1. 11111 1 www.nacdonline.org

2. All materials contained in this presentation and the related intellectual property, including but not limited to copyright and trademark, are owned or licensed by the National Office of the National Association of Corporate Directors (NACD), and their use, reproduction, distribution, modification, disclosure, storage, and display in any medium, including the internet, or transmission in any form or by any means-- electronic, mechanical, photocopying, recording or likewise-- by third- parties, including NACD chapters and NACD members, is strictly prohibited except as expressly agreed to in writing by NACD. No use, reproduction, distribution, modification, disclosure, storage, display, or transmission is permitted except as expressly agreed to in writing by NACD. All rights are reserved by NACD and are protected in accordance with the laws of the United States. 2

3. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. Director Professionalism ® Presented to: Hispanic National Bar Association March 18, 2015 Presented by: Paula H. J. Cholmondeley, Cari Dominguez, & Israel Martinez

4. Agenda Current & Regulatory Environment Optimize Your Interface with the Board Break Board Evaluation, Composition, & Succession Planning Creating and Sustaining Board Value: Corporate Strategy, Risk Oversight, Asymmetric Information Risk Lunch Speaker Case Study: Looking for Blind Spots The Board’s Role in Innovation: Managing Status Quo Risk Cyber-Risk Oversight The Key Committees Current Issues Open Discussion 4

5. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. The Current & Regulatory Environment

6. 6 The Current Environment What’s Keeping Boards Up at Night –Increasing role of activist shareholders –Board composition Fit for purpose/Strategy Board refreshment –Leadership and succession planning –Strategic Oversight –Risk management –Cybersecurity –Pay ratio

7. The Current Environment Darden Restaurants Shareholder activism and board- shareholder communications WalmartShareholder activism ChipotlePay ratio J.P. Morgan Regulatory compliance scrutiny and tone at the top TargetCybersecurity JCPenney Shareholder activism and leadership succession planning Chesapeake Energy Director Independence and the “rubber stamp” board 7 Boards In the Headlines

8. The Current Environment 8 Cybersecurity Breaches in the Headlines Anthem, Inc.Up to 80 million personal records J.P. Morgan 76 million households’ information + 7 million small businesses compromised Home Depot Approx. 60 million credit cards compromised Target 70 million customers’ personal information AppleiCloud accounts breached Wyndham Worldwide600,000 cards compromised Community Health Systems4.5 million patient records

9. 9 The Current Environment Types of Disclosures –Reporting in your 10-Q/SEC documents –Reporting to each compromised client –State-specific reporting requirements 47 states + territories have enacted breach-notification laws How to mitigate legal risks –D&O/cyber insurance carrier –Crisis response plan –SAFETY reporting

10. 10 The Current Environment Keeping Our Eyes on the Ball –Shareholder confidence is the real issue –Corporate performance continues as top priority –Confidence will be shaky as long as companies continue to make headlines –Political attention has turned to regulatory issues

11. 11 The Current Environment How Can Boards Keep Pace? –Return to core governance issues Board composition –Do we have the right people to lead this board? –Do we have the right level of skepticism and independence? Board evaluations –Focus on the directors themselves, not the board structures –Director independence, skepticism, ethics, etc. Tone at the top –Ultimately, boards must lead companies in good times and bad –CEO selection and leadership –Board/management transparency and communication

12. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. How Management Can Optimize its Interface with the Board

13. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. Review the Basics 13

14. Responsibilities of the Board vs. Management 14 BoardManagement Vision/Mission Statements  Review and approve management’s vision/mission statements  Create and write vision/mission statements Ethics  Review and approve code of ethics policy  Ensure necessary systems are in place for organization to legally and ethically operate  Create code of ethics policy for the board’s review and approval  Establish systems to ensure ethical compliance  Set a tone for the organization that values ethics and culture Board Meetings  Collaborate on agenda with management  Thoroughly review board meeting materials  Collaborate on agenda with board  Deliver timely and focused board meeting materials

15. Responsibilities of the Board vs. Management 15 BoardManagement Organization Operations  Oversight of operations (is management keeping you informed?)  Manage organization operations  Ensure operations are safe, sustainable, humane, fair, and legal Financial Goals  Review and approve the corporation’s financial objectives, plans, and actions, including significant capital allocations and expenditures  Set financial goals  Implement plans to ensure the goals are met Corporate Performance  Monitor corporate performance against the strategic and business plans  Ensure the systems are in place to execute the strategy  Report status and progress to the board routinely

16. Responsibilities of the Board vs. Management 16 BoardManagement Strategy  Review and approve strategic plan  Develop an in-depth knowledge of the business  Monitor competitive landscape  Utilize outside resources when appropriate  Create strategic plan with input from the board Risk  Oversee risk  Utilize outside resources when appropriate  Manage operational risks  Stay abreast of competitive landscape CEO Selection, Compensation, & Evaluation  Establish a CEO selection and succession process  Set CEO compensation  Conduct routine evaluation of the CEO  CEO communicates with board regarding potential internal successors and mentors them accordingly

17. Responsibilities of the Board Oversight and Management are Different –Directors ensure good management, they don’t provide it –Directors direct, managers manage –The fundamental role of the board is to oversee management by monitoring performance and compliance with policies and law 17

18. Responsibilities of the Board Oversight and Management are Different, cont. –Board engagement in operations oversight is different from board engagement in strategy and risk –Operations: Is management meeting their plan? Are they managing operational risks? Have they informed you of changes in the environment? Do they have the staff and skill set to achieve goals? Resources 18

19. Responsibilities of Management Management’s Obligation to the Board –Help directors understand: How the company is performing Strengths and weaknesses – what’s working and what’s not The competition Unique qualities/assets of the company Significant trends (e.g. economic, technological, competitive, regulatory) Financial and human resources Current initiatives - successes/failures and fit with the strategy 19

20. Responsibilities of Management Key Management Responsibilities: Operational –Identify and provide all material information necessary for the board to provide adequate oversight –Identify and disclose risks to the board –Candor and transparency build trust –Help boards anticipate, not just react Two discussion rule 20

21. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. Optimize the Interface with the Board

22. NACD’s Public Company Governance Survey 22 Source: NACD 2014-2015 Public Company Governance Survey

23. NACD’s Public Company Governance Survey 23 Source: NACD 2014-2015 Public Company Governance Survey

24. Role of the Board and Management A New Level of Engagement –Greater interaction/communication with key players CFO COO External/Internal Auditors General Counsels Investor Relations Human Relations –Multiple perspectives can help identify and address key risks 24

25. Role of the Board and Management Strategies for Mutual Success –Management should provide and board should demand options for all major decisions – don’t be binary! –Management should engage in ongoing dialogue, not just ready for primetime decision making –Boards should be clear about metrics and accountability upfront –Boards should not take over, but guide and leverage the expertise of management –Focus: strategy, people, process and communication 25

26. Optimizing Management’s Interface with the Board Requirements –Board and management understand the business Have the same knowledge base –There is an engaged executive team –The CEO serves as process leader –There is a fully engaged independent leader of the board to oversee the work of the board –Board composition is balanced but diverse –There is an open and constructive board culture –There is board accountability 26

27. Optimizing Management’s Interface with the Board Communication Prior to the Meeting –Meeting agendas –Meeting timetables –Materials distributed in a timely manner Minutes, financials, proposed resolutions, etc. –Materials reviewed by each board member –Errors/typos/concerns forwarded to appropriate member of management (especially minutes) –Areas of discussion highlighted to board Chair 27

28. Optimizing Management’s Interface with the Board Management Communications to the Board –Board members read what management sends them (“If you send it, they will read it…”) Use background information What you told them three months ago (always a reminder) –Create a summary for yourself: presentation guide What are the key points to make? What are the key issues to discuss? 28

29. Optimizing Management’s Interface with the Board Dashboards – A Communications Tool: –Metrics should be relatively simple – meaningful and useful data –Consistent over time in order to show key trends and exemptions –Should include key business drivers and financial metrics –May change over time if fundamental business changes –Use of graphs, color coding, and other visual aids extremely helpful 29

30. Optimizing Management’s Interface with the Board Communication During the Meeting –Questions held until after the presentation (or as presenter directs) –Watch time spent on interesting (and sometimes fun) but not “board level” issues –Courtesy and respect govern the discussion –Consensus reached if necessary (board level matter) –Matter handed to management for follow up if appropriate (non-board level matter) –Executive Sessions 30

31. Optimizing Management’s Interface with the Board Communication After the Meeting –“Thoughts on the drive home” –How to follow up with appropriate members of management; offers of help –The inevitable necessary communications between meetings Interim Communications –Facility visits –Informal communications 31

32. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. Board Evaluation, Composition & Succession Planning

33. Board Evaluation, Composition, & Succession Planning Current Environment –Average director age and mandatory retirement age has gone up every year Aging boards during a period of low turnover leads to tremendous pent up demand for needed skill sets –Inverted U correlation for board performance and board turnover –Evaluations 42% of public boards do individual assessments and number is increasing Directors whose skills were necessary/relevant when they joined may no longer fit the strategic path –Waterfall succession planning 33

34. 34 Board Evaluations Why Evaluate Board Performance? –Evaluations address director skill sets and board composition in relation to company strategy –Gaps in board performance and leadership may be identified

35. 35 Board Evaluations Designing the Evaluation Process –Tailor the survey to the organization’s specific needs and metrics Board succession planning –Methods of evaluation –Include individual director interviews –Develop an action plan based upon the findings Add necessary skill sets Board education Develop action steps around the identified issues

36. 36 Board Evaluations Legal Liability Concerns –Assume documentation is discoverable in legal action consider either destroying or not recording evaluations act appropriately following evaluations –Use of independent third party to conduct evaluations promotes candor confidential no individual attribution of comments

37. Board Composition What makes a board strong? Capabilities + Culture = Capacity Board refreshment addresses both capabilities and culture, with an eye to maximizing the capacity of the board to add value and remain independent. 37

38. Board Composition What attributes were most important for director recruitment in the last year? (Respondents allowed multiple answers.) 38 AttributePublicPrivate Specific industry experience34.8%30.3% Financial expertise26.8%27.8% Leadership experience24.8%28.5% Diversity17.6%10.9% Strategy Development17.4%23.2% Corporate Governance12.9%15.1% International/Global experience12.7%9.9% Information technology10.5%2.8% Source: NACD’s 2014-2015 Public & Private Company Governance Surveys

39. 39 Board Composition Board NeedsBoard of Directors Dir. 1Dir. 2Dir. 3Dir. 4Dir. 5Dir. 6Dir. 7Dir. 8 Leadership Finance Public/Shareholder Relations Governmental and Regulatory Strategy Formation/Execution Merger/Alliance Corporate Governance Technical Knowledge Compensation Risk Assessment Industry Knowledge Board Compatibility

40. Board Composition Strategy Given strategy, what skills do we need? Criteria for new board candidates 40

41. 41 Board Succession Planning What are the options for board refreshment? –Age limits –Term limits –Rigorous assessment of individual directors –Combination –Pros/Cons –Committee and board leadership rotation What are the pros and cons of each?

42. Board Succession Planning Which methods of director selection does your board use? (Respondents allowed multiple answers.) 42 Method of SelectionPublicPrivate Personal networking/word of mouth46.7%70.4% Search firm40.7%17.3% Nominee identification by a board committee40.3%47.5% Shareholder suggestion7.6%26.9% Director database (e.g. Directors Registry)5.2%7.3% Other5.7%6.5% Source: NACD’s 2014-2015 Public & Private Company Governance Surveys

43. Board Succession Planning Nominating/Governance Committee Board Recruitment Responsibilities: –Generally oversee the process –Ensure existing and perspective directors meet the company’s strategic needs –Develop an ongoing pool of candidates –Generally look out 3 – 5 years –Promote open dialogue with shareholders as appropriate –Easy to find the right skill fit, but it’s harder to find the right culture fit 43

44. Board Succession Planning How far into the future is your board looking when considering director recruitment? 44 YearsPublicPrivate One year or less17.8%26.9% One to three years59.9%47.9% Three to five years16.9%17.8% Five years or more5.4%7.4% Source: NACD’s 2014-2015 Public & Private Company Governance Surveys

45. 45 Board Succession Planning Succession Planning –Consider long-term strategic planning when selecting candidates –Define exactly what qualities to look for in future candidates –Recruit qualified directors –Consider implications for: Board leadership Committee leadership Committee assignments Board room climate

46. Board Succession Planning Onboarding –Whose responsibility? –How is it done? –Continuing support for new board members – mentors assigned? 46

47. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. Strategy Development

48. 48 Strategy Development Traditional Approach to Strategy –Periodic strategic engagement –Management-driven process based on a 3 – 5 year view –“Review and concur” –Review of strategy via dashboards and metrics

49. 49 Strategy Development A New Level of Board Engagement –New complexities and uncertainties in the operating environment –Expect changes and anticipate the strategic implications –Sources of change that can affect strategy: Operating environment Customer/consumer preferences and behavior Disruptive technologies Regulatory or legislative environment Shareholder base, including entrance of an activist investor

50. 50 Strategy Development Board and Management Collaboration –View the company through multiple lenses Leverage board’s ranging skill sets and perspectives Take a shareholder’s point of view –New dialogue on strategy formulation Understand the necessary criteria for a successful strategic plan Earlier involvement in the development process – not just approving a near-final strategy –Assessing alternatives This should be the first step in the strategic process Can the company meet the critical success factors of the strategy?

51. 51 Strategy Development Factors to Evaluate Capabilities, Resources and Processes –Capital and cost implications –Operations –Timing –Risk –Talent –Technology –Compensation –Finance –Audit –Culture –Monitoring Progress

52. 52 Strategy Development Importance of Independent Board Leadership –Ensure all directors’ viewpoints are fully aired –Begin discussions by surveying the rest of the directors first –Maintain a constructive relationship between the board and C-suite –Drive a re-thinking of the strategic process

53. 53 Strategy Development Barriers to Changing the Dialogue on Strategy –Short-term focus –Over-scheduled strategy sessions –Board composition –CEO and senior management –Legacy businesses –Unpleasant consequences

54. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. The Role of the Board in Risk Oversight

55. 55 Risk Governance Without Risk There Is No Reward –Some companies can bear greater risks than others –Based on a company’s strategy, you can afford certain risks –As a management team/as a board, what are your top risks? –Assess a company’s “risk appetite” based on the discussed risks

56. 56 Risk Governance Risk Is a Team Sport –The full board should have the primary role of risk oversight –Standing committees support the board Address risks inherent in respective areas of oversight Risk is not just a function of the audit committee –If created, risk committees should aggregate/analyze risk Should not serve as sole overseer of risk

57. 57 Risk Governance Board Priorities Management Priorities Critical-enterprise risks Business-management risks Emerging risks and non-traditional risks Governance risks Board-approval risks Categories of Risk

58. 58 Risk Governance Management Responsibilities –Identify and disclose risk to the board Focus on material risks Implement risk management within a strategic plan Don’t be afraid to bring bad news –Have risks changed since the last board meeting? –Ascertain likelihood and significance of risks –Who in management “owns” the various risks? –Establish key metrics

59. 59 Risk Governance Ensuring Risk Governance –Create dialogue around three critical areas: Risk appetite Aggregation and integration Underlying assumptions in management’s strategy

60. 60 Risk Governance Improving Risk Communication –Map risks to managers –Map committee oversight responsibilities –Identify significant non-financial risks –Educate directors about financially sensitive risks –Consider overlapping committee memberships/ attendance –Ensure committees report (including minutes) to full board –Encourage informal discussion among directors

61. 61 Summary Every Board Should Be Certain That: –The risk appetite in the business model is appropriate –The expected risks are commensurate with the expected rewards –Management has implemented a system to manage, monitor, and mitigate risk

62. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. Asymmetric Information

63. What is Asymmetric Information Risk? Asymmetric Information Risk –Directors rely on management for information/data on performance of company –By necessity, management filters the information they provide to the board –Asymmetric information is not a negative quality of directorship Board’s value is in its view of the larger picture Directors shouldn’t be overloaded with information –Management needs to have independence of thought –Most significant risk lies in whether the right information (quantity and quality) is presented to the board 63

64. Asymmetric Risk Warning Signs Communication impediments between the board and management: –Significantly increased time commitment –Information overload –Management’s perception of the board –Poor culture –Lack of necessary expertise on the board –Poor relationship between CEO and chair (or leader of independent directors) 64

65. Asymmetric Information Focus Areas –Board Composition Tenure Recruitment Evaluations –Leadership –Board Processes Executive sessions Committee meetings Strategic deep dives Access to management and off-site visits 65

66. Asymmetric Information Non-Asymmetric Information Resources –Meet with senior executive team outside of board meetings –Have board meetings at off-site company locations –Attend industry conferences –Subscribe to trade publications, websites, blogs, Google alerts –Listen in on competitive quarterly conference calls –Refreshment of board 66

67. Summary At the core of many corporate crises is a breakdown in communications Directorship is historically based on an inherent tension in the board’s relationship with management Building of trust does not occur overnight With shared goal of creating sustainable growth, the board and c-suite can more easily dissolve the roadblocks to information sharing 67

68. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. The Board’s Role is to Look For “Blind Spots”

69. Beyond Innovation Ron Adner Professor of Strategy and Entrepreneurship Tuck School of Business Dartmouth College ron.adner@dartmouth.edu twitter:@ronadner 69

70. “Mapping the Ecosystem” – The Blind Spot Why things go wrong when you do everything right… 70 Adner, The Wide Lens, 2012

71. Michelin Run-Flat Tires – The PAX System 1990: Michelin best in class by a host of measures; always looking for opportunities to create value and grow 1992: Small group executive breakout section on innovation at Michelin –Results: a tire that continues to run when punctured –The PAX System: In event of blowout, you continue to drive Light on dashboard lets you know of puncture Drive for 125 more miles at up to 55 mph 71

72. Great Innovation 72

73. Michelin Run-Flat Tires – The PAX System 1992 – 1998: Moving to Execution –Extensive Market Research –Enthusiastic partner response Auto makers, service garages –Fits into consumer quest for safety –Michelin Engineers came up with novel (and heavily patented) four-in- one combo tire –Michelin had to produce integrated system Product manufacturer →system integrator –Michelin rises to the challenge! –Unprecedented alliance with Goodyear 1998: Launched – with huge anticipation –“The adoption of the PAX System is inevitable.” PAX Project Manager 73

74. Michelin Run-Flat Tires – The PAX System 2001-2005: Expecting Success –First company to sign on = Mercedes –Followed by Cadillac, Renault, Audi, Rolls-Royce, Honda –Michelin and Honda launched an unprecedented coordination 2 year warranty Training for Honda dealers Honda announced the Odyssey minivan would be equipped with PAX tires, “never be caught stuck on the side of a highway” –Alliance with tire makers Sumitomo Rubber and Toyo Tire & Rubber (Asian market) –2004 J.D. Power & Associates prediction that by 2010 more than 80% of cars would be fitted with run-flats 74

75. Michelin Run-Flat Tires – The PAX System 2006: Confidence erodes; class-action lawsuits 2007: Michelin formally announces an end to future development of PAX What went wrong? 75

76. Michelin Run-Flat Tires – The PAX System Confronting Failure –Difficulty finding service centers to repair the tires –Unable to repair flats, drivers forced to buy new tires often in pairs to maintain balance and alignment –At $300 per tire, the Run-Flat value proposition eroded –Several class action lawsuits filed 76

77. ….What else? 77

78. “Mapping the Ecosystem” – The Blind Spot Why things go wrong when you do everything right… 78 Adner, The Wide Lens, 2012

79. Michelin’s Blind Spot (continued) Michelin’s managers waged a valiant campaign to establish the PAX System as the new tire standard. But the structure of the PAX ecosystem was entirely different. Most critically, the PAX value proposition created an entirely new role for service garages – one that they were not eager to assume. Non–adoption by this critical partner was the key barrier to the PAX System’s success. 79 Adner, The Wide Lens, 2012

80. Michelin’s Blind Spot “If the PAX run-flat tire had been a stand-alone tire innovation, its success would have been largely assured by 2001.” “The PAX system failed precisely because it was not a stand- alone innovation.” Value Creation: 80 Adner, The Wide Lens, 2012

81. Michelin’s Blind Spot (continued) The PAX system 81 Adner, The Wide Lens, 2012

82. Michelin’s Blind Spot (continued) 82 Adner, The Wide Lens, 2012 The PAX system

83. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. Managing Status Quo Risk  2014 Adam Hartung The Board’s Role in Innovation - Managing Status Quo Risk

84. The Board’s Role in Innovation Which of these companies do you think is most likely to double revenue in the next 5-10 years? A.Boeing B.Disney C.Starbucks D.Apple 84

85. The Board’s Role in Innovation Which of these companies do you think is most likely to fail in 5-10 years? A.Wal-Mart B.Microsoft C.United Airlines D.Facebook 85

86. On which of these Boards would you prefer to have served in the last 3 years? OR 86 The Board’s Role in Innovation

87. Value Proposition: What You Need to Know, at Your Fingertips The Board’s Role in Innovation 87 Doing things right, or doing the right thing: What’s the Board’s Role?

88. © Adam Hartung 2014 Publishers Enhanced Delivery, But Missed the “Game Changer” Surrounding Them 88

89. The true secret to business success surprised us Overcoming Lock-in to past success The biggest risk in business today is Status Quo Risk Core Focus 89

90. Apple’s success came from creating new markets – Changing the Game 90

91. Apple’s best skill has been anticipating the future - rather than “execution” 91

92. How can Boards help companies manage Status Quo Risk? Be future-oriented Obsess about competitors Encourage disruption Force white space 92

93. VS. Step 1 – Focus on future trends; not past markets/solutions 93

94. Rethink the Board agenda; Reallocate the discussion time 60% ? 33% ? 20% ? Less than 20%? What percentage of your Board’s time is spent discussing Market Trends? 94

95. Step 2 – Focus on needs and competitors; not current solutions and customers Key Question: How much is spent on improving the current business model vs Developing new markets, opportunities and business models? 95

96. Obsess about fringe competitors and Game Changing opportunities VS. 96

97. Step 3 – Ask how your company will be disruptive; not just how it will be better, faster, cheaper 97

98. Step 4 – Ask about white space projects and teams 98

99. Prediction Boeing Disney Starbucks Apple 1 2 3 4 Revenue Doubler: ? ! Wal-Mart Microsoft UAL Facebook 1 2 3 4 Likely Investor Failure: 99

100. Manage Status Quo Risk for superior rates of return Invest for the future, not from the past Focus more on competitors, less on customers Be Disruptive, sustaining will decline Look for White Space projects to innovate and learn

101. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. Cyber-Risk Oversight 101

102. Board Oversight Practices: Cybersecurity “Cyber security is one of two existential threats to our nation; the other is nuclear weapons, which have been used once, thank God. But cyber weapons are used thousands of times every day.” ‒ Retired Gen. Peter Pace, former chairman of the Joint Chiefs of Staff, speaking in Chicago at a recent NACD event. 102 Source: Cunningham, Jeffrey M. “The Art of Cyber War” NACD Directorship May/June (2013): 26 -36. Print.

103. Board Oversight Principles: Cybersecurity –P RINCIPLE 1 – Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue. –P RINCIPLE 2 – Directors should understand the legal implications of cyber risks as they relate to their company’s specific circumstances. 103

104. Board Oversight Principles: Cybersecurity –P RINCIPLE 3 – Boards should have adequate access to cybersecurity expertise, and discussions about cyber- risk management should be given regular and adequate time on the board meeting agenda. –P RINCIPLE 4 – Directors should set the expectation that management will establish an enterprise-wide cyber-risk management framework with adequate staffing and budget. 104

105. Board Oversight Principles: Cybersecurity –P RINCIPLE 5 – Board-management discussion of cyber risk should include identification of which risks to avoid, accept, mitigate, mitigate, or transfer through insurance, as well as specific plans associated with each approach. 105

106. Key Cybersecurity Governance Actions 1.Tone At The Top - Information security on each board’s agenda, and assign to a key committee that is well educated and briefed, and staff it with adequate, technical support. Get to know the CISO. 2.Dashboards Not Volumes - Identify information security leaders; hold them accountable through specific reports on information security risks, incidents, and activities. 106 Source: Cunningham, Jeffrey M. “The Art of Cyber War” NACD Directorship May/June (2013): 26 -36. Print.

107. Key Cybersecurity Governance Actions 3. Breach Testing – Established a plan for “table top testing” your response plans which must include timely notification to customers/clients of data breaches, communicating with various stakeholders and focused on providing mitigation and remediation. 4. Your Own People May Be The Biggest Risk – Focus as much energy on your staff security failures/breaches as on the safeguards for technological protections against external bad actors. 107 Source: Cunningham, Jeffrey M. “The Art of Cyber War” NACD Directorship May/June (2013): 26 -36. Print.

108. Cyber Considerations In Other Dimensions P RINCIPLE 1 – Cybersecurity, An Enterprise-wide Risk P RINCIPLE 2 – Liability Implications Of Cyber Risks P RINCIPLE 3 – Adequate Access To Cybersecurity P RINCIPLE 4 – Cyber ERM Framework P RINCIPLE 5 – Cyber ERM Strategy & Execution 108

109. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. The Key Committees Current Issues

110. 110 Current Environment Nom/Gov Proxy access Enhanced disclosures Board leadership: Chair/CEO split Audit Whistleblower hotline Mandatory audit firm rotation Possible changes to the auditor’s reporting model Compensation Say on Pay Compensation committee and advisor independence Pay ratios Pay for performance disclosure Clawbacks The Key Committees Current Issues

111. 111 The Key Committees Current Issues Overview –Key committees: Audit, Nominating/Governance, Compensation Required for publicly traded companies on NASDAQ and NYSE –Average committee has 3.7 members –Committees meet, in addition to full board meetings: Number of In-Person Meetings Per Year Hours per In-Person Meeting Number of Telephone Meetings Audit Committee5.22.93.3 Compensation Committee 4.32.52.2 Nominating/ Governance Committee 3.81.81.3 Source: NACD 2014-2015 Public Company Governance Survey

112. 112 The Key Committees Current Issues Compensation Committee –Relationship between pay and performance Increasing numbers of companies are adding supplemental disclosures to their proxies, but approaches vary widely Baseline definitions to enhance comparability of pay and performance –Enhancing the effectiveness of compensation disclosures Minimize the complexity of disclosures Use compensation information as part of a larger dialogue with investors

113. 113 The Key Committees Current Issues Compensation Committee –Ensure compensation is tailored to strategy, not just to investors and proxy advisory firms –Set aside time for deep dives –Develop educational materials The compensation committee should be able to present exactly what is in the plans and how they stand at any time –Schedule periodic look-backs Look at what was paid out versus what was intended to be paid out –Use discretion, but with full transparency Disclose the intent behind the use of discretion

114. 114 The Key Committees Current Issues Audit Committee –Future of disclosures The easiest path is to over-disclose, and disclosures become defensive documents rather than a communication vehicle Understand the information needs of different stakeholders Get everyone to buy in: audit committee, full board, CEO, shareholders, external auditor, regulators Focus on “materiality and “required” disclosures Expanded audit committee reports –One place where more disclosure is beneficial is around the actual work of the audit committee –Define the scope of the audit committee duties, committee composition, and selection, oversight, and evaluation of the external auditor

115. 115 The Key Committees Current Issues Audit Committee –PCAOB’s audit quality indicators (AQIs) These are meant to “cast light on the strength or weakness of key factors influencing audit quality” –FASB’s disclosure framework project Meant to “improve the effectiveness of disclosure in notes to financial statements by clearly communicating the information most important to users” –Audit committee members are stretched more than ever, larger company committees have more and more compliance duties while smaller companies may have more resource constraints and smaller committee size

116. 116 The Key Committees Current Issues Nominating/Governance Committee –Activist investors 4 categories of activist investors: merger and acquisition activism, balance sheet activism, governance activism, and income statement/operational activism Activist investors marked by focus on financial statements and corporate performance, not so much on hostile takeovers and spinoffs –Dialogue with shareholders, especially with activist investors is beneficial Don’t approach it defensively, but with an open mind –Board agendas are more and more focused on compliance –Conversations, especially in executive sessions are becoming more candid

117. 117 The Key Committees Current Issues Nominating/Governance Committee –Information asymmetry Volume and value of information received—quantity, quality, and frequency—have become increasingly important Limited independent analysis –Investors often have teams of analysts to provide information the target company and industry –Directors may want to start asking for additional third-party resources Information overload –Management is responsible for providing the board with information –The board and management have to work together to ensure the board is receiving the right information, with enough time to digest it prior to board meetings

118. NACD Resources Educational Resources 1.Additional NACD Board Advisory Services - In-Boardroom Programs and Evaluations - http://www.nacdonline.org/services 2.NACD Education - Director Professionalism® Course, Committee Seminars, & Annual Governance Conference - http://www.nacdonline.org 3.NACD Chapters - there are 22 in major metropolitan areas - https://secure.nacdonline.org/source/meetings/chapter_Page.cfm 4.NACD Publications - Blue Ribbon Commission Reports, Surveys, and Handbooks - http://www.nacdonline.org/publications http://www.nacdonline.org/publications 5.NACD Directors Registry™ - Qualified Candidates for Effective Boards - http://www.nacdonline.org/registry/default.asp 118

119. ADVANCING EXEMPLARY BOARD LEADERSHIP © NACD. All rights reserved. Q&A and Program Evaluations