A company is planning to go public sometime in the next year and I know everything about it.
I know management’s strategy, which board members they are planning to “dump”, which employees they are going to ease out and replace before they announce the IPO, who the company’s main competitors are, who its bankers are, how management plans to finesse the filing to make negatives sound more positive… Suffice it to say, I know a lot about them.
Have I ever worked with them? Nope.
What do board committees do? Most of the detail work of the broader board is done by subcommittees. They look in-depth at things like executive pay, the corporate audit, various risks and much more.
What risks do boards consider? Directors look at a broad range of risks, from strategic to operational. They also think about what the companies risk appetite is.
Do I know anyone who works at the company? Not really.
I know all this because the person (that I surmised is their chief financial officer) came and sat down in a seat next to me in an airline lounge at the airport in Munich, Germany, and spent the entire time speaking freely, and without moderating his tone about any of it. It was information I didn’t want to know, particularly because much of it was insider information that could have had regulatory repercussions, and yet now I know it all, as do a couple dozen other people who were sitting nearby giving him the evil eye.
This all happened as I was travelling back from a board meeting where I’d spent a good amount of time in a risk and governance committee meeting. This chap’s oversharing phone call got me to thinking about risk in a new way.
“Loose lips” risk
Over the years I’ve sat on several board committees that focus on company risk, including audit and governance and risk committees.
We talk about a lot of types of risk. Cyber, money, market, strategy and much more. The company risk register, which is essentially a rolling record of potential risks, helps keep track and measure all these possible dangers, and it can grow to pages long.
There is one risk I’m going to be looking at more carefully in the coming months. I’m going to call it the “loose lips” risk. It is a human risk that can be found anywhere. Mostly it is heard in crowded public places such as airline and hotel lounges and trains, but it can also be found in quiet, out-of-the-way places.
Bucolic public gardens are not immune. Imagine my surprise when two senior executives of a large public company had a frank talk about their board meetings while standing over my son and me as we were pond dipping. We’d been there for a little while and I suppose we looked harmless enough, just a mother and her son. These guys paused in their walk to gaze over the pond, talking intimate board business and plans for the future. This case was a bit more embarrassing because I actually knew a lot about the company and people they were talking about.
Public places can lure people into thinking they are invisible.
Creating a bubble
Mobile phones and video chatting have their plusses. They allow you to get work done anywhere — be it the beach or the airport. The downside, from a risk perspective, is that we are not forced to sit in closed offices where information is more secure. Now we can talk confidential business anywhere.
Until someone invents a device that creates a personal bubble (not a bad idea, come to think of it), we are surrounded by a lot of strangers at close quarters whenever we eat out, travel on public transportation — that includes taxis — and go for a walk and talk.
It happens often enough that I think I may suggest this risk be separated from the human error line in the risk register into its own “loose lips sink ships” line item.
My fellow committee members will laugh until I tell them how many times in my last month of travel I’ve encountered this, then they will likely realise it has happened a lot to them too, and that, frankly, we’ve all been guilty of it. We’ll have to make a strategy about how to tell executives not to blabber without being patronising — some will clip and send this column as a not-so-subtle hint.
But one thing is certain: it is vital that we pay attention because no one needs to hack our secure servers or tap our phones for private information if they can simply get it by sitting a couple seats away on the train.
Discretion is the wiser part of valour, and in this case, not only will we be protecting the companies we work for from an easy-to-manage risk, we’ll also make much more pleasant neighbours in public spaces.
Lucy Marcus is an award winning writer, board chair and non-executive director of several organisations. She is also the CEO of Marcus Venture Consulting.
Source: BBC Capital