Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
american corporategovernance index
Making Strides Amid Crisis
TABLEof CONTENTS
Introduction.......................................................................................3
Corporate Governance in 2020 ..................................................... 4
Understanding the grade .............................................................. 5
Key Observations ............................................................................. 6
Incremental improvement across all principles, but trouble spots remain .............................................................. 6
Boards still don’t challenge management .................................. 6
Regulation and size matter during crises ................................... 6
Management structure, CAE reporting lines correlate to stronger governance .................................................................7
Lowest scoring principles continue to lag .................................. 9
COVID-19’s Impact .........................................................................11
Corporate Governance Roles ....................................................... 12
Three Lines Model ..........................................................................13
Defining the Guiding Principles .................................................. 14
Guiding Principles of Corporate Governance .......................... 16
Additional Findings ....................................................................... 25
Guiding Principles ......................................................................... 29
Demographics .................................................................................31
Index Methodology ....................................................................... 32
Acknowledgments ......................................................................... 34
Introduction
Organizations globally were tested in 2020 like never before. The COVID-19 pandemic created a firestorm in virtually every aspect of business, from cash flow challenges prompted by extended lock downs, to extraordinary customer and employee safety measures, to talent management and technology issues created by distributed workforces. These trials of organizational resilience and crisis management were spread across all sectors and industries, creating varied and unique challenges.
Yet, at least for publicly traded organizations responding to this year’s American Corporate Governance Index (ACGI) survey, the health of the nation’s corporate governance not only held its own, it improved slightly during the greatest global public health crisis in a century.
Data gleaned from this year’s survey of chief audit executives (CAEs) finds modest but consistent improvements across all of the index’s eight Guiding Principles. However, boards continue to earn low marks on challenging management assertions and verifying information received from the C-suite.
Compared to last year’s results, company size (revenues) and industry took on a bigger role in explaining variation in ACGI scores for 2020. The results suggest that during periods of heightened risk, like during 2020, companies in regulated industries (financial services, and transportation and utilities) have stronger governance, regardless of company size. In contrast, we see a greater separation in governance scores between smaller and larger companies when companies operate in unregulated industries, where bigger is more likely to be better.
The pandemic-fueled focus on crisis management, updated risk assessments, and stronger alignment among risk management players may have contributed to the stronger showing on overall governance. However, as COVID-19 stretches into a second calendar year and new surges of the deadly virus grip regions around the United States and the world, it will be important to monitor the longer-term implications of its disruptive influence on corporate governance.
3
4
Corporate Governance in 2020
Corporate governance is never more important than during a crisis. This was reflected in CAE assessments of their companies’ 2020 corporate governance performance, with overall assessments notching slightly higher than pre-pandemic index scores. The 2020 ACGI score for corporate governance health in the U.S. is a B- (82), on average, an improvement from last year’s overall score of C+ (79).
There continues to be significant variations in the overall assessment of corporate governance effectiveness across organizations (Figure 1). The most notable improvement is the decrease in companies reporting a failing governance grade. In 2019, 10% of surveyed companies received an F, compared to only 2% in 2020. Similar to last year, the majority of companies score in the B and C range of governance performance, with less than one-fifth of companies earning an A-range performance.
B--
82
AA+ A- B+ B B- C+ C C- D F
20%
18%
16%
14%
12%
10%
8%
6%
4%
2%
0%
FIGURE 1: DISTRIBUTION OF ACGI SCORES BY LETTER GRADE (n=131 IN 2020; N = 128 IN 2019)
2019 2020
5
Understanding the grade
The ACGI and its Guiding Principles are designed to foster the highest level of corporate governance, which should be the aspirational goal of every organization. Any rating less than the highest standard, an A+, reflects room for improvement. This year’s three-point increase nudges the final overall score from a high C to a low B. This progress may reflect improved governance practices relating to business responses to the COVID-19 crisis.
The Guiding Principles are based on a compendium of relevant guidance and principles advanced by experts in the field, including the National Association of Corporate Directors (NACD), the New York Stock Exchange, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the Business Roundtable, the Investor Stewardship Group, the University of Tennessee’s Neel Corporate Governance Center, The Institute of Internal Auditors (IIA), and others. The index gauges the extent to which companies are effectively achieving each of the Guiding Principles.
The ACGI goes beyond the publicly observable aspects of corporate governance to provide an internal perspective on the effectiveness of corporate governance throughout the organization. In forming the survey questions that support the ACGI, it is assumed that corporate governance does not allow for a one-size-fits-all approach and that companies will need to find their own best practices based on various factors, including company age, size, complexity, and extent of international operations.
8279
Key Observations
INCREMENTAL IMPROVEMENT ACROSS ALL PRINCIPLES, BUT TROUBLE SPOTS REMAIN
Scores across the eight Guiding Principles show small and consistent gains with no one principle improving by more than five points on a 100-point scale. The biggest gains were seen in meeting shareholder/stakeholder expectations (Principle 2) and board performance (Principle 3). However, the smallest gains were seen in areas of greatest concern from 2019. Information given to the board (Principle 6) saw a one-point increase year over year to 79, while evaluating corporate governance (Principle 8) had a moderate three-point gain but still rated a disappointing 75.
Within the lower-performing principles, the least effective elements continue to be: the extent to which board members ask whether the information presented to the board is accurate and complete, and the board’s protection of proprietary information. These elements remain the lowest scoring of all and the only ones that rate under 70.
BOARDS STILL DON’T CHALLENGE MANAGEMENT
As in 2019, the 2020 ACGI survey finds that more than one-third of board members are not willing to offer contrary opinions or push back against the CEO. Principle 3, which focuses on board performance, otherwise saw gains across elements addressing the board’s technical expertise, diversity of perspectives, pushing for sufficient details, time to properly execute its role, appropriate compensation, self-evaluation, and follow through on improving weaknesses. Yet, the board’s willingness to challenge management remains low, bumping up a single point to 76 out of 100.
REGULATION AND SIZE MATTER DURING CRISES
Regulated companies tended to earn higher grades, and among unregulated companies, larger companies have stronger governance. Responding companies with total revenues of more than $10 billion were significantly more likely to rate as having strong governance or a “high” grade (A+, A, A-, B+) (Figure 2A) and significantly less likely to rate as having weak governance or a “low” grade (C, C-, D, F). Stronger governance by high-revenue companies may be linked to access to greater resources and larger governance structures. Survey data did not find a significant difference in ACGI scores based on the number of years operating as a publicly traded company (Table 2, page 25). However, in contrast to 2019 results, where regulation had little-to-no correlation with ACGI scores, data suggest that regulation matters during a year filled with crises.
FIGURE 2A: ACGI SCORES BASED ON COMPANY REVENUE
LOW MEDIUM HIGH
> $10 billion
$1 – $10 billion
0% 10% 20% 30% 40% 50% 60%
< $1 billion
6
MANAGEMENT STRUCTURE, CAE REPORTING LINES CORRELATE TO STRONGER GOVERNANCE
ACGI data suggest that management reporting structures and internal audit reporting lines correlate to strength of governance for companies reporting revenue under $10 billion. Respondents who describe their management reporting structures as fairly simple — where material issues make their way to the CEO within a matter of one or two reporting lines — are substantially more likely to have high governance grades. Simple reporting structures also had the lowest incidence of low governance grades.
The size effect observed in Figure 2A is driven by companies operating in unregulated industries (Figure 2B), with size having almost no effect on regulated companies’ governance. Based on open-ended survey question responses, it appears COVID-19 contributed to stronger focus on risk management alignment, which could explain higher governance scores among heavily regulated industries. Specifically, highly regulated industries may have been in a stronger position to react more quickly and effectively to crisis management and business continuity risks created by the pandemic.
FIGURE 2B: ACGI SCORES BASED ON COMPANY REVENUE – REGULATED VS UNREGULATED
7
REGULATEDSIZE (REVENUES)
INDUSTRY
< $1 billion
$1 – $10 billion
> $10 billion
MANUFACTURING OTHERIT AND NON-FINANCIALSERVICES
87 75 79 76
85 76 80 80
88 86 84 85
FIGURE 3: ACGI SCORES ON COMPLEXITY OF MANAGEMENT REPORTING STRUCTURE
MGMT. REPORTING STRUCTURE < $1 BILLION
SIZE (Revenues)
Fairly Simple
Moderately/Highly Complex
$1–$10 BILLION > $10 BILLION
84 84 85
74 75 86
The administrative reporting structure for CAEs also is a strong signal of the strength of overall governance. Based on survey responses, 43% of CAEs who report administratively to the audit committee and 42% who report administratively directly to the CEO assigned high overall governance grades to their organizations (Figure 4). The percentage of high overall governance grades drops to 29% among CAEs who report administratively to the CFO. Across all sizes of organizations, governance quality is strongest when the CAE reports administratively to the audit committee or CEO, and weakest when the CAE reports to the CFO.
Because boards of directors typically decide on the reporting structure for the head of internal audit, this pattern may suggest that companies with stronger governance are more willing to give CAEs greater authority and independence within the organization by reporting directly to the audit committee or CEO, thus preventing management from filtering or applying pressure to change internal audit reports before they get to the top leaders of the organization. Further, CAEs who report directly to the CEO or audit committee are more likely to be authorized to evaluate and provide recommendations on a broader scope of risks. Both scenarios benefit the organization by enabling an objective and independent party within the organization to provide information directly to the CEO and the board. That additional insight could then drive better decisions about governance.
Key ObservationsContinued
8
FIGURE 4: ACGI SCORES BASED ON CAE ADMINISTRATIVE REPORTING LINE
LOW MEDIUM HIGH
Audit Committee
CEO
CFO
0% 10% 20% 30% 40% 50%
MEETING FREQUENCY CORRELATION REQUIRES ADDITIONAL STUDY
Frequency of board meetings is not a reliable measure to gauge the quality of governance. Data from the ACGI survey indicate that companies that hold quarterly board meetings are more likely to have higher governance grades (Figure 5) than those that hold more frequent board gatherings. Two theories may help explain these counter-intuitive results. The scarcity of meetings may make them more critical to strong governance, prompting more effective and efficient meetings. Less frequent formal meetings may also signal more frequent and/or effective informal meetings, such as one-on-one discussions among board members, senior management, and internal audit.
However, a deeper analysis of the data shows the correlation was seen primarily in mid-tier firms (revenue size) and for IT and non-financial services, casting some doubt on frequency of meetings as a measure of governance quality. Additional research around the value of informal meeting/communication quality would provide additional perspective to better understand this apparent correlation.
LOWEST SCORING PRINCIPLES CONTINUE TO LAG
Principle 8, which addresses evaluating corporate governance, was the least effective principle for the second consecutive year. While there is modest improvement for this principle, rising 3 points overall to 75, the gains come primarily from improved rating on board discussions on governance and seeking feedback on corporate governance efficacy. What remains virtually unchanged — increasing a single point — is formal evaluations of the full system of corporate governance on a regular basis. That data point remained mired in the C- range at 71.
9
FIGURE 5: ACGI SCORES BASED ON FREQUENCY OF BOARD MEETINGS
LOW MEDIUM HIGH
8 or more meetings per year
5-7 meetings per year
4 meetings per year
0% 10% 20% 30% 40% 50% 60%
“The company put employee health and safety above all else in the discussion, resulting in an
even greater connectivity, allegiance to the company for employees.”
10
“The company put employee health and safety above all else in the discussion, resulting in an
even greater connectivity, allegiance to the company for employees.”
COVID-19’s Impact
In 2020, COVID-19 overshadowed virtually all aspects of business and society. Its potential impacts are noted throughout this report. However, while there is little denying COVID-19 had an oversized influence, there is little hard evidence of its actual effects on governance.
There is indirect anecdotal evidence and informed conjecture that the pandemic improved alignment on risk management and exposed weaknesses in crisis management and business continuity planning. The ACGI survey included a field for open comments from respondents on their organizations’ response to the crisis. We share some of these to provide a glimpse of how the pandemic was managed by individual organizations.
The comments were generally positive and fell into three categories: the organization’s response and existing governance structure, communications and actions to create specialized response teams, and actions to ensure employee safety, communications, and alignment.
• “I think it really was more about people knowing what to do and being empowered to do it within the pre-existing governance framework.”
• “The company acted quickly and decisively to put flexible policies in place for each group to manage as best they could — working from home, the right IT tools, whatever equipment and PPE that was needed. Our core governance and procedures remained in place, but we gave people the flexibility to get their work done.”
• “Established an executive task force; increased frequency and focused content of board communications; leveraged existing Incident Response framework; used internal intranet portal for timely, diverse company communications.”
• “Frequent communication across all levels within the company and board. A COVID-19 response committee was set up immediately and was instrumental in effective messaging and determining the best actions to take.”
• “Communication on following good corporate governance practices was communicated by internal audit, finance, legal, and other key groups.”
• “The company put employee health and safety above all else in the discussion, resulting in an even greater connectivity, allegiance to the company for employees.”
• “Management was clear on priorities and objectives to help everyone stay focused and aligned.”
Praise was not universal, however.
• Management decisions were made in an autocratic manner.”
• “I would say that due to the culture of our company (problem solvers and get things done), some members of lower management took things into their own hands and came up with answers that may not have been consistent with the broader company approach. Internal audit helped identify some of these areas and get the right people connected.”
11
Corporate Governance Roles
THE BOARD
• Establishes the organization’s tone at the top by setting the risk appetite and ethical boundaries.
• Provides strategic oversight for long-term value creation that keeps the organization aligned with the needs and interests of its primary stakeholders.
• Remains sufficiently informed to provide effective oversight of executive management’s activities.
• Holds executive management to account when it fails to meet stated goals and objectives, strays beyond the stated risk appetite, or fails to operate within set ethical boundaries.
• Ensures internal audit is sufficiently resourced and independent from management so that it provides objective assurance and insight.
EXECUTIVE MANAGEMENT
• Sets policies and procedures, and establishes relationships that enable the organization to identify, articulate, and meet objectives.
• Establishes and executes strategies, develops budgets, and delegates responsibilities to meet short-term goals and long-term strategies that lead to value creation.
• Monitors the achievement of objectives, rewards or mitigates results, and disciplines unsuccessful or inappropriate behavior.
• Keeps the board fully informed on the status of goals and objectives and of risks (internal and external) that could affect the likelihood of achieving goals and objectives.
INTERNAL AUDIT
• The CAE reports directly to the Board of Directors and is independent of management.
• Enhances and protects organizational value by providing risk-based and objective assurance, advice, and insight.
• Improves operations and supports the achievement of the organization’s objectives through an objective, systematic, and disciplined approach.
• Brings a cross-functional, enterprisewide perspective to evaluate and improve the effectiveness of risk management, control, and governance processes.
• The CAE acts as a resource for the board and executive management by providing objective assurance and insight.
12
Three Lines Model
As with the inaugural ACGI, this year’s report identifies the corporate governance roles of boards, executive management, and internal audit (see page 12). The interaction, communication, and alignment among these supporters of corporate governance are vital to an organization’s overall success. This theme is echoed in The IIA’s new Three Lines Model (Figure 6), a refresh of the widely used Three Lines of Defense Model, which was released in July 2020.
Like ACGI, the Three Lines Model is principles based and provides critical guidance on the roles of the governing body (board), executive management, and internal audit. The Three Lines Model provides a concise and informative outline of responsibilities borne by each group:
• Accountability by a governing body (board) to stakeholders for organizational oversight through integrity, leadership, and transparency.
• Actions (including managing risk) by management to achieve the objectives of the organization through risk based decision-making and application of resources.
• Assurance and advice by an independent internal audit function to provide clarity and confidence and to promote and facilitate continuous improvement through rigorous inquiry and insightful communication.
ACGI and the Three Lines Model have complementary key messages that help nurture effective governance. The Three Lines Model includes information on how it should be applied within individual organizations as to structures, roles, and responsibilities as well as oversight and assurance. Most importantly, it urges coordination and alignment.
“Effective governance requires appropriate assignment of responsibilities as well as strong alignment of activities through cooperation, collaboration, and communication. The governing body seeks confirmation through internal audit that governance structures and processes are appropriately designed and operating as intended 1.”
1 See “Three Lines Model” report, The Institute of Internal Auditors, July 2020
13
Governing body roles: integrity, leadership and transparency
EXTERN
AL ASSUR
ANCE PR
OVID
ERS
First line roles: Provision of
products/servicesto clients;
managing risk
Second line roles: Expertise, support,
monitoring andchallenge on
risk-related matters
Third line roles: Independent and
objective assuranceand advice on allmatters related tothe achievement
of objectives
KEY:
Accountability, reporting
Delegation, direction,resources, oversight
Alignment, communicationcoordination, collaboration
GOVERNING BODYAccountability to stakeholders for organizational oversight
MANAGEMENTActions (including managing risk) to achieve
organizational objectives
INTERNAL AUDITIndependent assurance
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
FIGURE 6: THE IIA’S THREE LINES MODEL
The Guiding Principles of Corporate Governance define core
actions and responsibilities that promote successful, ethical,
and sustainable corporate governance2. They go beyond the
publicly observable measures of corporate governance, such
as the number of board meetings, biographical information
for directors, and executive compensation disclosures, which
alone fail to capture the effectiveness of an organization’s
corporate governance system. Prescriptive solutions have not
been proposed because corporate governance does not allow
for a one-size-fits-all approach and companies will need to
find their own best practices based on the company’s age, size,
complexity, extent of international operations, etc. Companies
should seek legal advice before implementing specific
corporate governance policies and procedures to ensure
compliance with applicable laws and regulations, including
securities exchange listing requirements.
14
2 The principles reflect a compendium of viewpoints from the sources cited here. Individual quotations and citations are not provided because the intention is to create a summarized set of viewpoints from multiple sources.
15
Principle 1
GUIDING PRINCIPLES OF CORPORATE GOVERNANCE
While the improvement in management and the board’s ability to communicate with clarity, action, and collaboration is excellent news, improving from a B- to a B, on average, it is troubling that the greatest area of concern related to Principle 1 continues to be the extent to which management structures are effective at getting the right information to the right decision-makers in a timely manner. In times of crisis, such as the COVID-19 global pandemic, delays in timeliness of information transfer could affect not just profits and long-term growth, but the health and safety of employees, customers, vendors, and other key stakeholders.
OPPORTUNITY FOR IMPROVEMENT:
Communications between each of the members of senior leadership are clear, actionable, and collaborative.
Communications between senior leadership and the board are clear, actionable, and collaborative.
Management structures are effective at getting the right information to the right decision-makers in a timely manner.
Effective corporate governance requires regular and constructive interaction among key stakeholders, the board, management, internal audit, legal counsel, and external audit and other advisors.
83
2020 2019
85
86
79
79
80
82
75
B
16
83
Principle 2
While organizations continue to do fairly well in identifying stakeholders and considering their interests (rising from 86 to 89, on average), the lowest score for Principle 2 continues to be whether key leadership members are cognizant of the impact that corporate operations have on social and environmental issues and whether they are actively pursuing ways to minimize any negative impacts. While there was an improvement compared to last year, further improvement is needed given that CAEs assess this area of governance as a 76.
Directors report increasing awareness of ESG issues, citing improvements to the frequency with which it is discussed in the boardroom and increasing weight to necessary ESG expertise on the board. However, only 45% of directors report that ESG issues are “regularly” a part of the board’s agenda3. Thus, CAEs’ hesitation to raise assessment on this area above a C is perhaps not surprising given that there continues to be hesitation in the boardroom to regularly discuss these issues.
3 See PwC’s 2020 Annual Corporate Directors Survey, available at https://www.pwc.com/us/en/services/governance- insights-center/library/annual-corporate-directors-survey.html.
OPPORTUNITY FOR IMPROVEMENT:
The company considers a wide range of stakeholder interests when making business decisions.
There is a consensus among the board and senior leadership on who the key stakeholders are in your company.
In your daily jobs, you and other key leadership members are cognizant of the impact your corporate operations have on social and environmental issues and you are actively pursuing ways to minimize any negative impacts.
The company has not been subject to shareholder proposals, proxy advisor ‘against’ recommendations, ‘vote no’ campaigns, proxy fights, or shareholder litigation.
The board should ensure that key stakeholders are identified and, where appropriate, stakeholder feedback is regularly solicited to evaluate whether corporate policies meet key stakeholders’ needs and expectations.
86
2020 2019
87
89
76
89
81
83
86
73
80
B
17
86
Principle 3
For Principle 3, the least effective element continues to be the extent to which board members are willing to offer opinions that are contradictory to or conflict with those of the CEO. While nearly every other facet of Principle 3 saw significant improvement in scoring, this facet of Principle 3 stayed relatively flat and troublingly low. When presented with specific scenarios in which the CEO wants to delay reporting negative news, respondents believe that only 66% of board members at their company would push back on the CEO (which is relatively consistent with only 64% in the prior year).
OPPORTUNITY FOR IMPROVEMENT:
Board members present diverse perspectives when discussing issues.
The board probes into sufficient detail for most topics.
Your board has sufficient technical expertise to oversee areas of current or emerging risks.
Board members are compensated in a way that aligns with long-term strategic goals.
Board members have the necessary time and attention needed to fulfill their responsibilities.
Your board conducts a thoughtful, robust evaluation of the entire board and/or individual board members on an annual basis.
Your board commits, and follows through, to improve upon any weaknesses identified in the annual board and/or committee evaluations.
Board members are not afraid to offer opinions that are contradictory to or conflict with those of the CEO.
Board members should act in the best interest of the company and the shareholders while balancing the interests of other key external and internal stakeholders.
85
2020 2019
86
86
84
89
86
86
76
86
80
79
83
79
83
79
79
75
84
B
18
85
Principle 4
For Principle 4, the two key areas needing improvement are consistent with last year’s index: the company’s willingness to avoid sacrificing long-term strategy for the benefit of short-term interests, and the extent to which employees receive adequate training to complete expected job duties. Both of these areas improved from the prior year, rising from 67 to 70 and from 70 to 76, respectively. However, additional improvement is needed. Successfully addressing these issues will fall primarily on senior management. Boards can support senior management in these areas by reinforcing their commitment to long-term performance and value, as well as to training and support for employees.
OPPORTUNITY FOR IMPROVEMENT:
Employees receive adequate training to complete expected job duties.
The company’s objectives and long-term strategic goals are clearly communicated to, and well-known across the company.
Your company is not willing to sacrifice long-term strategy for the benefit of short-term interests.
Employees are compensated and/or incentivized in a way that encourages the achievement of corporate objectives in an ethical manner.
The board should ensure that the company maintains a sustainable strategy focused on long-term performance and value. 79
2020 2019
80
76
75
77
70
C+
19
The board is willing to discipline and take corrective action when necessary by replacing key members of senior leadership and/or adjusting compensation structures.
Your company has sufficient resources (time and money) to appropriately respond to crises or disruptions as they arise, without cutting corners or sacrificing long-term performance.
81
70
86
82
78
67
83
76
79
Principle 5
While all elements of Principle 5 have improved compared to last year, the least effective element of Principle 5 continues to be the extent to which the board consciously thinks and talks about the company’s culture. Respondents are reasonably confident that the board and senior leadership embody an appropriate “tone at the top.” While respondents demonstrate increasing confidence that this tone is embodied throughout the rest of the organization (improved from 78 in the prior year to 82 this year), the gap between the scoring for the board and CEO’s tone at the top (94) and the rest of the organization (82) is troubling.
Boards consciously thinking and talking about the company’s culture with senior management should lead to natural improvements in the dissemination of tone at the top through the rest of the organization, because it reinforces to management that this is an important issue for the board. Conversations with CAEs suggest that evaluating culture throughout the organization is difficult, but possible. Surveys alone are not likely to be sufficient — such evaluations require integrating onsite visits of internal auditors throughout the organization. Given the transition to remote working, this is an area that internal audit and boards should keep a close eye on in 2021.
OPPORTUNITY FOR IMPROVEMENT:
Your board consciously thinks and talks about the company’s culture.
Your board and CEO embody a strong “tone at the top” in your organization that would pass any ethical test.
“Tone at the top” is communicated to and consciously embodied across all levels of the company.
The company has not been accused of ethical issues (e.g., sexual harassment, unfair working conditions, environmental issues, etc.).
Management would take appropriate corrective action if a policy, procedure, or workplace rule violation was detected.
The board should ensure that the culture of the company is healthy, regularly monitor and evaluate the company’s core culture and values, assess the integrity and ethics of senior management, and, as needed, intervene to correct misaligned corporate objectives and culture.
86
2020 2019
78
94
82
90
88
82
74
91
78
87
83
B
20
86
Principle 6
Relative to improvements seen in other areas, Principle 6 is largely stagnant compared to last year’s survey. The least effective element continues to be the extent to which board members ask whether the information presented to the board is accurate and complete, showing only a slight improvement from 67 to 68. Four percent of respondents acknowledged that, in the preceding 12 months, there had been a cybersecurity breach related to information given to the board; and only 37% of respondents believe that their boards are required to use either corporate emails or board portals to protect proprietary company information.
Perhaps more troubling is that 23% of CAEs are aware of a cybersecurity or IT data breach outside of information given directly to the board, suggesting that attacks on companies are fairly common.
Although not addressed directly in our survey, to the extent that management is concerned about the board’s loose protection of company information, there exists a risk that managers may consciously or subconsciously withhold certain relevant information from the board.
OPPORTUNITY FOR IMPROVEMENT:
Board members are given all the necessary information for effective oversight.
The board protects proprietary information given to the board.
Your board members ask whether the information presented to the board is accurate and complete.
Your CEO does not heavily filter or water down “bad” news before it goes to the board.
Board members are given sufficient time to thoughtfully review all materials prior to board meetings.
The board should ensure that structures and practices exist and are well-governed so that it receives timely, complete, relevant, accurate, and reliable information to perform its oversight effectively.
79
2020 2019
90
69
78
87
69
C+
21
Your board does not prefer for management to handle bad news on their own; nor do they prefer that management selectively report information to the board to protect the board’s potential liability.
77
68
82
89
77
67
81
87
79
Principle 7
Principle 7 remains one of the most effective principles of governance. We are pleased to see that the percentage of CAEs reporting that employees are familiar with how to report violations of law or policy has improved, from 78% in 2019 to 82% in 2020. This is particularly important as employees are required to work remotely.
Whereas nearly every other aspect of governance showed improvement year-over-year, Principle 7 identified two areas of decline compared to last year: respondents expressed further concern about whether the internal audit function is adequately staffed, in terms of both the number and expertise of staff, and that information submitted to hotlines or fraud reporting lines was followed through effectively.
OPPORTUNITY FOR IMPROVEMENT:
Employees are familiar with how to report violations of law or policy.
Public information is accurate, adequate, complete, representative, timely, and transparent.
The internal audit function is adequately staffed, in terms of both the number of staff and expertise of the staff.
The company has not been under investigation by the SEC or other governmental or regulatory authorities.
The company has not experienced restatements, cybersecurity breaches, or unremediated material weaknesses or significant deficiencies.
Information submitted to hotlines or fraud reporting lines is followed through effectively.
The board should ensure corporate disclosures are consistently transparent and accurate, and in compliance with legal requirements, regulatory expectations, and ethical norms.
85
2020 2019
82
93
76
90
76
89
83
78
89
77
87
73
90
B
22
An officer or employee (all levels and locations) would be protected from retaliation for reporting a suspected violation of a policy, procedure, or workplace rule.
91 90
85
Principle 8
Principle 8 remains the least effective principle of governance in 2020. While there were improvements in consciously discussing governance within the company, additional improvement is still needed given that CAEs still rate this aspect of governance at only 78. Furthermore, formal evaluations of governance continue to be weak, perhaps caused by boards failing to seek feedback on whether corporate governance is operating effectively at the company. Without effective eval-uations, organizations risk missing warning signs of weaknesses or vulnerabilities that can lead to governance breakdowns.
OPPORTUNITY FOR IMPROVEMENT:
Corporate governance is regularly and consciously discussed in your company.
The board seeks out feedback on whether corporate governance is operating effectively at the company.
The company formally evaluates the full system of corporate governance on a regular basis.
Companies should be purposeful and transparent in choosing and describing their key policies and procedures related to corporate governance to allow key stakeholders an opportunity to evaluate whether the chosen policies and procedures are optimal for the specific company.
75
2020 2019
78
72
73
C
23
75
71
72
70
75
“I think it really was more about people knowing what to do and being empowered to do it within the pre-existing
governance framework.”
2524
25
Additional Findings
To evaluate the extent to which the 2020 ACGI sample is potentially representative of the population of U.S. publicly traded companies, the survey group was compared with all publicly traded companies, along the dimensions of company size (revenue), industry, and publicly observable corporate governance features.
The comparison found that compared to the population of U.S. companies traded on major stock exchanges in the U.S., sample companies tend to be larger and more mature, with a greater representation from the financial services. Sample companies are more likely to have CEO-Chairman duality than the U.S. population, with higher board independence, and a higher number of board meetings, on average.
As far as variation in ACGI scores among these factors, we find that corporate governance scores are, on average, higher for the largest companies in our sample (Table 1), which may be due to access to additional resources and larger governance structures in place. Contrary to expectations, we do not find a significant difference in ACGI scores based on the age, or maturity, of the company (Table 2).
In contrast to 2019, which found very little variation by industry, 2020 ACGI results are significantly split by regulated industries versus unregulated industries. Specifically, financial services and transportation and utilities industries have a higher ACGI grade, on average, compared to the remaining industries (Table 3). Additional research is needed to understand this change from the prior year, but we speculate it emphasizes the importance of regulation during times of great uncertainty, e.g., the current COVID-19 environment of 2020.
Note about 2020 differences: The average ACGI for the > $10 billion companies is statistically higher than the companies with < $10 billion in revenues (two-tailed p-value < 0.05).
< $1 billion
$1 - $10 billion
> $10 billion
POPULATION
60%
30%
10%
2020 SAMPLE
26%
41%
33%
2020 ACGI
82
80
86
2019 SAMPLE
26%
51%
23%
2019 ACGI
76
79
82
TABLE 1: COMPANY SIZE (TOTAL REVENUE)
Note about 2020 differences: The score for companies >20 years old is not statistically different from average for remaining companies. Caution should be taken if trying to conclude that one group is different from the other.
< 10 years
11-20 years
> 20 years
POPULATION
37%
19%
44%
2020 SAMPLE
17%
21%
62%
2020 ACGI
81
82
83
2019 SAMPLE
n/a
n/a
n/a
2019 ACGI
n/a
n/a
n/a
TABLE 2: NUMBER OF YEARS COMPANY HAS BEEN PUBLIC
26
The existence of a CEO-Chairman duality was considered in light of a continuing push from investors to separate these roles. Board independence and number of board meetings also were considered. These are common items of discussion among proxy advisors when making voting recommendations on board elections, and something that is prescribed by listing exchange requirements for certain committees.
Contrary to concerns about CEO-Chairman duality, ACGI scores are significantly higher for sample companies where the company’s CEO also serves as Chairman of the Board (Table 4), specifically where the CEO-Chairman duality is paired with strong board independence (Table 5). Contrary to prior-year results, we no longer find a significant difference in ACGI scoring along the dimension of board independence (Table 6), and we now find that ACGI scores are the highest for companies reporting only four meetings per year (Table 7).
Note about 2020 differences: The average ACGI scores for Financial Services and Transportation and Utilities (“Regulated” Industries) are significantly higher than for all other industry groups (two-tailed p-value < 0.01).
Financial Services
Manufacturing
IT and Non-financial Services
Wholesale and Retail Trade
Transportation and Utilities
Other
POPULATION
18%
31%
27%
5%
6%
13%
2020 SAMPLE
28%
27%
14%
7%
5%
19%
2020 ACGI
86
79
81
84
87
80
2019 SAMPLE
32%
25%
12%
10%
13%
8%
2019 ACGI
79
79
81
74
78
84
TABLE 3: INDUSTRY
Note about 2020 differences: The average ACGI for dual CEO-Chairman is statistically higher compared to companies with a separate CEO-Chairman (two-tailed p-value < 0.05).
Dual CEO-Chairman
Separate CEO-Chairman
POPULATION
30%
70%
16% 13% 82 11% 74
14% 27% 86 27% 83
70% 61% 81 62% 78
2020 SAMPLE
39%
61%
2020 ACGI
85
81
2019 SAMPLE
38%
62%
2019 ACGI
80
78
TABLE 4: CEO-CHAIRMAN DUALITY
Note about 2020 differences: The average ACGI for dual CEO-Chairman compensated by an independent board is significantly higher than the other two groups (two-tailed p-value < 0.01). The dual CEO-Chairman without a compensating independent board is not statistically different from the separate CEO-Chairman. Here, a board is considered to have compensating board independence when board independence is greater than the population median (86%).
Dual CEO-Chairman without a compensating independent board
Dual CEO-Chairman compensated by an independent board
Separate CEO-Chairman
POPULATION 2020 SAMPLE 2020 ACGI 2019 SAMPLE 2019 ACGI
TABLE 5: CEO-CHAIRMAN DUALITY, AFTER CONSIDERING BOARD INDEPENDENCE
Additional FindingsContinued
27
A number of non-public aspects of corporate governance were also considered.
Results show corporate governance is stronger for companies where the administrative reporting line for internal audit is directly to the audit committee or CEO, with no potential filtering from other members of senior management (Table 8). This is an area where additional research is needed, both for the quality of corporate governance and the quality of internal audit work. Second, perhaps not surprisingly, companies score significantly lower in the ACGI when their reporting structures are moderately or highly complex (Table 9).
Note about 2020 differences: We split the sample using the median percentage of independent board members from the population for fiscal year 2019 (85.7%). There is no statistical difference between high and low independence groups.
Note about 2020 differences: The average ACGI is significantly higher for companies only meeting once per quarter, or four times per year in 2020, compared to all other companies in the sample (two-tailed p-value < 0.10).
Note about 2020 differences: The average ACGI for companies where the CAE reports administratively to the audit committee or CEO is statistically higher than the average ACGI for companies where the CAE reports administratively to the CFO (two-tailed p-value <0.10). An index score is not provided for “Other” because it comprises disparate groups.
High % of independent members
Low % of independent members
4 meetings per year
5-7 meetings per year
8 or more meetings per year
Audit Committee
CEO
CFO
Other (e.g., General Counsel, Risk Officer)
POPULATION
50%
50%
POPULATION
37%
52%
11%
2020 SAMPLE
11%
14%
59%
16%
2020 SAMPLE
68%
32%
2020 SAMPLE
21%
47%
32%
2020 ACGI
84
84
81
NA
2020 ACGI
82
82
2020 ACGI
85
81
82
2019 SAMPLE
59%
41%
2019 SAMPLE
34%
46%
20%
2019 SAMPLE
4%
21%
57%
18%
2019 ACGI
80
77
2019 ACGI
77
79
81
2019 ACGI
88
82
78
NA
TABLE 6: BOARD INDEPENDENCE
TABLE 7: BOARD MEETINGS
TABLE 8: CAE ADMINISTRATIVE REPORTING LINE
Finally, we considered the extent of regulation and foreign operations. Contrary to findings in the prior year, we find that ACGI scores are highest in heavily regulated industries (Table 10) and in companies with no or minimal operations outside the U.S. (Table 11). While not directly asked in our survey, we attribute these changes to the current pandemic and economic environment.
28
Note about 2020 differences: The average ACGI for Fairly Simple reporting structures is statistically higher than the average ACGI for Moderately or Highly Complex reporting structures (two-tailed p-value <0.10).
Fairly Simple. If a material issue were to arise, it could be escalatedto the CEO very quickly, within amatter of one or two reporting lines.
Moderately or Highly Complex. If a material issue were to arise, it would take longer to get to the CEO; several reporting lines would be involved, and for some, it would require complex navigation of reporting lines to get to the CEO.
2020 SAMPLE
60%
40%
2020 ACGI
84
79
2019 SAMPLE
79%
21%
2019 ACGI
80
76
TABLE 9: MANAGEMENT REPORTING STRUCTURE
Note about 2020 differences: The average ACGI for heavily regulated companies is statistically higher than the ACGI scores for minimally and moderately regulated companies (one-tailed p-value < 0.10).
Note about 2020 differences: The average ACGI is statistically higher for companies with no or minimal operations outside the U.S., relative to companies with moderate or heavy reliance on operations outside the U.S. (one-tailed p-value < 0.10).
Minimally regulated
Moderately regulated
Heavily regulated
We do not operate outside the U.S.
Minimally outside U.S.
Moderately outside U.S.
Heavily outside U.S.
2020 SAMPLE
14%
46%
40%
2020 SAMPLE
20%
16%
39%
25%
2020 ACGI
80
82
84
2020 ACGI
83
84
80
81
2019 SAMPLE
16%
35%
49%
2019 SAMPLE
30%
20%
18%
32%
2019 ACGI
80
79
79
2019 ACGI
78
79
80
78
TABLE 10: EXTENT OF REGULATION
TABLE 11: EXTENT OF OPERATIONS OUTSIDE OF THE U.S.
Additional FindingsContinued
29
DEFINITION Corporate governance is the overarching set of policies, procedures, and relationships that enable an organization to establish objectives, set ethical boundaries to the acceptable means with which those objectives will be met, monitor the achievement of objectives, reward successful achievements, and discipline unsuccessful or inappropriate attempts to meet objectives, in order to keep the organization aligned with the needs and interests of its primary stakeholders.
PRINCIPLE 1 Effective corporate governance requires regular and constructive interaction among key stakeholders, the board, management, internal audit, legal counsel, and external audit and other advisors.
PRINCIPLE 2 The board should ensure that key stakeholders are identified and, where appropriate, stakeholder feedback is regularly solicited to evaluate whether corporate policies meet key stakeholders’ needs and expectations.
• Key stakeholders can change over time, and as such, boards should ensure processes are in place to regularly monitor the identification of key stakeholders.
• Key stakeholders are those who have a material impact on corporate operations, or on whom the corporate operations have a material impact.
• Stakeholders can be external or internal and include communities affected by the company’s operations, creditors, customers, employees, regulators, shareholders, suppliers, etc.
• When evaluating business success, the company should also evaluate its social and environmental impact and determine whether it aligns with corporate objectives and the interests of key stakeholders.
PRINCIPLE 3 Board members should act in the best interest of the company and the shareholders while balancing the interests of other key external and internal stakeholders.
• The board should exhibit sufficient independence and objectivity in fact and appearance. There should be a clear form of leadership for the board that is distinct from management. Each board member should employ healthy skepticism in meeting his or her responsibilities and be willing to challenge the CEO and other board members constructively.
• Board members should exhibit high integrity and competence, and provide diverse perspectives in terms of industry expertise, technical expertise, culture, and thought.
• Board members should exhibit a commitment of time and active involvement, including preparation for and direct participation in appropriate board, committee, and shareholder meetings. They should be informed on relevant issues, particularly those involving potential or existing crises, and be available to consult with management, as needed.
• Board members should receive ongoing education and training to perform their responsibilities, including areas of emerging risk to the company.
• Executive sessions should be held regularly and often, as they are critical in establishing an appropriate environment of objectivity and candor. These sessions should include independent directors and those outside directors who do not qualify as independent, but exclude members of management.
• The board should undergo regular, robust evaluations and, as needed, members should be rotated (including leadership positions within the board) to ensure a balance of company-specific knowledge and new perspectives. Effective board evaluations should lead to improved governance and corporate outcomes.
• Shareholders should have fair opportunities to nominate and regularly vote on the retention of board members.
Guiding Principles
30
PRINCIPLE 4 The board should ensure that the company maintains a sustainable strategy focused on long-term performance and value. This includes:
• Defining corporate objectives and approving long-term strategic goals.
• Evaluating risks, including reputational risks, and seeking to balance risk and reward after considering all relevant stakeholders.
• Designing management compensation to align with long-term strategic goals, regularly evaluating performance of the CEO, and overseeing management succession planning.
• Ensuring that all employees receive adequate training and are compensated in a way that encourages achievement of corporate objectives.
PRINCIPLE 5 The board should ensure that the culture of the company is healthy, regularly monitor and evaluate the company’s core culture and values, assess the integrity and ethics of senior management, and, as needed, intervene to correct misaligned corporate objectives and culture.
PRINCIPLE 6 The board should ensure that structures and practices exist and are well-governed so that it receives timely, complete, relevant, accurate, and reliable information to perform its oversight effectively.
• Each board member should have unrestricted access to management, as needed, to fulfill their responsibilities.
• Board members have a responsibility to protect the confidentiality of non-public information.
PRINCIPLE 7 The board should ensure that corporate disclosures are consistently transparent and accurate, and in compliance with legal requirements, regulatory expectations, and ethical norms.
• The board should ensure that an independent committee (an Audit Committee or equivalent) with appropriate expertise is responsible for oversight of both internal and external auditors. Internal audit should have direct and unfiltered access to this committee; it should be adequately resourced; and its purpose, authority, and responsibility should be formally defined and consistent with the International Standards for the Professional Practice of Internal Auditing.
• The board should oversee the company’s assessment of the risk of fraud specifically and ensure that adequate controls are in place to detect and deter fraud.
• The board should have in place processes for employees or other stakeholders to report suspected fraud or misconduct to independent members of the board without fear of retaliation.
PRINCIPLE 8 Companies should be purposeful and transparent in choosing and describing their key policies and procedures related to corporate governance to allow key stakeholders an opportunity to evaluate whether the chosen policies and procedures are optimal for the specific company.
• The board should ensure that the company regularly evaluates the full system of corporate governance to ensure that individual components are operating as expected, and that all components operate in a cohesive manner to achieve corporate objectives.
• The board should ensure that corporate governance evaluations encourage the reporting of potential deficiencies at all levels, including within the board, without fear of retaliation.
• The board should ensure that the company addresses any deficiencies in a timely manner.
Guiding PrinciplesContinued
The ACGI provided screening questions in the survey to ensure that each participant represented a publicly traded company and that each respondent personally had direct access to the board and/or audit committee. Of those participants that met the screening criteria, 166 surveys were attempted, 131 completed all questions related to the ACGI formulation, and 129 additionally completed demographic questions. The survey was conducted from September 1, 2020, through October 5, 2020. The information below provides more information about the ranges of experience levels and types of organizations represented by the participants who completed the survey.
PARTICIPANT DEMOGRAPHICS
• 10 years of direct access to the board and/or audit committee
• 52 years of age
• 73% male
SELF-ASSESSMENT OF CORPORATE GOVERNANCE QUALITY
In addition to questions that are the basis for the ACGI score, survey respondents were asked to:
1. Consider how an external peer reviewer would report on their own corporate governance quality (scoring from 1 – 100).
2. Report how they perceive their corporate governance quality compares with peer companies.
Respondents believe a peer reviewer would assign their organization an average score of 78, suggesting that they would rate themselves slightly lower than their calculated score.
Consistent with the prior year, respondents are optimistic about their corporate governance quality compared with their peers (Table 12). Fifty-seven percent believe their company’s peer review score would be higher, or significantly higher, than their peers, while only 10% believe their company’s peer review score would be lower, or significantly lower, than their peers. We do, however, observe that their calculated ACGI score is positively correlated with their perception of their corporate governance quality relative to their peers. CAEs that perceive their quality to be lower than peers do have lower ACGI scores, on average, relative to CAEs that perceive their quality to be higher than peers.
31
Demographics
Significantly lower than my peers
Lower than my peers
The same as my peers
Higher than my peers
Significantly higher than my peers
%
1%
9%
33%
45%
12%
ACGI
31
70
81
85
88
TABLE 12: SELF-ASSESSMENT OF CORPORATE GOVERNANCE QUALITY
32
Index Methodology
The ACGI is designed to be a reliable barometer of American corporate governance and to provide insight into how companies perform in key areas based on Guiding Principles of Corporate Governance, developed in partnership between the Neel Corporate Governance Center and The IIA.These Principles are based on a compendium of relevant guidance and principles advanced by experts in the field, including the National Association of Corporate Directors (NACD), the New York Stock Exchange, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the Business Roundtable, the Investor Stewardship Group, UT’s Neel Corporate Governance Center, The IIA, and others.
CAEs are uniquely positioned to provide an independent and objective enterprisewide perspective of the organization. The ACGI itself is calculated using responses to a Principles-based governance survey of CAEs at companies listed on U.S. stock exchanges. Survey respondents answered questions anonymously by indicating their level of agreement or disagreement with specific statements and scenarios.
The questions and scenarios were developed based on in-depth interviews with leading CAEs and built around the Guiding Principles of Corporate Governance. A key tenet underlying the ACGI and the accompanying Guiding Principles is that corporate governance affects a company not only in the boardroom or C-suite, but throughout the organization. The more that companies increase their scale and geographic reach, the more difficult it is for boards and executive leadership to directly guide and oversee corporate governance across all levels of the organization. Therefore, questions are designed to capture the effectiveness of corporate governance enterprisewide. Responses to each question are combined to form an aggregate score using a scale of 0–100, which is then translated into a letter grade of A through F. The score for each principle is an equal-weighted average of each of the sub-principles, or elements.
This year’s index is based on survey responses from 131 CAEs working in companies of various sizes, complexities, and industries.
The IIA and the Neel Corporate Governance Center are committed to conducting the survey annually, providing an unbiased examination of the data, and sharing insights about the factors that influence corporate governance over time.
3033
“. . . some members of lower management took things into their own
hands. . . . Internal audit helped identify some of these areas and get the
right people connected.”
In 2018, The Institute of Internal Auditors and the Neel Corporate Governance Center at the University of Tennessee’s Haslam
College of Business in Knoxville, Tennessee, began collaborating on an ambitious project to develop principles and an annual
index to measure the quality and effectiveness of corporate governance among publicly held companies in the United States. With
more than 200,000 members worldwide, including over 66,000 in the United States, The IIA is the internal audit profession’s most
widely recognized advocate, educator, and provider of standards, guidance, and certifications. The Neel Corporate Governance
Center was founded in 2003 in the wake of corporate scandals that preceded the Sarbanes-Oxley Act. Its mission is to conduct and
disseminate nationally recognized research on corporate governance with a focus on public policy. Instrumental in developing
the American Corporate Governance Index (ACGI) are Terry L. Neal, Ph.D., CPA, Director of Corporate Governance, and Lauren
M. Cunningham, Ph.D., CPA, Director of Research at the Neel Center. Neal is the Richard L. Townsend Distinguished Accounting
Professor and head of the Department of Accounting and Information Management. His research, which has been published in
top-tier academic journals, primarily addresses issues related to corporate governance and auditor independence, with a particular
emphasis on the role of the audit committee as a corporate governance mechanism. Cunningham is an associate professor in the
Department of Accounting and Information Management. Her research, which focuses on the effects of audit, corporate gover-
nance, and regulatory oversight on financial reporting quality, also has been published in top-tier academic journals and present-
ed at the U.S. Securities and Exchange Commission’s Division of Economic and Risk Analysis as well as conferences internationally.
Acknowledgments
34
35
About The IIAThe Institute of Internal Auditors (IIA) is the internal audit profession’s most widely recognized advocate, educator, and provider of standards, guidance, and certifications. Established in 1941, The IIA today serves more than 200,000 members from more than 170 countries and territories. The association’s global headquarters is in Lake Mary, Fla., USA. For more information, visit www.globaliia.org.
About the University of Tennessee Neel Corporate Governance CenterThe Neel Corporate Governance Center at the University of Tennessee, Knoxville’s Haslam College of Business was founded in 2003 following the wake of corporate scandals that preceded the Sarbanes-Oxley Act of 2002. Its mission is to conduct and disseminate nationally recognized research on corporate governance with a focus on public policy. The Neel Corporate Governance Center maintains a close connection with professionals through its Distinguished Speaker Series, which regularly hosts corporate executives, board members, regulators, and other industry leaders.
DisclaimerThe IIA publishes this document for informational and educational purposes. This material is not intended to provide definitive answers to specific individual circumstances and as such is only intended to be used as a guide. The IIA recommends seeking independent expert advice relating directly to any specific situation. The IIA accepts no responsibility for anyone placing sole reliance on this material.
CopyrightCopyright © 2020 The Institute of Internal Auditors, Inc. All rights reserved. For permission to reproduce, please contact [email protected].
Global HeadquartersThe Institute of Internal Auditors1035 Greenwood Blvd., Suite 149Lake Mary, FL 32746, USAPhone: +1-407-937-1111Fax: +1-407-937-1101www.globaliia.org
2020-1585