If you are buying a house or a car from the current owner, you want to know that the house or car is safe and operational as stated. After all, you don’t want to move in and discover a flooded basement at the end of the first rainy day, or have the car break down on the first trip to the cottage. If you are like most risk-averse buyers, you engage a professional home inspector or engineer or licensed mechanic to see if everything is as the current owner says it is. You might have been provided the history of repairs or maintenance records but you still want to take the appropriate steps to manage the risk involved in a major purchase. So you call in an external expert – not because you don’t trust the seller but because you want independent verification. After all, your family is going to live in the house or ride in the car.
You might wonder what this has to do with Policy Governance®. Let me explain. A board has three monitoring methods to choose from when it evaluates CEO performance. The most commonly used method is the internal report prepared by the CEO and submitted to the board according to the schedule in the board’s policy or as requested by the board. In an internal report, the CEO confirms that there is evidence that a reasonable interpretation of the board’s policy is being achieved. The critical characteristic of that evidence is that it is verifiable – that anyone else would be able to find that same evidence.
The other two methods – direct inspection and external report – are less frequently used by boards. In direct inspection the board appoints one or more of its members to verify that there is evidence of the CEO’s reasonable interpretation. We’ll talk about direct inspection in another blog. Here, we are focusing on the external report.
What is external monitoring? It’s when the board uses an objective third party expert – like the home inspector, engineer or licensed mechanic you might have hired in the introductory story – with the expertise to determine if there is evidence of compliance with the board’s policy – reasonably interpreted by the CEO. A board may also ask the third party to determine if the CEO’s interpretation is, in fact, reasonable – by confirming that the rationale for the chosen interpretation is justifiable. For example, is the cited research or the benchmarked industry practice current and relevant? Although it would not be part of the external monitoring, the board might also ask for an expert opinion on whether its policy is sufficiently rigorous to address the risks intended to be addressed by a policy. By the way, this latter request to an expert is not part of the external monitoring but it is an efficient way to test the robustness of the board’s policy criteria.
Why would a board use external monitoring? Obviously the board is not buying a house or used car, nor is there a parallel between the CEO and someone selling a house or car. However, a board needs to exercise due diligence particularly in the areas of significant organizational risk. External monitoring can be an additional means of exercising diligence. The board may want to use external monitoring as a means of gaining additional data for its evaluation of CEO performance. The board may also use external monitoring as a way of demonstrating accountability in an organization where the ownership is particularly risk averse.
How does a board get an external monitoring report? The board needs to identify an objective third party whose expertise fits with the policy being monitored. Since the starting point of any of the three methods of monitoring is the CEO’s reasonable interpretation, the board needs to find an expert who understands that their assignment is to verify that there is evidence that supports those interpretations. You might need to remind the expert that her criteria or standards are not the basis of the report. While it is ideal if the expert has some level of knowledge about Policy Governance, it is usually sufficient if she is willing to consult with a knowledgeable director or the organization’s governance coach when there aare questions about how to seek data or state conclusions.
Who can the board use as an expert? A board might use an auditor for external monitoring of some financial policy items, but don’t confuse an external report with the auditor’s report. When asking the auditor to provide external monitoring, the board asks the auditor to confirm there is evidence of compliance with specific policy items that would not necessarily be part of the audit. For example, it asks the auditor to verify that changes to the CEO’s compensation and benefits are consistent with those approved by the board. When the board uses the auditor to provide an external report for specific policy items, it usually needs to add these items to the letter of engagement.
There are other policies for which a board might want an external monitoring report, for example, Treatment of Staff or Clients, Investment, and various policy items in Protection of Assets, in which case the board may seek out the expertise of a lawyer, HR professional, licensed investor, cyber security specialist, insurance agent, etc. Do not ask a board member, even if they are expert, to carry out external monitoring. This would become direct inspection – an upcoming blog…
When should a board use external monitoring? There is no one answer to this question. Some boards like to use external monitoring as part of their regular schedule for evaluating CEO performance. A board can use the three methods of monitoring individually or in combination in whatever frequency it chooses. A board needs to reflect carefully on the approach that will assure itself of organization and CEO performance.
For example, if treatment of clients or protection of online data are significant organizational risks, the board might schedule external monitoring of the policy or policy item every second or third year, alternating with internal monitoring in other years. A board may also use external monitoring in response to the possible risks where there are signs that something is not quite right. The bottom line: A board has the authority to monitor any policy, any part of any policy or any specific application of any policy item, at any time, by any of the three monitoring methods. Doing so is its job.
If your board is interested in learning more about how to effectively use external monitoring, our consulting team would be pleased to support your efforts.