Hanne de Mora has had a varied career, working as an entrepreneur and sitting on the boards and audit committees of companies across Europe. She shares her views on how the audit committee can add value.
Be ahead of the curve
A core competency of any audit committee is the regulatory framework. It’s changing quickly but, more often than not, you can see these changes far ahead.
For example, it’s expected that, in 2018, the European Union will establish new data privacy rules, with punitive fines for companies that breach them. We don’t know the exact details of this policy yet, but we know it will come. The audit committee can make sure that the company is prepared and starting to implement necessary changes, and has the right processes in place for when the law is introduced.
“Diversity helps to create a culture that stimulates debate.”
Regulatory and compliance assessments play a key role when boards are revisiting their strategy. I know of construction companies that decided against entering certain geographies because they feared widespread corruption there might damage their values. Or what about a country in which you have to work with distributors and agents: will the company have enough influence on those people to ensure full compliance?
The same goes for regulatory risk when expanding into new businesses. Perhaps the regulatory framework is so difficult that a company decides against it because margins are too thin and risks too high. Considering regulatory issues helps in assessing the true risk-adjusted return. In this way, an audit committee can protect shareholder value.
In recent years, many European companies have set up sizable internal audit teams, which report directly to the audit committee. They are an important element of the formal control network, and they can make sure that the values and the culture of a company are respected. But I would also like to make a case for having a smaller internal audit team and supplementing it with outsourced expertise when necessary. Similarly to production peaks, there are also knowledge peaks, when special skills and expertise are required. For example, if a company has recently expanded into Indonesia, the internal audit team might not have the required understanding of the Indonesian business environment to adequately perform an audit. That is where outsourcing comes into its own. External consultants can help a company to cover those knowledge peaks.
In 2002, four years before Norway passed a law that required at least 40% of company board members to be women, I was voted onto the board of Norwegian telecoms company Telenor and then asked to join the audit committee. I hope that the work I’ve done and the impact I’ve had has shown that I was a good choice, and I’ve been on other boards since. The debate about quotas helped open people’s minds. Diversity isn’t just about women, but also about mixing different career or cultural backgrounds. Similarly, global companies need boards with exposure to different geographies, functional expertise and industry verticals. Diversity helps to create a culture that stimulates debate and, ultimately, delivers better outcomes.
In an increasingly international business world, where news of breaches spreads around the globe within seconds, a company can’t just rely on a formal control framework. The informal control environment built on culture and values is equally important, and this has been a focus of my work on audit committees. Executives need to trust each other to do the right thing. Ideally, they feel comfortable challenging each other. If a serious breach occurs, the company needs to be ready to take punitive action and the responsible person has to go. Creating that culture starts with setting the right tone at the top. Executives are role models whose behavior and words have a major influence on employees. They should also encourage people to take part in culture days and training courses for these control systems by setting an example and participating themselves.
Working with your auditors over a long stretch of time builds trust, and this trust makes it possible for audit firms to provide valuable insights, aside from delivering a “true and fair view” of the company’s finances. They can raise concerns about risk areas the company should be aware of early on. If auditors work well with an audit committee, they might point to the fact that a team in a foreign country is not functioning well, or that there is a lack of documentation at a subsidiary – not bad enough to jeopardize the audit firm’s work, but maybe worth looking into. External auditors can be a valuable resource for these kinds of observations. Again, it’s all about creating a culture of trust.
Hanne de Mora is the Chairman and one of the owners of a-connect, a global consulting and talent pool firm that she cofounded in 2002. Prior to that, she worked in various capacities at McKinsey, Procter & Gamble and Den Norske Creditbank. She has 14 years’ experience on boards and audit committees, starting as a director at Telenor in Norway, and chaired the audit committees at Norwegian firm Tomra, Swedish company Sandvik and Swiss group Valora. She is currently a member of the audit committee at AB Volvo and sits on the IMD Foundation Board, the governing body of a Swiss business school.