Last week two significant reports addressing ineffective board governance were released. Both should concern professional regulators as they outline issues and challenges which many regulators may not be addressing. The Auditor General of Nova Scotia reviewed the IWK Health Centre and found Board oversight of spending was wanting, especially relating to reimbursement of travel and related expenses – https://sml-law.com/wp-content/uploads/2018/12/Ch2Dec2018.pdf. The AG’s review arose because of findings that a former CEO and CFO had followed improper expense account procedures, which have resulted in criminal charges being laid.
The second report by Sen. Murray Sinclair dealt with the Police Services Board in Thunder Bay – https://slasto-tsapno.gov.on.ca/ocpc-ccop. The origin of this report is well known as it relates to allegations of racism in the Thunder Bay Police Force.
Both are worth reading to understand current thinking about the role a board of directors must assume to do its job properly. Two themes emerge from the reports. First, although a relationship of ‘trust’ between senior staff leadership and the Board is essential, that relationship cannot be allowed to impede the Board from doing its job independently and thoroughly. Second, and much less understood, the tone of the organization must be set and communicated by the Board.
Here are some of the key lessons from the reports:
- The Board has responsibility to ensure the organization has and achieves diversity objectives and there is training in place to advance these goals.
- Acting independently the Board must ensure both strategic and operational goals are being met and must not rely exclusively on assurances provided by the CEO.
- The Board must demonstrate meaningful engagement in developing governance and oversight policies.
- The CEO must keep the Board apprised of serious risks that could affect the organization.
- Both the Board and management must effectively oversee internal controls to ensure reliable and accurate financial reporting, efficient and effective operations, and compliance with laws and regulations. The Board, through the Chief Executive Officer, is responsible for creating a culture of awareness of internal controls.
- Financial control policies should address fraud, travel and hospitality, internal meeting expenses, staff social events, gifts of appreciation, signing authority, and procurement. The Board should receive regular reporting on the effectiveness of internal controls.
- The Board should require, and management should implement, an internal or enterprise risk management system that documents internal controls and monitoring of both financial and operational risks and, I would add, regulatory risk for regulators. The Board and management should regularly monitor the effectiveness of the organization’s response to the risks.
- Governance policies should clearly state what ‘significant transactions’ require Board approval. Monetary amounts and organizational risk move a transaction from being ‘operational’ to the ‘Board’s business’.
- The Board should have processes in place to ensure the accuracy of financial reporting to the Board.
- The terms of reference of key Board committees, such as Finance, and Audit and Risk Management, should be regularly updated to ensure currency as the circumstances of the organization evolve.
- The Board should regularly evaluate the CEO and maintain documentation about that process and its results so future Boards have access to it. The CEO must in turn complete regular performance reviews of management and report on the results to the Board.
These reports show what happens when complacency sets in at the Board and it fails to stay alert and focused on all aspects of its fiduciary obligations. For organizations committed to good Board governance the recommendations are not earth shattering; however, they outline many important aspects of best practices that provide a timely reminder from which every Board can benefit.