Back To Top

Cybersecurity and climate risk: Does your board need an expert?

Authored by RSM US LLP


As they have been for decades, corporate directors are expected to play a key role in a company’s oversight and governance. However, as these board members know all too well, their critical function encompasses additional issues each year. This is a challenging time for corporate directors as they seek strategic understanding of all the various matters for which they are responsible.


This spring, the US Securities and Exchange Commission (SEC) released proposed rules regarding cybersecurity and climate-re­lated disclosures. Both proposals would require disclosures about the registrant’s governance, including the board’s oversight of these issues. If finalized as proposed, such disclosures would be required to address, among other matters, whether any board members or committees are responsible for such oversight and whether any board member has expertise in climate-related risks.


One reaction could be to concentrate on what the board needs to properly address these disclosures. But although such disclosures are important, they should not drive the board dynamics that are best for the long-term interests of the corporation.


When thinking about new and existing board responsibilities, consider stepping back and looking at the big picture. It may be best to “divide and conquer” the widening areas of responsibility by regrouping, potentially by forming separate board committees or subcommittees to oversee climate and other environmental, social, and governance (ESG) matters, cybersecurity, and even risk management generally. Each committee can stay up-to-date and be well informed regarding developments and risks within its area of focus, and can decide what type and level of expertise they need.


Given how investors across the spectrum have developed a keen interest in board composition and director skill sets, the focus on board expertise is real. And the need for the appropriate expertise in areas of high risk, such as cybersecurity, is top of mind for all boards. There are two paths a board may take to address the need for expertise related to new issues that come under its purview.


The first, obviously, is to look for a board member who embod­ies the expertise needed for oversight of a particular matter. This approach may seem appropriate in theory, but it can be more diffi­cult than it sounds to attract an individual who is an expert in a particular field and not too narrowly focused on just that. Directors are responsible for a wide range of complex matters, so if a new board candidate has cyber-risk expertise and is well-rounded and otherwise qualified, that’s great. But if that candidate is one-dimen­sional, that could result in fewer insights around the board table on myriad other matters.


Proactive, thoughtful, and informed board oversight does not necessarily mean the boardroom has to be filled with experts. Because directors need to understand what they are overseeing and think outside the box, an effective board takes a thoughtful approach to director selection, considering core requirements, the attributes of existing members, and the diversity sought in new members, among other factors.


Therefore, a second, sometimes more practical path to resolv­ing the ever-widening need for board expertise is to use qualified outside advisors. Doing so allows the board to focus on what candi­dates can contribute to board discussions holistically through their various strengths, industry and educational experiences, and risk appetites. It also allows the board to find the “best of the best” advisors on narrow topics.


An effective approach to the ever-expanding board agenda is to think broadly about members’ diverse competencies for fulfilling their legal, ethical, fiduciary, and financial responsibilities—and then to think very narrowly about experts that are integral to the process, but that can come from within or outside of the board­room, as appropriate.


Republished with permission from NACD Directorship summer edition.


This article was written by Phyllis Deiso and originally appeared on 2022-08-05.
2022 RSM US LLP. All rights reserved.
https://rsmus.com/insights/services/audit/cybersecurity-and-climate-risk-does-your-board-need-an-expert.html

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

YHB is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.

For more information on how YHB can assist you, please call us at contact us.