Look closely at any recent corporate crisis, and you’ll likely find a flaw in the organization’s culture that went undetected for too long. Following damaging reputational incidents like Wells Fargo, Uber or United Airlines, the board and company management are often blamed for their negligence of bad behavior. In reality, however, it’s far more challenging to detect a crack in corporate culture before it becomes a flood.
Why Culture is So Difficult to Oversee
What is culture? For the same reasons it’s difficult to describe culture, it’s difficult to oversee it. Culture is often defined as a set of common assumptions or beliefs that guide organizational behavior. Yet, these guiding norms or beliefs are influenced by a myriad of factors other than “tone at the top” (e.g., incentives, risk tolerance, external events, industry, leadership personalities).
Cultural factors are also woven into the fabric of every major board committee and governance function—from risk management to CEO succession to incentive plan design—which makes it hard for boards to “tackle”. Culture is both all-encompassing and vague. As a board member, it’s all around you, but hard to touch, monitor, or influence.
Why Culture is Becoming a ‘Hard’ Issue…
After a string of high-profile corporate incidents in 2017, many boards are allocating more time to culture risk oversight. If a corporate crisis is not motivating enough, the Federal Reserve Board has recently raised the bar on the board’s accountability of culture. The Fed’s Feb. 2018 cease-and-desist order with Wells Fargo not only restricts the bank’s growth, but paves the way for the replacement of four board members—an unprecedented connection between culture oversight and director liability, explains TK Kerstetter in a recent Corporate Board Member article.
“Usually these kinds of regulatory steps are saved for banks that are failing or in real capital deficiency trouble, so I view this as quite a shot across the bow that says management and board leadership matters,” said Kerstetter. “If you ever thought that culture was a soft issue, this changes it from a soft issue to a hard issue.”
Four Steps to Guide Board Oversight of Culture
The unwieldy nature of corporate culture sometimes leaves boards uncertain about where to start. In many ways, however, oversight of culture is no different than ERM or cyber risk oversight. The board must begin by identifying and prioritizing oversight around the company’s most valuable assets.
1. Identify the Cultural Factors Tied to Key Risks.
As part of the board’s on-going risk management framework, it should have a set of strategic risks that the board regularly monitors. In a separate discussion, the board should take the time to map all the cultural factors that could contribute to or advance each strategic risk. For example, how could a tweak to the performance evaluation negatively impact employee behavior? How could culture be influenced by external factors or by a leadership decision made in a time of crisis?
The board must attempt to map the various “paths” along which a cultural flaw could evolve into a crisis, then identify potential red flags or Key Risk Indicators (KRIs) that could enable them to intercept a potentially damaging incident before it manifests (more information on KRIs in PwC’s Risk Oversight Series).
2. Build Your Information-Gathering Network.
The key to effective board oversight of culture is arming directors with the right information. This information, however, can be very difficult for the board to gather. In an episode titled “How Boards Can Influence Risk Related to Company Culture”, PwC’s Catherine Bromilow explained the importance of building a diverse network of sources—one that takes the temperature at different levels of the organization and collects both quantitative and qualitative feedback. A few of her recommendations:
Tune into the responses on the cultural survey. Most organizations conduct a survey on company culture; if not, it’s something the board should be asking about. Beyond the empirical results, what are employees saying about the culture when given the opportunity for open-ended response?
Use one-on-one time with members of management to probe about culture. Board-management interactions often take the form of formal reports. How can board committees use their one-on-one time with members of management to ‘get a read’ on culture? When given a forum, management can be effective at identifying potential pockets of bad culture.
Get out of the boardroom. When traveling to company locations for any reason, directors should get out of the boardroom and talk to individual employees. These occasional interactions allow directors to compare what they’re hearing in the boardroom to what’s being said on the shop floor.
3. Plan for the Worst and Be Prepared to Respond.
Despite the board’s hard work, a culture-related crisis could occur at any time. In fact, the board should assume a crisis will occur and should be prepared to respond. In a recent episode with Betsy Atkins, we reviewed the various elements of a crisis management plan, particularly for a culture-related incident:
Don’t be afraid to use another company’s misfortune as a teachable moment. Whether it’s allegations of sexual misconduct or a negative customer service experience caught on video, consider whether the incident could happen at your company. How would the organization respond?
4. Establish a Long-Term Strategy for Culture Risk Prevention
At this point, your board has identified key culture risks and established a framework for both monitoring and responding. Now switch to a proactive perspective: How could you prevent these risks from occurring in the first place?
In a recent webcast hosted by the Center for Audit Quality in partnership with the Anti-Fraud Collaboration, an expert panel offered several examples of how companies (guided by the board’s oversight) are strengthening corporate culture. At Citigroup, for example, the board of directors has established an Ethics & Culture Committee, which operates both above and alongside the board’s standard committees on aspects of cultural oversight.
“The objective of the committee,” explained Mike Carawan, Chief Compliance Officer at Citigroup, “is to have that overarching look at the organization and to ask some of those questions about how we’re getting [to our goals] and how we’re driving the right sorts of [behavior] across the organization.”
In the course of its duties, Citigroup’s Ethics & Culture Committee established a collaborative, company-wide training program that places employees from across the organization in various role-playing scenarios. From the frontline to the c-suite, the program is designed to equip employees with the necessary decision-making skills and enforce company values in high-risk situations.
The best structure for overseeing culture will vary from one board to the next, so be sure to consider your industry, company size, board dynamics, existing committee structure (etc.) when determining the best framework for your own board.
For more information…
For more information, our episode with Dr. Richard Leblanc, “Will Tone at the Bottom Impact Your Shareholder Value?“, discusses strategies for intercepting potentially damaging reputation incidents. Stay tuned for more guidance on board oversight of culture in the weeks ahead.
