Updating our board papers for Data Attestation
I have written and read my fair share of board and investment papers over the past 25 years. This post is not to add to the abundance of excellent work on how to write a better board/ investment paper or what the best structure is - it would annoy you and waste my time.
A classic “board paper” will likely have the following headings: Introduction, Background, Rationale, Structure/ Operations, Illustrative Financials & Scenarios, Competition, Risks and Legal. Case by case there are always minor adjustments. Finally, there will be some form of Recommendation inviting the board to note key facts and approve the request. I believe it is time for the Chair or CEO, with the support of their senior data lead (#CDO) to ask that each board paper has a new section heading called “Data Attestation.” Some will favour this as an addition to the main flow, some as a new part of legal, others as an appendix; how and where matters little compared to its intent.
The intention of this new heading and section is that the board receives a *signed* declaration from the proposer(s) and independent data expert, that the proposer has:
proven attestation of the data used in the board paper,
proven rights to use the data
what difference/ delta third-party data makes the recommendation/ outcome
ensured, to best efforts, that there is no bias or selection in the data or analysis
clearly specifies any decision making that is or becomes automated
if relevant created the hypothesis before the analysis
run scenarios using different data and tools
not miss-led the board using data
highlighted the conflicts of interest between their BSC/KPI and the approval sort
In regards to the independent auditor, this should not be the companies financial auditor or data lake provider, this should be an independent forensic data expert. Audit suggests sampling; this is not about sampling. It is not about creating more hurdles or handing power to an external body, this is about third party verification and validation. A company you build a list of experts and cycle through them on a regular basis. The auditor does not need to see the board paper, the outcome from the analysis or the recommendations - they are there to check the attestation and efficacy from end to end. Critical will be proof of their expertise and a large insurance certificate.
Whilst this is not the final wording you will use, it is the intent that is important, this does not remove data risks from the risk section.
Data Attestation
We certify by our signatures that we, the proposer and auditor, can prove to OurCompany PLC Board that we have provable attestation and rights to all the data used in the presentation of this paper. We have presented in this paper sensitivity of the selected data, model and tools and have provided evidence that different data and analysis tool selection equally favours the recommendation. We have tested and can verify that our data, analysis, insights and knowledge is traceable and justifiable. We declare that there are no Conflicts of Interest and no automation of decision making will result from this approval.
Why do this?
Whilst Directors are collectively accountable and responsible for the decisions they take, right now there is a gap in skills in data and many board members don’t know how to test the data that forms the basis on which they are being asked to approve. This is all new and a level of detail that requires deep expertise. This provides an additional line until such time that we can gain sufficient skills at the Board and test data properly. Yes, there is a high duty of care that is already intrinsic in anyone who presents a board paper, however, the data expertise and skills in the majority of senior levels are also well below what we need. If nothing else it will get those presenting to think carefully about data, bias and the ethics of their proposal.