Enhancing The Board's Monitoring Role

...Without Micro-Managing!

One of the most challenging aspects of association life is the differentiation between what is the Board's role and what is the CEO's (i.e. staff's) role.

And even once those roles are defined, the challenge continues.  One of the Board's roles is to oversee the CEO to ensure that the Board is fulfilling its fiduciary and other responsibilities...and to do it without micro-managing.

In particular, Boards struggle with that oversight role.  At one end of the spectrum are Boards that depend almost exclusively on staff reports to know what is going on, and at the other end of the spectrum, Boards micro-manage because that is what they think oversight is all about.  These tools will enable the Board to provide oversight that is both informed and effective.

• The Financial Audit - Boards generally put too much faith in this function as a monitoring tool. Often it is because they misunderstand what they are getting with an audit (see What Do You Really Get With an Audit?). In addition, to be effective as a tool for monitoring the CEO, the auditor should report to an audit committee rather than staff (see Setting Up an Audit Committee), and the audit committee needs to understand what they need from the auditor (see Questions for the Audit Committee to Ask the Auditor).

Nevertheless, if properly used, the financial audit can be very useful tool in the Board's monitoring toolkit.

• The Statutory Compliance Audit - Associations typically have a variety of statutory responsibilities, and Boards often do not understand the scope and the degree of compliance with these obligations.   In our experience, staff and advisors may also not be aware of the full extent of the obligations.

For example, a non-profit incorporated association must file a corporate tax return (regardless of whether the organization was incorporated federally, provincially, or through special legislation), and yet I have seen a number of associations whose staff and their advisors did not believe the requirement applied to them.

Associations ignore these obligations at their peril. After the non-profit information return was implemented, a number of non-compliant associations faced fines of $5,000 or more levied by the Canadian Revenue Agency.  While I was asked to intervene, and was successful in getting these fines waived, it was a wake-up call to the organizations involved.

The organization's compliance with its own bylaws should be included within the scope of a statutory compliance audit.

• Policy Compliance Audit - To effectively oversee the management of the organization, Boards require well-defined and complete policies. However, the existence of the policies is not enough.  If the Boards depend solely on reports by the CEO that there is compliance with those policies, they are falling short in their monitoring responsibilities.

A good practice is to undertake annual policy compliance audits that focus on selected policies each year. While Board members could undertake such direct inspection themselves, they rarely have the time.  As well, direct inspection of some documents and materials could result in real or perceived micro-management if the review extends beyond policy compliance.

(In policy governance organizations, policies may exist the will be addressed by the other monitoring tools identified in this article.  However, there have been criticisms of the model related to whether it satisfies the Board's fiduciary responsibilities.  With that in mind, the additional monitoring beyond the board's policies encompasses key aspects that should be monitored but are not covered in the Board's policies.)

• Internal Controls Review - There is no excuse for the ongoing incidents of volunteer and employee malfeasance reported in the media. If associations and charities ensured that internal controls met common standards, the risk of fraud or theft would be reduced considerably (see Fraud -- How to Prevent It In Your Association!)

If a review of internal controls is not included in the financial audit, then a separate internal controls review should be undertaken periodically.

• Legal Review - If an association accesses legal advice infrequently and with respect to specific purposes, then a legal review of the organization may be warranted.  However, the scope of the review should be very clearly defined to limit the cost, and avoid duplication of work undertaken in other monitoring functions (such as a statutory compliance audit or a privacy audit).

Examples of areas examined in a legal review could, for example, include copyright/trademark issues, competition law issues, and HR issues.

• Privacy Audit - It is practically impossible for the Board to determine that the organization is in compliance with applicable privacy laws without undertaking a privacy audit.  The audit should address the privacy measures in place, as well as the implementation of those measures.

These monitoring activities would generally apply to most organizations, however other monitoring activities may apply to certain types of organizations.

Finally, the focus of these monitoring activities is not to assist the Board in making decisions or to satisfy the curiosity of individual Board members.  It should be commissioned and undertaken to assist the Board in assessing the performance of the CEO and meeting its governance and oversight responsibilities...without micro-managing or being overly dependent on information provided by the CEO.

Wayne Amundson is president of Association Xpertise Inc., a consulting firm serving associations and non-profits. He is also a writer and speaker on association and non-profit management and governance, and is editor of The Canadian Association e-zine and co-author of the new “Primer for Directors of Not-for-Profit Corporations” published by the Industry Canada and three non-profit umbrella groups in Canada. 
Phone: 403-374-1822 E-mail: admin@axi.ca  Website: www.axi.ca