Weaknesses in the Monitoring Function of the Board of Directors
Boards are primarily tasked with monitoring management. As a matter of fiduciary law, Delaware requires that boards put in place a system designed to ensure that the board is informed. In fact, this is a poorly developed area of law that lacks any guarantee that the reporting systems are meaningful.
The WSJ reported that prosecutors had presented evidence to a grand jury in connection with alleged payments by Avon that may have violated the Foreign Corrupt Practices Act. According to the article, Avon conducted an internal investigation of the matter. As the article stated:
Authorities are focused on a 2005 internal audit report by the company that concluded Avon employees in China may have been bribing officials in violation of the Foreign Corrupt Practices Act, according to three people familiar with the matter. Avon had earlier said it first learned of bribery allegations in 2008.
The report, however, was, apparently, not given to the board of directors. Again, as the article reports:
Executives at Avon headquarters in New York who saw the audit report at the time didn't disclose its findings to the board's audit committee, finance committee or the full board, according to people familiar with the investigation. Board members didn't learn of the audit report until after Avon launched its own internal investigation of overseas bribery allegations in 2008, say the people familiar with the situation.
One possible reason that the board did not receive the report was that it was required to be submitted and management simply did not follow through. Another possibility, however, was that there was no system in place that required officers to provide the board with this type of information. In other words, disclosure was discretionary and the relevant officers chose not to disclose it.
To the extent the explanation is the latter, this is because Delaware law, while more or less requiring that there be some kind of reporting system in place (Caremark), has declined to give any real content to this requirement. The courts have noted that liability can arise where "the directors utterly failed to implement any reporting or information system or controls". Stone v. Ritter, 911 A.2d 362 (Del. 2006). In other words, it is not enough to show that the system failed to provide important information to the board about ongoing internal problems. Instead, plaintiffs must show that the entire system amounted to an utter failure of the reporting system.
While officers for the most part will presumably bring significant issues to the board, there is an incentive not to if it makes them look bad. Boards, after all, have the authority to fire officers deemed responsible for any misdeeds or mismanagement. For a discussion of management's control over information given to the board and the rational goal of neutralizing the board's ability to intervene in corporate affairs, see Essay: Neutralizing the Board of Directors and the Impact on Diversity.
The solution is not to leave the discretion in the hands of management but to mandate that certain types of information always be given to the board. This may be the right thing to do but under the current state of law in Delaware it may not be what is legally required.