“The hardest lesson I’ve learned in the last decade is to imagine the unimaginable,” said Charles H. Noski, vice chairman of Bank of America, to a group of more than 800 directors and governance professionals convened today at the 2011 NACD Board Leadership Conference in Washington, D.C. Between seeing the capital markets seize up in his days at Morgan Stanley, particularly on the weekend of the Lehman Brothers bankruptcy, and guiding AT&T through a business continuity plan that relied on air travel in the days after Sept. 11, Noski has “really redefined what risk means and the need for diligence.”
In the discussion on new risks facing directors and their companies, many panelists agreed that trying to prepare for every single possible situation was not an effective use of the board’s time. “Actionable and meaningful planning is necessary,” said Michael J. Smith, director at REI, “but management cannot be distracted by too many arbitrary ‘what-ifs’.”
James T. Richardson, director at FEI and Digimarc, noted that the best risk mitigation came from a solid management team. “Most major failures really come from issues and mistakes in the core business,” he said. “The board needs to set the ethical character of the business, supporting and maintaining the right CEO and the communication culture down through the business.”
KPMG’s recent audit committee member survey found an interesting shift in director focus – today directors’ number one concern is with IT risk. “The board wants to hear more from the CIO,” said Mary Pat McCarthy, U.S. vice chair of KPMG LLP and executive director of KPMG’s Audit Committee Institute. “Only 23 percent of respondents were confident that their company’s strategic planning properly considered IT risk,” she said.