american corporate governance index Documents/ACGI... · 2019. 12. 6. · Guiding Principles of Corporate Governance are designed to foster the highest level of corporate governance,

american corporategovernance index

Making Strides Amid Crisis

TABLEof CONTENTS

Introduction.......................................................................................3

Corporate Governance in 2020 ..................................................... 4

Understanding the grade .............................................................. 5

Key Observations ............................................................................. 6

Incremental improvement across all principles, but trouble spots remain .............................................................. 6

Boards still don’t challenge management .................................. 6

Regulation and size matter during crises ................................... 6

Management structure, CAE reporting lines correlate to stronger governance .................................................................7

Lowest scoring principles continue to lag .................................. 9

COVID-19’s Impact .........................................................................11

Corporate Governance Roles ....................................................... 12

Three Lines Model ..........................................................................13

Defining the Guiding Principles .................................................. 14

Guiding Principles of Corporate Governance .......................... 16

Additional Findings ....................................................................... 25

Guiding Principles ......................................................................... 29

Demographics .................................................................................31

Index Methodology ....................................................................... 32

Acknowledgments ......................................................................... 34

Introduction

Organizations globally were tested in 2020 like never before. The COVID-19 pandemic created a firestorm in virtually every aspect of business, from cash flow challenges prompted by extended lock downs, to extraordinary customer and employee safety measures, to talent management and technology issues created by distributed workforces. These trials of organizational resilience and crisis management were spread across all sectors and industries, creating varied and unique challenges.

Yet, at least for publicly traded organizations responding to this year’s American Corporate Governance Index (ACGI) survey, the health of the nation’s corporate governance not only held its own, it improved slightly during the greatest global public health crisis in a century.

Data gleaned from this year’s survey of chief audit executives (CAEs) finds modest but consistent improvements across all of the index’s eight Guiding Principles. However, boards continue to earn low marks on challenging management assertions and verifying information received from the C-suite.

Compared to last year’s results, company size (revenues) and industry took on a bigger role in explaining variation in ACGI scores for 2020. The results suggest that during periods of heightened risk, like during 2020, companies in regulated industries (financial services, and transportation and utilities) have stronger governance, regardless of company size. In contrast, we see a greater separation in governance scores between smaller and larger companies when companies operate in unregulated industries, where bigger is more likely to be better.

The pandemic-fueled focus on crisis management, updated risk assessments, and stronger alignment among risk management players may have contributed to the stronger showing on overall governance. However, as COVID-19 stretches into a second calendar year and new surges of the deadly virus grip regions around the United States and the world, it will be important to monitor the longer-term implications of its disruptive influence on corporate governance.

3

4

Corporate Governance in 2020

Corporate governance is never more important than during a crisis. This was reflected in CAE assessments of their companies’ 2020 corporate governance performance, with overall assessments notching slightly higher than pre-pandemic index scores. The 2020 ACGI score for corporate governance health in the U.S. is a B- (82), on average, an improvement from last year’s overall score of C+ (79).

There continues to be significant variations in the overall assessment of corporate governance effectiveness across organizations (Figure 1). The most notable improvement is the decrease in companies reporting a failing governance grade. In 2019, 10% of surveyed companies received an F, compared to only 2% in 2020. Similar to last year, the majority of companies score in the B and C range of governance performance, with less than one-fifth of companies earning an A-range performance.

B--

82

AA+ A- B+ B B- C+ C C- D F

20%

18%

16%

14%

12%

10%

8%

6%

4%

2%

0%

FIGURE 1: DISTRIBUTION OF ACGI SCORES BY LETTER GRADE (n=131 IN 2020; N = 128 IN 2019)

2019 2020

5

Understanding the grade

The ACGI and its Guiding Principles are designed to foster the highest level of corporate governance, which should be the aspirational goal of every organization. Any rating less than the highest standard, an A+, reflects room for improvement. This year’s three-point increase nudges the final overall score from a high C to a low B. This progress may reflect improved governance practices relating to business responses to the COVID-19 crisis.

The Guiding Principles are based on a compendium of relevant guidance and principles advanced by experts in the field, including the National Association of Corporate Directors (NACD), the New York Stock Exchange, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the Business Roundtable, the Investor Stewardship Group, the University of Tennessee’s Neel Corporate Governance Center, The Institute of Internal Auditors (IIA), and others. The index gauges the extent to which companies are effectively achieving each of the Guiding Principles.

The ACGI goes beyond the publicly observable aspects of corporate governance to provide an internal perspective on the effectiveness of corporate governance throughout the organization. In forming the survey questions that support the ACGI, it is assumed that corporate governance does not allow for a one-size-fits-all approach and that companies will need to find their own best practices based on various factors, including company age, size, complexity, and extent of international operations.

8279

Key Observations

INCREMENTAL IMPROVEMENT ACROSS ALL PRINCIPLES, BUT TROUBLE SPOTS REMAIN

Scores across the eight Guiding Principles show small and consistent gains with no one principle improving by more than five points on a 100-point scale. The biggest gains were seen in meeting shareholder/stakeholder expectations (Principle 2) and board performance (Principle 3). However, the smallest gains were seen in areas of greatest concern from 2019. Information given to the board (Principle 6) saw a one-point increase year over year to 79, while evaluating corporate governance (Principle 8) had a moderate three-point gain but still rated a disappointing 75.

Within the lower-performing principles, the least effective elements continue to be: the extent to which board members ask whether the information presented to the board is accurate and complete, and the board’s protection of proprietary information. These elements remain the lowest scoring of all and the only ones that rate under 70.

BOARDS STILL DON’T CHALLENGE MANAGEMENT

As in 2019, the 2020 ACGI survey finds that more than one-third of board members are not willing to offer contrary opinions or push back against the CEO. Principle 3, which focuses on board performance, otherwise saw gains across elements addressing the board’s technical expertise, diversity of perspectives, pushing for sufficient details, time to properly execute its role, appropriate compensation, self-evaluation, and follow through on improving weaknesses. Yet, the board’s willingness to challenge management remains low, bumping up a single point to 76 out of 100.

REGULATION AND SIZE MATTER DURING CRISES

Regulated companies tended to earn higher grades, and among unregulated companies, larger companies have stronger governance. Responding companies with total revenues of more than $10 billion were significantly more likely to rate as having strong governance or a “high” grade (A+, A, A-, B+) (Figure 2A) and significantly less likely to rate as having weak governance or a “low” grade (C, C-, D, F). Stronger governance by high-revenue companies may be linked to access to greater resources and larger governance structures. Survey data did not find a significant difference in ACGI scores based on the number of years operating as a publicly traded company (Table 2, page 25). However, in contrast to 2019 results, where regulation had little-to-no correlation with ACGI scores, data suggest that regulation matters during a year filled with crises.

FIGURE 2A: ACGI SCORES BASED ON COMPANY REVENUE

LOW MEDIUM HIGH

> $10 billion

$1 – $10 billion

0% 10% 20% 30% 40% 50% 60%

< $1 billion

6

MANAGEMENT STRUCTURE, CAE REPORTING LINES CORRELATE TO STRONGER GOVERNANCE

ACGI data suggest that management reporting structures and internal audit reporting lines correlate to strength of governance for companies reporting revenue under $10 billion. Respondents who describe their management reporting structures as fairly simple — where material issues make their way to the CEO within a matter of one or two reporting lines — are substantially more likely to have high governance grades. Simple reporting structures also had the lowest incidence of low governance grades.

The size effect observed in Figure 2A is driven by companies operating in unregulated industries (Figure 2B), with size having almost no effect on regulated companies’ governance. Based on open-ended survey question responses, it appears COVID-19 contributed to stronger focus on risk management alignment, which could explain higher governance scores among heavily regulated industries. Specifically, highly regulated industries may have been in a stronger position to react more quickly and effectively to crisis management and business continuity risks created by the pandemic.

FIGURE 2B: ACGI SCORES BASED ON COMPANY REVENUE – REGULATED VS UNREGULATED

7

REGULATEDSIZE (REVENUES)

INDUSTRY

< $1 billion

$1 – $10 billion

> $10 billion

MANUFACTURING OTHERIT AND NON-FINANCIALSERVICES

87 75 79 76

85 76 80 80

88 86 84 85

FIGURE 3: ACGI SCORES ON COMPLEXITY OF MANAGEMENT REPORTING STRUCTURE

MGMT. REPORTING STRUCTURE < $1 BILLION

SIZE (Revenues)

Fairly Simple

Moderately/Highly Complex

$1–$10 BILLION > $10 BILLION

84 84 85

74 75 86

The administrative reporting structure for CAEs also is a strong signal of the strength of overall governance. Based on survey responses, 43% of CAEs who report administratively to the audit committee and 42% who report administratively directly to the CEO assigned high overall governance grades to their organizations (Figure 4). The percentage of high overall governance grades drops to 29% among CAEs who report administratively to the CFO. Across all sizes of organizations, governance quality is strongest when the CAE reports administratively to the audit committee or CEO, and weakest when the CAE reports to the CFO.

Because boards of directors typically decide on the reporting structure for the head of internal audit, this pattern may suggest that companies with stronger governance are more willing to give CAEs greater authority and independence within the organization by reporting directly to the audit committee or CEO, thus preventing management from filtering or applying pressure to change internal audit reports before they get to the top leaders of the organization. Further, CAEs who report directly to the CEO or audit committee are more likely to be authorized to evaluate and provide recommendations on a broader scope of risks. Both scenarios benefit the organization by enabling an objective and independent party within the organization to provide information directly to the CEO and the board. That additional insight could then drive better decisions about governance.

Key ObservationsContinued

8

FIGURE 4: ACGI SCORES BASED ON CAE ADMINISTRATIVE REPORTING LINE

LOW MEDIUM HIGH

Audit Committee

CEO

CFO

0% 10% 20% 30% 40% 50%

MEETING FREQUENCY CORRELATION REQUIRES ADDITIONAL STUDY

Frequency of board meetings is not a reliable measure to gauge the quality of governance. Data from the ACGI survey indicate that companies that hold quarterly board meetings are more likely to have higher governance grades (Figure 5) than those that hold more frequent board gatherings. Two theories may help explain these counter-intuitive results. The scarcity of meetings may make them more critical to strong governance, prompting more effective and efficient meetings. Less frequent formal meetings may also signal more frequent and/or effective informal meetings, such as one-on-one discussions among board members, senior management, and internal audit.

However, a deeper analysis of the data shows the correlation was seen primarily in mid-tier firms (revenue size) and for IT and non-financial services, casting some doubt on frequency of meetings as a measure of governance quality. Additional research around the value of informal meeting/communication quality would provide additional perspective to better understand this apparent correlation.

LOWEST SCORING PRINCIPLES CONTINUE TO LAG

Principle 8, which addresses evaluating corporate governance, was the least effective principle for the second consecutive year. While there is modest improvement for this principle, rising 3 points overall to 75, the gains come primarily from improved rating on board discussions on governance and seeking feedback on corporate governance efficacy. What remains virtually unchanged — increasing a single point — is formal evaluations of the full system of corporate governance on a regular basis. That data point remained mired in the C- range at 71.

9

FIGURE 5: ACGI SCORES BASED ON FREQUENCY OF BOARD MEETINGS

LOW MEDIUM HIGH

8 or more meetings per year

5-7 meetings per year

4 meetings per year

0% 10% 20% 30% 40% 50% 60%

“The company put employee health and safety above all else in the discussion, resulting in an

even greater connectivity, allegiance to the company for employees.”

10

“The company put employee health and safety above all else in the discussion, resulting in an

even greater connectivity, allegiance to the company for employees.”

COVID-19’s Impact

In 2020, COVID-19 overshadowed virtually all aspects of business and society. Its potential impacts are noted throughout this report. However, while there is little denying COVID-19 had an oversized influence, there is little hard evidence of its actual effects on governance.

There is indirect anecdotal evidence and informed conjecture that the pandemic improved alignment on risk management and exposed weaknesses in crisis management and business continuity planning. The ACGI survey included a field for open comments from respondents on their organizations’ response to the crisis. We share some of these to provide a glimpse of how the pandemic was managed by individual organizations.

The comments were generally positive and fell into three categories: the organization’s response and existing governance structure, communications and actions to create specialized response teams, and actions to ensure employee safety, communications, and alignment.

• “I think it really was more about people knowing what to do and being empowered to do it within the pre-existing governance framework.”

• “The company acted quickly and decisively to put flexible policies in place for each group to manage as best they could — working from home, the right IT tools, whatever equipment and PPE that was needed. Our core governance and procedures remained in place, but we gave people the flexibility to get their work done.”

• “Established an executive task force; increased frequency and focused content of board communications; leveraged existing Incident Response framework; used internal intranet portal for timely, diverse company communications.”

• “Frequent communication across all levels within the company and board. A COVID-19 response committee was set up immediately and was instrumental in effective messaging and determining the best actions to take.”

• “Communication on following good corporate governance practices was communicated by internal audit, finance, legal, and other key groups.”

• “The company put employee health and safety above all else in the discussion, resulting in an even greater connectivity, allegiance to the company for employees.”

• “Management was clear on priorities and objectives to help everyone stay focused and aligned.”

Praise was not universal, however.

• Management decisions were made in an autocratic manner.”

• “I would say that due to the culture of our company (problem solvers and get things done), some members of lower management took things into their own hands and came up with answers that may not have been consistent with the broader company approach. Internal audit helped identify some of these areas and get the right people connected.”

11

Corporate Governance Roles

THE BOARD

• Establishes the organization’s tone at the top by setting the risk appetite and ethical boundaries.

• Provides strategic oversight for long-term value creation that keeps the organization aligned with the needs and interests of its primary stakeholders.

• Remains sufficiently informed to provide effective oversight of executive management’s activities.

• Holds executive management to account when it fails to meet stated goals and objectives, strays beyond the stated risk appetite, or fails to operate within set ethical boundaries.

• Ensures internal audit is sufficiently resourced and independent from management so that it provides objective assurance and insight.

EXECUTIVE MANAGEMENT

• Sets policies and procedures, and establishes relationships that enable the organization to identify, articulate, and meet objectives.

• Establishes and executes strategies, develops budgets, and delegates responsibilities to meet short-term goals and long-term strategies that lead to value creation.

• Monitors the achievement of objectives, rewards or mitigates results, and disciplines unsuccessful or inappropriate behavior.

• Keeps the board fully informed on the status of goals and objectives and of risks (internal and external) that could affect the likelihood of achieving goals and objectives.

INTERNAL AUDIT

• The CAE reports directly to the Board of Directors and is independent of management.

• Enhances and protects organizational value by providing risk-based and objective assurance, advice, and insight.

• Improves operations and supports the achievement of the organization’s objectives through an objective, systematic, and disciplined approach.

• Brings a cross-functional, enterprisewide perspective to evaluate and improve the effectiveness of risk management, control, and governance processes.

• The CAE acts as a resource for the board and executive management by providing objective assurance and insight.

12

Three Lines Model

As with the inaugural ACGI, this year’s report identifies the corporate governance roles of boards, executive management, and internal audit (see page 12). The interaction, communication, and alignment among these supporters of corporate governance are vital to an organization’s overall success. This theme is echoed in The IIA’s new Three Lines Model (Figure 6), a refresh of the widely used Three Lines of Defense Model, which was released in July 2020.

Like ACGI, the Three Lines Model is principles based and provides critical guidance on the roles of the governing body (board), executive management, and internal audit. The Three Lines Model provides a concise and informative outline of responsibilities borne by each group:

• Accountability by a governing body (board) to stakeholders for organizational oversight through integrity, leadership, and transparency.

• Actions (including managing risk) by management to achieve the objectives of the organization through risk based decision-making and application of resources.

• Assurance and advice by an independent internal audit function to provide clarity and confidence and to promote and facilitate continuous improvement through rigorous inquiry and insightful communication.

ACGI and the Three Lines Model have complementary key messages that help nurture effective governance. The Three Lines Model includes information on how it should be applied within individual organizations as to structures, roles, and responsibilities as well as oversight and assurance. Most importantly, it urges coordination and alignment.

“Effective governance requires appropriate assignment of responsibilities as well as strong alignment of activities through cooperation, collaboration, and communication. The governing body seeks confirmation through internal audit that governance structures and processes are appropriately designed and operating as intended 1.”

1 See “Three Lines Model” report, The Institute of Internal Auditors, July 2020

13

Governing body roles: integrity, leadership and transparency

EXTERN

AL ASSUR

ANCE PR

OVID

ERS

First line roles: Provision of

products/servicesto clients;

managing risk

Second line roles: Expertise, support,

monitoring andchallenge on

risk-related matters

Third line roles: Independent and

objective assuranceand advice on allmatters related tothe achievement

of objectives

KEY:

Accountability, reporting

Delegation, direction,resources, oversight

Alignment, communicationcoordination, collaboration

GOVERNING BODYAccountability to stakeholders for organizational oversight

MANAGEMENTActions (including managing risk) to achieve

organizational objectives

INTERNAL AUDITIndependent assurance

Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.

FIGURE 6: THE IIA’S THREE LINES MODEL

The Guiding Principles of Corporate Governance define core

actions and responsibilities that promote successful, ethical,

and sustainable corporate governance2. They go beyond the

publicly observable measures of corporate governance, such

as the number of board meetings, biographical information

for directors, and executive compensation disclosures, which

alone fail to capture the effectiveness of an organization’s

corporate governance system. Prescriptive solutions have not

been proposed because corporate governance does not allow

for a one-size-fits-all approach and companies will need to

find their own best practices based on the company’s age, size,

complexity, extent of international operations, etc. Companies

should seek legal advice before implementing specific

corporate governance policies and procedures to ensure

compliance with applicable laws and regulations, including

securities exchange listing requirements.

14

2 The principles reflect a compendium of viewpoints from the sources cited here. Individual quotations and citations are not provided because the intention is to create a summarized set of viewpoints from multiple sources.

15

Principle 1

GUIDING PRINCIPLES OF CORPORATE GOVERNANCE

While the improvement in management and the board’s ability to communicate with clarity, action, and collaboration is excellent news, improving from a B- to a B, on average, it is troubling that the greatest area of concern related to Principle 1 continues to be the extent to which management structures are effective at getting the right information to the right decision-makers in a timely manner. In times of crisis, such as the COVID-19 global pandemic, delays in timeliness of information transfer could affect not just profits and long-term growth, but the health and safety of employees, customers, vendors, and other key stakeholders.

OPPORTUNITY FOR IMPROVEMENT:

Communications between each of the members of senior leadership are clear, actionable, and collaborative.

Communications between senior leadership and the board are clear, actionable, and collaborative.

Management structures are effective at getting the right information to the right decision-makers in a timely manner.

Effective corporate governance requires regular and constructive interaction among key stakeholders, the board, management, internal audit, legal counsel, and external audit and other advisors.

83

2020 2019

85

86

79

79

80

82

75

B

16

83

Principle 2

While organizations continue to do fairly well in identifying stakeholders and considering their interests (rising from 86 to 89, on average), the lowest score for Principle 2 continues to be whether key leadership members are cognizant of the impact that corporate operations have on social and environmental issues and whether they are actively pursuing ways to minimize any negative impacts. While there was an improvement compared to last year, further improvement is needed given that CAEs assess this area of governance as a 76.

Directors report increasing awareness of ESG issues, citing improvements to the frequency with which it is discussed in the boardroom and increasing weight to necessary ESG expertise on the board. However, only 45% of directors report that ESG issues are “regularly” a part of the board’s agenda3. Thus, CAEs’ hesitation to raise assessment on this area above a C is perhaps not surprising given that there continues to be hesitation in the boardroom to regularly discuss these issues.

3 See PwC’s 2020 Annual Corporate Directors Survey, available at https://www.pwc.com/us/en/services/governance- insights-center/library/annual-corporate-directors-survey.html.


The company considers a wide range of stakeholder interests when making business decisions.

There is a consensus among the board and senior leadership on who the key stakeholders are in your company.

In your daily jobs, you and other key leadership members are cognizant of the impact your corporate operations have on social and environmental issues and you are actively pursuing ways to minimize any negative impacts.

The company has not been subject to shareholder proposals, proxy advisor ‘against’ recommendations, ‘vote no’ campaigns, proxy fights, or shareholder litigation.

The board should ensure that key stakeholders are identified and, where appropriate, stakeholder feedback is regularly solicited to evaluate whether corporate policies meet key stakeholders’ needs and expectations.

86

2020 2019

87

89

76

89

81

83

86

73

80

B

17

86

Principle 3

For Principle 3, the least effective element continues to be the extent to which board members are willing to offer opinions that are contradictory to or conflict with those of the CEO. While nearly every other facet of Principle 3 saw significant improvement in scoring, this facet of Principle 3 stayed relatively flat and troublingly low. When presented with specific scenarios in which the CEO wants to delay reporting negative news, respondents believe that only 66% of board members at their company would push back on the CEO (which is relatively consistent with only 64% in the prior year).


Board members present diverse perspectives when discussing issues.

The board probes into sufficient detail for most topics.

Your board has sufficient technical expertise to oversee areas of current or emerging risks.

Board members are compensated in a way that aligns with long-term strategic goals.

Board members have the necessary time and attention needed to fulfill their responsibilities.

Your board conducts a thoughtful, robust evaluation of the entire board and/or individual board members on an annual basis.

Your board commits, and follows through, to improve upon any weaknesses identified in the annual board and/or committee evaluations.

Board members are not afraid to offer opinions that are contradictory to or conflict with those of the CEO.

Board members should act in the best interest of the company and the shareholders while balancing the interests of other key external and internal stakeholders.

85

2020 2019

86

86

84

89

86

86

76

86

80

79

83

79

83

79

79

75

84

B

18

85

Principle 4

For Principle 4, the two key areas needing improvement are consistent with last year’s index: the company’s willingness to avoid sacrificing long-term strategy for the benefit of short-term interests, and the extent to which employees receive adequate training to complete expected job duties. Both of these areas improved from the prior year, rising from 67 to 70 and from 70 to 76, respectively. However, additional improvement is needed. Successfully addressing these issues will fall primarily on senior management. Boards can support senior management in these areas by reinforcing their commitment to long-term performance and value, as well as to training and support for employees.


Employees receive adequate training to complete expected job duties.

The company’s objectives and long-term strategic goals are clearly communicated to, and well-known across the company.

Your company is not willing to sacrifice long-term strategy for the benefit of short-term interests.

Employees are compensated and/or incentivized in a way that encourages the achievement of corporate objectives in an ethical manner.

The board should ensure that the company maintains a sustainable strategy focused on long-term performance and value. 79

2020 2019

80

76

75

77

70

C+

19

The board is willing to discipline and take corrective action when necessary by replacing key members of senior leadership and/or adjusting compensation structures.

Your company has sufficient resources (time and money) to appropriately respond to crises or disruptions as they arise, without cutting corners or sacrificing long-term performance.

81

70

86

82

78

67

83

76

79

Principle 5

While all elements of Principle 5 have improved compared to last year, the least effective element of Principle 5 continues to be the extent to which the board consciously thinks and talks about the company’s culture. Respondents are reasonably confident that the board and senior leadership embody an appropriate “tone at the top.” While respondents demonstrate increasing confidence that this tone is embodied throughout the rest of the organization (improved from 78 in the prior year to 82 this year), the gap between the scoring for the board and CEO’s tone at the top (94) and the rest of the organization (82) is troubling.

Boards consciously thinking and talking about the company’s culture with senior management should lead to natural improvements in the dissemination of tone at the top through the rest of the organization, because it reinforces to management that this is an important issue for the board. Conversations with CAEs suggest that evaluating culture throughout the organization is difficult, but possible. Surveys alone are not likely to be sufficient — such evaluations require integrating onsite visits of internal auditors throughout the organization. Given the transition to remote working, this is an area that internal audit and boards should keep a close eye on in 2021.


Your board consciously thinks and talks about the company’s culture.

Your board and CEO embody a strong “tone at the top” in your organization that would pass any ethical test.

“Tone at the top” is communicated to and consciously embodied across all levels of the company.

The company has not been accused of ethical issues (e.g., sexual harassment, unfair working conditions, environmental issues, etc.).

Management would take appropriate corrective action if a policy, procedure, or workplace rule violation was detected.

The board should ensure that the culture of the company is healthy, regularly monitor and evaluate the company’s core culture and values, assess the integrity and ethics of senior management, and, as needed, intervene to correct misaligned corporate objectives and culture.

86

2020 2019

78

94

82

90

88

82

74

91

78

87

83

B

20

86

Principle 6

Relative to improvements seen in other areas, Principle 6 is largely stagnant compared to last year’s survey. The least effective element continues to be the extent to which board members ask whether the information presented to the board is accurate and complete, showing only a slight improvement from 67 to 68. Four percent of respondents acknowledged that, in the preceding 12 months, there had been a cybersecurity breach related to information given to the board; and only 37% of respondents believe that their boards are required to use either corporate emails or board portals to protect proprietary company information.

Perhaps more troubling is that 23% of CAEs are aware of a cybersecurity or IT data breach outside of information given directly to the board, suggesting that attacks on companies are fairly common.

Although not addressed directly in our survey, to the extent that management is concerned about the board’s loose protection of company information, there exists a risk that managers may consciously or subconsciously withhold certain relevant information from the board.


Board members are given all the necessary information for effective oversight.

The board protects proprietary information given to the board.

Your board members ask whether the information presented to the board is accurate and complete.

Your CEO does not heavily filter or water down “bad” news before it goes to the board.

Board members are given sufficient time to thoughtfully review all materials prior to board meetings.

The board should ensure that structures and practices exist and are well-governed so that it receives timely, complete, relevant, accurate, and reliable information to perform its oversight effectively.

79

2020 2019

90

69

78

87

69

C+

21

Your board does not prefer for management to handle bad news on their own; nor do they prefer that management selectively report information to the board to protect the board’s potential liability.

77

68

82

89

77

67

81

87

79

Principle 7

Principle 7 remains one of the most effective principles of governance. We are pleased to see that the percentage of CAEs reporting that employees are familiar with how to report violations of law or policy has improved, from 78% in 2019 to 82% in 2020. This is particularly important as employees are required to work remotely.

Whereas nearly every other aspect of governance showed improvement year-over-year, Principle 7 identified two areas of decline compared to last year: respondents expressed further concern about whether the internal audit function is adequately staffed, in terms of both the number and expertise of staff, and that information submitted to hotlines or fraud reporting lines was followed through effectively.


Employees are familiar with how to report violations of law or policy.

Public information is accurate, adequate, complete, representative, timely, and transparent.

The internal audit function is adequately staffed, in terms of both the number of staff and expertise of the staff.

The company has not been under investigation by the SEC or other governmental or regulatory authorities.

The company has not experienced restatements, cybersecurity breaches, or unremediated material weaknesses or significant deficiencies.

Information submitted to hotlines or fraud reporting lines is followed through effectively.

The board should ensure corporate disclosures are consistently transparent and accurate, and in compliance with legal requirements, regulatory expectations, and ethical norms.

85

2020 2019

82

93

76

90

76

89

83

78

89

77

87

73

90

B

22

An officer or employee (all levels and locations) would be protected from retaliation for reporting a suspected violation of a policy, procedure, or workplace rule.

91 90

85

Principle 8

Principle 8 remains the least effective principle of governance in 2020. While there were improvements in consciously discussing governance within the company, additional improvement is still needed given that CAEs still rate this aspect of governance at only 78. Furthermore, formal evaluations of governance continue to be weak, perhaps caused by boards failing to seek feedback on whether corporate governance is operating effectively at the company. Without effective eval-uations, organizations risk missing warning signs of weaknesses or vulnerabilities that can lead to governance breakdowns.


Corporate governance is regularly and consciously discussed in your company.

The board seeks out feedback on whether corporate governance is operating effectively at the company.

The company formally evaluates the full system of corporate governance on a regular basis.

Companies should be purposeful and transparent in choosing and describing their key policies and procedures related to corporate governance to allow key stakeholders an opportunity to evaluate whether the chosen policies and procedures are optimal for the specific company.

75

2020 2019

78

72

73

C

23

75

71

72

70

75

“I think it really was more about people knowing what to do and being empowered to do it within the pre-existing

governance framework.”

2524

25

Additional Findings

To evaluate the extent to which the 2020 ACGI sample is potentially representative of the population of U.S. publicly traded companies, the survey group was compared with all publicly traded companies, along the dimensions of company size (revenue), industry, and publicly observable corporate governance features.

The comparison found that compared to the population of U.S. companies traded on major stock exchanges in the U.S., sample companies tend to be larger and more mature, with a greater representation from the financial services. Sample companies are more likely to have CEO-Chairman duality than the U.S. population, with higher board independence, and a higher number of board meetings, on average.

As far as variation in ACGI scores among these factors, we find that corporate governance scores are, on average, higher for the largest companies in our sample (Table 1), which may be due to access to additional resources and larger governance structures in place. Contrary to expectations, we do not find a significant difference in ACGI scores based on the age, or maturity, of the company (Table 2).

In contrast to 2019, which found very little variation by industry, 2020 ACGI results are significantly split by regulated industries versus unregulated industries. Specifically, financial services and transportation and utilities industries have a higher ACGI grade, on average, compared to the remaining industries (Table 3). Additional research is needed to understand this change from the prior year, but we speculate it emphasizes the importance of regulation during times of great uncertainty, e.g., the current COVID-19 environment of 2020.

Note about 2020 differences: The average ACGI for the > $10 billion companies is statistically higher than the companies with < $10 billion in revenues (two-tailed p-value < 0.05).

< $1 billion

$1 - $10 billion

> $10 billion

POPULATION

60%

30%

10%

2020 SAMPLE

26%

41%

33%

2020 ACGI

82

80

86

2019 SAMPLE

26%

51%

23%

2019 ACGI

76

79

82

TABLE 1: COMPANY SIZE (TOTAL REVENUE)

Note about 2020 differences: The score for companies >20 years old is not statistically different from average for remaining companies. Caution should be taken if trying to conclude that one group is different from the other.

< 10 years

11-20 years

> 20 years

POPULATION

37%

19%

44%

2020 SAMPLE

17%

21%

62%

2020 ACGI

81

82

83

2019 SAMPLE

n/a

n/a

n/a

2019 ACGI

n/a

n/a

n/a

TABLE 2: NUMBER OF YEARS COMPANY HAS BEEN PUBLIC

26

The existence of a CEO-Chairman duality was considered in light of a continuing push from investors to separate these roles. Board independence and number of board meetings also were considered. These are common items of discussion among proxy advisors when making voting recommendations on board elections, and something that is prescribed by listing exchange requirements for certain committees.

Contrary to concerns about CEO-Chairman duality, ACGI scores are significantly higher for sample companies where the company’s CEO also serves as Chairman of the Board (Table 4), specifically where the CEO-Chairman duality is paired with strong board independence (Table 5). Contrary to prior-year results, we no longer find a significant difference in ACGI scoring along the dimension of board independence (Table 6), and we now find that ACGI scores are the highest for companies reporting only four meetings per year (Table 7).

Note about 2020 differences: The average ACGI scores for Financial Services and Transportation and Utilities (“Regulated” Industries) are significantly higher than for all other industry groups (two-tailed p-value < 0.01).

Financial Services

Manufacturing

IT and Non-financial Services

Wholesale and Retail Trade

Transportation and Utilities

Other

POPULATION

18%

31%

27%

5%

6%

13%

2020 SAMPLE

28%

27%

14%

7%

5%

19%

2020 ACGI

86

79

81

84

87

80

2019 SAMPLE

32%

25%

12%

10%

13%

8%

2019 ACGI

79

79

81

74

78

84

TABLE 3: INDUSTRY

Note about 2020 differences: The average ACGI for dual CEO-Chairman is statistically higher compared to companies with a separate CEO-Chairman (two-tailed p-value < 0.05).

Dual CEO-Chairman

Separate CEO-Chairman

POPULATION

30%

70%

16% 13% 82 11% 74

14% 27% 86 27% 83

70% 61% 81 62% 78

2020 SAMPLE

39%

61%

2020 ACGI

85

81

2019 SAMPLE

38%

62%

2019 ACGI

80

78

TABLE 4: CEO-CHAIRMAN DUALITY

Note about 2020 differences: The average ACGI for dual CEO-Chairman compensated by an independent board is significantly higher than the other two groups (two-tailed p-value < 0.01). The dual CEO-Chairman without a compensating independent board is not statistically different from the separate CEO-Chairman. Here, a board is considered to have compensating board independence when board independence is greater than the population median (86%).

Dual CEO-Chairman without a compensating independent board

Dual CEO-Chairman compensated by an independent board

Separate CEO-Chairman

POPULATION 2020 SAMPLE 2020 ACGI 2019 SAMPLE 2019 ACGI

TABLE 5: CEO-CHAIRMAN DUALITY, AFTER CONSIDERING BOARD INDEPENDENCE

Additional FindingsContinued

27

A number of non-public aspects of corporate governance were also considered.

Results show corporate governance is stronger for companies where the administrative reporting line for internal audit is directly to the audit committee or CEO, with no potential filtering from other members of senior management (Table 8). This is an area where additional research is needed, both for the quality of corporate governance and the quality of internal audit work. Second, perhaps not surprisingly, companies score significantly lower in the ACGI when their reporting structures are moderately or highly complex (Table 9).

Note about 2020 differences: We split the sample using the median percentage of independent board members from the population for fiscal year 2019 (85.7%). There is no statistical difference between high and low independence groups.

Note about 2020 differences: The average ACGI is significantly higher for companies only meeting once per quarter, or four times per year in 2020, compared to all other companies in the sample (two-tailed p-value < 0.10).

Note about 2020 differences: The average ACGI for companies where the CAE reports administratively to the audit committee or CEO is statistically higher than the average ACGI for companies where the CAE reports administratively to the CFO (two-tailed p-value <0.10). An index score is not provided for “Other” because it comprises disparate groups.

High % of independent members

Low % of independent members

4 meetings per year

5-7 meetings per year

8 or more meetings per year

Audit Committee

CEO

CFO

Other (e.g., General Counsel, Risk Officer)

POPULATION

50%

50%

POPULATION

37%

52%

11%

2020 SAMPLE

11%

14%

59%

16%

2020 SAMPLE

68%

32%

2020 SAMPLE

21%

47%

32%

2020 ACGI

84

84

81

NA

2020 ACGI

82

82

2020 ACGI

85

81

82

2019 SAMPLE

59%

41%

2019 SAMPLE

34%

46%

20%

2019 SAMPLE

4%

21%

57%

18%

2019 ACGI

80

77

2019 ACGI

77

79

81

2019 ACGI

88

82

78

NA

TABLE 6: BOARD INDEPENDENCE

TABLE 7: BOARD MEETINGS

TABLE 8: CAE ADMINISTRATIVE REPORTING LINE

Finally, we considered the extent of regulation and foreign operations. Contrary to findings in the prior year, we find that ACGI scores are highest in heavily regulated industries (Table 10) and in companies with no or minimal operations outside the U.S. (Table 11). While not directly asked in our survey, we attribute these changes to the current pandemic and economic environment.

28

Note about 2020 differences: The average ACGI for Fairly Simple reporting structures is statistically higher than the average ACGI for Moderately or Highly Complex reporting structures (two-tailed p-value <0.10).

Fairly Simple. If a material issue were to arise, it could be escalatedto the CEO very quickly, within amatter of one or two reporting lines.

Moderately or Highly Complex. If a material issue were to arise, it would take longer to get to the CEO; several reporting lines would be involved, and for some, it would require complex navigation of reporting lines to get to the CEO.

2020 SAMPLE

60%

40%

2020 ACGI

84

79

2019 SAMPLE

79%

21%

2019 ACGI

80

76

TABLE 9: MANAGEMENT REPORTING STRUCTURE

Note about 2020 differences: The average ACGI for heavily regulated companies is statistically higher than the ACGI scores for minimally and moderately regulated companies (one-tailed p-value < 0.10).

Note about 2020 differences: The average ACGI is statistically higher for companies with no or minimal operations outside the U.S., relative to companies with moderate or heavy reliance on operations outside the U.S. (one-tailed p-value < 0.10).

Minimally regulated

Moderately regulated

Heavily regulated

We do not operate outside the U.S.

Minimally outside U.S.

Moderately outside U.S.

Heavily outside U.S.

2020 SAMPLE

14%

46%

40%

2020 SAMPLE

20%

16%

39%

25%

2020 ACGI

80

82

84

2020 ACGI

83

84

80

81

2019 SAMPLE

16%

35%

49%

2019 SAMPLE

30%

20%

18%

32%

2019 ACGI

80

79

79

2019 ACGI

78

79

80

78

TABLE 10: EXTENT OF REGULATION

TABLE 11: EXTENT OF OPERATIONS OUTSIDE OF THE U.S.

Additional FindingsContinued

29

DEFINITION Corporate governance is the overarching set of policies, procedures, and relationships that enable an organization to establish objectives, set ethical boundaries to the acceptable means with which those objectives will be met, monitor the achievement of objectives, reward successful achievements, and discipline unsuccessful or inappropriate attempts to meet objectives, in order to keep the organization aligned with the needs and interests of its primary stakeholders.

PRINCIPLE 1 Effective corporate governance requires regular and constructive interaction among key stakeholders, the board, management, internal audit, legal counsel, and external audit and other advisors.

PRINCIPLE 2 The board should ensure that key stakeholders are identified and, where appropriate, stakeholder feedback is regularly solicited to evaluate whether corporate policies meet key stakeholders’ needs and expectations.

• Key stakeholders can change over time, and as such, boards should ensure processes are in place to regularly monitor the identification of key stakeholders.

• Key stakeholders are those who have a material impact on corporate operations, or on whom the corporate operations have a material impact.

• Stakeholders can be external or internal and include communities affected by the company’s operations, creditors, customers, employees, regulators, shareholders, suppliers, etc.

• When evaluating business success, the company should also evaluate its social and environmental impact and determine whether it aligns with corporate objectives and the interests of key stakeholders.

PRINCIPLE 3 Board members should act in the best interest of the company and the shareholders while balancing the interests of other key external and internal stakeholders.

• The board should exhibit sufficient independence and objectivity in fact and appearance. There should be a clear form of leadership for the board that is distinct from management. Each board member should employ healthy skepticism in meeting his or her responsibilities and be willing to challenge the CEO and other board members constructively.

• Board members should exhibit high integrity and competence, and provide diverse perspectives in terms of industry expertise, technical expertise, culture, and thought.

• Board members should exhibit a commitment of time and active involvement, including preparation for and direct participation in appropriate board, committee, and shareholder meetings. They should be informed on relevant issues, particularly those involving potential or existing crises, and be available to consult with management, as needed.

• Board members should receive ongoing education and training to perform their responsibilities, including areas of emerging risk to the company.

• Executive sessions should be held regularly and often, as they are critical in establishing an appropriate environment of objectivity and candor. These sessions should include independent directors and those outside directors who do not qualify as independent, but exclude members of management.

• The board should undergo regular, robust evaluations and, as needed, members should be rotated (including leadership positions within the board) to ensure a balance of company-specific knowledge and new perspectives. Effective board evaluations should lead to improved governance and corporate outcomes.

• Shareholders should have fair opportunities to nominate and regularly vote on the retention of board members.

Guiding Principles

30

PRINCIPLE 4 The board should ensure that the company maintains a sustainable strategy focused on long-term performance and value. This includes:

• Defining corporate objectives and approving long-term strategic goals.

• Evaluating risks, including reputational risks, and seeking to balance risk and reward after considering all relevant stakeholders.

• Designing management compensation to align with long-term strategic goals, regularly evaluating performance of the CEO, and overseeing management succession planning.

• Ensuring that all employees receive adequate training and are compensated in a way that encourages achievement of corporate objectives.

PRINCIPLE 5 The board should ensure that the culture of the company is healthy, regularly monitor and evaluate the company’s core culture and values, assess the integrity and ethics of senior management, and, as needed, intervene to correct misaligned corporate objectives and culture.

PRINCIPLE 6 The board should ensure that structures and practices exist and are well-governed so that it receives timely, complete, relevant, accurate, and reliable information to perform its oversight effectively.

• Each board member should have unrestricted access to management, as needed, to fulfill their responsibilities.

• Board members have a responsibility to protect the confidentiality of non-public information.

PRINCIPLE 7 The board should ensure that corporate disclosures are consistently transparent and accurate, and in compliance with legal requirements, regulatory expectations, and ethical norms.

• The board should ensure that an independent committee (an Audit Committee or equivalent) with appropriate expertise is responsible for oversight of both internal and external auditors. Internal audit should have direct and unfiltered access to this committee; it should be adequately resourced; and its purpose, authority, and responsibility should be formally defined and consistent with the International Standards for the Professional Practice of Internal Auditing.

• The board should oversee the company’s assessment of the risk of fraud specifically and ensure that adequate controls are in place to detect and deter fraud.

• The board should have in place processes for employees or other stakeholders to report suspected fraud or misconduct to independent members of the board without fear of retaliation.

PRINCIPLE 8 Companies should be purposeful and transparent in choosing and describing their key policies and procedures related to corporate governance to allow key stakeholders an opportunity to evaluate whether the chosen policies and procedures are optimal for the specific company.

• The board should ensure that the company regularly evaluates the full system of corporate governance to ensure that individual components are operating as expected, and that all components operate in a cohesive manner to achieve corporate objectives.

• The board should ensure that corporate governance evaluations encourage the reporting of potential deficiencies at all levels, including within the board, without fear of retaliation.

• The board should ensure that the company addresses any deficiencies in a timely manner.

Guiding PrinciplesContinued

The ACGI provided screening questions in the survey to ensure that each participant represented a publicly traded company and that each respondent personally had direct access to the board and/or audit committee. Of those participants that met the screening criteria, 166 surveys were attempted, 131 completed all questions related to the ACGI formulation, and 129 additionally completed demographic questions. The survey was conducted from September 1, 2020, through October 5, 2020. The information below provides more information about the ranges of experience levels and types of organizations represented by the participants who completed the survey.

PARTICIPANT DEMOGRAPHICS

• 10 years of direct access to the board and/or audit committee

• 52 years of age

• 73% male

SELF-ASSESSMENT OF CORPORATE GOVERNANCE QUALITY

In addition to questions that are the basis for the ACGI score, survey respondents were asked to:

1. Consider how an external peer reviewer would report on their own corporate governance quality (scoring from 1 – 100).

2. Report how they perceive their corporate governance quality compares with peer companies.

Respondents believe a peer reviewer would assign their organization an average score of 78, suggesting that they would rate themselves slightly lower than their calculated score.

Consistent with the prior year, respondents are optimistic about their corporate governance quality compared with their peers (Table 12). Fifty-seven percent believe their company’s peer review score would be higher, or significantly higher, than their peers, while only 10% believe their company’s peer review score would be lower, or significantly lower, than their peers. We do, however, observe that their calculated ACGI score is positively correlated with their perception of their corporate governance quality relative to their peers. CAEs that perceive their quality to be lower than peers do have lower ACGI scores, on average, relative to CAEs that perceive their quality to be higher than peers.

31

Demographics

Significantly lower than my peers

Lower than my peers

The same as my peers

Higher than my peers

Significantly higher than my peers

%

1%

9%

33%

45%

12%

ACGI

31

70

81

85

88

TABLE 12: SELF-ASSESSMENT OF CORPORATE GOVERNANCE QUALITY

32

Index Methodology

The ACGI is designed to be a reliable barometer of American corporate governance and to provide insight into how companies perform in key areas based on Guiding Principles of Corporate Governance, developed in partnership between the Neel Corporate Governance Center and The IIA.These Principles are based on a compendium of relevant guidance and principles advanced by experts in the field, including the National Association of Corporate Directors (NACD), the New York Stock Exchange, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the Business Roundtable, the Investor Stewardship Group, UT’s Neel Corporate Governance Center, The IIA, and others.

CAEs are uniquely positioned to provide an independent and objective enterprisewide perspective of the organization. The ACGI itself is calculated using responses to a Principles-based governance survey of CAEs at companies listed on U.S. stock exchanges. Survey respondents answered questions anonymously by indicating their level of agreement or disagreement with specific statements and scenarios.

The questions and scenarios were developed based on in-depth interviews with leading CAEs and built around the Guiding Principles of Corporate Governance. A key tenet underlying the ACGI and the accompanying Guiding Principles is that corporate governance affects a company not only in the boardroom or C-suite, but throughout the organization. The more that companies increase their scale and geographic reach, the more difficult it is for boards and executive leadership to directly guide and oversee corporate governance across all levels of the organization. Therefore, questions are designed to capture the effectiveness of corporate governance enterprisewide. Responses to each question are combined to form an aggregate score using a scale of 0–100, which is then translated into a letter grade of A through F. The score for each principle is an equal-weighted average of each of the sub-principles, or elements.

This year’s index is based on survey responses from 131 CAEs working in companies of various sizes, complexities, and industries.

The IIA and the Neel Corporate Governance Center are committed to conducting the survey annually, providing an unbiased examination of the data, and sharing insights about the factors that influence corporate governance over time.

3033

“. . . some members of lower management took things into their own

hands. . . . Internal audit helped identify some of these areas and get the

right people connected.”

In 2018, The Institute of Internal Auditors and the Neel Corporate Governance Center at the University of Tennessee’s Haslam

College of Business in Knoxville, Tennessee, began collaborating on an ambitious project to develop principles and an annual

index to measure the quality and effectiveness of corporate governance among publicly held companies in the United States. With

more than 200,000 members worldwide, including over 66,000 in the United States, The IIA is the internal audit profession’s most

widely recognized advocate, educator, and provider of standards, guidance, and certifications. The Neel Corporate Governance

Center was founded in 2003 in the wake of corporate scandals that preceded the Sarbanes-Oxley Act. Its mission is to conduct and

disseminate nationally recognized research on corporate governance with a focus on public policy. Instrumental in developing

the American Corporate Governance Index (ACGI) are Terry L. Neal, Ph.D., CPA, Director of Corporate Governance, and Lauren

M. Cunningham, Ph.D., CPA, Director of Research at the Neel Center. Neal is the Richard L. Townsend Distinguished Accounting

Professor and head of the Department of Accounting and Information Management. His research, which has been published in

top-tier academic journals, primarily addresses issues related to corporate governance and auditor independence, with a particular

emphasis on the role of the audit committee as a corporate governance mechanism. Cunningham is an associate professor in the

Department of Accounting and Information Management. Her research, which focuses on the effects of audit, corporate gover-

nance, and regulatory oversight on financial reporting quality, also has been published in top-tier academic journals and present-

ed at the U.S. Securities and Exchange Commission’s Division of Economic and Risk Analysis as well as conferences internationally.

Acknowledgments

34

35

About The IIAThe Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate, educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today serves more than 200,000 members from more than 170 countries and territories. The association’s global headquarters is in Lake Mary, Fla., USA. For more information, visit www.globaliia.org.

About the University of Tennessee Neel Corporate Governance CenterThe Neel Corporate Governance Center at the University of Tennessee, Knoxville’s Haslam College of Business was founded in 2003 following the wake of corporate scandals that preceded the Sarbanes-Oxley Act of 2002. Its mission is to conduct and disseminate nationally recognized research on corporate governance with a focus on public policy. The Neel Corporate Governance Center maintains a close connection with professionals through its Distinguished Speaker Series, which regularly hosts corporate executives, board members, regulators, and other industry leaders.

DisclaimerThe IIA publishes this document for informational and educational purposes. This material is not intended to provide definitive answers to specific individual circumstances and as such is only intended to be used as a guide. The IIA recommends seeking independent expert advice relating directly to any specific situation. The IIA accepts no responsibility for anyone placing sole reliance on this material.

CopyrightCopyright © 2020 The Institute of Internal Auditors, Inc. All rights reserved. For permission to reproduce, please contact [email protected].

Global HeadquartersThe Institute of Internal Auditors1035 Greenwood Blvd., Suite 149Lake Mary, FL 32746, USAPhone: +1-407-937-1111Fax: +1-407-937-1101www.globaliia.org

2020-1585