From Jim Kristie

No Second Acts? Bah Humbug!

With 2016 bearing down upon us, here are two inspiring guides for a game-changing year ahead.

By Jim Kristie

Books make great gifts, especially for a holiday like Christmas. In that spirit of the season, I have two books to recommend. The fact that these books are written by authors with a close association to Directors & Boards makes it even more pleasurable to bring them to your attention. And we will give you a sampling of the books with excerpts in this month’s e-Briefing.

The first is 50 Plus! by Robert L. Dilenschneider. The book’s subtitle is, Critical Career Decisions for the Rest of Your Life. You know the famous dictum by F. Scott Fitzgerald that “There are no second acts in American lives”? I have always disagreed with that, and I am glad to know that Bob Dilenschneider also refutes that statement by the literary giant. “It simply isn’t true,” Bob writes in his book.

50 Plus! is an inspiring guide for, as Bob notes, “people who want another chance. They want to have their ticket punched one more time.” He tees up essential guidance to help those at or near the mature stage of their careers. I can’t help but think that this will be a useful reference if you are thinking of transitioning into board service or know someone who wants to get on a board. See the passage “Age Is No Barrier To Success” in this e-Briefing edition’s Article of the Month.

Bob has been a valued member of the Directors & Boards editorial advisory board for 10 years. Here is a link to the book on Amazon. It is published by Citadel Press, an imprint of Kensington Publishing Corp.

My second book recommendation is Positivity by Harry Edelson. Its subtitle is, How To Be Happier, Healthier, Smarter, and More Prosperous. To which I say: how is that not a perfect gift to give someone at the holidays (or any day of the year)!

A veteran of Wall Street, Harry runs Edelson Technology Partners, which makes venture capital investments in virtually all areas of technology. He is a former columnist for Directors & Boards, and wrote for us one of the preeminent articles on corporate governance, “Problems with Boards of Small Companies” (Fall 1994). In any list of personal favorites that I have published, Harry’s biting commentary on board dysfunction would rank high. This article was so good The Wall Street Journal republished it for its readers.

I dipped into the book to pull out the passage for the Columnist piece in this e-Briefing, “My Insight from IBM: No Second-Guessing.” I look forward to curling up with the rest of the book during the coming holidays. Positivity has been called “a game changer for every reader.” With 2016 bearing down upon us — a new year naturally bringing thoughts of “game change” — this is the book for you or for gift giving. It is published by SelectBooks Inc. Here is Amazon’s link to the book.

We now complete a dozen years of publishing these monthly e-Briefings. If you have been with us the whole time or for any chunk of this tenure, on behalf of the Directors & Boards team I thank you for your readership and we look forward to giving you solid briefings in the year ahead and years to come. Happy holidays!

As always, I welcome your comments at

Directors & Boards Director Education Webinar Series
Investigative Due Diligence: A Practical Guide To What Directors Need to KnowClick to Replay »
Webinar Replay - Refreshing the Board: Age or Term Limits, Skillsets and the Hard ConversationClick to Replay »
Webinar Replay - Directors to Watch 2015: The Making of Successful Women DirectorsClick to Replay »
Back to top
Article of the Month

Age Is No Barrier To Success

By By Robert L. Dilenschneider

It doesn’t matter how old you are. Everyone has the same fundamental needs: to enjoy themselves, to be part of something larger than themselves, to confirm their own sense of their abilities, and to demonstrate to others that they’ve got what it takes.

And yet, there comes a moment, generally after one turns 50 — though in today’s youth-obsessed culture, it can happen much earlier — when it becomes hard not to worry about being sidelined.

I’ve worked with hundreds of companies all over the world and I’ve counseled more than a thousand CEOs. I encourage them to think about their entire image, which includes how they present themselves, how they speak, how they absorb experience, and how they interact with their coworkers, their customers, their investors, and their families. Along the way, I’ve helped them navigate through crises that range from marital mayhem to nuclear meltdown (literally: I was an advisor during the Three Mile Island accident).

But I have noticed that nothing brings that look of fear into a client’s eyes like facing the specter of aging. Even in their 40s, and certainly by the time they hit their 50s, many of the people who seek my counsel worry that time has passed them by. I don’t suppose they feel any better when I tell them that they only have one or two significant bites of the apple left.

Seeking Another Chance

This book is directed toward people who want another chance. They want to have their ticket punched one more time. They know they have something to give back, and they know there’s something in them — an emptiness, an unsatisfied longing, perhaps a neglected talent — that remains to be fulfilled.

These aren’t people who are thinking about retirement, at least not in the traditional way. They haven’t run out of gas, and they don’t want their lives to become smaller or more constrained. On the contrary, they see the richness of life and want to participate. They have a spirit that longs to be kindled and made bigger.

F. Scott Fitzgerald made an oft-quoted statement: “There are no second acts in American lives.” Fortunately for us all, it simply isn’t true.

Take, for example, Ronald Reagan. He was an appealing, if ordinary, actor who didn’t even join the Republican Party until he was 51 years old. Four years later he was elected governor of California — and you know the rest.

Jimmy Carter was a peanut farmer who became president when he was 52 years old and was out of a job four years later. He retreated to Plains, Georgia — nowhere, in the eyes of many — and proceeded to form Habitat for Humanity, one of the most creative, hands-on charitable organizations on earth. His “post-presidency” is widely considered the most successful of all our chief executives.

Gloria Steinem got married for the first time at age 66. Brooke Astor wrote her first novel in her late 80s. And composer Elliott Carter received thunderous applause in 2012 when the New York Philharmonic premiered one of his orchestral works. He was 103.

The Case of Caroline Booth

Admittedly, these people are extraordinary. But I can think of others just like them, people in their 50s, 60s, 70s, and 80s, who continue to interact with the world in a sophisticated, involved way. Some of these people remained in the same business — or even the same company — for years, but they shifted the focus of their activity. Others launched new careers that were, in some cases, entirely out of sync with their previous accomplishments.

Here’s a recent example: I have a client I’ll call Caroline Booth. When she came to see me, she’d been working for a large insurance company and she was over 50 and they just didn’t want her. They did everything they could to drive her out and eventually they prevailed. It destroyed her. At first, she was too depressed to do anything other than file for unemployment and discrimination claims. She felt cheated — and I don’t blame her. She felt that they had gone after her because of her age, because of her sex, and because she was a member of a minority. Needless to say, the company denied these charges. Her suit went nowhere. She was shattered.

But after two years, she got rid of the emotional and mental baggage, pulled herself together, and started a business. She’s a determined person who’s extremely smart at what she does, so I wasn’t surprised when I heard how successful she became.

Getting Back in the Game

In the book I discuss the new rules of business in the 21st century; the shifting of economic landscape; the importance of image; the challenge of changing your life; how to look for and get a great job; how to go into business for yourself; how to become a consultant; the 10 commandments of doing your own public relations; how to get along with younger people; and how to get back in the game.

Along the way, I’ll tell you how to activate your network; how to ask for help when you need it; how to improve your prospects socially, financially, and professionally; what to say in an interview; and more. In short, I hope to show you how to succeed –at any age.

I can tell you this: Age is no barrier to success. I know. I’ve seen people who are old enough to retire get new jobs, start their own business, forge new career paths, and fulfill the dream of a lifetime. I’ve seen them go from despair to triumph, from complacency or boredom to full engagement in life. And I will tell you this: You can get there from here.


Click here to read the entire article »

Back to top

My Insight from IBM: No Second-Guessing

By Harry Edelson

At IBM, the idea is not to make the right decision; it is to make the decision right.”

When I worked in Wall Street I followed IBM very closely and was often quoted in newspapers and magazines when IBM made news or reported financial results. I got to know many of the distinguished IBM CEOs, the first of whom was Vincent Learson.

One time I spoke with him on the telephone, and he gave me this insight on how IBM continued to be a highly successful company. I have seen [the above] quote attributed to numerous people, but to my mind, it came first from Vincent Learson, and it was included in a book he wrote about IBM.

His insight is important and may account for one of the reasons I am always happy.

I know people who second-guess themselves immediately after making a decision. They drive to an event and on the way complain about having chosen to attend it, or they choose a restaurant and complain that they should have gone to a different restaurant, and so on.

Once you make a decision, live with it and make it right. If the decision turns out to be bad, make another decision, but don’t look back, only forward. It is a waste of time and energy to complain — either act or acquiesce.'


Click here to read the entire article »

Back to top
Bonus Content

Data Breaches: Eight Things That Will Shock Trustees

By Bob Chaput

Most boards of directors are beginning to understand the grave consequences of not paying close attention to information risk management. All of the items below have relevance for all board members, not just those in healthcare. That’s because many companies are now legally responsible for the actions of their business associates, including health insurers. And some of the biggest data breaches in the last several years have occurred when seemingly low-risk vendors (like heating & cooling companies) have gotten hacked, opening a back door to corporations’ most sensitive data assets.

1.    Data breaches occur in a multitude of ways, and all of them can be costly.

While large-scale hacking events make the headlines (like recent data breaches at Premera, Anthem, and CareFirst), breaches can happen in a variety of ways that don’t involve hackers: burglaries, employees snooping into health records, lost or stolen laptops containing unencrypted data, and many more. There’s still a surprising number of non-digital data breaches involving improper disposal of paper records, misplaced x-rays and other images, and the like.

Here are a few examples:

  •   Cedar-Sinai Hospital fired six employees for snooping into the health records of Kim Kardashian during the delivery of her child in 2013. There have been many other highly publicized celebrity-snooping incidents involving stars like George Clooney and the late Farrah Fawcett.
  • Last year, Northfield Hospital in Minnesota reported a data breach involving about 1,800 documents containing patients’ Protected Health Information (PHI) that had not been shredded before being sent to a commercial dumpster.
  • Advocate Health Care in Illinois experienced a data breach that was the result of a burglary, not a hack. Thieves stole four laptops from unmonitored rooms – and the computers contained unencrypted Social Security numbers and PHI of about four million people.      

Don’t neglect to include equipment and facility security in your plan, and ensure consistent application of sanctions to those who break the rules, intentionally or not.

2.    The costs associated with data breaches are no longer high – they’re staggering. It’s been estimated that Anthem will exhaust its $100 million cyber-insurance policy just to cover the cost of notifying the 80 million people whose data was compromised. The insurer is also facing an avalanche of other costs, including IT system remediation and looming class-action lawsuits. A study by Temple University’s Beasley School of Law found that the average settlement award in data breach class-action suits is $2,500 per plaintiff, with mean attorney fees of $1.2 million. If all 80 million people eventually receive that amount, Anthem’s losses would be greater than $200 billion.  A recent ruling by the California District handed down in the Adobe breach case stated that the “increased risk of future harm” may be sufficient to confer standing to the victims.  There was “no need to speculate as to whether the hackers intend to misuse the information ...” thereby allowing a putative class of plaintiffs to proceed in Federal court.  So the intent to misuse the information, and the ability to do so, is now a critical factor in determination of a class-action suit.

3.    Boards are being held more accountable each year. The Federal Trade Commission is now invoking the False Claim Act against healthcare organizations (and any of their business associates) whose websites claim that patient data is protected and then experience a data breach. And the Securities and Exchange Commission has already stated that boards of organizations responsible for safeguarding PHI will be held accountable for lax security policies

While many healthcare organizations are not public companies, boards should be aware that they may still have reporting requirements. The Securities and Exchange Commission has suggested that the following disclosures might be appropriate:

  • Discussion of the organization’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences.
  • To the extent the organization outsources functions that have material cybersecurity risks, descriptions of those functions and how the company addresses those risks.
  • Description of cyber incidents experienced by the organization that are individually (or in the aggregate) material, including a description of the costs and consequences, plus risks related to cyber incidents that may remain undetected for an extended period.
  • Description of relevant insurance coverage (more on this later).

Although Target Corp. has already replaced its CIO and is looking for a new CEO in the wake of its major data breach, Institution Shareholder Services is calling for the company to replace seven of the 10 members of its board of directors.

4.    Roughly 90 percent of data breaches are caused by an organization’s own employees and business associates. As a trustee, your biggest worry shouldn’t be international cyber-espionage teams. Insiders are responsible for more than 9 out of 10 data breaches. According to the latest data from the Office for Civil Rights, business associates are responsible for almost 60 percent of those breaches. BAs work on behalf of healthcare organizations in numerous ways: billing and collections, IT services, benefits administration and so on. Many of the BAs that have reported breaches are household names that include Iron Mountain, McKesson, ADP and K-Mart. Make sure you have risk-rated your BA inventory based on the amount of data, the sensitivity of that information, the criticality to your organization and the BAs’ breach or incident history. It’s a good time to ensure you have a backup plan if your BA breaches a material requirement in the contract.

5.    The vast majority of data breaches are preventable through effective policies and training. All employees need a thorough introduction to the organization’s policies and processes concerning data security: reporting suspicious activity, password protection, encryption, and more. This training and education needs to be much more comprehensive than a perfunctory online tutorial.

Here are some examples of breaches that could have been prevented with adequate training and policy enforcement:

6.    Some breaches don’t involve data theft, but pure malice. A growing number of hackers aren’t interested in stealing financial data, but are instead intent on tampering with medical devices and altering health records. Studies show that it’s relatively easy for digital intruders to change the dosages on infusion pumps or modify defibrillator settings (causing them to either send a massive shock or not work at all). One study found that even surgery robots are vulnerable

Then there are the hackers that will hold your information for ransom (with the help of software called “ransomware”), which allows the bad guys to encrypt your data and hold it hostage until you pay a ransom to get it released. 

7.    Cyber-insurance is very expensive, and may only cover a portion of the total costs of a data breach. Cyber-liability insurance for a healthcare organization can carry annual premiums in the $200,000 range and deductibles as high as $500,000. These numbers are likely to grow larger as courts quantify damages in future cases, resulting in costly settlements typically covered by insurance. Cyber-insurance usually covers investigation, defending against lawsuits and other claims, business interruption, third-party liability and the cost of a regulatory investigation. Get it while it’s still (somewhat) affordable.  

And be sure to read and understand the details of your policy’s obligations to protect the data. In a complaint filed in U.S. District Court in California, an insurance company is denying a claim following a data breach because the healthcare provider and their business associate failed to follow “minimum required practices” as spelled out in the policy because they failed to install encryption.

8.    Most organizations have not conducted a NIST-based Information Risk Management analysis/audit. The AHA cybersecurity guide for trustees recommends implementing the NIST Cybersecurity Framework and adhering to its key benchmarks. Yet only a fraction of hospitals and health systems in the U.S. have even conducted a NIST-based information risk management analysis to provide baseline metrics. Most of the healthcare organizations that have experienced serious data breaches failed to do a thorough analysis/audit of their risks beforehand.

Remember that risk management is an ongoing process. It’s wise to establish a governance or oversight committee to ensure that you’re staying regularly informed about new threats and vulnerabilities, in addition to progress on remediation plans.

Hospital trustees aren’t expected to be technical gurus or compliance experts, but they must be familiar with the security issues highlighted in this article. Armed with this information, hospital boards can help their organizations avoid the colossal costs and reputational damage arising from preventable data breaches.



Click here to read the entire article »

Back to top
Calendar of Events
Ensuring Integrity: The 10th Annual Audit Conference

December 3 - 31

Hosted by the NASBA’s Center for the Public Trust and Baruch College, the conference provides a forum for interaction between business, public accounting, academics, and policy setters from the American Institute of Certified Public Accountants (AICPA), the Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB). 

Complete the online registration form.

For more information, click here.

See more events of interest to directors »
Back to top

How Corporate Boards are Tackling New Markets and Business Models:

A new board briefing paper from the world’s largest group of women corporate directors captures some of the ways companies are having to pivot to meet technology, workforce, and consumer disruption. WomenCorporateDirectors Foundation (WCD) recently released “What Directors Need to Know About New Marketplaces and Business Models,” revealing how boards are capitalizing on global shifts to meet markets where they are today.

The WCD board briefing – highlighting key insights from a panel Metayer moderated at this year’s WCD Global Institute held in New York – focuses on these four topics:

· Pivoting Required: Adjusting Business Models and Throwing Out Old Assumptions
· Global Talent Grab: What the New Workforce Demands
· New Markets: Taking a Measured Approach
· Redefining Collaboration: Leveraging Internal and External Relationships

This WCD board briefing is the third in a series, which also includes“The Growth and Management of Megacities”(Issue 2) and “Where Economic Growth Will Come From in the Americas” (Issue 1).










Former NYPD Commissioner Ray Kelly Joins K2 Intelligence:

K2 Intelligence, an industry-leading investigative, compliance and cyber defense services firm founded by Jules B. Kroll and Jeremy M. Kroll announced the appointment of former New York Police Department (NYPD) Commissioner Raymond W. Kelly as Vice Chairman of the firm, according to a company press release.

Mr. Kelly brings decades of experience setting strategy to combat threats faced by nations around the world, by the public and by the private sector.  A distinguished leader and protector, he is New York City’s longest-serving police commissioner.  Under his leadership the NYPD has been described as the premier domestic public-safety agency in the United States.  He also launched a world-class counterterrorism and intelligence apparatus credited with foiling numerous attacks on New York City.

Mr. Kelly will provide valuable insight into the design and development of tailored enterprise risk solutions for clients around the world.  Both internal and external risks affecting the safety of client assets and the reputation and stability of their key stakeholders will be addressed.

ISS Releases 2016 Benchmark Policy Updates:

Institutional Shareholder Services Inc. (ISS), a leading provider of corporate governance solutions to the global financial community, recently released 2016 updates to its benchmark proxy voting policies for the Americas, EMEA, and Asia-Pacific regions. The updated policies will generally be applied for shareholder meetings on or after Feb. 1, 2016.

To ensure its voting policies take into consideration the views of its institutional clients, as well as the perspectives of the broader corporate governance community, ISS gathers input each year from institutional investors, issuers, and other market constituents worldwide through a variety of channels and mediums.

 Key U.S. benchmark policy changes announced include that ISS is changing its director overboarding policy. For most directors except for standing CEOs, the maximum number of public company boards that a director can sit on before being considered “overboarded” is being reduced from six to five.  There will be a one-year grace period until 2017, giving directors and companies sufficient time to make any changes in advance of the 2017 proxy season, should they wish to do so.

For more on the ISS 2016 benchmark policy updates, click here.

Read more news »