Non-financial numbers is not just important for cyber security specialists. The company board should be looking at them too. Photo / 123RF
COMMENT:
A couple of years ago, I chaired a discussion of cyber security managers from some well-known companies. How did they guard against a hack attack? One strategy mentioned was to track each department's comings and goings.
High staff turnover was a warning that the company's computer systems could bebreached, they said. Being hacked required not only a malevolent external agent, but frequently an internal weakness too. That could be in-house sabotage; more often it was carelessness or inattention.
Staff departures could indicate low morale. At the very least, losing people who knew what they were doing and having to initiate new employees meant that IT security could be weakened.
This focus on non-financial numbers is not just important for cyber security specialists. The company board should be looking at them too.
This was a point made forcefully by Peter Montagnon, who so many of us learnt from when he was a Financial Times journalist. After leaving the FT in 2000, he became an expert on corporate governance while working at the Association of British Insurers, the International Corporate Governance Network and the Institute of Business Ethics.
His shrewd analysis, sure-footed moral sense and dry wit brought him both influence and affection, which is why his death last week at the age of 69 occasioned such shock and sadness.
In an article in March for the management journal Strategy+business he wrote about how corporate governance needed to go beyond accounting and structural issues such as separating the chairman and chief executive roles and having enough non-executive directors.
Board members needed to understand the forces that drove organisational behaviour, Montagnon wrote. They still needed to keep an eye on strategy, financial controls and succession planning. "But they must also analyse data they have previously tended to downplay or ignore."
This included staff turnover: the board needed to look at the rate and ask questions if they saw it increasing. But directors should also examine whistleblowing data. Had the number of calls to ethics hotlines gone up or down? If they had gone up, clearly there was cause for worry. But a reduction in calls did not mean the board could relax. It might mean that ethical behaviour, and morale, had improved. Or it could mean that employees had become too frightened to speak.
What other data should the board demand? Equipment failure. "Poorly maintained equipment is a sign of weak culture. To put it crudely, it can reveal that although the pipeline has not exploded yet, it most likely will in due course," Montagnon wrote.
Directors also needed data about employee morale and absenteeism. The amount of information boards should track could seem unmanageable. Montagnon said some constructed a "dashboard", allowing them to focus on a range of indicators.
Boards should also know what other stakeholders were thinking, "including customers, suppliers, shareholders, creditors, regulators, and those who may be affected by their business — for example, local communities where fracking is under way."
Boards needed some first-hand contact with these groups, backed up by opinion surveys.
But, Montagnon wrote, apart from their links with shareholders, who elected them, they should not manage the relationships themselves. The executive directors should do that. But the board should ensure it had information about how these stakeholders felt.
Many companies, Montagnon wrote, had a committee that monitored non-financial risk, ethics and stakeholder relations. They then referred critical issues to the board.
But, and this is a typical Montagnon warning, "none of this will work if a first, vital condition has not been met. Boards cannot decide what sort of behaviour they want and how their organisation should relate to the outside world if they have not first agreed on what their values are and what their company is there for."
This should go beyond generating shareholder returns by whatever means necessary. Companies needed to deliver a product or service of value, something their staff could be proud of. Ensuring that was a board's task too.
"When a company's employees go to work in the morning, they ought to do so with a sense of purpose beyond that of simply making money for the owners."