GRC, Business Strategy, and the Board

In my last post, I made reference to the NACD Key Agreed Principles, and focused on the first of those principles, namely Board responsibility for governance.  I  emphasized appropriate structure and practices, which necessarily vary from one company to another. 

In this post we examine strategy, which is covered in the seventh key agreed principle, which states:

 “Governance structures and practices should be designed to support the board in determining its own priorities, resultant agenda and information needs, and to assist the board in focusing on strategy (and associated risks).” 


Performance management, corporate strategy and risk management collectively represent the main ingredients to the corporate recipe for creating sustainable long-term value.  Furthermore, strategic planning was the number one issue for directors in 2010, according to the 2010 NACD Public Company Governance Survey.  What strategy attempts to do is balance the corporate risk appetite with business opportunities in order to produce desired shareholder returns and also enhance the long term value of the enterprise.  Strategy formulation involves a rather involved planning exercise that reflects the core mission of the enterprise.  Business strategy drives out key objectives and quantifiable measures of goal attainment, identification of required business elements (e.g. products, services, capital investment, resources, markets, distribution, customers, and so on), scenarios (economic, competitive, market, environmental), sets of assumptions, performance metrics (sales volume, revenue, market share, profit, shareholder value, RAROC, ROI), forecasts, alternative courses of actions, assessment of internal strengths and weaknesses, in addition to opportunities and threats, and finally enumeration of major risks and mitigation strategies.

 Boards need to be involved in strategic planning from its inception.  Oftentimes there is a Board Committee whose designated focus is strategic planning.  In general, strategy has linkages to several standing board committees.  First is Nominating/Governance, where strategy overlap occurs relative to Board composition, evaluation, shareholder communication, and Board committee assignments.  Second, is Audit, which oversees financial impacts, risk assessment, and risk intelligence.  Third, is Compensation, where performance criteria are formed and applied (especially relative to the CEO), key employee retention, and incentive compensation plans.

 CEOs are responsible for crafting strategic direction, making recommendations, and possible alternatives, and sharing them with the Board.  The CEO and Management Team also provide the Board with context, such as competition, market positioning, and so on.  It is management’s responsibility to monitor and deal with risks embedded in the strategic plan.  Boards know that management of those risks is required for successful strategy execution.  The Board is responsible for reviewing plans, suggesting changes to strategy, approving, and monitoring strategy performance during execution.

 In my own experience as a CRO reporting to a Board, and as a Board Director, I have found that a necessary prerequisite for corporate strategy is for the members of the Board to be well versed in the business of the firm, how it creates value and monetizes that value, and the industry in which it operates.  You can think of it as a “play book” that can be shared and ensures that every Board member has a “level set” of knowledge upon which to informed perspectives and opinions can rest.  This is especially important for relatively new directors who may not be industry subject matter experts.  Major headings in a hypothetical playbook would include such things as:

  • Mission, Key Objectives
  • Strategic Assessment (Market and Competition, Products and Services, Management and Organization, Operations and Partners, Strengths and Weaknesses, Opportunities and Threats)
  • Strategy (Do-Nothing, Conservative/Protective, Aggressive/Grow Business)
  • Scenarios (Worst Case, Most Likely, Best case)
  • Pro Forma Financials
  • Risks and Solutions

 With a foundational knowledge of the business, the market position of a company, and consideration of the current/future business climate, Board members can begin to ask a number of relevant questions about strategy.  The following come immediately to mind:

  1. What are the key strategy assumptions and the level of confidence place upon them?
  2. How does the company stack up to the competition?
  3. What risks are inherent in each particular strategy?
  4. What are the emerging opportunities and market trends?
  5. What level of investment is required and how much of the firm’s capital is the strategy putting at risk?
  6. What sorts of alternatives exist?
  7. What is the downside associated with a strategy (e.g. potential disruptions, earnings decline, increased turnover)
  8. What is the upside associated with a strategy (e.g. increased market share, boost in shareholder return)

 Boards provide management with insight based on experience and expertise in business affairs.  For more about the Board’s involvement in strategy, the NACD publication entitled “The Role of the Board in Corporate Strategy” is most helpful.  The Board is an emerging persona that possesses clear business pains and identifiable pain drivers, which can be addressed by a GRC solution.

Relative to governance, risk, and compliance (GRC), and enterprise risk management (ERM), it is widely accepted that any corporate GRC or risk management program must address strategy.  Relative to a GRC solution, you may be wondering how technology can play a role.  Strategy is an evolving GRC area.  The strategy officer also represents an emerging solution persona.  Manoj Kulwal and I presented our thoughts on integrating risk management and business strategy in a one hour webinar that provides illustrative examples of how strategy meshes with GRC.  I will have much more to say about business strategy in future posts.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">