STRATEGIES FOR BOARDS OF DIRECTORS TO RESPOND TO THE COVID-19 PANDEMIC

Many boards of directors have been blindsided by the COVID pandemic and other recent events. For example, Volkswagen was sitting on a time bomb of falsified emissions testing and British Petroleum had its Deepwater Horizon pollution tragedy. During the financial crisis of 2008, there were many implosions of financial institutions, such as Lehman Brothers, Royal Bank of Scotland, Equitable Life, and AIG (Reputability, 2018a). Boards were also blindsided by major hacking scandals, such as Yahoo (3 billion users), Marriott (500 million customers), eBay (145 million users), and Equifax (143 million customers). In 2020, the U.S. Department of Justice (DOJ) charged four members of the Chinese military in the Equifax data breach. Equifax, like most large U.S. companies, failed to encrypt its customer credit databases. In 2019, Equifax reached a $700 million settlement over this Abstract

The COVID-19 pandemic has caused escalating levels of business, economic, and societal uncertainty and created extensive disruptions in the global market. The major research question of this study is how boards of directors can manage uncertainty in the post-COVID environment, especially in their duties as gatekeepers for both their own shareholders and all the stakeholders, including employees, customers, creditors, and suppliers. It is critical for boards to develop practices to help their companies manage uncertainty in the COVID and post-COVID times, as shown by the following topics discussed and analyzed in this paper: managing uncertainty with visibility, control, and agility practices; risk strategies for non-executive directors; global risk concerns; disruptive risks and opportunities from emerging technologies; boardroom risk advice; and boardroom risk questions. All these issues and areas of concern are relevant, even critical, to help boards develop sound practices for managing post-COVID uncertainty, to help their companies survive, and to strengthen corporate governance. Future research could use case studies and interviews of company boards to investigate how they have developed risk strategies and procedures to manage uncertainty as lessons learned from the 2020 COVID pandemic, which was a coronavirus "black swan" (a surprise event with major effects). Declaration of conflicting interests: The Authors declare that there is no conflict of interest. data breach with most of the funds intended for affected customers. Its CEO, chief information officer, and chief security officer all have resigned (Associated Press, 2020). The major 2020 event that blindsided boards is the COVID pandemic from the coronavirus "black swan" (a surprise event with major effects). Developing practices for managing uncertainty in these COVID and post-COVID times is critical for boards to help their companies survive and should be an opportunity to strengthen corporate governance.
The major research question of this study is how the full boards of directors can manage uncertainty in the COVID environment and help their companies survive the new normal in a post-COVID world, especially in their duties as gatekeepers for both their own shareholders and general stakeholders, including customers and employees. Accordingly, we researched and presented the tools, systems, and strategies for boards to understand and adapt to changes in times of uncertainty. First, drawn upon previous corporate governance literature on fraud and bankruptcies, this paper outlined the good ideas and lessons to learn for boards to develop and improve monitoring for post-COVID business practices. A contingency approach was recommended for the board"s functional emphasis. In addition to monitoring, decision making, and service/resource provision, there should be a broader perspective for conflict resolution, especially for both shareholders and stakeholders.
Second, we introduced a new guide developed by Oracle NetSuite to help companies and their boards navigate through new challenges and opportunities brought by this unprecedented crisis period (Oracle NetSuite, 2020). The proposed three-step solution focuses on getting visibility (take stock of the situation), gaining control (determine priorities) and build agility (how can you change to win?). Boards of directors could follow this framework in establishing post-COVID practices to analyze and monitor their companies both for short-term survival and long-term success.
Third, boards" oversight of company risks has drawn heightened attention. In her testimony following the 2008 financial crisis, the chairwoman of the U.S. Securities and Exchange Commission (SEC) emphasized the critical role of boards" robust risk oversight in our economy and financial markets (Keusch, 2016). However, non-executive boards (NEDs) often do not see trouble coming and are blindsided. They are also criticized by investors and regulators for overseeing the incentive structures allowing management teams to take big risks. This paper studied the corporate governance practices and mechanisms shown to help remove NED blinkers and improve NEDs" risk oversight, which may serve as the post-COVID risk tools (Keusch, 2016 (Walker & Barton, 2020). What is more, key questions to facilitate these risk strategies are also recommended for boards to consider when getting involved in the post-COVID risk management. The boardroom risk questions are based on the researchers" interactions with directors and executives at risk management conferences and forums at DePaul University"s Strategic Risk Management Lab (Anderson & Frigo, 2012). The paper is divided into nine sections. Section 2 reviews the relevant literature and advocates changes in corporate governance to improve board monitoring practices. The next six sections discuss and analyze each of the following topics. Section 3 studies managing uncertainty with visibility, control, and agility practices; Section 4 analyzes risk strategies for non-executive directors; Section 5 discusses global risk concerns; Sections 6, 7 and 8 analyze disruptive risks and opportunities from emerging technologies, boardroom risk advice, and boardroom risk questions. Section 9 provides concluding remarks and suggestions for future research.

Scholars
and practitioners have widely acknowledged the important role of boards in managing uncertainty. An extensive literature has studied this topic. For example, using a UK panel database drawn from the annual observations of 1,675 CEOs and 1,540 CFOs, Shabeeb Ali, Ismael, and Ahmed (2020) found that CEO equity incentives were related to generating higher income with earnings management in financial reporting while corporate governance quality, as measured by individual mechanisms and an overall index, had no effects on such relationship. Mantovani and Moscato (2020) analyzed a sample of 10,520 firms over the years 2006-2015 and found that corporate governance should be considered as a tool contributing to the efficacy of monitoring capabilities of the shareholder composition of equity and corporate performance. However, previous literature has mainly focused on the boards" managing uncertainty within the framework of financial reporting frauds and bankruptcies. The boards" risk management strategies have been largely underexplored. In this section, we review a growing literature on how boards manage uncertainty within the risk management framework, which leads to the implications for the post-COVID practices as discussed in the subsequent sections.
Studies have shown the detrimental effects on companies when their boards do not perform a well-defined and effective risk monitoring function. South Africa"s largest financial reporting scandal, Steinhoff International Holdings, could have been avoided if its board of directors had employed the appropriate risk oversight practices, including applying the due diligence guidelines and procedures and strategically utilizing the well-established fraud models and ratios. Questionable mergers and acquisitions were done to cover up declining financial performance, resulting in market capitalization destruction of $22 billion (Grove, Clouse, & Malan, 2019). In 2019, an activist hedge fund investor criticized L Brands management and board of directors for not monitoring the risk of product obsolesce as its major Victoria Secret brand had become near obsolete. Only its competitors had paid attention to and taken advantage of emerging customer preferences. From an analysis of L Brands" corporate governance, this activist investor recommended that L Brands improve the composition of its board of directors whose deficiencies in director independence, industry experience, and diversity had hindered its ability to effectively oversee and advise management, resulting in a market capitalization destruction of $20 billion (Grove & Clouse, 2019). Accordingly, in 2020, 55% of L Brands was sold to a private equity firm for just $525 million. The L Brands founder agreed to step down as both chairman of the board and CEO (the ongoing corporate governance problem of CEO duality) after holding both of these positions for 57 years (Safdar, 2020).
Corporate fraud has posed increasing risks and caused significant damages. Bekiaris and Papachristou (2017) cited that fraud costs the economy, businesses, investors, and society more than $3 trillion every year and analyzed the evolution of fraud risk from 2004 to 2016. They found that owners and executives generated high-impact fraud risk from financial statement fraud although employees committed more low-impact fraud risk from stealing assets of the company. These owners and executives were between 41-60 years old and had higher positions and tenure than employees. The research results showed that organizational ethical culture, especially the "tone at the top" promoting and encouraging moral attitude, was salient for fraud prevention.
It is important for boards to understand fraud risks and employ proactive strategies in their risk management practices. Magnanelli, Pirolo, and Nasta (2017) focused on the role of corporate governance as a system to monitor and predict fraud occurrence and magnitude. Starting with a sample of 101 listed companies for which fraud was detected, a corporate governance index was developed. Using a matched sample of non-fraud firms, they confirmed the existence of a negative relationship between the quality of a firm"s corporate governance system and both the financial statement fraud occurrence and magnitude. They concluded that a strong corporate governance system of a firm was a fraud deterrent for any amount of financial statement fraud. Boards should monitor the key risks of financial statement fraud as the result of agency problems and conflicts of interests not resolved by the company.
The deluge of financial reporting frauds by publicly listed Chinese companies was studied in various research reports. Grove and Clouse (2016) found that many of the Chinese companies that had listed on U.S. stock exchanges in the 21st century committed fraudulent financial reporting and experienced corporate governance scandals involving such frauds. Their boards of directors exercised no meaningful monitoring of such risks and just accepted whatever top management told them. Lee and Jin (2012) examined 2,170 firm-year observations of the companies listed on the Shanghai A stock market during the period of 2004-2006. They found that institutional ownership reduced earnings management and lowered the risk of financial misreporting. They also found that state ownership was positively associated with earnings management and that accruals-based earnings management increased the risk of financial misreporting.
Concerning bankruptcies, the U.S. government failed to bail out Lehman Brothers which went bankrupt in September 2008 and was the tipping point for the global financial crisis. Financial risk and fraud models showed the potential for developing effective risk management monitoring, especially concerning earnings management, liquidity, and solvency. However, the non-executive directors on Lehman Brothers" board did no serious risk monitoring. The risk management committee was only formed in 2006 and had just two meetings before Lehman"s bankruptcy. Board membership was viewed as more of an honorary position with annual salaries over $200,000 and only one non-executive director had banking experience (Grove & Clouse, 2013). Similarly, Santen and Donker (2009) found a positive relationship between the presence of foreign non-executive directors and financial distress, suggested by poor communication and misunderstandings.
Nguyen (2011) investigated and evaluated the weaknesses of Enron"s corporate governance structures that led to its collapse and bankruptcy. Poor corporate governance and a dishonest culture that nurtured serious conflicts of interests and unethical behavior in Enron were identified with four significant factors: 1) Enron"s board of directors failed to fulfill its fiduciary duties towards the company"s shareholders; 2) Enron"s top executives were greedy and acted in their own self-interest; 3) many of Enron"s employees witnessed the wrongdoings of Enron"s top executives and issued quite a few whistleblower reports which top executives ignored; 4) Enron outsourced its internal audit function to its own external auditors, Arthur Andersen, instead of establishing a functional internal audit mechanism. Arthur Andersen acquiesced to questionable accounting and fraudulent financial reporting by Enron which was its fifth largest client. There were numerous weaknesses in Enron"s corporate governance: the weak role of the board, the poor behavior of top executives, the poor corporate culture and whistle-blowing system, and the weak internal and external auditors. The resulting market capitalization destruction was $77 billion and the end of Arthur Andersen, the first international accounting firm, which was founded in 1913. Collin (2008) presented a contingency approach for the board"s functional emphasis and advocated the fourth function in addition to monitoring, decision making, and service/resource provision. The additional function was a broader perspective for conflict resolution. This new function assumed that the shareholder was not the sole principal but identified other stakeholders in a contingency approach, including customers, employees, creditors, and suppliers. Turnbull (2005) identified rational reasons not to trust large complex Anglo corporations, such as directors being overloaded with internal information but lacking information independent of top management to evaluate management and the business. Directors did not have systematic processes to discover if their trust in management was misplaced and directors had no incentive to blow the whistle on their colleagues. Major changes in corporate governance were advocated to remove these concerns: establish a watchdog board, introduce cumulative voting for directors, and establish stakeholder councils.
From this literature search, there are many good ideas and lessons learned for boards to develop risk monitoring for post-COVID business practices: 1) avoid executive incentives which motivate earnings management; 2) develop strong corporate governance to contribute to the effectiveness of risk monitoring; 3) use due diligence guidelines and procedures, based on the application of well-established fraud models and ratios, to monitor the risk of financial reporting fraud; 4) improve the composition of boards of directors where there are deficiencies in director independence, industry experience, and diversity which hinder the board"s ability to effectively oversee and advise management; 5) monitor the risks of financial statement fraud due to agency problems and conflicts of interests; 6) review organizational ethical culture and "tone at the top" to promote and encourage moral attitude for fraud prevention.
Also, when boards of directors exercise no meaningful risk monitoring and just accept whatever top management tells them, financial reporting fraud is more likely to occur. Institutional ownership can reduce earnings management and lower the risk of financial misreporting, but accruals-based earnings management increased such risk. Financial risk and fraud models show the potential for developing effective risk management monitoring for earnings management, liquidity, and solvency.
The recommendations in this literature review have influenced the following sections of this paper to help develop the post-COVID strategies for boards of directors, especially for managing uncertainty and improving risk monitoring.

MANAGING UNCERTAINTY WITH VISIBILITY, CONTROL, AND AGILITY PRACTICES
The COVID-19 crisis has created the tremendous surge in business, economic, and societal uncertainty. The U.S. gross domestic product (GDP) fell at a 4.8% annual rate in the first quarter of 2020 and 9.5% in the second quarter, which was the equivalent of a 32.9% annual rate. The U.S. unemployment rate was 10.2% in July, which represented over 16 million jobs lost (Berger, 2020). The economic contraction in the second quarter of 2020 set a record and wiped out 5 years of economic growth (Casselman, 2020). Altig et al. (2020) showed that the economic uncertainty measures reached all time peaks, including the VIX 1-month implied volatility, the economic policy uncertainty index, subjective sales growth uncertainty index, and the forecast disagreement index. How can the boards of directors enhance oversight and help navigate their companies in times of the heightened uncertainty?
Oracle NetSuite has developed a guide for managing business uncertainty that boards of directors could use to develop post-COVID practices and strengthen corporate governance (Oracle NetSuite, 2020). Oracle introduced its guide by saying that steering a company during uncertain times requires an analytical approach with an emphasis on three key analytical practices: visibility, control, and agility. It recommends three questions for businesses to consider:  What can you see right now?  What can you control now?  How can you be agile to change now? Visibility: Take stock of the situation Access to capital is always important but the COVID pandemic makes it even more critical. A fall in demand or supply chain disruption has an immediate effect on cash flow. Unless a business has cash reserves, liquidity can become a problem. Oracle NetSuite has developed the following visibility checklist which companies can apply, and boards of directors can analyze and monitor as post-COVID business practices:  Update your balance sheet to determine total assets (cash & equivalents, accounts receivable, and unbilled receivables) with an emphasis on liquidity (cash on hand).
 Determine liabilities (accounts payable and credit) with an eye to which payments may be put off.
 Determine short-term cash requirements.  Evaluate receivables risk considering current business conditions with an expectation that days sales outstanding will increase as might bad debt write-offs.
 Run some exercises based on the most-likely scenarios to quantify the impact on your profit and loss statement, cash flow statement, and balance sheet for short, medium, and longer-term disruptions.
Then make the best guess estimate of how much cash you will need to sustain operations for various timeframes, based on your estimate of how long it will be until you can resume normal operations. With up-to-date financial data and "what-if" scenarios, you can determine what steps need to be taken. This COVID pandemic will impact how willing suppliers, lenders, tax authorities, and insurers are to work with you since each has a vested interest in the long-term health of your business.
Control: Determine immediate prioritiesthe "3 Ps" In this COVID pandemic, it is wise to pay attention to the basics of the "3 Ps": process, performance, and people.
Process: Most businesses operate on a 12-month budget cycle and manage strategic plans with longer timeframes. During this extreme uncertainty of the COVID pandemic, the focus must shift from long-term to immediate priorities of making payroll, cutting costs, and maintaining liquidity. During periods of growth, some level of inefficiency is tolerable. When companies need to contain costs during the COVID crisis, this is not an option. Eliminate inefficiencies by redesigning sloppy processes and/or automating manual tasks to improve short-term cash flow and long-term growth. Oracle NetSuite has developed the following process checklist which companies can apply, and boards of directors can analyze and monitor as post-COVID business practices:  Use a 30 to a 45-day window for planning immediate actions. Develop contingencies based upon various assumptions for actions to take beyond that window.
 Evaluate multiple scenarios during the planning process: How will we fund operations if business conditions do not improve? How will our priorities change if business conditions become more difficult?
 Are there changes we can make that will improve our short-term position?
 Review budgets to ensure you are not spending now for future initiatives that may not happen.
 Identify sources of cash, even if you do not need them yet.
 Start to work out payment terms with suppliers and other accounts payable to maximize available cash.
 Financial controls are important now, especially around cash-related functions and reconciliation. Some key steps to control expenses: put an approval process in place for all expenditures; reconcile all bank and supplier statements; and set alerts for late payments so you can proactively take necessary actions.
Performance: Monitoring key performance indicators (KPIs) is particularly important when dealing with the economic uncertainty of the COVID crisis. Since you cannot manage what you cannot measure, KPIs help companies spot performance issues while there is still time to adjust. Also, you need KPIs in near-real time during the COVID crisis. Standard monthly or even weekly reports do not give you sufficient early warning. Oracle NetSuite has developed the following performance checklist which companies can apply, and boards of directors can analyze and monitor as post-COVID business practices:  Days sales receivable is how many days on average it takes your customers to pay invoices. The lower the number, the better but in times of COVID or other crises, expect at least some customers to deviate from average. Address delays promptly.
 Most businesses will benefit from tracking cycle time, that is, the time it takes from the start of production or service to when an order is complete. If your product or service is still in demand during the COVID crisis, customers likely want it yesterday. Reducing cycle time allows for shorter lead time, thus increasing customer satisfaction and ultimately cash flow.
 Time to close books refers to how many days it takes your finance team to produce a profit and loss statement, balance sheet, and other analyses so that you can understand your current cash position. Again, this should be measured in days, not weeks or months, during the COVID or any other crisis.
 Other KPIs that increase in criticality during a crisis are gross profit margin, customer satisfaction, and general/administrative costs as a percentage of current revenue.
People: Communication is critical during the COVID and other major crises that are destabilizing for employees and can reduce productivity. Since people are worried, you need to establish and communicate clear goals and objectives so your people will understand where they stand and what they need to accomplish.
Let people know what is happening in the business, even when the news is not good. Engagement will help reduce turnover. Losing experienced, productive people makes it more difficult to succeed when the situation turns toward becoming more normal. Retaining people will put you in a much better position to compete going forward. Oracle NetSuite has developed the following people checklist which companies can apply, and boards of directors can analyze and monitor as post-COVID business practices:  Consider labor cost-cutting strategies, such as cutting hours or offering unpaid leave or furloughs rather than layoffs.
Some companies have temporarily reduced salaries, based on ranges with the lowest-paid employees losing less than executives.
 Investigate local, state, and federal government programs aimed at stabilizing unemployment. An example is work-sharing, where some or all employees" hours are cut versus laying them off. Those employees may then receive unemployment benefits proportional to the reduction in hours.
 If you do need to lay off employees to keep the business viable, determine what if any support you can offer and ensure you follow state and federal regulations.
Agility: How can you change to win? COVID and other crises are challenging, but they do not last forever. Eventually, there is a new normal. While some companies struggle to stay in business or do go bankrupt, other companies end up perfectly positioned when opportunities for growth do appear. They do so with creativity. Once you handle short-term issues, like survival, think about how to position your company for success when economic conditions stabilize and growth returns. Reimaging products and services during a slowdown can be the perfect time to implement innovative ideas. Opportunities for investment should be plentiful, whether through internal initiatives, acquisitions, newly formed strategic alliances, or new partnerships. Acquisition targets may be available for bargain prices, and suppliers may offer attractive terms to sign on new business. It is vital that business leaders carefully time investments with an eye toward economic recovery to take full advantage of the growth that inevitably returns. Oracle has developed the following agility checklist which companies can apply, and boards of directors can analyze and monitor as post-COVID business practices:  As employees know your business and customers, consider crowd-sourcing ideas on how to generate new revenue.
 Think about areas where you faced hiring challenges a few months ago and train employees in the skills you will need when growth returns.
 Look at new ways to combine your products and services as well as how to enhance them, such as adding premium levels or even changing to an as-a-service model to begin generating monthly recurring revenue.
 Rethink pricing strategies. The classic tactic of setting marginal revenue equal to marginal cost still works in some areas but read up on how software companies are succeeding with product-led growth, or how you could bundle free durable components with by-subscription consumables.  Analyze what new or underserved markets you could break into.
 Wring out as many supply chain efficiencies as possible, including adding diversity of suppliers.
 Talk to your information technology people about technical or process advances on their wish lists. This might include canceling capital-intensive technology purchases in favor of as-a-service options that deliver more flexibility or retooling a paused assembly line or an old service to add automation.
In summary, Oracle NetSuite observed that all major crises, including the COVID one, change things first in the short term and then in the long term. Managing through business uncertainty is both an art and a science. Keep tight control of cash and the balance sheet. Listen to the shareholders and stakeholders, including customers and employees. Understand the fundamental needs of your customers to help you deal with unknowns and new scenarios as they play out. Communicate, be honest, and be transparent. Think differently so that when the COVID or any major crisis is over, your company will be poised for success. Boards of directors should follow this advice in establishing post-COVID practices to analyze and monitor their companies both for short-term survival and long-term success.

RISK STRATEGIES FOR NON-EXECUTIVE DIRECTORS
The role of non-executive directors (NEDs) is both to support and challenge company executives but often NEDs do not see trouble coming and are blindsided. Patterns of board weakness recur time and again. There are NEDs who lack an understanding of the business, like the questionable justification of eight accounts for each customer by Wells Fargo and the Victoria Secret brand of L Brands becoming outdated . Similarly, Volkswagen"s (VW) board appeared not to question how VW was achieving results outsiders thought impossible. As the truth about the emissions scandal eluded the board, observers called the VW board an echo chamber for top management"s views. Many boards seemed to have believed that corruption did not encompass their firms, like Enron, WorldCom, and Steinhoff .
NEDs know that it is hard for unpalatable truths to reach corporate leaders. Taboos, loyalty to colleagues, and fear fracture frank communication channels to the top as do social bubbles, norms, and silences. Without curiosity and persistence, dissonances remain unexplored. Optimistic bias leaves NEDs thinking that bad things are less likely to happen. Confirmation bias and overconfidence leave NEDs seeking to confirm, rather than disprove, what they feel or believe. Hubris and groupthink undermine the capacity for independent thought. The greatest delusion is that an intelligent, well-meaning board is enough to lead a company to succeed. An effective board needs a NED team with the skills, knowledge, and experience to understand every aspect of the company"s systems and activities, including its people. It takes self-awareness and courage plus forensic and social skills for NEDs to challenge charismatic or dominant leaders. Being blindsided is as bad for a company and its reputation as it is for board members and their reputations. The key questions for NEDs are whether the board wants to remove its blinkers and who will take the lead (Reputability, 2018a).
To help remove NED blinkers, the U.K. Financial Reporting Council created warning signs that things might be going wrong in its Corporate Governance Code (Reputability, 2018b):  Silo thinking;  Dominant chief executive;  Leadership arrogance;  Pressure to meet the short-term numbers/ overambitious targets;  Lack of access to information;  Low levels of engagement between leadership and employees;  Lack of openness to challenge;  Poor succession planning;  Misaligned incentives and flawed executive remuneration practices;  Tolerance of regulatory or code of ethics breaches, e.g. by star employees;  A lack of diversity and current skills ("male, pale, and stale" boards);  Hierarchical attitudes. Following the 2008 financial crisis, the chairwoman of the U.S. Securities and Exchange Commission (SEC) testified that "the quality of a board"s oversight of risk managementtraditionally viewed as just a compliance cost -can make an enormous difference in our economy, and particularly in financial markets" (Keusch, 2016). For example, the Lehman Brothers bankruptcy was the tipping point for the 2008 financial crisis. Its risk committee had only two meetings in 2006 and 2007 before it went bankrupt in 2008. Its competence has been challenged as the chairman was an 80-year-old retired Salomon Brothers investment banker and the other members were a 73-year-old retired chairman of IBM, a 77-year-old retired Broadway producer, a 60-year-old retired rear admiral of the U.S. Navy, and a 50-year-old former CEO of a Spanish language TV station (Grove & Clouse, 2013).
Bank boards were heavily criticized by investors and regulators for overseeing the incentive structures that allowed management teams to take big risks which eventually led to the 2008 financial crisis. The requirements imposed on boards have increased tremendously over time to the point that boards may lack the necessary time, skills, and information for effective risk oversight. Lehman Brothers is a prime example. Impeding information flow to the board is also commonplace as risk officers are not typically invited to board meetings, and CEOs are arguably selective when sharing information with the board. A critical and contentious aspect is the assignment of responsibilities for risk oversight, either to the entire board, a risk management board committee, or the audit board committee (Keusch, 2016).
To investigate these issues, a survey of 297 publicly traded firms headquartered in 28 countries was done (Keusch, 2016). Greater risk oversight was found to be associated with more mature risk management practices, relating to risk identification and measurement, risk communication, accountability, and risk culture. This, in turn, was associated with lower future risks, shown in the firm"s stock return volatility. Also, firms with greater board risk oversight involvement and more sophisticated risk management practices enjoyed better operating performance in the future. Formal definition and location of board oversight roles and responsibilities led to greater board risk oversight. Firms that failed to formally assign risk oversight roles had the lowest understanding of and involvement in risk oversight. The strongest effects were when both the whole board and one of its committees were assigned oversight responsibilities. Keusch (2016) also recommended that firms" risk officers and the board communicate in the absence of the CEO. Also, incentive structures that encouraged huge risk-taking before the 2008 financial crisis can be fixed by holding executives and employees accountable for the risks they take.
Another research study investigated corporate governance and performance in U.S. banks leading up to the 2008 financial crisis. The ongoing corporate governance issue of CEO duality (the CEO is also the chair of the board of directors) was negatively associated with financial performance. Other corporate governance factors were also found to have negative associations with banks" financial performance, specifically large board size, average older director age, and board meeting infrequency (Grove et al., 2011).

GLOBAL RISK CONCERNS
Aon, a global professional services firm, does a bi-annual survey of Global Risk Management. The 2019 survey was based on responses from more than 2,600 risk managers from 33 industries, representing small, medium, and large organizations operating in 60 countries (Aon, 2019). The survey results were summarized by the top 10 risks both for 2019 and projected risks for 2022. The same ten risks occurred for both years with some reshuffling and the 2022 risk order is presented as follows:  Economic slowdown/slow recovery (number one in both years);  Accelerated rates of change in market factors;  Cyber-attacks/data breach;  Commodity price risk;  Failure to innovate/meet customer reeds;  Increasing competition;  Business Interruption;  Failure to attract or retain top talent;  Cash flow/liquidity risk;  Damage to reputation/brand. Cyber-attacks risk entered Aon"s top 10 list in 2015 at number nine and has grown steadily to number three in 2019. North American participants ranked it as their number one risk and a 2018 study by the World Economic Forum reached a similar conclusion. According to Symantec, a global software company, the United States was the country most affected by targeted cyber-attacks between 2015 and 2017 with 303 known large-scale attacks. Unfortunately, the number seven 2019 global risk of business interruption will probably move to the number one global risk in 2020 from the coronavirus "black swan" pandemic.
Emphasizing the importance of technology, disruptive technologies risk, and supply chain failure have moved from number 20 and number 19 in the 2017 survey to number 14 and number 12 in the 2019 survey, respectively. The wider use of disruptive innovation has drastically transformed business thinking. As more and more organizations are adopting the Internet of things and artificial intelligence (AI)-driven tools, like machine learning and automated processes, to improve operational efficiency and manage their supply chains, the concept of industry 4.0 is being implemented. Industry 4.0 is the trend toward automation and data exchange in manufacturing technologies and processes which include cyber-physical systems, industrial Internet of things, cloud computing, cognitive computing, and AI.
Many organizations and boards have yet to capitalize on new tools and approaches that could help them systematically identify and assess risks as they develop protection and mitigation strategies for post-COVID business practices. Only 24 percent of the 2019 survey respondents said they quantify their top ten risks and only 20 percent use risk modeling. Ten percent said they have no formalized process in place to identify risk. A key insight is that companies need to be more prepared for the broad range of risks that threaten their ability to continue growing, to protect their brand, and to serve clients and stakeholders.
Concerning the number one risk of an economic slowdown with a slow recovery, especially caused by the 2020 coronavirus "black swan" pandemic, companies are more sensitive to volatility, particularly from emerging risks, such as cyber-attacks, disruptive technologies, and business interruption from non-physical threats. These risks are less well understood as there is less experience and less data available to help manage them. In addition, this new risk environment may aggravate the risk of financial fraud and misconduct, as new pressures can arise for both internal employees and external parties. As a result, risk readiness has declined to its lowest level in 12 years (Aon, 2019; Grove, Clouse, & Xu, 2020).

BOARDROOM RISK ADVICE FOR POST-COVID PRACTICES
The novel COVID pandemic has intensified the disruptive risks with a high likelihood to put companies out of business. A good example of such disruptive risks from an unseen, outside competitor is what online retailers, like Amazon, and big-box stores, like Costco, have done to department stores in shopping malls. Even before the COVID crisis, the top five technology companies, Amazon, Apple, Microsoft, Google, and Facebook, have aggressively sought new opportunities for growth and drastically revolutionized their sectors in just a few short years. These companies have not been negatively affected by the coronavirus, and their disruptive technologies have further threatened the competing companies and shaped the business world during the crisis period. Strong board involvement has been emphasized as a key effort to manage disruptive risks and uncertainties by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the National Association of Corporate Directors (NACD). Furthermore, the New York Stock Exchange (NYSE) requires that the audit committee discuss policies with respect to risk assessment and risk management and that the CEO and senior management have the responsibility to assess and manage risk. Also, the SEC requires that companies disclose the board"s role in risk oversight which is a key board competence. Such additional disclosures improve investor and shareholder understanding of the role of the board in the company"s risk management practices, especially in light of the sudden emergence of the coronavirus "black swan" pandemic (Walker & Barton, 2020). However, little guidance has been provided about what boards can do to anticipate, detect, and control the disruptive risks during and after the pandemic period. In this section, we investigate the strategies for boards to manage disruptive risks.
Suggestions to improve board risk oversight, especially for their post-COVID practices, have been offered by COSO, NACD, the consulting group Protiviti, and other organizations. They are summarized as key suggestions or advice, including how boards can respond, become more involved, and develop post-COVID practices (Walker & Barton, 2020): 1. Question legacy business models: Allegiance to legacy business models with reluctance to question their future viability is a red flag. Boards should not just accept a risk map with a list of top risks. Ask if tools have been applied to examine the risks around the business model which is the heart and soul of the business. Without such a focus, boards are overseeing the wrong risks.
2. Assess emerging risks: Boards should carry out a robust assessment of the company"s emerging and principal risks. Boards should confirm in the annual report that they have completed this assessment, including a description of principal risks, what procedures are in place to identify emerging risks and an explanation of how these are being managed or mitigated. Principal risks could result in events that might threaten the company"s business model, future performance, liquidity, solvency, and reputation. Boards should insist on an analysis of how such emerging and disruptive risks impact the business model.
3. Watch for external risks: Boards have concerns about less controllable risks. Boards should insist that external views and data have been used during risk assessments. Internal surveys and interviews are insufficient. Companies should conduct analyses of black swan possibilities (extreme events which occur more often than the usual probability models suggest) or strategic disruption workshops and report those results to their boards.
4. Identify trigger and interconnected risks: Companies that focus only on risk maps and registers can miss trigger risks or interconnected risks. See risks in a portfolio, including which risks occur first and either trigger other risks or create an excessive risk tripping point. Boards should insist on the identification of trigger risks which may be smaller and not yet on the radar screen because of their size. However, they can be the first sign that not all is well. As a minimum, ask what the risk drivers are.

Assess vulnerability to disruptive risks:
A top-rated risk is the pace of change and a related concern over being vulnerable to disruption. Boards should attempt to identify the most disruptive risks. Schemes showing future business growth, current capabilities, and potential blue oceans (unexplored new market areas which unlock new demand and make the competition irrelevant) can help identify such disruptive risks which can be either financial or non-financial.
6. Upskill to navigate disruptive risks: Boards should invest in the skills needed within the company and on the board to navigate disruptive risks. Boards should consider training on disruption risks, strategic risks, and their many dimensions. Also, consider the potential toolset that can be used to uncover such risks.
7. Maintain adaptive governance and foster challenges: Boards need to build adaptive governance, which is active involvement by directors in setting and maintaining a boardroom culture that is centered on open discussion and constructive challenge. At board meetings, observe how questions are asked, watch for group thinking, and watch for thorough and challenging discussion of risks and business models. Insist on adequate time to review major risks and strategy.

BOARDROOM RISK QUESTIONS FOR POST-COVID PRACTICES
To help facilitate the previous suggestions on how boards can get more involved in risk management for post-COVID practices, key questions that boards should consider asking are recommended here. They are based on the researchers" interactions with directors and executives at risk management conferences and forums at DePaul University"s Strategic Risk Management Lab (Anderson & Frigo, 2012): 1. What are the top risks facing the company that could significantly impair the company"s ability to achieve its business objectives? The board should know such key risks, and given the dynamic nature of risks, the board should be receiving periodic updates about these risks.
2. What are the company"s risk management processes and capabilities, and how does the board know that they are effective? Because risk management practices are continuing to evolve, the board should also understand what management will be doing to enhance these processes and capabilities.
3. How is risk management integrated into strategy setting, business-unit planning, and decision making? A key responsibility of the board is strategy setting, and this process should include an understanding and thorough discussion of the related risks. Per the NACD, management performance, corporate strategy, and risk management are the prime underpinnings of the company"s ability to create long-term value.
4. Who in management is responsible for risk management, and is there clarity and accountability for that role and responsibilities? Boards should ask which executive is responsible for the overall risk management program. As with any other process, accountability is needed for these risk processes to be effective. 5. Does the board understand and agree with management"s risk appetite and risk tolerances? There should be a clear dialogue between the board and management about the company"s risk appetite and risk tolerances. Understanding the amount of risk a company is willing to accept while striving to achieve its business objectives is a basic issue.
6. What is the company"s risk culture, and how is it reinforced? The board should ask management to describe the risk culture of the company and how they communicate and reinforce it. Risk culture is a critical underpinning of effective risk management.
Here is a quick self-test question for directors: can you explain the risk culture of the company in one minute? 7. How does management monitor external events and trends to identify emerging risks? Management should conduct an ongoing process to identify emerging issues and establish appropriate monitoring activities. Management and boards should be increasingly aware of the dynamic nature of risks and the need for periodic review and updates of the key risks facing a company.
8. How are compensation and incentive plans aligned with the company"s risk appetite and tolerances? The board should understand how risk and the company"s risk appetite have been explicitly considered for each major compensation plan. The possible impacts of risks related to compensation policies and plans are another facet of risk where the SEC has expanded its proxy disclosure requirements.
9. Is the risk information communicated to the board adequate, timely, and accurate? The board should make a critical review of the risk information it receives to determine that it is adequate and effective. The NACD cautions that directors cannot be overly reliant on management for determining the board"s priorities, related agenda, and information needs. 10. Is the board comfortable and confident with risk-related information furnished to external parties, including both financial and nonfinancial reports? With external parties" increased interest in risk information, the board needs to be comfortable with such reporting. The board should also look for consistency of risk information disclosures, such as between proxy statement disclosures and risk information in the 10-K report to the SEC.
As directors consider the topics in these key questions, they should keep in mind that the objective of a company"s risk management processes is to develop actions, especially for post-COVID practices, that will help the company protect and enhance value for both its shareholders and stakeholders. Directors should focus on the results of these processes and understand the impact and actions resulting from them. However, it is the results of the risk management processes that are critical, not just the processes themselves. These questions and the previous key suggestions and advice give directors good starting points in considering their oversight of a company"s risk management activities. Following such key advice and asking the right questions is a critical first step for improving risk management and related corporate governance.

COVID RISK COPING
Corporate boards across Europe are coping with the COVID pandemic in three ways. First, business as usual. One board chair said: "Crisis is the business of the CEO; the board does not need to adjust its workings". Second, becoming very engaged, involving Boards in operations, and even making key executive decisions. One board chair said: "When the crisis of this scale strikes, we all become executives". Fortunately, the most widespread reaction is a healthier one. Boards are adapting their routines to reflect the new reality of extreme uncertainty, increasing the frequency of meetings, and changing their agendas, but staying away from executive functions. One board chair said: "The essence of our work has not changed: we look after the company"s sustainability, we protect shareholders" value, we provide oversight to management. At the same time, the intensity and formats of our interactions have been adjusted dramatically". What do effective boards need to do to navigate the current COVID crisis? One researcher interviewed 74 board chairs and directors to turn up seven questions that could serve as a guide (Shekshnia, 2020): 1. Is our executive leadership adequate? When the scale of COVID-19 became clear, good boards conducted candid and compressive discussions about whether the incumbent CEO and other senior executives were fit to lead the company through this unprecedented crisis. Several boards did replace their CEOs after realizing the power of the crisis and its consequences for the business.
2. Does management have the right mandate? A good board that has put in place capable management made sure the latter had an adequate frame for action. One board chair said: "We had three meetings last week to debate how we should adjust the CEO"s goals, authority, evaluation, and feedback process. We made significant changes and agreed to revisit this mandate in one month". Many boards have switched to short-term targets and are reviewing them in weekly or bi-weekly online meetings. Most boards have identified cash flow and employees" health as primary targets while reducing CEO spending authority and putting investment projects on hold.
3. Are we supporting management effectively? This COVID crisis has put an enormous strain on corporate leaders who need to help their team stay healthy, calm, rational, and productive and often while working remotely. Senior executives need emotional support, expert advice, and an attentive ear from the board. Good board chairs and directors make themselves available to the CEO and key executives 24/7 and proactively offer advice and support. One board chair said: "I used to speak with my CEO every week; now we are on the phone a few times every day".
4. Are we providing stakeholders with the information they need? One of the key roles of the board is to ensure that shareholders and other stakeholders are adequately informed about the state of the business. Good boards consider it their top priority to adjust the stakeholder communication process, replacing standard communication channels and procedures with faster online tools, as necessary. One board chair said: "Stakeholder communication has become a standing agenda item for our board in the last three weeks. We asked our CEO to speak to our community daily, we opened extra hotlines, we provide daily updates to employees, customers, and vendors. Our investor relations team is in constant contact with investors". 5. Are we operating in the most effective way? Due to the impacts of the COVID pandemic, good boards are quickly adjusting their own processes. Most European boards have moved their work online and hold more frequent but shorter meetings. Free discussions and information exchanges have replaced management presentations. Interactions during meetings have become more informal. Directors now interact virtually with each other outside of board and committee meetings. Board materials are being prepared, distributed, and stored in digital form with appropriate cybersecurity. Effective boards are also engaging external experts and consultants and reading reports and articles to keep current. One board chair said: "We cannot elect people with medical expertise or disaster management experience to the board overnight, but we find them and invite them to enlighten the board".
6. Are we preparing for the post-pandemic future? Good boards do not wait for the crisis to pass before starting to assess the opportunities created. One board chair said: "We have no idea how this crisis will end up for our business, although we are pretty sure we will be hit very hard. Yet we have put together a sub-committee of three directors and two senior executives to look at strategic options this crisis may open us for use. They have already identified five potential avenues we will experiment with". 7. Are we taking care of ourselves? Working in times of crisis demands a high level of resilience. Board members need to take care of their emotional and physical health to perform their duties effectively. Good boards help their members to stay motivated and fit by making time for them to share their feelings and concerns, exchange their experiences, and support each other. As the author of this report, who is also a board chair and director, said: "I feel the pressure of the times and have my low moments. But these seven questions help shine a light of the path ahead and, I hope, through to the end of the tunnel" (Shekshnia, 2020).
As a follow-up to these board operating strategies, a survey in January-March 2020 with a follow-up in April-May 2020, of more than 300 CEOs, CFOs, board chairs, executive and non-executive directors focused on the impact of COVID-19 concerning how corporate leaders were managing their risk environment. This responsibility includes setting the appropriate risk level, monitoring management"s actions against that benchmark, scanning the horizon for potential problems, and helping management deal with potentially value-destroying events when they occur. COVID-19 makes such tasks much more difficult. The report from this COVID survey found four major outcomes (Diecidue & Rowley, 2020): 1. Lots of confidence, some uncertainty: While 87% of respondents reported that risks had risen in the last five years, a clear majority (70%) considered their boards skilled enough to handle all the risks in their market sector and 63% said they fully understood the risk profile of their company. 80% felt that the board and management were aligned on key risks facing the company but only 62% reported a similar alignment among the board, management, and shareholders.
However, only 50% of respondents said the board routinely received all the information necessary for decision making which suggested that many board members were ill-equipped to oversee risks. 25% reported that they definitely did not always receive prompt and complete information and the remaining 25% were unsure. The risk information available to board members varied by topic, suggesting risks were unequally managed. Risk management was high for finance and regulatory compliance (91% and 88%, respectively) but low for geopolitical risks (51%), business disruption risks (47%), cyber risks (38%), and climate change (34%).
2. Culture and diversity: COVID pressures have increased the need for companies to revisit their culture and diversity practices. For example, remote working has created new dynamics and stresses. 61% of the survey respondents feel that their corporate culture is well monitored and 49% feel they have made efforts to increase board diversity. However, only 33% reported altering their compensation incentives for risk management reasons.
3. Risks of COVID-19: The follow-up survey was conducted during the crest of the first global COVID-19 wave. 47% of the participants reported that their board had a crisis management committee. The other 53% adopted a range of solutions, from distributing crisis management responsibilities across the entire board to handling it through the executive committee, the business continuity team, or a newly formed COVID emergency response team. While more than 50% said they were prepared to tackle the pandemic, 43% regarded COVID-19 as a fundamental threat to their company. In written comments, various participants said that the board relied on management to provide updates and offer solutions to COVID-19 challenges while the board reviewed responses and offered suggestions and advice.
Overall, respondents evinced a great deal of confidence in their resilience so far. An overwhelming majority agreed that procedures and controls were holding up well for all stakeholders (96%), controls and engagement across the organization were satisfactory (86%), oversight of external developments was sufficient (75%), and adequate bandwidth for other major organizational risks not directly related to COVID (72%). While 57% said they had a post-pandemic business strategy, 30% could not say for sure and the remaining 13% had not developed such a strategy.
4. Climate risks: One of the red flags raised by this report was that climate risk was last in the rankings of risk categories according to the level of concern for the company, especially since this risk should most concern business and society. Many stakeholder groups are taking action to change corporate practices in this regard. Without a clear plan, many companies could face government regulations, employee retention issues, and customer defections, compounding the COVID-19 crisis with new value-destroying risks.
In summary, a clear takeaway from this report systematic of importance paramount the is approaches to risk evaluation and integration, especially with the rapid changes and uncertainties COVID which business environment of in the -19 example pressing most is only the latest and (Diecidue & Rowley, 2020).

CONCLUSION
The major research question of this study is how boards of directors can manage uncertainty in the post-COVID environment, especially in their duties as gatekeepers for both their own shareholders and general stakeholders. This paper investigated the tools, systems, and strategies for boards to develop sound practices for managing post-COVID uncer help their order to in tainty, corporate strengthen to and survive companies governance. Specifically, we discussed and analyzed the following relevant and critical issues and areas of concerns: managing uncertainty with visibility, control, and agility practices; risk strategies for non-executive directors; global risk concerns; disruptive risks and opportunities from emerging technologies; boardroom risk advice; and boardroom risk questions. Future research could use case studies and interviews of company boards to investigate how boards have developed operational risk strategies and procedures to deal with uncertainties brought on by the 2020 COVID pandemic, which was a coronavirus "black swan" (a surprise event with major effects). Additionally, how companies manage uncertainty with the visibility, control, and agility strategies could be investigated further to develop more post-COVID practices for boards of directors.