Governance meetings: 10 critical considerations
13 January 2021: Tim Bentham and James Walker from the Credit Suisse internal audit team explain the 10 areas where governance meetings can commonly go wrong.
Years of experience as internal auditors have taught us a lot about where governance meetings tend to fail. Few other teams have the breadth of scope or degree of access that allows the front-to-back view of topics and issues across organisations that auditors have.
When people think of governance meetings, they often think of meetings at board level. In reality, governance meetings are happening throughout organisations, not just at the top. In an effective governance framework each meeting, no matter the level, is a link in a greater control framework. Structuring a governance meeting requires careful consideration, so it is fit for purpose in its own right and part of the wider governance framework. However, not all meetings are equal, and as such, it is important to distinguish expectations between the different types of meetings.
We provided leaders across the business with a list of considerations based on audit work to ensure that governance meetings run as effectively as possible. These 10 thematic insights are where organisations are most likely to fall down regarding governance meetings.
They can help to address common drivers behind audit findings. These recommendations may prove helpful in outlining standards for those responsible for governance meeting structure:
1) Diagrammatic representation of governance meetings
Governance meeting structures can often be a black and white list. Diagrammatic representation resonates with people in different ways. Looking at a structure chart and seeing how things slot together as part of the bigger picture can help people to focus and think holistically. You can see the governance structure as more of a tree and how the different branches all link together.
2) Committee membership requirements outlining any specific business expertise, support function or lines of defence representation
This is about having the right people at the table. It's all very well having a group of people going into a meeting and having a discussion but if you don't represent the different perspectives or functions, you're not going to get a full picture. Having set requirements allows you to make sure that every function is represented in the discussion to bring in the right control mindset.
3) Clear roles, responsibilities and accountabilities of governance meetings (delivered through a terms of reference) and their chair, secretary and members
Once you've got the right people, you need to make sure that they know their responsibilities. People often wear multiple hats and look at things through different lenses, so knowing what is expected of them and who is accountable on a particular committee is essential.
4) Attendance tracking mechanisms and monitoring to drive representation in line with the terms of reference
Picking the right people for your meeting is a good start, but you have to make sure they attend and engage. Everyone has different and competing priorities, so it's easy for people to miss out on a particular meeting. You must ensure that people effectively discharge their responsibilities. Hold the committee and members to account for the decisions they make and the actions they take. Ensure the committee has the right momentum and mandate to make the decisions that it's supposed to.
Internal auditors attend meetings as independent observers and are starting to use Natural Language Processing to look at meeting minutes to see how much people contribute. It's a good way of determining how involved the various functions are. Everybody in that meeting is there for a reason; everyone should express an opinion.
5) Defined expectations in terms of meeting frequency, substance and the level of challenge
A clear terms of reference is one of the mundane elements of good governance, but the simple things often get overlooked. Businesses may mobilise all the right people, but formalising the basic expectations brings everything together as well as establishes the nature of the meeting and sets the tone for the level of challenge.
6) Delegation arrangements, including the retention of accountability
Everybody's time is scarce, so you're going to have diary clashes. In that case, you might send a representative to the meeting in your place. That doesn't mean you're not accountable for whatever your representative is saying in that meeting, however. It's important for core invitees to know they still have a role, even if they're delegating everything to somebody else. Remember: delegation, not abdication.
7) Procedures to escalate and remediate issues
You can come up with the right ideas and conclusions in a meeting, but it won't have achieved its purpose if it goes no further. There needs to be a structure for taking action, communicating control matters and decisions effectively, and tracking that response.
8) Documentation standards including demonstrability of challenge and fulfilment of responsibilities
In a board meeting, you're going to expect documentation standards to be very high. In governance meetings with less material impact, you're going to have to use some judgment as to what documentation you need, but standards still apply. External reviewers might look at a significant governance meeting minutes to ensure that challenge is appropriate. They usually take the view that if it's not evidenced, it didn't happen. So make sure that meetings have the appropriate level of documentation.
9) Consideration of specific regulatory requirements surrounding governance; independence, segregation of duties and conflicts management
Different regulators in different jurisdictions have varied governance expectations, so one size doesn't necessarily fit all. What's good for regulators in one jurisdiction may not be required for regulators elsewhere, for example. Consider what different regulators want and use that as a baseline. Create a workable commercial governance framework that meets all of the requirements that fit your business. You need to be aware of those regulatory requirements in whatever jurisdiction that meeting is operating in.
10) Management information requirements, including control requirements to drive completeness, accuracy and timeliness
Recognise that decks of different types of information support many of these meetings. Make sure that these are complete, accurate and timely. If you send a meeting deck out two minutes before the meeting, can you reasonably expect that attendees will have enough time to take it in? Look at how that deck is put together and where the information comes from. Can you rely on it? This is internal information, so it doesn't have the same requirements as externally reported information, but it is still critical that it is correct as it often drives key decisions.
Give some thought to your governance meeting structures and frameworks; consider if the common gaps we identified require remediation within your organisation. Tap your internal audit team for thematic insights from a full read-across of their work; it can be a powerful tool that can seriously enhance an organisation’s ability to deliver its strategy. There is meaningful value to be found from your internal auditors’ awareness.
If you are a board member or NED, keep up to date with the news and developments in this field and join ICAEW’s Corporate Governance Community for free.
Access the latest thinking on internal audit from the ICAEW and others from across the finance and auditing sector, with ICAEW’s dedicated Internal Audit Resource Centre.