The National Association of Corporate Directors has published its 2014– 2015 NACD Public Company Governance Survey. The survey, which presents findings from more than 1,000 public company director responses received to the NACD’s annual questionnaire, is available to NACD members on the Association’s website and has been summarized in the press. Highlights of the report include:

  • Directors want changes in the allocation of risk oversight responsibility, but not assignment to the audit committee. Nearly half of boards (48 percent) assign risk oversight to the audit committee, while 34 percent assign this responsibility to the full board. However, only 30 percent of survey respondents believe that the audit committee should be given this task.  A majority, 52 percent, believe risk oversight should be assigned to the full board.  About one quarter (24 percent of respondents) believe that their boards have not assigned risk to the correct group.
  • Directors are not happy with the cyber and IT risk information they receive. Thirty-six percent of respondents were not  satisfied with the quality information provided by management on cybersecurity and IT risk; 52 percent were not satisfied with the quantity of the information they received.
  • Director time commitment is rising.  Public company director  time commitment averaged 278 hours annually, an increase from 236 hours in the prior survey. Excluding time devoted to informal meetings and conversations with management, the director time commitment was 242 hours.
  • Formal CEO succession planning is increasing.  Fifty-seven percent of respondents indicated that their boards have a formal CEO succession plan. In 2011, the comparable number was 39 percent
  • Boards are respo nd ing to s har eh old ers ’ ex ec ut i ve c om pens at ion  concerns. More than half (57 percent) of the boards represented in the survey expanded their executive compensation explanations in the proxy statement, and 30 percent revised their executive compensation plans.
  • About half of companies have lead directors. Fifty-one percent of respondents said their boards appoint lead directors, and 25 percent of boards with independent chairs also have lead directors. A large majority (79 percent) of boards on which the CEO serves as chair have lead directors.

Comment: The survey reflects a growing recognition that assignment of responsibility for overall risk assessment and management to the audit committee may not be the best approach. As the breadth and nature of the risks meriting board attention increases, more boards are recognizing that the full board should assume these responsibilities, rather than delegating them to the audit committee. The increased focus on and urgency of cybersecurity risk has underscored this trend. The July 2014 Update summarizes one experienced audit committee member’s strongly-held view that cybersecurity is an operational risk and should be a full board responsibility, rather than an audit committee assignment.