Essential triad of corporate risk management

Effective corporate governance requires close, integrated collaboration among corporate legal, finance and human resource functions. The failure of these general and administrative groups to coordinate action, engage across departments and seamlessly share information will likely, over the long run, lead to heightened systemic risk and to an increased probability that material corporate weaknesses will develop.

Risk management represents an essential responsibility for today's general counsel and the in-house legal department. It cannot be an afterthought, nor can responsibility for that task be deferred or deflected to the finance group, to internal or external audit or to any other functional department within the corporation. It demands proactive engagement by the legal team and a willingness to assume a leadership role in that process.

Actions that serve, intentionally or otherwise, to limit the risk management responsibilities of the legal function, whether by organizational design or by misplaced perceptions of the legal role, are likely to have a deleterious effect on corporate governance practices. By "design," for instance, significant issues can arise when a general counsel reports to the chief financial officer. While that practice appears less common today than a decade ago, fundamental questions - privilege, oversight and familiarity with regulatory frameworks, among others - should be asked if that structure is proposed. It is not a wise course. Other "design" issues may require similar critical evaluation, as, for example, when employment law matters are managed within the human resource department and not the legal group. Organizational structure, and its potential effects on risk management, must be considered carefully at the earliest stages of management design.

Dated management "perceptions," and a belief that the lawyer should "stick" to the law and avoid comment or participation in other "business" matters, can also lead to less effective risk oversight. It is incumbent on the lawyer to ensure that her ability to add value to the risk management model is recognized and her advice timely sought. It is not acceptable for counsel to wear "legal" blinders or remain "blissfully" ignorant of broader systemic issues. In-house counsel has a fundamental duty to work shoulder-to-shoulder with finance and human resource colleagues to design effective risk management protocols and processes and to implement optimal risk management practices.

The foundation for cross-functional collaboration must emanate from the top. The chief legal, chief financial and chief human resource officers must set the organizational tone. Silos, or fiefdoms, will not suffice and should not be permitted. Information sharing across functional departments is essential. It must be done at all levels of the corporate organization, not only at the executive level. Relationships among legal, finance and human resources should be developed and cultivated up and down the chain. Peer exchanges should be expected and common between and among organizational groups. Disagreements between peers regarding substantive matters should percolate up the organization for resolution. While there may, of course, be occasions when confidentiality or privilege may limit information sharing, those occasions should be the exception not the norm. Open, collaborative information flows should form the foundational expectations for the organization. The general counsel and the legal department must help foster this orientation.

The potential effects of uncoordinated action or lack of alignment are myriad. Consider employee terminations. Restructuring exercises should not be viewed simply as a human resource undertaking. Beyond concerns affecting employee morale, they require extensive pre-planning and coordination to evaluate the legal landscape and to assess the near- and long-term financial implications. An employee termination executed by human resources without an analysis of its "fairness" and non-discriminatory basis may allow for subsequent second guessing by the affected individuals. Employee terminations in Europe may require extensive consultation with works' councils prior to implementation. Execution of individual settlement agreements with affected employees without proper legal oversight may risk further issues regarding the enforceability or completeness of the arrangement and embedded releases. The potential accounting charges, and the timing of those charges, for employee terminations may be affected by management's decision process. Accounting conclusions may turn critically on "when" management approved the determination to effect employee terminations and when those employees are informed of that determination, independent of when employment actually ends. Informing finance in late April, after the close of a March 31 fiscal calendar quarter, of human resource actions taken in late February may create issues. And if accounting issues are triggered by that process or ineffectual cross-functional interaction, other questions may arise regarding the company's internal controls.

Consider further the use of financial measures. Financial metrics that deviate from "generally accepted accounting principles" (GAAP) continue to play an important role in many public companies. Those non-GAAP metrics, which exclude expenses or other charges from GAAP results, have become increasingly prevalent and critical to investor analysis. Because of this, the U.S. Securities and Exchange Commission staff recently issued updates to 2010 guidance regarding the use of non-GAAP financial measures and their potential to mislead investors ("[c]ertain [accounting] adjustments may ... cause the presentation of the non-GAAP measure to be misleading. For example, presenting a performance measure that excludes normal, recurring, cash operating expenses necessary to operate a registrant's business could be misleading. See SEC, Compliance & Disclosure Interpretations, May 17, 2016). There is no standard set of exclusions for these measures. There is not consistency across public companies on the use or definition of these metrics. While that lack of consistency is not the focus of this article, what should be of concern is when these metrics are designed, documented and applied by a corporate finance group without discussion with the legal department. Discussion within the accounting group, and even with the audit committee and external auditors, is not alone sufficient. Documenting and describing non-GAAP measures, ensuring consistent application, and discussing those metrics in reports or press releases filed with the SEC requires legal input, not just cursory legal review. Non-GAAP policies that are designed and documented without close coordination and understanding between the finance and legal departments will likely lead to later interpretative questions. And it is not adequate for legal to shy from engagement on this and related accounting subject matter simply because it involves financial concepts. Risk management demands that the chief financial and chief legal officers align on the use and definition of non-GAAP measures and that rank-and-file counsel and accounting personnel collaborate on these matters. Each discipline should understand and appreciate the value that the other may bring to these discussions. Enhanced quality and oversight will result from that coordinated approach.

Other issues will percolate within an organization through a myriad of channels. Information regarding customer and warranty claims, product returns, patent challenges, allegations of employee harassment, data breaches and more may variously surface through legal, finance or human resource functions. A corporate culture must exist that ensures effective dissemination and sharing of this information.

An effective corporate governance paradigm, and risk management program, requires cross-functional collaboration and coordination by each of the principal general and administrative departments. A corporate culture that appreciates the benefits of a cross-disciplinary approach to matters of daily relevance is more likely to support effective risk management. Legal, finance and human resource groups should acknowledge these tenets and develop processes that incorporate them into their corporate objectives. From the general counsel to the staff counsel, legal retains a unique perspective from which to help implement these risk management practices and inculcate them within the broader corporate culture.

Scott M. Wornow is the former chief legal officer of Atmel Corporation.