Statements made by the director of an ASX-listed company at the tail end of 2023 are a wake-up call for non-executive directors as they contemplate a year ahead filled with challenging governance issues.
Before outlining what I believe are the five biggest issues facing boards of publicly listed companies, it is worth repeating remarks made by Bank of Queensland chair Warwick Negus at the BOQ annual general meeting. When asked why the board had lacked visibility of issues with its risk management, Negus was direct. “The board papers were coming very late,” he said. “They were heavy [on] details and often the real message was embodied within the board paper itself, so it made it very difficult as a board to challenge these issues in a timely fashion.”
BOQ has since improved the timing and structure of board papers. They must now come a week in advance and, according to Negus, they must “make sure that the real message is contained on page one — it stands out”.
It should be obvious to most directors by now that being on a board is not a case of “set and forget”. To do their job properly they need timely and informative board papers. It is only when armed with detailed financial information that directors can monitor the financial performance of a company. As ASIC chair Joe Longo said in a speech at the AICD Australian Governance Summit in March 2023, directors must be willing to ask themselves questions such as, “Do I understand the business of the company of which I’m a director? Do I have a continuous curiosity and understanding of all aspects of the company’s core business and the reasonably foreseeable financial and non- financial risks posed by that business? Am I committed to challenging management to ensure my understanding is well-founded?”
It is against this background that I give my snapshot of the five biggest governance challenges facing boards in 2024.
Cyber resilience and data integrity
These two issues pose the greatest risks to corporations and therefore require intensive director oversight. We know from the results of ASIC’s Cyber Pulse Survey that some boards are not ready for cyber attacks, despite the evidence of severe financial and reputational damage from cyber attacks at Optus, Medibank, Latitude Financial and DP World.
In a nutshell, ASIC found that 44 per cent of companies do not manage third party or supply chain risks, 58 per cent cannot, or have limited capability, to protect confidential information adequately, a third do not have a cyber incident response plan and one in five have not adopted a cybersecurity standard.
Boards cannot be expected to do the job of management. But they do need to force management to address any deficiencies in cyber risk plans and, if necessary, replace managers if it is clear that they are actually incapable of addressing those deficiencies.
Mandatory climate reporting for the country’s largest companies is proposed to commence from 1 July 2024. It will mark a profound change in corporate reporting and impose additional obligations on directors with regard to climate change risk.
Large entities will have to report annually on climate-related risks for scope 1, 2 and 3 carbon emissions. Boards will have to ensure management has developed an appropriate climate governance strategy, including metrics, targets, transition planning and risk management.
It is clear these reforms will require a significant capability uplift inside companies and on boards. Also, advisers and auditors will play a crucial role in ensuring that climate disclosures are accurate, effective and meet the standards. ASIC deputy chair Karen Chester told the ASIC forum in November, “We will help people correct... But when needed, we will be an agent of enforcement”.
Tech skills and AI
I first started writing seriously about technology in 2000 as technology editor of the Australian Financial Review. It was the dot-com boom and I was inundated with pitches from large and small tech companies. I discovered that lurking behind all the self-promotion, Australian companies had a poor track record for implementing large-scale technology projects and, more often than not, the details of these tech disasters were being hidden from shareholders.
Boards sometimes struggle to effectively manage digital transformation projects, which are often presented to them by management as being focused and tightly budgeted. However, they can end up with changes in scope, extensions of deadlines and considerably higher costs than originally stated.
As was the case 24 years ago, the ugly post mortems are, to a large extent, kept secret despite the root causes, which are weak or non-existent business cases. Embarking on a tech upgrade or digital transformation without actually figuring out what you want to do is reckless.
This poor track record in tech does not augur well for the transition to an AI-enabled world, where companies need enhanced digital technology skills and a good understanding of the power of AI products such as ChatGPT. Boards will have to think hard about the ethical issues that come with the implementation of vanilla AI and the much more powerful iteration, generative AI. Some directors also need to lift the level of their tech skills. When boards consider whether a “tech director” would fit appropriately into their skills mix, I believe the minimum expectation should be a lifetime in tech — ideally including time writing software code.
Rumbling distrust and dissatisfaction among the shareholders of poor-performing companies are not new, and I am surprised by how disruptive aggressive activism campaigns can be for some boards. They go hand in hand with the vagaries of the business cycle.
But directors faced with a crumbling share price need to anticipate trouble and prepare a playbook for value creation that includes a well thought-through communications strategy. If a board is employing corporate advisers for the sole purpose of pulling down the shutters or reinforcing the battlements, they need to think again. Too many companies drag the chain to avoid much-needed structural or strategic change.
The key lesson from a series of shareholder activism campaigns over the past five years is that shareholders with relatively small ownership stakes can marshal forces with sufficient power to disrupt and unseat entire boards.
Women and diversity
The slow pace of advancement of women in the management ranks of listed companies outside the top 100 is an embarrassment. After 10 years watching gender diversity either stagnate or go backwards, it is time to get serious in 2024. This is especially true at the 75 per cent of ASX 300 companies that do not have gender-balanced executive teams — and it is most certainly true at the 28 ASX 300 companies with no women in their top executive teams.
There are reasons for optimism about improvements on gender diversity for boards and management. First, there will be increased activism by industry funds pushing for a minimum of 30 per cent of women on ASX 300 boards, which should result in more women in executive ranks. The Australian Council of Superannuation Investors has said it will recommend its industry fund members vote against the boards of ASX 300 companies with poor gender diversity “on a case-by-case basis”.
Second, from early 2024, the Workplace Gender Equality Agency will publish employers’ reported gender pay gaps publicly for the first time.
Third, boards will be encouraged to have heightened awareness of the paramount importance of providing safe workplaces, thanks to the AHRC being given broad investigative powers to enforce a new positive duty to eliminate sexual harassment and other unlawful conduct.
Tony Boyd is a contributing editor for the Australian Financial Review and a former Chanticleer columnist.
This article first appeared under the headline 'The Big Issues’ in the February 2024 issue of Company Director magazine.
Already a member?
Login to view this content