The Align interviews offer the perspectives of CIOs and CISOs on technology, leadership, security and digital transformation.
Note to executives presenting to boards: ditch the long PowerPoint presentations and lengthy board packs. Instead, share how the organization is dealing with issues that caused deviations from goals set in the previous board meetings.
“The board meetings should really not be concerned with detail. They should be concerned with the strategy of the company, in particular when things are going wrong. The board has an important role to fill in solving problems in bad times as opposed to just gloating over good times,” said David Gelber, who serves on numerous boards, including as chairman of the board at investment management company Walker Crips and director at life insurance company Singapore Life, among others.
In this Align Interview, he talks about what boards want to hear from executives on cybersecurity, the importance of board members having relevant industry experience and why he doesn’t want to hear about a company’s past performance in board meetings.
Please note this interview took place prior to the recent Covid-19 outbreak so before you continue we thought we’d share some updates having recently caught up with David regarding the current situation.
Digital transformation is now seen as a requirement for businesses – how will this be exacerbated in a post – COVID landscape and do you think companies have adapted or are adapting fast enough to the changes this new environment poses?
There is no doubt in my mind the way business operates has changed forever, not because of fear of another or continuing pandemic but because organisations have found that remote digital working is totally feasible for the majority of the UK workforce and equally the economical benefit. There are many reasons why some businesses are thriving while others are still struggling but everyone must work together to find a solution that is the best fit for them.
How will the industry landscape change in a post COVID era? And how will this effect start-up companies?
I don’t think there is much fundamental change in the nature of industry landscape, just the way it will now operate. Obviously, start ups which cater to the needs of the new ways of working, buying and learning will do well.
You’re a non-executive director on many boards. What draws you to a company?
The only company that I will join the board of is a company whose industry I think I’ve got something to contribute to and whose industry I think is an important one and is growing. I would never join the board of an electricity utility for the sake of argument. It’s an old-fashioned business.
I like to be able to contribute. I’ve been in the financial services area now for 50 years, so I tend to concentrate on that sort of board with that sort of related industry, but I will only join the board of a company where I think I can contribute.
What do executives need to know about presenting to the board?
I have several rules that not everyone agrees with. Number one is cut down the size of the board pack by about 90%. In various companies, we tend to get 300 pages to read, normally presented to us the night before. Nobody can read it. We tend to spend most of the board meeting going over information that is stale and old. It’s more like a show and tell put on by the executives.
I think the greatest invention in my time is something that didn’t exist many years ago: the executive summary. I think that short and sweet bullet point presentations are preferred. There’s too much information being presented by the C-suite. They’ve got to cut down and concentrate on the important things.
What are the important things?
The important things are a very, very brief review of past performance, but past performance is like archaeology. In particular, any deviation from the last board meeting where we were given certain, shall we say, predictions of what would happen over the three months and any material deviation has to be explained. But moving on from that, the board meeting should be about the future, but in particular adjusting strategy to cope with variations from what was expected before.
The board meetings should really not be concerned with detail. They should be concerned with the strategy of the company, in particular when things are going wrong. The board has an important role to fill in solving problems in bad times as opposed to just gloating over good times.
Information security has become a board level topic in recent years. As a board member, what do you want to hear about an organization’s information security plans?
We want to know that the information we hold is held in the most secure way possible. That the risk from hacking it, the risk from stealing it has been reduced. But more importantly, that we are up to date with all the new techniques to secure our information.
We have had tremendous scandals, be it banking scandals where information was stolen, the famous Panama Papers, where people might argue that was actually a good thing, but I won’t comment on that. We have had millions of passwords stolen from big companies. That’s got to come to a stop. So therefore what I expect the CSO to tell me is two things: how vulnerable we are a, where he believes the vulnerabilities are. In which areas? Is it internal fraud, external fraud? And what is the CSO doing to keep up with the most innovative ways to protect our information?
From your experience on boards, are there any common problems that transcend companies and industries?
There are a few, but I do think that industry segmentation is very important for board members. As I said, just bringing in someone who is a grandee, as they’re called, to serve on the board of a startup doesn’t always achieve anything because that person would not have had the experience of the particular industry, especially if it’s a new industry.
One of the problems is finding enough qualified directors who understand the industry in which this company is organized. Having had general, what I call corporate governance experience, is very important in terms of committees, audit committees, organization structure and board reports. But it doesn’t really take the place of understanding what the business of the company is all about. Having said that, it’s always good to have some independent thinkers who don’t necessarily know the ins and outs, but they have to be very much a minority. The majority of the people on the board have to understand what the company is up to.
That is a problem that does transcend many industries. You find people jumping from industry to industry. One could argue the same is true with cabinet ministers in the government. One day they’re the Minister of Defense, the next day, the Minister of Transport. And I think to some extent that is happening in the corporate world. The lack of ability to find qualified non-executive directors who have relevant experience.
Is it more important to eliminate risk or reduce risk?
It’s obvious that you cannot eliminate risk altogether. At the end of the day, if the CSO decides to be crooked, very few people can stop him. The best you can hope for is to reduce risk as much as possible. Risk will never be eliminated, both because of human nature and because there are always one or two people who are more clever than you thought and who will get around the security you have in place. But the more you can do to ensure that the tools you use make it very, very difficult for anyone to get around it, the better. But no, you will never eliminate risk.