NACD Survey: Directors Want Changes to Risk Oversight Process

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

By Michael Greene

Dec. 3 — A recent National Association of Corporate Directors survey indicates that many directors want changes in the allocation of risk oversight responsibility and are not satisfied with cyber and IT risk information provided to them by management.

The NACD “2014-2015 Public Company Governance Survey” released Nov. 13 compiled perspectives on governance trends and best practices from more than 1,000 corporate directors.

The report also found that director time commitment is rising and that a majority of companies now appoint lead directors whether an independent chairman led their boards.

Risk Oversight

Almost one in four directors (24 percent) believe “that their boards have not assigned risk oversight to the correct group.” However, a substantial majority of respondents (84 percent) indicated that their boards had clearly allocated the responsibility.

Almost half (48 percent) of respondents assign risk responsibility to the audit committee and 34 percent assign them to the full board. However, “only 30 percent of respondents believe their boards should assign the risk oversight tasks to the audit committee and 52 percent believe they should be assigned to the full board.”


Although in most areas, respondents indicated that they were satisfied with the quantity and quality of information they received from management, more than a third of respondents expressed concerns regarding the cyber and IT risk information they are provided.

Additionally, more than half (52.1) of the respondents were not satisfied with the quantity of this information provided by management.

According to the survey: “The indicated lack of information regarding cyber risk may pose a problem even for directors knowledgeable about cyber issues. Although most respondents indicated that they had at least some knowledge regarding cybersecurity risks, many felt they could still improve their understanding.”

In the wake of high-profile cyber breaches at companies such as Target (12 CARE 158, 2/7/14) and Home Depot (12 CARE 1113, 9/12/14) within the last year, some experts have advocated for a change to the traditional hands-off approach that most corporate boards historically have taken with cyber threats (12 CARE 1091, 9/5/14).

Lead Directors

The NACD report also for the first time looked at whether a company used a lead director regardless of its board leadership structure, finding that “[m]ore than half (51 percent) of responding boards have appointed a lead director.”

In addition, one in four boards with independent chairmen also have a lead director, and 79 percent of companies with combined chairmen/CEOs have lead directors.

“Over the last 7 years the separate chair and CEO model has become a majority practice and the use of independent chairs has increased substantially,” the report states.

Director Time Commitment Rising

In this year's survey, the NACD changed its calculation for director time commitment to account for “informal meetings/conversations with management.”

“Responses indicated that informal discussions take up a substantial amount of director time.” Under the new calculation, this year's average time commitment is 278 hours, which is 36 hours higher than under the old formula.

The survey also found that director time commitment has increased over the last eight years. “Disregarding the new category, the average public company director time commitment still increased to 242 hours this year from 236 last year.” In 2007, the average director time commitment was slightly more than 207 hours.

Allocating Time

There also appears to be some discrepancy between the issues that directors deem most important and those issues on which directors spend the most time, according to the report.

For example, respondents ranked “CEO succession” and “executive talent management and leadership development” among their top five concerns, but neither of these issues were top five in terms of time spent.

Conversely, “financial oversight/internal controls” ranks seventh in importance, but ranks third in time spent.

“These findings give credence to a common director concern that regulations force them to spend more time on compliance-related requirements as opposed to other top priorities,” the report states.

To contact the reporter on this story: Michael Greene in Washington at

To contact the editor responsible for this story: Ryan Tuck at

The survey is available for purchase at


Request Corporate on Bloomberg Law