Home > Risk > Evaluations of the board and its governance

Evaluations of the board and its governance

February 1, 2021 Leave a comment Go to comments

Ron Kral has shared an interesting article on Holding the Board Accountable through Evaluations. I agree with his opening statement:

I find it interesting that while there is no shortage of oversight scrutiny on management’s activities, the same cannot be said of the board’s activities. Perhaps this is due to the board being at the top of the oversight pyramid or the secrecy cloak often surrounding board communications. Regardless of the rationalizations for not formalizing an evaluation process, boards need to lead by example and demonstrate that they are holding themselves accountable, just like any other part of the organization.

He continues with:

Board evaluations are not just for big-public companies, but rather an important process consideration for all boards and committees regardless of size or industry. The board of directors and its committees serve as the foundation of corporate governance in providing oversight of management as led by the CEO. Governance is a process led by people and enabled by technology. Like any other process, it should periodically be evaluated relative to board and committee objectives. This means taking an objective and candid look at the process, the people, the technology, and ultimately the results.

His list of benefits from a robust evaluation is extensive – as it should be:

  • promoting accountability among directors and stakeholders;
  • confirming an understanding of duties;
  • ensuring an ethical control environment;
  • confirming independence between non-management directors, management and key thirdparties (e.g., outside legal counsel, internal audit, external audit, agents, etc.);
  • identifying the need for additional skills or expertise;
  • assessing director composition in terms of diversity (e.g., backgrounds, age, ethnicity, gender, personalities, beliefs, etc.);
  • helping to prioritize responsibilities;
  • providing candid assessment of what is working and what is not; creating awareness for anticipated risks and opportunities;
  • enhancing the ability to attract qualified leaders, both executive management positions and directors;
  • challenging the committee structure in light of rapid changes;
  • promoting comfort levels with investors and creditors thus reducing cost of capital;
  • and sending a message to shareholders that the board takes its duties seriously.

Ron’s evaluation scope is very broad:

  • governance structure
  • code of conduct
  • culture
  • expertise of directors
  • independence of the board, its committees and its auditors
  • access to information and dissemination
  • management oversight
  • management relationship
  • orientation and training of directors
  • overall performance in terms of reaching objectives and fiduciary duties
  • risk awareness, including cyber risks
  • shareholder and stakeholder relations


Where I differ from Ron is in terms of who performs the evaluation and how.


Ron has not considered (at least it is not discussed) the role of internal audit when it comes to organizational governance.

In a 2010 post (wow), I wrote:

 We also need to build up the courage to take on the topic of governance. The IIA definition of internal auditing requires that we provide assurance on governance, as well as on risk management and the related internal controls. Far too few include governance processes in their audit plans, except as they relate to the code of conduct. This is playing around the edges instead of taking on the heart of governance, such as the activities of the board and its committees, including the timeliness and quality of information they receive; the organization and staffing of the enterprise; and the process for establishing, communicating, and cascading organizational strategies through the organization – to ensure all managers are working to optimize performance and realize organizational goals.


The IIA’s Implementation Guide 2110 provides advice on reviews of governance by internal auditors. There is also a Practice Guide, Assessing Organizational Governance in the Private Sector. In 2019, The IIA published Guiding Principles of Corporate Governance.


Ten years ago, I shared an article I wrote in 2003 for the IIA’s magazine on training the audit committee. In that article, I said:

Audit committees — with management’s assistance — need to examine not only their practices as a committee but also as individuals. Each director needs to assess whether he or she has the knowledge, experience, dedication, and time to perform the job effectively. Looking at some of the recent accounting scandals, one must ask whether audit committee members, individually or collectively:

  • Had a sufficient understanding of their responsibilities. For example, why were some officers allowed a waiver from the ethics policy?
  • Had a sufficient understanding of the key accounting and financial rules affecting their company’s financial statements?
  • Understood the company’s business, including not only how it made money but also how it monitored and measured success?
  • Had discussed and understood the more significant risks to the company’s financial statements, its business, and its reputation?
  • Had sufficient knowledge and understanding to ask the right questions and to assess the adequacy of the answers they obtained?

As a CAE, I helped the audit committee assess its own performance, both as individuals and as a team. From that, we built custom training programs for each director.


While Ron’s article makes the case for the board to have an assessment of its performance, I believe the CAE can provide great value by:

  • Performing reviews or audits of those governance processes of greatest concern (i.e., the results of risk-based planning where only areas of greater risk are included in the scope), and
  • Facilitating self-assessments by committees and even the full board


I welcome your thoughts.

  1. Anonymous
    February 1, 2021 at 10:56 PM

    Norman makes some excellent points, as usual. It’s easy for board assignment decisions to be based on an inner circle, rather than looking for the best and brightest board members who can bring differing philosophies and perspectives to the collective thinking of the group. If a board is ineffective and/or lacks competence, this concern should be raised by the Chief Auditor, particularly with regard to subsidiaries.

  1. February 4, 2021 at 4:10 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

<span>%d</span> bloggers like this: