J. Michael Cook

NACD Directorship’s Jeffrey M. Cunningham talked to J. Michael Cook about the challenges of corporate leadership in a world of uncertain financial risk. Cook’s perspectives are born of his deep experience as former chairman and CEO of Deloitte, public company director and public servant.

Cook currently chairs the audit committee of Comcast Corp. and the compensation committee of International Flavors & Fragrances. He also chairs the advisory panel to the U.S. Government Accountability Office, an independent, nonpartisan agency that works for Congress and provides guidance to the comptroller general of the United States and other GAO executives. He is a member of the Advisory Council of the Public Company Accounting Oversight Board and a trustee of The Scripps Research Institute. He was a member of the NACD’s Blue Ribbon Commissions on Director Professionalism and Audit Committees, and currently serves in the NACD’s Center for Board Leadership.

After the financial crisis, will risk management ever be the same?
It’s something I have been thinking about for a while. I continue to believe strongly that the right direction is not to push risk down into committees, but rather to have enterprise risk assessed at the full board level.

Does the “new normal” include a different set of risks than before?
It is of considerable concern to me that one of the biggest risks facing American boards of directors is essentially beyond their control. It is created by the irresponsible fiscal policies in Washington. We keep piling on debts without addressing spending issues.

What does this mean for a director? To me it means that, depending on the nature of the institution, there is heightened enterprise risk, especially at financial institutions. While I don’t have firsthand knowledge, it is likely that if you are on the board of any major public financial institution in this country, you would say we have an enterprise risk of great proportion when we look at the U.S. debt situation and the ratings downgrade.

You’re not very impressed by the recent debt-reduction discussions on Capitol Hill.
A sage once told me, if your home is falling down, raising the ceiling is not going to solve the problem. We have too much debt, spend too much money, and we don’t have enough revenue to pay either debts or expenses, so we just add to the pile. And the solution to our problems, according to our political leaders, is to take on more debt. I mean, that is the most ludicrous proposition that I could think of. But I don’t know if we have the capability to sit down and implement an effective, broad-based solution. I don’t think we have the political will.

As board members, we have no choice but to be deeply concerned. Unless you are totally isolated from direct relationships with the government, the financial risk is not something that can be delegated to the audit committee. I’m not even thinking here about the macro risks like the economy and jobs—everybody is in that boat together. Show me anyone in the public company population that doesn’t have to worry about this—I’d like to send them a congratulatory note. There are larger macro issues: What happens if there is another downgrade? What happens to interest rates? What happens to the value of the stock market? What happens to credit availability?

As a result of these macro issues, one of the micro issues that directors need to be thinking about right now is how to deal with any Treasury securities held in company pension funds or on balance sheets.

Is the U.S. debt downgrade merely the revenge of the ratings agencies after their trial by fire during the credit crisis?
I wouldn’t use the term revenge…the pressure is building on the ratings agencies, which have been under a different type of pressure recently for not having seen the future more clearly during the period of the mortgage crisis. Now the world expects them to be more transparent, and they have responded by saying, “We’re really concerned about these U.S. securities.”

Frankly, I don’t blame them. Anyone who follows economic issues can see our economy is not robust, growth rates are declining and job reports are not going to be encouraging for some period of time. And so this is not an economy that enables us to tax our way out of problems or raise costs on business.

Do you remember [former Citibank Chairman and CEO] Walter Wriston’s comment about sovereign risk—that companies go bankrupt but nations don’t? In some respects, the U.S. now has sovereign risk.
We’re at the back of a long line of people that face the immediacy of this. Look throughout Europe now…there are many countries that are sound, but look at the ones that are on the borderline. Look at Greece. Look at Portugal. Look at Spain. Look at Italy. These are not just one little municipality somewhere—these are sizable countries. Look at our own states in the U.S. Whatever the credit rating of the U.S. government, it will have an impact on the credit ratings of individual states. That is just one cost of belonging.

In trying to get a handle on the risks, does the board chair have a different responsibility than the CEO? No, we’re in it together. If you’re a CEO and you’ve got a separate chairman, you should be talking about it together, and you both need to be focused on this. If there is a combined CEO/chair, then he needs to be bringing this issue to the front with both the management team and the board.

What are the most important steps that a board and company leadership should take?
The first order of the day is to understand the specific risks that affect your company. You have to be aware of the macro risks. You’ve got to be aware of the fact that your customers are your lifeblood, and if they are severely harmed by any economic event, it will also hurt you, and you should try to assess the impact that will have on the company, although that is very difficult and will very much depend on the sector you operate in. Retail will be impacted very differently than, say, health care.

The basic question is, What will happen to the business when customer behavior changes due to the increased or perceived increase in economic risk?

Secondly, take a look at what’s on your balance sheet and your pension plan. Where do you have your cash balances? Take a look at your counter-parties and the collateral for your derivatives, the financial instruments that you use in your business. Ask yourself, What would happen if the credit quality of those instruments or investments were to go down, and how would the decline in value affect the company?

J. Michael Cook’s Career Highlights:

• Chairman, CEO Emeritus, Deloitte
• Director, Comcast Corp., International Flavors & Fragrances
• 62nd member of the American Institute of Certified Public Accountants Hall of Fame
• Chairman Emeritus, Catalyst
• Columbia University School of Business Botwinick Prize for Business Ethics, 1998
• Chairman, Comeback America Initiative

Effective oversight of financial reporting— even in times of growth and relative calm—is no simple matter for an audit committee. Add in a global financial crisis, economic recession and uncertainty, sweeping regulatory reforms and unprecedented expectations by investors and regulators for transparency and accountability, and you have one of the most demanding, challenging—and vital—roles in Corporate America.

It’s not a stretch to say that the financial and economic crisis and ensuing volatility and uncertainty in the United States and global markets have put audit committees, and the financial-reporting systems they oversee, through a gauntlet. To be sure, some were well prepared— likely buoyed by systems and processes put into place following the Sarbanes- Oxley Act of 2002. Others were less prepared— and the crises exposed critical gaps in their financial-reporting systems, oversight processes or both.

Investors’ and regulators’ expectations of audit committees have always been high; but the demands and challenges facing audit committees have perhaps never been greater: complex accounting rules and regulations, innovative financial instruments, the global nature of businesses, product innovation, pressures on companies to meet expectations and stay competitive— there is little that doesn’t impact a company’s financials. And, as one seasoned audit committee chair often reminds us: If it’s complicated and requires a lot of time and detailed focus, it usually lands on the audit committee’s plate.

This paper is not intended to be a comprehensive manual or treatise on the duties and responsibilities of the audit committee (which is readily available from numerous sources today). Rather, drawing on the experiences and insights of our Blue Ribbon Commission members, as well as the thoughtful work and writings of others in the business, audit and governance arenas, including the NACD National Audit Committee Chair Forum, it is intended to offer practical perspectives, suggestions and leading practices on what makes an audit committee effective.

No single approach will work best for every audit committee, but we believe the perspectives and leading practices outlined in this report (including ten guiding principles) will help audit committees and boards—as well as auditors, managers and others—drive the financial-reporting process to provide investors, regulators and the market with a clear and accurate picture of the company’s performance, risks and prospects.

Setting the Agenda: Making the Most of Audit Committee Meetings
Ensuring that the audit committee’s agenda appropriately addresses the issues that require the audit committee’s attention and keeps the committee focused on its primary oversight responsibilities can be a major challenge.

Given the scope of the audit committee’s responsibilities, we recommend that at the beginning of each year, the committee create a formal responsibilities checklist and calendar for the coming year, including a tentative calendar for each audit committee meeting throughout the year. The responsibilities checklist and calendar should be based on the audit committee’s charter. [A model audit-committee charter, with tentative agendas for the year, is included in the Commission’s full report.]

The tentative agenda for each audit committee meeting throughout the year is typically crowded with key oversight topics—such as the company’s financial reports and disclosures, the control environment, risks, audit processes, whistleblower complaints and legal and regulatory compliance—as well as numerous mandatory compliance activities.

In preparation for each audit committee meeting, the challenge for the audit committee chair is to prepare a focused (yet flexible) agenda, which devotes sufficient time to the company’s key financial-reporting risks, as well as other items that require the audit committee’s attention. Audit committees must be proactive in setting their agendas—with input from management and internal and external auditors—and must not simply react to an agenda proposed by management.

To accomplish this, audit committee chairs employ a number of leading practices in developing the agenda for each audit committee meeting, including the following:

• In preparing the agenda, the chair will allocate sufficient agenda time to address what’s important, and then address the required items (not vice versa).

• The initial draft of the agenda will often be prepared by someone in management who serves as the audit committee’s primary support, such as the CFO, controller, CAE, corporate secretary, etc.

• The audit committee chair will take responsibility for finalizing the agenda and, distributing a draft agenda, if there is sufficient time, to members of the audit committee for their input.

It’s important to discuss the agenda with the CFO, the audit engagement partner, the CAE, the general counsel—and perhaps others—to obtain their suggestions on key issues and topics for the agenda, including the time allotted to each item and who should participate in the discussion of each topic. In sequencing the agenda, the most important items should be covered first; however, avoid having the same items at the end of the agenda, as it may be perceived as a lack of interest on the committee’s part.

Of course, audit committee members should be encouraged to suggest agenda and follow-up items for future committee meetings.

In order to devote more meeting time to important issues and risks, some audit committee chairs separately identify agenda items that are appropriate for a “consent agenda”—i.e., items that are routine and do not require discussion—so that the committee can approve the items without discussion, assuming all committee members agree.

Some audit committee chairs also set aside time at each meeting (or at least periodically) for the audit committee to take a “deep dive” into an important accounting judgment or estimate, or a significant accounting development that is affecting the company. Some also make it a point to have operating management discuss selected agenda items, such as key areas of risk.

In finalizing the agenda, the audit committee chair should ensure that the agenda devotes sufficient time to the company’s key financial-reporting risks. At the same time, the chair should ensure that the audit committee does not take on too much beyond its core responsibilities. If mission creep occurs, the chair may need to discuss with the chairman of the board or the chair of the nominating/governance committee the possibility of shifting certain oversight responsibilities to another committee or to a new committee.

Making the Most of Meetings
The frequency of audit committee meetings will vary from company to company, with most committees holding four to six “in person” meetings each year, as well as teleconferences as required. Typically, the audit committee will meet, often by phone, prior to the filing of the company’s 10-Qs and 10-K to discuss the reports.

The productivity and effectiveness of audit committee meetings hinges in large measure on the diligent preparation and participation of each member, as well as on the dynamics between committee members and other participants in the meeting. The audit committee chair is responsible for ensuring the efficient use of meeting time and that each agenda item receives appropriate attention. Again, audit committee chairs employ a number of practices to accomplish this, including:

• Working with appropriate management to ensure the quality of premeeting materials—for example, ensuring that the pre-meeting materials are at a level of detail appropriate for committee members (and not simply materials prepared for management and now passed along to the audit committee).
• Asking that copies of all “presentations” and other materials to be covered during the committee meeting be distributed with other pre-meeting materials well in advance of the meeting. To allow sufficient time for discussion, the chair often instructs management to assume that all audit committee members (and others, as appropriate) have read all presentations and other pre-meeting materials, and to limit their “presentation” to an overview of the most significant issues of interest and relevance to the committee.
• Setting aside time at the beginning of each committee meeting for members to have one last look at the agenda (including the amount of time allocated to each item on the agenda) after members have had an opportunity to review the premeeting materials.
• Concluding—and sometimes beginning— each audit committee meeting with an executive session so that members of the committee have an opportunity to discuss important matters privately.

We note that some audit committees routinely have informal “between meeting updates” on issues and developments, typically by email or conference calls. These updates—in which committee members participate on a “voluntary” or time permitting basis—help streamline committee meetings, as members are more current on the issues.

Executive Sessions
Candor and unvarnished viewpoints are tremendously important to the audit committee in its oversight role, which is why executive sessions are now standard fare for audit committees. As stated in the NYSE corporate governance rules, executive sessions serve as a “check on management” by promoting open discussion among the audit committee members without members of management present, and by providing an opportunity for the audit committee to have private conversations with members of management, and with the CAE and external auditors.

We offer the following suggestions for making the most of audit-committee executive sessions:

• The NYSE corporate governance rules require the audit committee to hold periodic, private sessions with management, external auditors and the CAE, and a portion of the executive session should be devoted to these sessions. Many audit committees have private one-on-one sessions at each audit committee meeting with the CFO, the CAE and the audit engagement partner. They also have periodic (once or twice a year), private one-on-one sessions with others, such as the CEO, general counsel and compliance and risk officers. Some audit committees make it a point also to have periodic private sessions with managers below the CFO level, to assess whether information the committee receives is open and transparent, and not “overly controlled” by senior management.
• When meeting one-on-one with management and external and internal auditors, audit committee members generally pose questions to elicit any concerns about management or auditor competency, resources or candor, as well as general concerns about the financial-reporting and control environment or specific accounting and control issues. At times, the audit committee chair may provide managers and auditors with a question in advance, so they have an opportunity to consider the issue more fully before the session (this should not be a “gotcha” exercise). Of course, audit committee members need to be prepared to ask follow-up questions, “test the answers” and take action to address any issues or concerns.
• Avoid negative inferences about the calling of executive sessions by holding them, as a matter of routine, at all audit committee meetings. These sessions might last several minutes or much longer; the key is to ensure discussions are not rushed or inhibited by artificial time constraints —and committee members should plan their schedules accordingly.
• An “audit committee members only” portion of the executive session provides an opportunity to privately discuss the performance of the financial- management team, including the adequacy of communications from the team, as well as compensation, succession planning, any issues or concerns that may have surfaced during the audit committee meeting and the audit committee’s own effectiveness and efficiency. It also provides an opportunity for audit committee members to deliberate and reach a consensus on difficult issues.
• It’s generally left to the audit committee chair to communicate with management or auditors regarding any issues or concerns that were identified during the executive session that may require their attention and follow-through. In addition, the chair should report to the lead director or board, as appropriate.

Get to Know Finance, Internal Audit Teams
Audit committee meetings provide an opportunity for audit committee members to get to know (and understand the potential of) members of the internal audit team and the entire finance team—whether the treasurer, tax director, chief accounting officer, controller, et al.—as well as managers a level or two below these C-level executives. At the same time, however, it is important to recognize that it is difficult to give the audit committee exposure to these key individuals without having committee meetings become unnecessarily large.

To this end, the audit committee chair should work with financial management to develop a systematic approach to providing key members of the finance and internal audit teams with appropriate, periodic exposure to the audit committee, while at the same time ensuring that there is a clear purpose for their presence at the committee meeting.

Reports to the Board, Meeting Minutes
The NYSE corporate governance rules require the audit committee to report regularly to the board of directors, and the commentary states that: “The audit committee should review with the full board any issues that arise with respect to the quality and integrity of the company’s financial statements, the company’s compliance with legal or regulatory requirements, the performance and independence of the company’s independent auditors and the performance of the internal audit function.”

For many boards, the audit committee’s report to the full board is the primary method of informing the board of the audit committee’s activities and ensuring proper coordination of the audit committee’s activities with other committees of the board.

Typically, the audit committee chair has 15 to 20 minutes on the board agenda to present the committee’s report, including time for director discussion and questions. The challenge is to update directors on the audit committee’s work, including significant issues and recommendations, and enable directors to focus on key items, engage in discussion and ask questions—in short, to keep all board members informed about the committee’s work.

While minutes of committee meetings are critical to document the processes the committee followed in carrying out its oversight responsibilities, there is an ongoing debate as to how much detail should be included in the minutes. It is critical that audit committees obtain the advice of counsel regarding the content and level of detail that is appropriate. Minutes of audit committee meetings should be distributed to the full board on a timely basis.

Ten principles to help guide audit committees—and the management and audit professionals supporting them—in their oversight of the financial-reporting process:

1. Be proactive in focusing the agenda on what’s important—financial-reporting risk— and make the most of audit committee meetings.
2. Insist on transparency, both external and internal—among the audit committee, management and internal and external auditors.
3. Focus closely on external financial communications—beyond the 10-K and 10-Q.
4. Question the continuing validity of key assumptions that underlie critical accounting judgments and estimates and be up-to-speed on key financial-reporting issues and developments affecting the company.
5. Assess the audit committee’s role in the oversight of risk management—with an eye to clarifying the scope.
6. Set and manage clear expectations for external and internal auditors.
7. Make sure the chief financial officer (CFO) and the entire finance organization, as well as internal audit, have what they need to succeed, and be sensitive to the strains on these organizations.
8. Assess the tone at the top and throughout the organization, including the effectiveness of compliance and anti-fraud programs.
9. Help link change and risk management— and monitor critical alignments (controls, risks, etc.)
10. Take a hard look at the audit committee’s effectiveness—including its composition and leadership—and find ways to continuously improve.

Commission Members (directorships in italics)

Co-Chairs
Dennis R. Beresford* – University of Georgia; Fannie Mae; Kimberly Clark; Legg Mason, Inc.

Michele Hooper* – The Directors Council; AstraZeneca; PPG Industries; UnitedHealth Group; Warner Music Group

Commissioners
James T. Brady – Ballantrae International, Ltd.; Constellation Energy; McCormick & Co.; T. Rowe Price Group

Richard Chambers – Institute of Internal Auditors

J. Michael Cook – Comcast; International Flavors & Fragrances

Cynthia Fornelli – Center for Audit Quality

The Honorable Barbara Franklin* – Barbara Franklin Enterprises; Aetna; American Funds; Dow Chemical

Patrick Lee – KPMG Audit Committee Institute

James P. Liddy – KPMG LLP

Kenneth Daly – NACD

Peter Gleason – NACD

(*NACD Board Member)

Copies of the complete 2010 Report of the Blue Ribbon Commission on the Audit Committee may be purchased at NACDonline.org. NACD members receive a substantial discount.

Over-regulation, globalization, changing liquidity profiles, financial complexity—these were just a few of the topics discussed at this year’s Audit Committee Issues Conference. “Against the backdrop of a rapidly changing business environment and a still fragile economy, there are a host of challenges and opportunities confronting business leaders,” said Henry Keizer, KPMG’s Global Head of Audit, during opening remarks. “The key will be to understand your changing business fundamentals and to focus on the areas of greatest impact in the months ahead.” Roundtable participants included Fortune 500 public company directors who serve on the boards of such prestigious companies as AIG, AXA Financial, Comcast, ExxonMobil, JPMorgan Chase, Microsoft, Oracle, PetSmart and UnitedHealth. NACD Directorship’s chairman and editorial director, Jeffrey M. Cunningham, moderated the wide ranging and provocative discussion between these veteran directors and governance gurus.

ADDITIONAL COVERAGE FROM THE ISSUES CONFERENCE:

• Survey results: The Top 10 Concerns of Today’s Audit Committees
• Arthur Levitt: “The Real Governance Problem”
• Donna E. Shalala: Prescient remarks about healthcare reform
• Harvey L. Pitt: “Ten (or so) Golden Rules” for boards

A New Normal in the Boardroom?
The baseline for discussion was set against the question of whether board directors see a return to business as usual or what was referred to as the “new normal.”

“From my experience, I think we’ve learned to imagine the unimaginable,” said Charles H. Noski. “Just consider that several institutions that were around for a century or more don’t exist any longer. In boardrooms today, the talk is routinely about the new normal, which simply means we are still in an economic recession that has occurred globally and broadly, so yes, there is a new normal.”

Another theme repeatedly echoed was the nature of changing business models and not only for financial services, where impending legislation could still rewrite the rules for large banks, insurance companies and private equity. Michele J. Hooper said that while the economic crisis accelerated restructurings at some businesses, others face different but equally daunting challenges. “For pharma companies, there is the constant of pricing pressures, the challenge to develop patents, the time and cost to develop new drugs, changes to sales and marketing models…[these] are global issues for the industry,” Hooper said. “As healthcare budgets are challenged around the world, the pressure on exactly who is going to pay for new drug therapy development is a critical question. The new normal is that change is a constant.”

Even as the worst of the economic storm seems to be receding, populist fervor against big business, the financial sector and Wall Street continues unabated. Directors find that amid competing and sometimes conflicting legislative and regulatory proposals, it’s difficult to even guess which regulatory approach will prevail. Charles Elson, director of the Weinberg Center for Corporate Governance at the University of Delaware, noted, “There are two problems. First on a macro governmental level, I think we’ve seen an extraordinary shift in the way in which the government interacts with the private economy. On a secondary level for directors, I think we’re seeing a real change in how boards work. But there’s a danger that the regulatory restrictions and demands are forcing boards to make decisions that are not their own.” Added Christopher S. Lynch, “In this politically charged and economically uncertain environment, the challenge for boards of the GSEs (government-sponsored enterprise) is to provide management some contextual perspective on how the business model might evolve.”

Even so, there appears to be new or renewed commitment to growth, which was quite refreshing to hear and led to a discussion of how CEOs are preparing a new set of objectives and a related set of investments to achieve them. For the CEO, that means priorities may have changed. “After finding sufficient liquidity to pay our dividends, I think now the question is, ‘How do we get back on the path to growth?’” said Alex J. Mandl. “Cost-cutting can only take you so far. What kinds of acquisitions, what kinds of investments need to be made—whether it’s in people or systems. Those are the critical questions facing companies today.”

Specter of Overregulation
In addition to complying with new rules and regulations, several audit committee members sounded the alarm on what they fear may be extreme regulation.

“Frankly, I’m very concerned about the role of government, the risk of overregulation and the possibility of being overly burdened by public policy,” said Reatha Clark King. “I don’t hear enough debate about it among directors and I’m very concerned about more government involvement and its impact on the competitiveness of our companies.”

Directors echoed King’s concerns, noting that while boards have gotten beyond the initial onslaught of new compliance activity as the result of the SOX, “the government has an infinite capacity to create new programs, so you have to constantly step it up. The issue for directors today is, ‘What is our business model and what are we going to do to compete?’” said Richard K. Lochridge.

Regulation needs to be properly balanced between the call for greater transparency and measures that would appear to add little value economically. “Business remains uncertain as to the intent of the increased governmental regulation,” said Kathleen Connell. “Is it transparency and accountability for investors, improved risk management to prevent future systemic failures or simply political optics and burdensome reporting? Properly conceived systemic risk-management policies and increased transparency and accountability practices add value to the corporate community, increasing their competitiveness by restoring consumer confidence and assuring investors that businesses are well managed.”

Financial Communications
Earnings guidance would alone be a subject for a lively and divergent discussion. If the company on whose board you serve didn’t stop or change the way it issued earnings guidance, you were in a minority. One exception may apply to technology-oriented companies, however, because the market’s expectations are different. “In the tech world, where there’s still an expectation of growth by investors, there’s a stronger inclination to give some sort of guidance,” said Ray Bingham. “The metrics used have changed over time and certainly, the tolerances accepted around any particular set of numbers have gotten much, much wider as the perception of risk has grown.”

The assembled directors also agreed that their audit committees are more deeply scrutinizing all of the company’s financial communications. In the view of one director, the earnings press release is the most important communication to investors, but there was also discussion about how to manage the volume and complexity of financial and other information that boards receive.

“We’ve set up a series of informal audit committee calls throughout the quarter in which directors can participate with management and our outside advisors to learn more about emerging issues, key assumptions, accounting and financial-reporting alternatives and potential outcomes,” Lynch said. “We’ve requested that management spend more time with our directors to ensure we better understand the complexity of the issues they are dealing with and how those transactions will be presented in our public filings.”

Mary R. “Nina” Henderson suggests receiving financials and the MD&A separately, one in advance of the other. “This permits a deeper dive and fuller review,” she said. “Also, any matter with continuous impact, based on numerous estimates and assumptions, is reviewed frequently, not only at Q and K review meetings.”

The Securities and Exchange Commission has emphasized disclosures and the MD&A in its new rule-making. “This focus on disclosures is likely to continue and will probably increase—particularly with the SEC’s new disclosure rules regarding compensation, risk and governance,” said Teresa E. Iannaconi. “The SEC is very focused on the protection of investors, but they may miss the forest for the trees,” said Holly J. Gregory. “There seems to be little concern about the impact of their regulatory efforts on how boards function. The perspective I’ve heard expressed by SEC staff in discussions about proxy access is ‘Our role isn’t to think about what the impact might be on the boardroom and the corporation. We are here to protect investors.’ But I think it’s reasonable to ask, to what end?”

Added Gregory, “Investors need corporations capable of succeeding over the long term and this requires regulations that are thoughtfully balanced.”

The Business of Risk
The NACD’s Kenneth Daly said what most audit committee members know all too well: the time commitment to public company board service is “nothing short of unbelievable.” But it’s not the amount of time spent on board work that’s the issue, noted J. Michael Cook, it’s how directors are being asked to use their time. “I know lots of folks who will spend the time—have another meeting, stay longer—if they feel they are adding value and doing something important. What’s frustrating to many people is the amount of time we spend doing things that aren’t very productive…And then, after we do all this great work on risk and risk management, identifying and dealing with the critical risks affecting the business, perhaps the greatest risk—the financial viability of our economy and the financial future of our country—is outside of our control and is being decided for us by people who often are not fiscally responsible in the costs and risks they impose on us.”

Cook raised a point central to any current assessment of the audit committee. With the tremendous focus on risk, there was general agreement that the full board should oversee the strategic risks facing the company. “We see the audit committee’s responsibility for risk often narrowing to risks within the audit committee’s core areas of oversight—clearly financial reporting risks, but also compliance risks, perhaps IT risk, sometimes financial risks,” Mary Pat McCarthy said. “If the board doesn’t have a finance committee, the audit committee may take on that issue as well.”

Cook, who described himself as a “fairly strict constructionist,” said he doesn’t believe committees should be doing work that belongs on the agenda of the full board: “The audit committee exists to oversee one very specific enterprise wide risk and that is the risk of erroneous or fraudulent financial reporting.”

Viewed from a different angle, Bingham suggested that strategy should not be formulated for the avoidance of risk. “In my view it should not be so much the avoidance of risk but rather the requirement that the board understand what kind of risk the company is exposed to and whether there will be an appropriate payback for the risk that’s being tolerated,” he said.

Improving Governance
While criticism of corporate boards has never been more acute, more than half of the audit committee members attending the Issues Conference said the public’s criticism was justified. What measures should be taken to improve board performance? Prepping directors for new roles within the boardroom, evaluating their performance, managing information and ensuring commitment and engagement of individual directors spurred the most comment.

Clearly, there’s no one single rule that applies to all companies; there are various ways to approach both the orientation of new directors and their ongoing contributions as effective board members.

“I know of no highly effective business organizations that don’t evaluate individual performance,” Lynch said. The most effective evaluations, according to Mandl, are led by the independent chairman or lead director or “someone who has the capacity to talk to individuals and as a whole to take the lead.”

Bingham serves on a European board that retains an “expert” to support the board and each committee. The job of these experts is to review management’s reports analytically and assist the board and committees with their work. They are hired externally and supervised by the board.

Greatest Concerns
At the conclusion of each Roundtable—one was held in Miami, the other in Phoenix—directors were asked to rank their concerns. Interestingly, the growing threat of reputation risk, including risk related to enforcement under the Foreign Corrupt Practices Act, generated reaction at both sessions and led to some agreement that “tone at the top” is—or should be—a major area of focus for directors. Bruce Piller of KPMG concurred. “To me, tone at the top is a risk that carries over to a number of areas on the audit committee’s plate—from financial-reporting risk, to the control environment, to fraud risk and compliance.” Reputation risk, said Laban P. Jackson, “is what we worry about all the time. And the thing that I worry about is that our people know that the board cares about how they perform ethically. It is incredibly important to me to get out and meet the people out there and let them know that I care about the work they’re doing.”

The challenge is to communicate tone at the top “deep, deep into worldwide organizations,” said Ellen Odoner. “One key source of support and vigilance can be the legal department. In the United States, reinforced by SOX, inside lawyers recognize that they are expected to play an active compliance as well as business role. It is vital to build the same understanding among the lawyers in far-flung business units.”

Keizer offered a final thought on what should top the agenda of boards and audit committees going forward, echoing the sentiments of directors: “The one key challenge is tone at the top and culture within the organization. Who are we and what do we want to be known for? What’s being measured? What is management being rewarded for? When it comes to culture and tone at the top, we need to make sure that we have learned from the crisis and that we reward the right behavior. That, to me, is the overarching issue.”

Conference Speakers, Panelists and Thought Leaders
Ray Bingham – Director, Dice Holdings, Flextronics International, Oracle, STMicroelectronics
Kathleen Connell - Chair, Corporate Governance Center, Berkeley Haas Graduate School of Business
J. Michael Cook – Director, Comcast, International Flavors and Fragrances
Jeffrey M. Cunningham - Chairman, CEO, Editorial Director, Directorship
Kenneth Daly – President and CEO NACD
Charles M. Elson – Weinberg Center for Corporate Governance, Director, HealthSouth
Holly J. Gregory – Partner, Corporate Governance, Weil, Gotshal & Manges LLP
Mary R. (Nina) Henderson – Director, AXA Financial, Del Monte Foods, Pactiv
Michele J. Hooper – Director, AstraZeneca, PPG Industries, UnitedHealth Group, Warner Music
Teresa E. Iannaconi - Partner, National Office, KPMG LLP
Laban P. Jackson – Director, JPMorgan Chase
Henry R. Keizer – Global Head of Audit, KPMG International Cooperative, and U.S. Vice Chair – Audit, KPMG LLP
Reatha Clark King – Director, ExxonMobil
Richard K. Lochridge – Director, Dover Corp., Lowe’s, PetSmart
Christopher S. Lynch – Director, AIG, Freddie Mac
Alex J. Mandl – Director, Dell, Hewitt Associates, Horizon Lines, Visteon; chairman of the board, Gemalto
Mary Pat McCarthy - U.S. Vice Chair, KPMG LLP, and Executive Director, KPMG’s Audit Committee Institute
Charles H. Noski – Director, ADP, Air Products & Chemicals, Microsoft, Morgan Stanley
Ellen J. Odoner – Head of Public Company Advisory Group, Weil, Gotshal & Manges LLP
Bruce J. Piller – Western Regional Managing Partner, KPMG LLP