AIG, Bear Stearns, Fannie Mae, Freddie Mac, Lehman Brothers et al. are the result of a fundamental flaw in governance of corporate America: Failure to provide independent oversight of management in the governance of these organizations. Management failed to assess, and boards failed to understand, the enterprise risks to these organizations in the debt and investment decisions made by management.

Commentators are stating that the blame is at the top of these organizations – the board of directors, including this statement of Nell Minrow, the editor and chair of the Corporate Library, published by CNN:

“Failure this broad and deep takes a village, and regulators, lawyers, compensation consultants, auditors, executives, shareholders and the press all played a part. But the people who are most responsible for the massive meltdowns of these institutions are the board of directors.”

Regulators are considering more drastic measures, including Ben S. Bernanke, Chairman of the Federal Reserve, from a speech at the UC Berkeley/UCLA Symposium: The Mortgage Meltdown, the Economy and Public Policy, Berkeley, California, on October 31, 2008, as offered with respect to government sponsored enterprises, consideration of “a public utility model” overseen by a public board whose members are approved by a regulator that would have regulatory authority beyond simply monitoring safety and soundness but also for establishing pricing and other rules consistent with a promised rate of return to shareholders.

The likely reaction of the President, Congress, investors and consumers, after this November’s election, will be to provide oversight though government regulation. To avert such regulation, corporate America needs to act quickly in correcting its governance.

The National Association of Corporate Directors has taken a first step to avert such regulations by adopting and publishing on October 16, 2008, Key Agreed Principles to Strengthen Corporate Governance for U.S. Publicly Traded Companies (the “Key Agreed Principles”). The intent of the Key Agreed Principles is to focus board attention to the “oversight of risk, corporate strategy, compensation and transparency.”

Because the reach of the President and Congress will be publicly traded companies and tax-exempt organizations, which will likely be followed by regulators of regulated industries such as insurance and banks, tax-exempt organizations and regulated companies should similarly try to avert regulations by adopting and following similar key principles.

The best defenses against corporate mismanagement remain (1) independent oversight of management by independent directors; (2) with counsel of independent advisors; and (3) holding management accountable for the information provided for reason that independent directors know more about, and are closer to, the business of their organizations and can take corrective action more quickly and knowledgeably than any government or other regulatory official or agency.

Although a director has a state-law right of reliance on management, a director is only entitled to rely on a member of management for matters that the director reasonably believes management is reliable and competent. Determining reliability and competence requires a director to ask questions. Not just once, but repeatedly and of different constituencies of management, sometimes separately with each in executive session. Management must be held accountable for their answers because without reliable and complete information, governance will fail. This requires a director to have sufficient understanding of the matter, or access to counsel of an advisor having sufficient understanding of the matter, to be able to ask the appropriate questions.

The state-law duty of care generally requires each director to have either directly, or with counsel of someone who has, such a sufficient understanding to be able to ask appropriate questions to determine the reliability and competence of management or others for the matters being considered by the board. The state-law duty of care likely requires the board, as a whole, to assure that each director either directly has such knowledge or has access to such counsel.

This is reflected in the Key Agreed Principles: “an effective board [should be] far more than the sum of its parts: it should bring together a variety of skill sets, experiences and viewpoints in an environment” by adding members, or seeking counsel, of “persons with specialized knowledge of relevant businesses and industries and the business environment in which the company functions who can provide insight regarding strategy and risk.” See “III. Director Competency & Commitment” of the Key Agreed Principles.

Accordingly, the solution is for boards to act before the government and other regulators can react. The following are steps that a board should consider taking:

Board Education. Boards should begin with educating their members to be better directors, to become more familiar with the risks to the enterprise of their organizations, to be more aware of the strengths and weaknesses of the members of management and to learn how to hold management accountable for information being provided. This is reflected in the Key Agreed Principles: “A board’s effectiveness depends on the competency and commitment of its individual members, their understanding of the role of a fiduciary and their ability to work together as a group [including] an understanding of the fiduciary role and the basic principles that position directors to fulfill their responsibilities of care, loyalty and good faith.” See “III. Director Competency & Commitment” of the Key Agreed Principles.

Assessing Current Board Experience. Boards should assess and create a database inventorying the experience, skills and expertise of their current members. That database expertise should be reviewed periodically to evaluate whether the correct mix is represented by the current members of the board.

Adding Directors with Needed Experience, Skills and Expertise. In September 2000, Dana Mead, former chairperson of Tenneco, advocated an “expertised” board, which he first described in a conference held at the Fisher College of Business at The Ohio State University on “Building Better Boards.” An “expertised board” is composed by persons each having particular experience, skills or expertise needed for the board to have as a whole all of the experience, skills and expertise necessary to achieve its future objectives.”

Access to Independent Advisors Who Can Provide Necessary Counsel. Because it takes time to constitute a board composed of the appropriate mix of experience, skills and expertise, a board should require that it be given access to independent advisors having the experience, skills and expertise to counsel the board. This requires a board to first have access to a database of such advisors and then to have the resources to retain those advisors to counsel the board. This is important because it is likely that boards will be judged by investors, regulators and eventually courts by the least experienced, least skilled or least knowledgeable of its members unless such members have access to such counsel.

Coaching on Asking Questions. Boards should periodically receive coaching or training on how to ask questions, including: the purposes for which they should be asking questions; the extent to which they should ask questions; when they should accept answers and stop asking questions; and when they need to explore more deeply. This should be considered on a matter-by-matter basis for issues a director identifies that may need the help of an independent advisor. It also should be considered periodically as part of the board’s continuing education process.

Authorize a Standing Committee to Oversee Enterprise Risks. Boards should delegate to a standing committee, or constitute a new standing committee with authority on behalf of the board to investigate, assess and take appropriate action with respect to risks of the organization’s enterprise. To facilitate the exercise of this authority, the boards should require the organizations management, including each of its executive officers, to report such risks to this oversight committee and to meet at least annually with the committee in executive session. For publicly held companies, this authority is to be assumed by the audit committee unless another committee has been designated. However, another committee may be more appropriate given the other responsibilities of most audit committees.

What’s Next? Regardless of the cause, the meltdown of the large financial institutions will directly impact how directors of all organizations must think, evaluate and make decisions.

Whether viewed as an overdue wake-up call or an unfair impugning of director’s integrity, this energizes the debate over director liability and will refocus attention on the duty of care and its required oversight responsibility to expose any disregard of apparent risk.

Directors need to become risk smarter. They need to broaden their view of risk and not limit discussions or analysis only to specific areas of risk. This will require directors to evaluate the role of the boards overseeing that there is adequate risk assessment and make changes where appropriate. To resurrect corporate America directors must realize not only that they remain the first and best line of defense against mismanagement and fraud, but also that they can be the best line of offense for good management and best practices.