Coming Soon – Updated ISO 31000 Risk Management

I’m forwarding along a discussion about the expected update of ISO 31000 Risk Management. Similar to posts that I have been doing for the recently updated COSO ERM framework, I will be adding ISO 31000 to the discussions when the update arrives. 2017 and 2018 are looking like important years for the development and improvement of risk management and ERM for officers, directors (and audit and risk committees), managers, elected representatives, and suppliers, and throughout the entire entity or organization. On this blog you will also find earlier, but recent, posts where I have been discussing the new COSO ERM framework. I particularly like the culture and governance category which was added as the first category for consideration.

Click on the following link for the discussion about the expected update of ISO 31000

Best to you, David Tate, Esq.

Factors Influencing Corporate Culture – Chart From The IIA – Plus, Let’s Agree Upon Sample Culture And Governance Audit Programs

Passing this along, a chart from the Institute of Internal Auditors, identifying factors that influence corporate culture. I’m not sure about some of the ranking – particularly training and enforcement through disciplinary measures – it seems to me that those two categories would be ranked higher, and at about the same level as the establishment of a code of conduct (i.e., immediately below the first two ranked factors). Just comments for thought.

This chart came from a discussion about how to audit culture, and that it can be audited. As noted, for years auditors have tended to stay away from auditing culture, and I’ll also add governance as an audit area that auditors, internal and external, tend to stay away from, which is really perplexing since for years it has been known that culture is an important indicator of the possibility of fraud and unlawful acts. But, if I’m not mistaken, from my years of audit, when designing or planning the audit, doesn’t the external auditor already to some extent do an evaluation of and take into consideration the estimated reliability of the financial recordkeeping processes and internal controls – and wouldn’t that, or doesn’t that, or shouldn’t that, already to some extent take into consideration aspects of culture and governance?

Now both the COSO 2013 internal control framework and the new COSO enterprise risk management (ERM) framework list culture and governance as important framework criteria. Culture and governance are the first, underlying criteria in the new COSO ERM framework. And many other organizations are now promoting culture, including the National Association of Corporate Directors.


And, I say a “public discussion” because public and private businesses, nonprofits and governmental entities, and their auditors, will then have criteria to try to meet or exceed. Note, however, that I am not advocating that the criteria and steps create a legal standard. Internal controls and risk management design are highly discretionary – any effort to create a broad legal standard, other than, for example, the business judgment rule, will be met with extreme resistance, and very most likely failure and an inability to move these topics forward.

So . . . if you are an internal auditor, or an external auditor, how would you, or how do you, describe to management and the audit committee, and perhaps the board, the steps that you would take to audit the entity’s culture and the entity’s governance?

That’s all for now. I’m David Tate, and I’m a California litigation attorney, and I also handle governance and risk management. You need to consult with an attorney or appropriate professional about your situation. This blog post or video or audio is not an advertisement or solicitation for services inside or outside of California. Thanks for listening, viewing or reading.

David Tate, Esq., Royse Law Firm, Menlo Park, California office, with offices in northern and southern California.

See also my blogs at and at

Royse Law Firm – Practice Area Overview – San Francisco Bay Area and Los Angeles Basin

  • Corporate and Securities, Financing and Formation
  • Corporate Governance, D&O, Boards and Committees, Audit Committees, Etc.
  • Intellectual Property – Patents, Trademarks, Copyrights, Trade Secrets
  • International
  • Immigration
  • Mergers & Acquisitions
  • Labor and Employment
  • Litigation (I broke out the litigation because this is my primary area of practice)
  •             Business
  •             Intellectual Property – Patents, Trademarks, Copyrights, Trade Secrets
  •             Trade Secrets, NDA, Accounting Issues, Fraud, Lost Income, Royalties, Etc.
  •             Privacy, Internet, Hacking, Speech, Etc.
  •             Labor and Employment
  •             Mergers & Acquisitions
  •             Real Estate
  •             Owner, Founder, Investor, Board & Committee, Shareholder, D&O, Etc.
  •             Insurance Coverage and Bad Faith
  •             Lender/Debtor
  •             Investigations
  •             Trust, Estate, Conservatorship, Elder Abuse, and Contentious Administrations
  • Real Estate
  • Tax (US and International) and Tax Litigation
  • Technology Companies and Transactions Including AgTech, HealthTech, Etc.
  • Wealth and Estate Planning, Trust and Estate Administration, and Disputes and Litigation

Audit Committee 5 Lines of Defense 10222017 David W. Tate, Esq. jpg




Good video about the GC relationship with the CEO, the Company and the Board – forwarding from Inside America’s Boardrooms

I have provided below a link to a recent Inside America’s Boardrooms video discussing the relationship between the general counsel (GC) and the CEO and the Board. You don’t hear these discussions very often. The GC represents the Company, not the CEO. But, of course, those common interests are most often aligned, but not always. The Board acts on behalf of the Company and the Shareholders, and as such you might say that the GC also represents the Board, but not the Board Members individually, and even this relationship between the GC and the Board can get sticky in some circumstances. This is a fascinating and important discussion.

Best to you, David Tate, Esq., Royse Law Firm, Menlo Park, California office, with offices in both northern and southern California,


Audit Committee Survey Discussion – Corporate Board Member – Video

The following is another worthwhile video from Corporate Board Member, discussing their audit committee survey results, Click Here For Video.

Enjoy, Dave Tate, Esq. (San Francisco)

How to make your third-party provider a true partner – article from Inside Counsel

An article worthwhile reading, from Inside Counsel, How to make your third-party provider a true partner (and the importance of that relationship), for article link Click Here.

Dave Tate, Esq. (San Francisco)

Split the CEO and the chair roles, or have co-chairs, or have a lead director, or not?

Greetings folks.

The question is: split the CEO and chair roles, or have co-chairs, or have a lead director, or not?

This is a question that can be divisive and pit people on different sides against each other.

This seems to be an annual discussion for shareholders of some of the corporations that haven’t split or in some manner separated the roles.

And each director of a corporation certainly could also voice his or her preference and recommendation about whether or not to split or separate the roles.

What would each director prefer for the processes of the company that he or she oversees, for the board on which he or she serves, and for the CEO that he or she elected?

I have to say that I haven’t seen this issue with respect to nonprofits.  The issue may exist, but the nonprofits that I have been involved with have had separate executive director and board chair roles.

Why spilt the roles? What are the advantages to splitting?

Why not split the roles? What are the advantages to not splitting?

Why select or not select a middle path – the CEO as Chair with a Co-Chair Director or a lead director?  What are the advantages?

I don’t believe that you can necessarily generalize – each corporate situation, and the interactions can be different.

Two of the important issues for me are: who determines what is on the agenda and who runs the meeting?

By determining the agenda, I mean with input from the directors, the CEO, the CFO and others who should be giving agenda recommendations.

But who actually then determines what topics specifically will be on the meeting agenda?

And who actually then runs the meeting?

Because determining the actual agenda and running the meeting can be influential and directive.  This topic of course can also naturally flow into other separate issues which we will not be discussing here – such as the extent of the role of the chair or co-chair and his or her manner of style or governance – controlling, collaborative, facilitative, . . . ?

So, do the directors believe that the CEO should handle those two tasks, the agenda and running the meeting . . . or a chair, co-chair or lead director, and why?

And does the CEO believe that he or she should handle those two tasks . . . or a chair, co-chair or lead director, and why?

What is best for the particular corporation, board, and shareholders?  One approach doesn’t necessarily fit all.

Just some thoughts about decision making on top of what everyone else has already said.

Thanks for listening.  Dave Tate, Esq. (San Francisco)

Witnesses, Don’t Get Too Comfortable – post from the Persuasive Litigator

Another good discussion from the Persuasive Litigator (good for witnesses and public speakers in general about dealing with the stress of testifying), Witnesses, Don’t Get Too Comfortable, Click Here For Article.

Enjoy, Dave Tate, Esq. (San Francisco)

Introducing risk management to the board (and executives)

Two blog post links, discussing introducing risk management to the board, and I added “and executives.”  The initial link is to a discussion by John Fraser; the second link is to a discussion by Norman Marks commenting about Mr. Fraser’s discussion.

Discussion by John Fraser, Click Here.

Discussion by Norman Marks, Click Here.

And a follow-up blog post by Norman, Why it makes sense to consider GRC, Click Here.

Also interesting, but not discussed in detail here, new guideline requirements enacted for offshore drilling operations: train/instruct employees and contractors about safety, injury and environmental risk/uncertainty management, risk/uncertainty management is ongoing all the time 24/7, all employees and contractors can/should report any situation that presents safety, injury or environmental risk or danger, evaluate risks (e.g., likelihood of occurrence and possible resulting injury or damage) and design and implement risk/uncertainty plans and processes, have those plans and processes audited to determine sufficiency and need to modify and improve, appoint people who are unilaterally authorized to stop operations at anytime when they deem appropriate, etc.  Sounds good to me.  I support drilling; I have also previously written about the need for improved risk/uncertainty management, and safety and risk/uncertainty management cooperation and collaboration between operators and operations.  Also good stuff for boards to oversee.

Dave Tate, Esq. (San Francisco)

Focus on internal audit – the path to excellence – from a Norman Marks post

If you’re an executive officer, or a director, or involved in internal audit, governance, risk/uncertainty management or audit committee activities, click on the following link for another interesting and worthwhile post by Norman Marks about the path to excellence in internal audit, and please also read the informed comments below the article, Click Here For Article.

In some respects internal audit continues to search for respect and appreciation.  It is internal audit that must sell itself and its value to executive management, the board, audit and risk committees and professionals, shareholders, governance professionals, and other stakeholders.

Thanks for listening, Dave Tate, Esq. (San Francisco).

GCs using social media to select law firms, video from Bloomberg Law . . . .

The following video from Bloomberg Law discusses general counsel using social media to select law firms.  My thoughts on the topic.  Social/business media are here to stay.  Each firm needs to determine its approach based on its practice mix and resources that it will commit to the effort.  As with any marketing, there are no guarantees of success.  Some efforts will be viewed successful.  Others won’t.  Strategy should be reviewed and changed as prudent.  Consider the efforts from a ROI viewpoint – but you still need to determine how you will calculate ROI.  New social/business media opportunities are developing regularly.  Overall, any firm that does not evaluate and implement a program that works for that firm is missing an opportunity, and eventually sooner or later will fall behind the competition.  And, lawyers also must be involved in both the design/strategy and the effort – this isn’t something that you can simply assign.

Dave Tate, Esq., (San Francisco)

Click Here To View Video.