Director, Officer and ERISA Liability – forwarding from Woodruff Sawyer

The following is a link to a series of posts (part 1) from Woodruff Sawyer discussing director, officer and ERISA liability. Woodruff Sawyer knows its stuff – good reading, Click Here For The Discussion

Best to you, David Tate, Esq., Royse Law Firm (Menlo Park, California office – with offices in northern and southern California –

Help with culture oversight and ERM – possibly where to start

Now that oversight of the entity’s “culture” has reached the boardroom, where do you start if culture hasn’t really been on the radar? As you might know, for example, whereas the new COSO ERM framework lists culture and governance at step one, it doesn’t go into too much detail or guidance about what these might include, but leaves it for every organization to decide for itself what enterprise risk management will involve and include in these and other areas and steps. If the organization’s culture really hasn’t been on the radar, I suggest that you consider or start with the employee handbook and policies, and the code(s) of conduct – evaluate whether those are currently sufficient or need updating, and then run through the ERM process for the conduct described or listed. Of further interest, below I have pasted snapshots of a current NACD website page discussing culture (and that you can obtain a NACD discussion paper online), a summary of a possibly ERM process (significantly based on the new COSO ERM framework), some additional governance, ERM and audit committee items, and a link to a new Norman Marks discussion “Do we understand what a Risk Event is?

Thanks for reading, and best to you. David Tate, Esq., Royse Law Firm (Menlo Park, California, office)

Overview of Possible Risk Management Process 11122017


Norman Marks “Do we understand what a Risk Event is:

Audit Committee 5 Lines of Defense 10222017 David W. Tate, Esq. jpg

COSO Enterprise Risk Management Framework ERM Components and Principles

NIST Cybersecurity Framework Tiers Summary

The Business Judgment Rule

In summary, as a general principle the business judgment rule provides that a director should undertake his or her duties:

-In good faith, with honesty and without self-dealing, conflict or improper personal benefit;

-In a manner that the director reasonably believes to be in the best interests of the corporation and its shareholders; and

-With the care, including reasonable inquiry, that an ordinarily prudent person in a like position with like expertise would use under similar circumstances. The rule itself doesn’t require a particular level of expertise, knowledge or understanding; however, as you might be aware, public company audit committee members do have such a requirement, and you can at least argue that, depending on the facts and circumstances, a board or committee member should have or should obtain a certain unspecified level of knowledge or understanding to be sufficiently prepared to ask questions, evaluate information provided, and make decisions.

Reliance Upon Other People Under the Business Judgment Rule

In the course and scope of performing his or her duties, a director must necessarily obtain information from and rely upon other people. An independent director is not involved in the day-to-day operations of the business. The director provides an oversight function. Pursuant to the business judgment rule, a director is entitled to rely on information, opinions, reports or statements, including financial statements and other financial data, prepared or presented by any of the following:

-Officers or employees of the corporation whom the director reasonably believes to be reliable and competent in the relevant matters;

-Legal counsel, independent accountants or other persons as to matters that the director reasonably believes are within the person’s professional or expert competence; or

-A committee of the board on which the director does not serve, as to matters within that committee’s designated authority, so long as the director acts in good faith, after reasonable inquiry as warranted by the circumstances, and without knowledge that would cause reliance to be unwarranted.

That’s it for now. Thanks for reading. David Tate, Esq., Royse Law Firm, Menlo Park office, with offices in the San Francisco Bay Area and Los Angeles



Help with employment termination investigations – new case Jameson v. PG&E

See, Jameson v. Pacific Gas and Electric Company, California Court of Appeal, First Appellate District, October 5, 2017, Case A147515

In relevant part, plaintiff employee claimed that PG&E fired him in breach of the implied covenant of good faith and fair dealing, that he would not be fired for other than good cause, and in retaliation. PG&E countered that it was an at-will employment, and that in the alternative that PG&E had good cause and that its investigation established good case. Plaintiff employee further claimed that PG&E’s investigation was inadequate and that the investigator, who was an attorney, failed to interview all of the identified witnesses or sufficiently consider plaintiff employee’s arguments and evidence. See below clip from the court’s opinion.

Of course, whether or not the investigation was sufficient and appropriately performed by a competent and qualified person will vary and depend on the facts and circumstances of each case and investigation.

David Tate, Esq.

With respect to the sufficiency of the investigation, in relevant part, the court held:

Jameson v. PG&E - employment termination investigation case 11042017-1

In this post – why I am restarting this blog – and some risk management (ERM) and audit committee materials

I last used this blog in mid-2013. For my recent posts to other blogs on these topics, please also click on the following: – 103 posts from January 2, 2016 to the present (and ongoing – this blog is continuing). – 310 posts from September 21, 2013 to January 2, 2016.

And, of course, I am also continuing with my longtime blog about trust and estate litigation and contentious administrations, conservatorships, powers of attorney, elder abuse and elder protection, real property, etc.,

You might ask, or wonder, why restart this blog? Because as I view the current business and people environment, the more broad scope of this blog title accurately reflects the status of the community and business environments and what is needed. As indicated above, I am also continuing with my longtime trust, estate and elder litigation blog, and with my audit committee and D&O blog. Thank you.

Best to you, David Tate, Esq.



The California State Leadership Accountability Act (Cal. Government Code §§13400-13407)

Section 13401

The California State Leadership Accountability Act in relevant part provides as follows:

(a) The Legislature finds all of the following:

* * * * *

(3) Effective systems of internal control provide the basic foundation upon which a structure of public accountability must be built.

(4) Effective systems of internal control are necessary to ensure that state resources are adequately safeguarded, monitored, and administered.

(5) Systems of internal control are necessarily dynamic and must be routinely monitored, continuously evaluated, and, where necessary, improved.

(6) Reports regarding the continuing adequacy of the systems of internal control of each state agency are necessary to enable the executive branch, the Legislature, and the public to evaluate each state agency’s performance of its public responsibilities and accountability.

(b) The Legislature declares all of the following to be the policies of the state:

(1) Each state agency must maintain effective systems of internal control as an integral part of its management practices.

(2) The systems of internal control of each state agency shall be evaluated on an ongoing basis through regular and ongoing monitoring processes and, when detected, weaknesses must be promptly corrected.

(3) All levels of management of state agencies must be involved in assessing and strengthening the systems of internal control to minimize fraud, errors, abuse, and waste of government funds. Monitoring processes should be designed to ensure objectivity of persons tasked with monitoring. Objectivity means allowing those tasked with monitoring to maintain integrity, impartiality, a questioning state of mind, and the ability to accurately and fairly assess circumstances and draw sound conclusions.

(4) It shall be the responsibility of the Department of Finance, in consultation with the Controller and the California State Auditor, to establish guidelines for how the objectivity of the persons tasked with monitoring processes are to be maintained. Those guidelines should include establishing monitor training programs, identification of appropriate chain-of-command reporting relationships, and recommended best practices for professional development and the conduct of objective monitoring, including, but not limited to, practices for the regular dissemination of strategies and lessons learned from successful efforts to strengthen state administration via interagency cooperation.

Section 13402

Agency heads are responsible for the establishment and maintenance of a system or systems of internal control, and effective and objective ongoing monitoring of the internal controls within their state agencies. This responsibility includes documenting the system, communicating system requirements to employees, and ensuring that the system is functioning as prescribed and is modified, as appropriate, for changes in conditions.

Section 13403

(a) As used in this chapter, “internal control” means a process, including a continuous built-in component of operations, effected by a state agency’s oversight body, management, and other personnel that provide reasonable assurance that the state agency’s objectives will be achieved. The following five components of internal control, if effectively designed, implemented, and operated in an integrated manner, constitute an effective internal control system:

(1) “Control environment” means the foundation for an internal control system that provides the discipline and structure to help a state agency achieve its objectives.

(2) “Risk assessment” means an assessment of the risks facing the state agency as it seeks to achieve its objectives and provides the basis for developing appropriate risk responses.

(3) “Control activities” means the actions management establishes through policies and procedures to achieve objectives and respond to risks in the internal control system.

(4) “Information and communication” means the quality of vital information used and communicated to achieve the state agency’s objectives.

(5) “Monitoring” means the activities management establishes and operates to assess the quality of performance over time and promptly resolve the findings of audits and other reviews.

(b) The elements of a satisfactory system of internal control, shall include, but are not limited to, the following:

(1) A plan of organization that provides segregation of duties appropriate for proper safeguarding of state agency assets.

(2) A plan that limits access to state agency assets to authorized personnel who require these assets in the performance of their assigned duties.

(3) A system of policies and procedures adequate to provide compliance with applicable laws, criteria, standards, and other requirements.

(4) An established system of practices to be followed in performance of duties and functions in each of the state agencies.

(5) Personnel of a quality commensurate with their responsibilities.

(6) An effective system of internal review.

(7) A technology infrastructure to support the completeness, accuracy, and validity of information processed.

(c) Agency heads shall follow the standards established by this section of internal control in carrying out the requirements of Section 13402.

(d) Monitoring systems and processes are vital to the following:

(1) Ensuring that routine application of internal controls do not diminish their efficacy over time.

(2) Providing timely notice and opportunity for correction of emerging weaknesses with established internal controls.

(3) Facilitating public resources and other decisions by ensuring availability of accurate and reliable information.

(4) Facilitating production of timely and accurate financial reports, and the submittal, when appropriate, of recommendations for how greater efficiencies in support of the state agency’s mission may be attainable via the consolidation or restructuring of potentially duplicative or inefficient processes, programs, or practices where it appears such changes may be achieved without undermining program effectiveness, quality, or customer satisfaction.

(e) It shall be the responsibility of the Department of Finance, in consultation with the Controller and the California State Auditor, to establish guidelines for the management of state agencies on how the role of monitoring should be staffed, structured, and its reporting function standardized so it fits within an efficient and normalized state agency administrative framework.

(f) Agency heads shall implement systems and processes to ensure the objectivity of the monitoring of internal control as an ongoing activity in carrying out the requirements of Section 13402.

* * * * *

Link for U.S. federal government ERM – OMB Circular A-123 – Management’s Responsibility for Enterprise Risk Management and Internal Control

Society of Professional Journalists, Code of Ethics

Law Student – Lawyer Career Planning and Development Evaluation Tool

Click on the following link for a law student – lawyer career planning and development evaluation tool that I put together to help with discussion and thought process. I hope that you find it helpful. Dave Tate, Esq. (San Francisco).

Law Student – Lawyer Career Planning and Development Evaluation Tool 05232013

A short paper you must read about board-level corporate risk management – NACD Advisory Council on Risk Oversight

If you are interested in the process of board oversight over corporate risk management, here is a link to a short paper that you must read from the National Association of Corporate Directors, Link for NACD Advisory Council on Risk Oversight, Summary of Second Meeting, Click Here for Paper.

First, let me sincerely compliment the NACD for discussing this topic and making portions of the discussions available for reading and comment.  Whether you agree or disagree with portions of the paper and the discussions therein, making the paper available demonstrates an effort at leadership which I believe is often lacking at professional organizations.

I read the paper, of course.  And I have comments.  Overall, I find it amazing and difficult to comprehend that risk management discussions and process and apparently board oversight of risk or uncertainty management has not progressed more than the paper indicates.

I agree with the NACD’s original position that oversight of risk management (I prefer uncertainty management, but whatever) is the responsibility of the entire board and not of a committee.  That being said, limited delegation to a committee in conjunction with reporting to the entire board and with entire board oversight can be a good way to go.  But why delegate to the audit committee?  Audit and risk are not the same.  And isn’t the audit committee already sufficiently busy?  Of course it isn’t wrong to delegate initial risk and uncertainty oversight to the audit committee which then reports to the board for the entire board’s consideration, but during its meetings does the audit committee wear one hat for audit during part of its meeting and then change to its risk management oversight hat?  Why not appoint a separate risk management committee that is composed of the board members who are best qualified for that task?

If the board members are concerned about their lack of information about risk management and that there are gaps, have the CRO and CAE coordinate their efforts and both report to the board.

The NACD’s paper doesn’t propose best or better practices.  But that isn’t the purpose of paper.  Frankly I am surprised that the NACD would allow such an open discussion paper to go out under its name, but again, I am very complimentary of the NACD for being willing to do so.

I might have additional comments that will follow in other posts.  For example, as I have previously written, I dislike the nature of the current discussions that suggest quantifying acceptable risk appetite and risk tolerance.  And I also disagree with any suggestion that a company adopt only one risk appetite or one risk tolerance – obviously different risks and different projects call for different evaluations.

On a related note, recently additional regulations were proposed or enacted for off shore oil and gas drilling risk management and related oversight – the regulations require employee and contractor training, that a supervisory employee over risk management be designated, that a supervisory employee have authority to immediately take action including shutting a system down in appropriate circumstances, for auditing of the processes, for evaluation of risk management and if necessary reporting 24/7 including by all levels of employees and contractors, and for the option of anonymous reporting.  Sounds like a good development.

Dave Tate, Esq. (San Francisco)

A new reality in the relationships between the nonprofit and for-profit worlds, from Bruce Burtch

Click below for a new discussion from Bruce Burtch.

New Realities Require New Responses:

There is a major sea-change underway in the relationship between the nonprofit and for-profit worlds, and this change requires a serious look at current realities. For-profits are more and more realizing that they deserve to receive mutual value in the nonprofit/for-profit equation.

Click Here For Discussion.

Dave Tate, Esq. (San Francisco)

Audit Committee Survey Discussion – Corporate Board Member – Video

The following is another worthwhile video from Corporate Board Member, discussing their audit committee survey results, Click Here For Video.

Enjoy, Dave Tate, Esq. (San Francisco)