Three weeks later, an agreement that would have required 10 former WorldCom directors to pay $18 million out of their own pockets—representing more than 20 percent of their net worth—collapsed. As of presstime in early February, the directors were headed for trial in U.S. District Court. Led by the New York Common Retirement Fund, the lawsuit alleges that the directors, among others, failed in their obligation to investors to prevent the $11 billion accounting scandal that plunged WorldCom into bankruptcy in 2002.

These nearly unprecedented actions against directors have sent shockwaves through boardrooms across the world. Board members at all types of organizations—from large corporations to small nonprofits—are beginning to realize that perhaps D&O (directors and officers) insurance is no panacea. Directors are finding that, like Samuel Johnson’s prospect of being hanged in a fortnight, this concentrates their minds wonderfully on finding and eliminating risks that threaten their organizations—and their personal wealth, freedom and credibility.

When Robert S. Nadel, a board member of Hauppauge Digital, an electronics company on Long Island, initially heard about the multimillion settlement at WorldCom, he was sanguine. “The $18 million will lead to an end of the narcissistic view that we can get away with anything. It will end a policy of benign neglect and cause board members to do more and ask more.”

TOP VIEW A multimillion-dollar settlement by former board members at Enron and a lawsuit against former WorldCom directors have prompted many board members to consider their own personal liability for potential malfeasance at, or underperformance of, the companies they serve. Directors are redoubling efforts to unearth and snuff out firm-threatening risks. But some board veterans argue this is the job of management, and that board members cannot be expected to be clairvoyant.

Asking more in most cases means ensuring that risk management and risk-reporting systems unearth serious exposures—be they strategic problems, market risks or, perhaps most perniciously, fraud or other types of malfeasance—before they erupt into firm-crippling events. Only one in five companies recently surveyed by the Conference Board, a New York-based business lobbying group, admitted to having a robust risk management system in place, according to Carolyn Brancato, director of the Conference Board’s Global Governance Research Center. This is partially because risk management is not a term that is easily applied to corporations. Financial institutions, whose main exposures are to easily quantifiable factors such as the prices of securities and probabilities of default, have built elaborate systems that measure those exposures, along with the tools to manage them.

An Elusive Target
But, while market prices certainly affect the performance of nonfinancial corporations (think of the airline industry’s exposure to the price of oil, for example), often the most toxic problems they face fall under the hazy rubric of business risk. This is the catch-all category covering the reasons some companies underperform in their core businesses, falling inexorably behind competitors and eventually failing. These range from manager incompetence to changes in consumer appetite for a key product. They are usually impossible to hedge.

For the past several years, the need to put reporting systems in place to comply with the Sarbanes-Oxley law has diverted the attention of many companies from managing these business risks. “Corporate directors are not getting strategy preparation,” Brancato says. Paul Kocourek, a senior vice president at the New York office of consulting firm Booz Allen Hamilton, agrees. “Risk governance is the key to finding the balance between control and innovation. Companies need to develop a process that both protects shareholder value, by eliminating earnings surprises, and also enhances it, by fostering growth.”

Indeed, a 2004 study by Booz Allen found that strategic mismanagement and poor execution—in short, managers failing to manage well—destroyed more shareholder value in the previous five years than was lost in all of the recent compliance scandals combined.

Directors seeking to avoid the fate of the WorldCom and Enron boards are desperate to find best practices in the amorphous field of business risk management. They might look to PepsiCo’s example. Tom Lardieri, vice president and general auditor, says the company originally hired consultants to devise a risk management system, but it proved too cumbersome and complicated for an organization that is consumer-oriented. “They wanted us to quantify things, and you needed sophisticated tools to quantify the risks,” Lardieri remembers. “We realized it was not going to be cost-effective.”

Weighty Issues
Despite this, PepsiCo’s board has increased its focus on business risk issues in the last few years. One growing concern for the company in these health-conscious times is the fact that its name is synonymous with a corn syrup-laden beverage packing 41 grams of sugar per 12-ounce can. “We’re concerned about obesity, given the legal challenges of the past two years,” Lardieri argues, alluding to a lawsuit filed against McDonald’s in 2002 that alleged that the burger giant used deceptive advertising to portray its products as healthy. “Is there a tort attorney who could turn Pepsi into tobacco?” Lardieri muses.

PepsiCo is not about to stop selling soda and chips. “Actually, anything in excess is unhealthy,” Lardieri says. But the company has taken steps to fend off legal challenges by unveiling a label called Smart Spot, which now appears on its healthier products, including bottled water, Tropicana juices, Gatorade and Quaker cereals. The aim of this kind of risk management, Lardieri says, “is not to reach the ‘Oh, shit,’ point.”

One way boards can prepare for bolts from the blue—be they margin-crushing increases in the price of a raw material, extensive fraud by a faceless junior accounting factotum or an increase in social awareness about the risks of obesity—is to establish a rapid-response team. James Newfrock, vice president at the Booz Allen office in Parsippany, N.J., recommends that every CEO identify first, second and third lieutenants to manage a crisis plan. However, he has seen few companies establish these corporate SWAT teams. “Let’s face it: Risk management can be depressing,” he says. “Sales people think about risk perhaps 5 percent of the time. A CEO should be thinking about it all the time. Fighting fires is not pleasant.”

The boardroom is also beginning to feel like a fire station, where directors wait tensely to react to the next alarm. Where boards traditionally had a member with a strong financial or accounting background serve on an audit committee, or a lawyer keeping tabs on legal issues, more problems are cutting across these lines and putting greater responsibility on all of the directors.

This can prove impossible in companies offering specialized products or services. Martin D. Payson, who was on the board of Warner Communications for almost 20 years and was vice chairman of the board of Time Warner, also served on the board of AVX, an electronics company in Myrtle Beach, S.C. “Once I was asked to consider the problems with ceramic capacitors,” Payson recalls. “I could not understand the product. I’m a lawyer and trained to spot issues, but I did not understand the product at first. Fortunately, others on the board did.”

A survey in 2002 by McKinsey & Co. and the newsletter Directorship found that 36 percent of participating directors felt they did not fully understand the major risks their businesses faced. An additional 24 percent said their processes for overseeing risk management were ineffective. Nineteen percent said their boards had no processes.

What is Enough?
Calculating calamities comes at a price. “Assuming you are dealing with products that are not potentially lethal, it could still cost you a bloody fortune to protect yourself,” says Robin L. Farkas of Jackson Hole, Wyo., a veteran venture capitalist and director. Farkas was once chairman of the now-defunct Alexander’s department store chain in New York. (One of its most serious problems was shoplifting; after hiring a security force, it made 16,000 arrests a year.) These days Farkas spends several hours before every board meeting studying a briefing book provided by management.

“Very often it deals with things going on in the world,” he says. “But I also try to go beyond the briefing book.” Because he spends so much time traveling, particularly between India and his homes in New York, Palm Beach and Jackson Hole, Farkas finds it important to make a point of keeping up with the news, fearing he might otherwise miss a pivotal change in a company or industry.

There are, alternatively, experienced board members who believe that directors should not attempt to take on tasks that are more appropriately in the domain of management. Raymond S. Troubh, a lawyer, investment banker and director, notes that directors cannot address every concern. “On an 11-person board, perhaps 60 to 80 percent understand risk,” he estimates. “Boards are not proactive. They question; they push and shove. They try to satisfy themselves that nothing is 1,000 percent certain. But a board is not a strategic think tank. A director should not be the chief strategic planner. Then you’d get into micromanaging, and that’s not the function of a board.”

Payson agrees, adding, “Big-name directors are very busy.” Because they do not have a great deal of time, they have to rely on the management’s assessment of the company’s risks.

Despite attempts to unearth and defuse the risks of the companies they guide, many directors are discouraged, and some are forswearing board service altogether. Carm Santoro of San Diego and Park City, Utah, has served on dozens of boards in the electronics industry since 1980. He refuses to join any more. “The board is in a catch-22 situation,” Santoro explains. “If a board member is going to legitimately advise, counsel and correct management, the time involved is huge. I’ve been sued nine times in my career as a director. Is this worth it?”

Stewart Kampel is a former New York Times editor. stewartkampel@yahoo.com

Illustration by Kevin Spaulding