank policies and persistent inflation, rising labor costs, and supply chain disruptions also contribute to clouded perceptions of the economy and an organization’s growth potential—now and in the future.
Boards will be increasingly challenged to closely monitor economic conditions given the uncertainty associated with high inflation, continued low job participation levels, and the likelihood of a recession. The situation will be further complicated by concerns that the impact of geopolitical tensions, the ongoing global COVID-19 pandemic, and rising interest rates may not be transitory.
Talent and culture are at the top of the agenda.
Finding and keeping talent is the number one focus for organizations in 2023. All surveys have identified this as the only risk area consistently reported as significant or top of mind.
Other highly-rated people and culture workplace concerns include:
- Rising labor costs
- Resistance to change
- The need to upskill and reskill employees
- The inability to timely identify and escalate significant market opportunities
- Emerging risk issues
Changes in the overall work environment (e.g., shifts to a hybrid workplace, changes in the nature of work) may lead to challenges sustaining organizational culture and business operations.
It’s worth noting that for private companies, growth often means entering new markets or introducing new products. These organizations need to acquire new skills that enable them to grow in these new areas rather than just scale existing business domains.
Fast-growing companies don’t have the necessary depth of skills or the maturity of business processes or systems and therefore tend to rely on external hires for the specific skills and entrepreneurship needed. Our increasingly knowledge-based economy highlights the importance of talent and human capital management.
The recent phenomenon of employee empowerment has prompted many organizations and boards to rethink the employee value proposition (EVP). Employee empowerment hasn’t abated, and employees are demanding fair pay and benefits, work-life balance with flexibility, interesting work, and opportunity to advance. They also want to work for organizations whose values and commitment to diversity, equity, and inclusion (DEI) and ESG align with theirs. Therefore, boards will need an excellent understanding of the organization’s talent strategy and plans for human capital management.
Risk management is increasingly critical.
CEOs and board members surveyed have commented that as they enter 2023, the risk environment is greater than what they anticipated for 2022 and 2021.
Top concerns driving volatility and uncertainty include:
- Developments in the war in Ukraine
- Tensions with China
- Supply chain disruptions
- Energy shortages in Europe
- Cybersecurity
- Inflation
- Rising interest rates
- Market volatility
- Trade tensions
- The risk of a recession
This environment will call for continual updating of the organization’s risk profile and more scenario planning, stress-testing strategic assumptions, and analyzing downside scenarios. Leaders will need to assess the speed at which risks are evolving, their potential for multiple crises simultaneously, and whether there is flexibility in the organization’s strategy to pivot.
Board-level systems for monitoring and assessing mission-critical functions are important to demonstrate that the board has fulfilled its duty of care and oversight. Boards are expected to oversee significant and critical risks and to document how they review strategies, policies, and procedures adopted to address those risks.
In this regard, directors should seek to understand the organization’s risk profile, its management of short-, medium- and long-term risks, and how the organization’s business decision-making and strategic planning takes risk into account. Expect to see continued focus by investors and the SEC on oversight of risk management, including how boards and committees are structured to ensure sufficient expertise exists to oversee key areas of risk.
Cybersecurity and data privacy require board expertise.
Cybersecurity threats are dynamic, and the related impacts continue to intensify. Scores for these two risks increased year over year, indicating that they remain critical board and C-suite concerns.
Cybersecurity/IT risks that boards and committees need to watch for include:
- The acceleration of artificial intelligence and digital strategies
- The increasing sophistication of hacking and ransomware attacks
- The lack of definition for lines of responsibility among users, organizations, vendors, and government agencies
Boards have made strides in monitoring management’s cybersecurity and data privacy effectiveness. For example, some boards have added greater cybersecurity and data privacy expertise on the board and relevant committees. Other efforts have included organization/business line-specific dashboard reporting that highlight critical risks, vulnerabilities, threats, and desktop exercises addressing breach response scenarios.
Despite these efforts, the growing sophistication of cyberattacks and the complexity of cyber risk management point to the continuing challenges ahead. These issues, and the frequent failures to address concerns, have pushed regulators into action.
Plaintiff claims and resulting court opinions characterize cybersecurity as a mission-critical risk for all online providers. The SEC has proposed rules on cybersecurity risk management that would require public companies to report all material cybersecurity incidents within four business days, policies for managing cyber risk, the board’s role in overseeing cybersecurity risks, and the board’s cybersecurity expertise.
DEI should be an organization-wide mission.
The pressure is on organizations and corporate boardrooms to create diverse, supportive, and inclusive environments in their advertising, employee workforce, C-suites, and boardrooms.
Boards and businesses are improving diversity and inclusion in the workforce not only because it’s the right thing to do but because there are bottom-line benefits to having diversity in the organization. Diverse boards include members of different cultural and economic backgrounds, and multigenerational members—all of which can bring a diversity of thought to the board decision-making process.
For the first time, five generations are in the workforce, and each brings their own perspectives and experience. Many boards have opted to involve DEI leaders to help them navigate potential biases and other challenges that come with the desire to increase boardroom diversity. Board members can help ensure that DEI initiatives are strategic and that the organization follows through on its DEI commitments.
Stakeholder governance is increasing while board focus on ESG continues.
Some believe the world is shifting to stakeholder governance, and forward-looking boards think they need to get on “board.”
Boards generally understand that the quest for long-term profitability and the desire to improve the world are not mutually exclusive ideas. Investor interest in companies practicing stakeholder governance is only increasing. They see the opportunities, long-term sustainability, and improved performance from stakeholder governance.
Boards continue proactively preparing for the shift and assess the value of considering ESG factors in corporate decision-making. They ensure their short- and long-term strategies contemplate what’s best for all their stakeholders, including communities, investors, employees, suppliers, customers, shareholders, and others.
While 2022 saw an anti-ESG backlash movement, this politicization of ESG should not alter the board’s ability to consider ESG factors consistent with the board’s fiduciary duty of care. Properly understood, ESG encapsulates a wide range of risks and opportunities that an organization must balance to achieve long-term sustainable value.
A holistic view of corporate purpose recognizes that consideration of various stakeholder interests and relationships is essential to maintaining a thriving business. Among these are environmental sustainability, the safety and well-being of employees, co-dependencies with local communities, credibility with regulators, and creditworthiness with lenders and suppliers.
How organizations address climate change, DEI, and other ESG issues are viewed by investors, research and ratings firms, activists, employees, customers, and regulators as fundamental to the business and critical to long-term value creation. At a time of low trust in government and institutions, organizations are asked to do more to solve societal problems or risk losing society’s willingness to allow successful operations.
The board should ensure that these issues are priorities for the organization and that it follows through on its commitments. Some boards insist that these issues are embedded into core strategy and operations.
Boards must prepare for digital transformation.
Technology is fundamentally changing the shape of business across industries, and overseeing that transformation requires a board that understands and appreciates the opportunities the digital transformation brings. Board members need to be tech-savvy themselves and able to determine how technology can improve every aspect of the business, from the boardroom to the storeroom floor.
In the upcoming year technology oversight will continue to be a priority for boards of directors, including data management, artificial intelligence (AI), and cybersecurity protocols. An increasingly critical area of data governance is the organization’s use of AI to analyze data as part of the organization’s decision-making process.
Boards should understand the process of how AI is developed and deployed:
- What are the most critical AI systems and processes that the organization has deployed?
- To what extent is bias, conscious or unconscious, built into AI-enabled processes, strategy, development, deployment, algorithms, and outcomes?
- What regulatory compliance and reputational risks are posed by the organization’s use of AI?
Forward-looking boards know that the impact new technology will have on their businesses will only grow, and they’re keen to mitigate the risks and capitalize on the opportunities. Thus, having tech-savvy board members will be a huge advantage.
Organizational culture comes from the top but lives with middle management.
Corporate conduct is under considerable scrutiny from various angles, and boards should expect that this scrutiny will continue to intensify with a focus on both the direct and indirect impacts of organizational decisions.
As the ultimate corporate decision-maker, the board is responsible for the organization’s long-term performance. The board hires and evaluates the CEO, who manages and directs the organization’s business and affairs. The CEO and top leadership are compelled to demonstrate a clear “tone at the top” and establish the organization’s mission, vision, and values. By their words and conduct, Board members and executive leadership will be expected to send a loud and consistent message to employees at all levels that ethics and honesty are of primary importance to the organization.
The tone in the middle culture assesses employee standards and ethical behaviors and the potential of ethical breaches at the organization. Most employees interact with the organization’s executives and board members on a minimal basis. The managers and supervisors in middle management positions set examples of the organization’s moral and ethical culture. People in middle management positions are more likely to be in tune with the prevailing attitudes of the typical employees, far more than the executives and the board members.
Going forward, it will crucial for board members to be aware of any disparity between the organization’s ethical culture at the top versus the middle. Arguably, it’s at this middle employee level where the true organizational culture lives.
Board effectiveness and value creation is active, not passive.
Developing and maintaining a high-performing board that adds value requires a proactive approach to board-building and diversity—diversity of skills, experience, thinking, gender, and race/ethnicity.
Determining the organization’s current and future needs is the starting point for board composition. There, however, is a broad range of board composition issues that require focus and leadership, including succession planning for directors and board leaders (the lead director and committee chairs), director recruitment, director tenure, diversity, board and individual director evaluations, and addressing underperforming directors. Boards have made progress, but change has been slow.
A well-functioning board is a competitive advantage. It plays a critical role in the success of the organization. Instability will continue to be the new normal, and businesses will depend on their boards for support. Effective communication will be key, especially between the board and the CEO. Continuing volatility caused by inflation, increased regulations, political instability, investor scrutiny, and the threat of recession, requires boards to be agile. Successful boards will be proactive and support the CEO with a forward-looking strategy, keeping management accountable for achieving strategic priorities/goals.
The risk of regulatory change and pandemic risk is lessening.
While the risk of the regulatory environment affecting business processes, products, and services increased year-over-year, it is declining in relative significance to the other risks identified.
Likewise, pandemic-related risks also have declined this year – specifically, market conditions imposed by and in response to COVID-19 and related variants.
Key risks and takeaways for leaders and boards in the next twelve months
As leaders look forward to the next twelve months, the expectation is that economic uncertainty, talent management, culture issues, risk management, and the impact of cyber and digital transformation initiatives are expected to command the most attention in the C-suite and the boardroom.
Boards should consider these risks and takeaways in discharging their risk oversight responsibilities and consider their relevance to the organization’s strategy and plan of operation.