THE RELATION BETWEEN BOARD STRENGTH AND RISK MANAGEMENT DISCLOSURE

(1)

THE RELATION BETWEEN BOARD

STRENGTH AND RISK MANAGEMENT

DISCLOSURE

Evidence from Semi-Public Entities in the Netherlands

Miangelo R. Barby

University of Groningen

Supervisors: Dr. F. van Beest and Prof. Dr. J.A. Emanuels RA

Master Thesis

April 2014

________________________________________________________________

ABSTRACT

This study has explored how a board of directors influences the extent to which risk management information is disclosed. Particular attention is paid to the role of the overall strength of the board, diversity in the boardroom and the countervailing power of dominant CEOs. Data from 105 Dutch semi-public entities operating in the healthcare, housing and education sector was used to conduct the

analysis. Mixed results were obtained. On the one hand, it is evident that board strength positively affects risk management disclosure. On the other hand, it was found that diversity in boardrooms and

CEOs’ power are not related to risk disclosure.

Keywords: Board of Directors, Gender, CEO-power, Risk Management, Risk Disclosure __________________________________________________________________________________

(2)

1

1. INTRODUCTION

ramatic financial and accounting scandals in Dutch semi-public entities have been making headlines in recent years. Some well-publicized examples include the case of the quasi-bankrupt Ijsselmeer Hospital1_{and the financial debacle at the Rotterdam-based housing}

corporation Vestia2_{. These failures were primarily attributable to two components: a lack of good}

governance and significant irregularities in risk management (Good Governance Committee, 2013; Goodijk, 2012; Hoekstra et al., 2012). Broadly speaking, the latter constitutes a system that enables management to anticipate and properly respond to situations in which the attainment of an organization’s objectives is threatened (IRM, 2002; COSO, 2004; Emanuels et al., 2010b). The core objective of semi-public organizations is to provide social services to the general citizenry (Burger et al., 2001). They could fail to meet this objective in the absence of a properly functioning risk management system and as such, adversely affect each individual dependent on the public services they must provide (Pridgen et al., 2007). Simultaneously, flaws in risk management can lead to mismanagement and malfeasance, which will eventually affect all taxpayers who have enabled the subsidizing of these entities (George, 2005). The board of directors is the governing body responsible for overseeing the design and effectiveness of the risk management system, according to best practices. They are responsible for identifying malpractices and taking immediately corrective actions (George, 2005; Blue Ribbon Committee, 1999). Nonetheless, recent developments suggest that several semi-public boards have failed in properly executing their duties; they were actually sleeping-sentries that permitted executives to use their discretion opportunistically.

In the aftermath of these events, many started advocating for enhanced governance and increased transparency in risk management practices in the semi-public sector (Good Governance Committee, 2013; Goodijk, 2012; Hoekstra et al., 2012). In their response, the Dutch government has recently proposed an amendment3_{to the civil code, which aims to enhance the quality of governance and}

oversight in semi-public organizations. The government has additionally agreed to introduce a common framework4_{of standards for financial management, accountability and internal supervision}

that will be applicable to all semi-public entities. The framework contains, inter alia, minimum requirements regarding risk management to which organizations must adhere, for example: the inclusion of an ‘in control’ statement and a risk paragraph in their annual report.

The purpose of this study is to empirically assess the impact of the power of semi-public boards (hereinafter referred to as ‘board strength’) on the extent to which semi-public organizations disclose risk information. Board strength is measured by a composite score containing variables related to board structure (size, tenure, and presence of an audit committee), functioning (board diligence) and expertise ( e.g. DeFond et al., 2005; Carcello et al., 2006; Dhaliwal et al., 2007; Hoitash et al., 2009). Quantity of risk disclosure is measured by the ratio of the number of risk words to the total number of words in the annual report (Beretta and Bozzolan, 2004). Additionally, analyzed is the way in which

1_{Newspaper’s coverage: http://tiny.cc/jn1jdx} 2_{Newspaper’s coverage: http://tiny.cc/qo1jdx} 3_{The report is available at: http://tiny.cc/5r1jdx} 4_{The framework is available at: http://tiny.cc/et1jdx}

D

(3)

2

the boards may be influenced in their risk disclosure oversight role due to diversity in boardroom and the countervailing power of a dominant CEO. This study will attempt to answer the following research question: What is the effect of board strength on the quantity of risk information disclosure?

Due in large part to high-profile accounting scandals, good governance and risk management transparency have formed topics of much debate in the corporate world (Ntim et al., 2013). This has ignited the interest of academics, who seek to investigate the relationship between corporate boards and risk disclosure. An extensive amount of literature has been dedicated to the effect of board characteristics on the extent of risk management information in the corporate world. Abraham and Cox (2007), Elzahar and Hussainey (2012), Leng and Ding (2011), Mokhtar and Mellet (2013), and Ntim et al. (2013), for example, investigated the relationship amongst various factors of board structure and risk disclosure. The influence of education and expertise level of directors on risk disclosure has been documented by, inter alia, Ismail and Rahman (2011), and Leng and Ding (2011). Bronson et al. (2006) and Owusu-Ansah and Ganguli (2010) have reported the interplay between the diligence of subcommittees of the board and risk reporting.

Seemingly, however, little is known about the impact of semi-public boards on risk management. The way in which the boards’ characteristics, composition and functioning interacts with – amongst others – the extent of implementation, functioning and effectiveness of the system, as well as risk management disclosure, has not yet been fully addressed. In addition, studies tend to focus solely on the board characteristics. In the process, they tend to overlook other major internal actors such as the audit committee, the management, the internal and external auditor (Cohen et al., 2004). These actors play a significant role in the governance mosaic of an organization, which may significantly influence the board’s monitoring activities. Cohen et al. (2004) maintain that the way in which these governing actors interact with the board is crucial for achieving effective governance. Moreover, little attention has been paid to the effect of diversity within a board, i.e.: dissimilarities in the board members’ attributes such as gender, age and ethnicity (Hafsi and Turgut, 2013). Similar to the organizational-level factors associated with board structure, studying the effect of board diversity is important because diversity in boards can positively influence the monitoring ability (Carter et al. 2003; Konrad et al., 2008; Hafsi and Turgut, 2013). The scientific contribution of this paper is to address these gaps in the literature and to extend the knowledge on the impact of semi-public boards on risk management disclosure.

The following section reviews current literature and presents the hypotheses. Section 3 describes the methodology employed in this study. The fourth section presents the empirical findings, followed by conclusion in the fifth section.

(4)

3

2. THEORY AND HYPOTHESES

2.1 Semi-Public Organizations in the Netherlands

2.1.1 Background

Changes in the economy since the beginning of 1970 have given rise to several social developments, including the emergence of an active society that demands high quality government services, transparency and accountability from authorities and politicians (Bogt, 2006). These developments prompted the introduction of the ‘New Public Management’ (NPM) paradigm, whereby emphasis was placed on performance improvement, accountability, efficiency and effectiveness. This resulted in far-reaching management changes in municipalities and provinces, as well as decentralization and privatization of governmental organizations (Bogt, 2006; Goodijk, 2012). NPM prompted such organizations to adopt private-sector techniques that focus on entrepreneurial leadership, performance and cost management, while simultaneously becoming more independent from the government and more accountable to the stakeholders of the organizations (Osborne, 2006). In essence, then, a more commercially oriented, client-driven and professionalized management style became emphasized (Bogt, 2006). This is what led to the emergence of the so-called semi-public sector.

In the Netherlands, semi-public entities are nonprofit organizations. Their primary objective is to provide the basic services to the citizens. The major groups in the semi-public sector include housing corporations, public schools such as colleges, universities of applied science and research universities, and healthcare providers such as hospitals, nursing homes and mental institutions (Burger et al., 2001). They vary from very small entities to enormous and complex organizations that possess billions in assets and multi-millions in operating budgets. Public funds account for the largest share of the total operating revenue in both public schools and healthcare providers. In 2012, the government allocated a total of €34.2 billion5_{to education and €92.7 billion}6_{to healthcare institutions. Housing}

corporations are more independent from public resources, as they receive their rental income directly from the tenants. At of the end of 2012, they control close to €130 billion in assets and operate a yearly budget of more than €13 billion7_{. Combined, the semi-public organizations employed around 2}

million people8_{in 2012, which amounts to roughly 24 percent of the labor force. These figures reflect}

the paramount importance of these entities for the Dutch economy.

2.1.2 Governance Codes

Semi-public organizations operate in the space between public and private sectors (Epstein and McFarlan, 2011). Government mandates oblige them to make social services available to all citizens, while simultaneously they must operate according to the disciplines enforced by the corporate world. This dual obligation requires good management and effective oversight (Goodijk, 2012). To ensure this, the branch associations in the semi-public sector have recently introduced their own Governance

5_{Source: http://www.rijksoverheid.nl/documenten-en-publicaties/jaarverslagen/2013/05/08/ocw-kerncijfers-2008-2012.html} 6_{Source: //www.cbs.nl/nl-NL/menu/themas/gezondheid-welzijn/publicaties/publicaties/archief/2013/2013-c156-pub.htm} 7_{Source: http://www.cfv.nl/financieel_toezicht/de_corporatiesector_in_cijfers#}

(5)

4

Codes, with the ultimate objective to maintain good governance (Goodijk, 2012). The healthcare sector has adopted the “Zorgbrede Governancecode”, the housing associations has put into effect the “Governancecode Woningcorporaties”; in the education sector, several governance codes have been introduced, such as the “Branchecode Governance Hogescholen”, which is applicable to universities of applied science. These codes are largely similar to the Dutch Corporate Governance Code applicable to all large public companies registered in the Netherlands (Goodijk, 2012). They include widely accepted principles of good governance that have been specified in best practice provisions. The provisions provide a set of standards that describe what good governance entails. Adherence to the codes is based on the ‘comply or explain’ principle (Goodijk, 2012), implying that an organization is required to act in accordance with the best practices provisions, and publicly account for its motives in the case of non-compliance. In general, the purpose of such an approach is to allow the organizations to determine whether or not the best practices provisions are applicable to their environment.

Two key issues relevant to this study are the principles and best practice provisions related to the role of the board of directors and risk management. According to the Dutch Corporate Governance Code as well as the Governance Codes applicable to the semi-public sector, the duties of the board of directors include the supervision of inter alia:

 the achievement of the objectives

 the strategy and the risks associated with the business activities  the design and effectiveness of the risk management system  the financial reporting process

 the compliance with applicable laws and regulations

Furthermore, the Governance Codes contain several principles and provisions regarding the conduct of the board members and the way in which the board must operate as a whole. It is useful to highlight some of the key principles. First, board members must be independent from one another, the management and their own interest. A board member is regarded independent if the independence criteria listed in the Codes do not apply to him or her: i.e. the director is not independent if he/she or one of his/her family members receives financial compensation from the organization, other than the director’s remuneration. A second principle relates to the expertise and composition of the board. Members must possess financial and sector-specific expertise. With regards to the composition, the codes include provisions for diversity within the board, and restrict the terms of office and the number of directorship positions. It is further suggested that the board should appoint committees to prepare the decision-making process. If feasible, the board should seek to establish an audit, remuneration and selection committee. Finally, provisions related to the compensation of directors state that remuneration should not be dependent on the performance of the organization. In terms of risk management, the Governance Codes provide that management is responsible for the design and effectiveness of the internal risk management and control system. The management board should enforce a process for risk analysis, quality control, and monitoring, on which they must report to the board of directors and in the annual report. In the report, management must elaborate on the

(6)

5

organization’s main risks (risk profile), the design, existence and effectiveness of the risk management system (in-control statement), and any material weaknesses present in the systems.

Table 1

Key Best Practice Provisions related to Board of Directors and Risk Management

Corporate Governance Code Zorgbrede Governancecode Governancecode Woningcorporaties Branchecode Governance Hogescholen Independence All board members, except for one individual,

must be independent

(III.2.1)

All board members must be independent (4.4)

All board members must be independent

(III.2.1)

The majority of the board members must

be independent (III.2.1) Expertise At least one financial expert (III.3.2) At least one member with expertise in healthcare (4.2.5) At least one member with experience in housing industry (III.3.2) and at least one financial expert

(III.3.3)

At least one financial expert (III.3.2)

Composition

Diversity (III.3.1); Max. 5 directorship

positions; Max. three 4-year terms

(III.3.5)

Max. two 4-year terms (4.2.7)

Diversity (III.3.1); Max. two 4-year

terms (III.3.5)

Max. three 4-year terms (III.3.4)

Committees

A board with more than four members must appoint an audit, remuneration and selection committee (III.5) A board may appoint an audit, remuneration and selection committee (notes 4.1.1) A board may appoint an audit, remuneration and selection committee (III.5)

A board with more than five members must appoint an audit, remuneration and selection committee (III.5) Remuneration Determined by the shareholders and independent of earnings (III.7) Determined by the board and independent of earnings (4.3) Determined by the board and independent of earnings (III.7) Determined by management and the

board, and independent of earnings (III.7) Internal Risk Management and Control System Risk analysis, system of monitoring and reporting (II.1.3) A risk management system must be in place (3.1.3) Risk analysis, quality control, system of monitoring and reporting (II.1.4) Risk analysis, quality control, system of monitoring and reporting (II.1.4)

Risk Disclosure in annual report

Risk profile, in-control statement and weaknesses (II.1.4) --- In-control statement (II.1.5) In-control statement (II.1.5) Notes: The code reference is given in parentheses.

Table 1 provides a summary of the principles and best practices provisions as discussed above. The list is not exhaustive, but merely serves to indicate some of the similarities and differences between the Governance Codes. Where the codes contain similar principles related to the board and risk management, they differ in their elaboration of the principles in the form of best practice provisions. For example: the Governance Codes agree on the principle of independence, but maintain their own independent sets of criteria and exceptions for the independence provisions. The “Zorgbrede Governancecode” is very strict on board independency, stating that all board members should be

(7)

6

independent, whereas the “Branchecode Governance Hogescholen” states that the majority must be independent. Similarly, the Dutch Corporate Governance Code requires management to disclose the risk-profile, an in-control statement and any significant weaknesses present in the risk management system. In contrast, the “Governancecode Woningcorporaties” and the “Branchecode Governance Hogescholen” suggest that only an in-control statement should be disclosed, and the “Zorgbrede Governancecode” contains no specific provision regarding risk management disclosure. Despite their differences, the codes agree that organizations must strive to enforce a risk management system and mention several control instruments that should be used, thereby highlighting the importance of risk management.

2.2 Risk Management

Each organization – be it a publicly traded corporation, a privately owned enterprise or a (semi)public organization – must deal with risk in its everyday operations. Risk as described by COSO (2004, p. 16) is “the possibility that an event will occur and adversely affect the achievement of objectives”. Therefore, it is imperative to design, implement and maintain an effective risk management system, especially within the current challenging economic environment. Various definitions have been suggested for the concept risk management:

The Institute of Risk Management - IRM (2002, p. 2) formulates it as follows: “Risk management is a central part of any organization’s strategic management. It is the process whereby organizations methodically address the risks attaching to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities”.

According to Emanuels et al. (2010b, p. 150), risk management is “a system that enables management to identify, prioritize, analyze and control the relevant risks which may be threatening the organization’ ability to meet its objectives”.

One of the most generally accepted definition is provided by COSO (2004), which has defined risk management as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives”.

This study adheres to the latter definition, as it is ample and covers the fundamental concepts of risk management applicable to any business environment, including the semi-public sector (COSO, 2004). In addition to providing a definition, COSO (2004) has designed a risk management framework that comprises eight steps:

1) The organization must create the internal environment within which the risk management process is carried out. This includes the tone at the top established by the upper management

(8)

7

and the board of directors, the risk management philosophy, risk appetite and the cultural and ethical values;

2) Determining the objectives to be reached in the areas of strategic, operational, reporting and compliance;

3) The identification of the internal and external events that may affect the achievement of objectives, and distinguishing between events that trigger risks and opportunities;

4) The assessment and estimation of the risks, considering the probability that the event will occur (likelihood) and the consequences of the event (impact);

5) Determining the actions required to reduce the risks, referred to as risk response. The four types of actions constitute avoiding, accepting, reducing, and sharing;

6) Implementing policies and procedures in order to ensure that the risk responses are carried out properly. This is referred to as control activities;

7) Identifying, capturing and reporting of risk management information;

8) The periodic testing of the risk management system for effectiveness and functionality, and modifying where necessary.

As may be deduced from COSO’s definition, the purpose of risk management is to enable an organization to manage all types of threats that could impede the attainment of its objectives. A risk management system does not necessarily assure that the goals will be achieved, and it surely does not eliminate risks. Within such a system, however, it becomes clear which exact risks may affect the objectives and how effective the system is in reducing such risks (Emanuels and Munnik, 2006). In essence, a risk management system enables an organization’s management to effectively deal with uncertainties, thereby enhancing the organization’s capacity to add value to its stakeholders (COSO, 2004).

Risk management may add value to a corporation’s key stakeholders, such as the shareholders and prospectus investors. This may be achieved by improving the firm’s financial performance and enabling investors to make better valuation judgments. The potential benefit of risk management provides investors with an incentive to become informed about the internal risk management process. Their aim may be to monitor management’s endeavor to manage risks, and to develop their own judgment about the effectiveness of the system (Deumes and Knechel, 2008; Michelon et al., 2009). According to Deumes (2008, p. 122), being informed will allow stakeholders “to make more accurate corrections for risk when they value their investments, thereby preventing stock prices from becoming unhinged from intrinsic business value (i.e., prevent them from becoming critically higher than they would be if the market had the information that is available to managers”. This is different for semi-public organizations. Considering the fact that their primary objective is to provide essential services (Burger et al., 2001), one of their biggest stakeholders is the public. Risk management in this context assists management in avoiding the threats that might prevent a semi-public entity from providing the desired level of service to the community. Generally, being informed about the way in which semi-public organizations manage risk will instill in citizens the confidence that their essential services will continue.

(9)

8

Despite the abovementioned, a stakeholder cannot directly observe an organization’s risk management, as it forms an internal process accessible to and observable only by people within the organization (Deumes and Knechel, 2008; Michelon et al., 2009). Hence, it is vital for management to disclose any information related to the risk management system, as well as the risk factors and their impact. Only in the existence of risk-related disclosure can external stakeholders be informed about the nature, extent and quality of the risk management system (Deumes and Knechel, 2008).

2.3 Risk Disclosure

According to Beretta and Bozzolan (2004, p. 269), the concept of risk disclosure can be defined as “the communication of information concerning firms’ strategies, characteristics, operations, and other external factors that have the potential to affect expected results”.

Linsley and Shrives (2006, p. 389) claim risk disclosure to constitute “informing the reader of any opportunity or prospect, or of any hazard, danger, harm, threat or exposure, that has already impacted upon the company or may impact upon the company in the future or of the management of any such opportunity, prospect, hazard, harm, threat or exposure”.

Miihkinen (2012, p. 442) define risk disclosure as “all information that firms provide in the risk reviews they present in their annual reports. [. . .] information that describes firms' major risks and their expected economic impact on future performance”.

Risk disclosure can be classified into three levels: internal, intermediate and external (Lajili and Zéghal, 2005, p. 128). Internal risk disclosure encompasses the sharing of information about risk identification, measurement, performance development and monitoring between management and employees. This type of disclosure generally occurs during informal internal meetings and aims to increase efficiency in the realization of an organization’s objectives. Risk disclosure at an intermediate level occurs when management informs the board of directors of risk-related matters, with the aim of assisting the board in their role of overseeing the risk management process. External risk disclosure, also referred to as public disclosure, involves the communication of risk information to the public, which generally occurs through periodic prospectuses or the organization’s annual report. Kavitha and Nandagopal (2011) differentiate between mandatory and voluntary public disclosure. Disclosure is mandatory when law or regulatory authorities require it, whereas voluntary disclosure refers to the additional information provided by an organization at their own initiative. The emphasis of this study is on voluntary disclosure of risk-related information.

2.3.1 Benefits and Costs

As reported by risk disclosure studies such as Ashbaugh-Skaife et al., (2007) and Emanuels et al. (2010a), the choice to voluntarily report risk information depends on the cost-benefit consideration. Prior studies on listed companies (e.g. Linsley and Shrives, 2000; Armitage and Marston, 2008;

(10)

9

Farvaque et al., 2011) have presented several benefits and costs. This study will highlight those that may be applicable to the semi-public sector.

In the private sector, risk disclosure tends to provide investors with forward-looking information (Linsley and Shrives, 2000), which contains details about the organization’s future prospect. This is advantageous in that it reduces the information asymmetry between the corporation and the investors (Emanuels et al., 2010a). It may additionally enable investors to make a better stock valuation (Deumes, 2008). Technically, the stakeholders of semi-public organizations can also reap the benefits of forward-looking risk information: financers that use the information to assess the risk-profile of the organization; customers and suppliers that examine how capable the management is in dealing with the risks; and the government that notes the effectiveness of the risk management system so as to ensure that the subsidies they provide are well-spent.

Linsley and Shrives (2000) argue that corporations that disclose risk-related information are placing themselves in a position of public scrutiny, attracting investors to carefully examine how effective the management is in dealing with risk. The authors believe that this will encourage the management to enhance the risk management system of the organization. Accordingly, a study by Hermanson (2000) proves that financial statement users perceive reporting on internal control as a stimulus for management to improve internal controls. Thus, one of the benefits that private corporations could attain through risk disclosure is the improvement of risk management (Linsley and Shrives, 2000). It is important to recognize that this benefit is not confined to private companies. Although semi-public organizations do not have to deal with demanding investors, it is conceivable that risk disclosure will increase their likelihood of being scrutinized by financiers and the government. Naturally, it is in the stakeholders’ interest to see the continuance and success of the organization; as such, they may demand a well-functioning risk management system.

Risk management disclosure can increase accountability as well. Owusu-Ansah and Ganguli (2010) claim that increased transparency with regard to risk management inhibits opportunism. This practice is described as the act of taking selfish advantage of circumstances without considering ethical principles and the negative consequences for others. By disclosing risk related information and thus being open to public scrutiny, managers will have to account for their actions. As a result, they will be less likely to embark on a risky business venture to achieve personal gain (Linsley and Shrives, 2000). This concept seems applicable to both the private and semi-public sector. Unethical behavior in the corporate world will primarily affect a company’s shareholders, whereas such conduct in the semi-public sector affects the citizens (George, 2005). Therefore, it may be stated that in a private corporation, risk disclosure increases the accountability of the management to the shareholders. In contrast, the management of the semi-public entity will be held accountable by the governing bodies representing all taxpayers and citizens.

Disclosure of risk-related information can also enhance organizational legitimacy. According to Dowling and Pfeffer (1975, p. 122), organizational legitimacy is “the congruency organizations seek to establish between the social values associated with or implied by their activities and the

(11)

10

norms of acceptable behavior in the larger social system of which they are a part.” In other words, organizations “seek to ensure that they operate within the bounds and norms of their respective societies” (Cuganesan et al., 2007, p. 4). An organization’s legitimacy hinges upon the ‘social contract’ between the organization and society. The concept ‘social contract’ refers to the expectations society has about how an organization should operate (Deegan et al., 2002; Cuganesan et al., 2007). Failure to comply with these expectations may lead society to perceive that the organization is not legitimate (Deegan et al., 2000). As a result, public acceptance of the organization may decline. This may be evidenced by, for instance, the loss of customers, financiers reducing the supply of capital to the organization or constituents lobbying with the government for increased taxes, fines or laws to prohibit those activities that are unacceptable to society (Deegan, 2002). Legitimacy may be considered as an intangible asset important for the growth and survival of organizations (Oliveira et al., 2011b). This is especially true for organizations that are considerably more visible - such as large and listed companies - and those relying more heavily on social and political support - such as semi-public institutions (Dowling and Pfeffer, 1975). Hence, it is imperative to establish legitimacy, maintain it, and restore it when it is damaged through public disclosure (O’Sullivan and O’Dwyer, 2009; Oliveira et al., 2011b). Organizations that inform the public about their activities may change the perceptions around them, and as such improve their legitimacy (Dowling and Pfeffer, 1975; O’Sullivan and O’Dwyer, 2009). For instance, given their public visibility and their importance to the stability of the financial sector, finance companies disclose risk information to maintain a good reputation among their stakeholders. Thereby, they reduce information asymmetry between management and debt-holders, attract more customers and reinforce the confidence of stakeholders (Oliveira et al, 2011b). Similarly, semi-public entities could also improve their legitimacy by disclosing risk re-related information. Being transparent will help them earn the trust of stakeholders; this may instill in interest groups and the general citizenry the confidence that the organization is well managed. Thus, an organization that discloses risk information will build a reputation for openness and stakeholder confidence, which in turn will help the organization to gain and preserve its legitimacy.

There are certain costs involved in the disclosure of information. First, according to Farvaque et al. (2011), corporate disclosure is generally associated with the costs of developing and presenting the information. In order to communicate the information to the public, there must be a process involving the collection, verification, analysis, quality control and accurate presentation of information (Armitage and Marston, 2008). Thus, before disseminating reliable information, all the costs associated with the implementation and functioning of the reporting process must be considered. Naturally, such costs apply to semi-public organizations, as well. They, too, are required to issue an annual report containing detailed financial and non-financial information. Second, as stated, risk disclosure provides forward-looking information to a corporation’s shareholders. The concern is that such information could be unreliable (Linsley and Shrives, 2000). This could lead to legal disputes between the company’s management and the investors (Emanuels et al., 2010a). In a semi-public entity, unreliable information may cause a conflict between the organization and its main stakeholders: i.e. loss of confidence of financers, customers, suppliers and the government.

(12)

11

2.4 Board Strength

Governance in non-profit institutions is described by Renz (2004, p. 1) as “the process of providing strategic leadership to a nonprofit organization. It entails the functions of setting direction, making policy and strategy decisions, overseeing and monitoring organizational performance, and ensuring overall accountability”. The body responsible for a company’s governance is the board of directors (Cadbury Committee, 1992; Renz, 2004). Directors are appointed to ensure that the governance functions are effectively carried out with the objective to establish a solid governance structure (Fama and Jensen, 1983; Tirole, 2001; Renz, 2004). Such a structure is vital for the sustainability and long-term success of the organization (Renz, 2004).

Jegers (2009) maintains that the possibilities to shape the governance structure depend on the functioning and power of the board. In other words, board strength is crucial for effective governance. To this day, there is no set definition for the concept ‘board strength’. Therefore, in devising a definition, this study draws on the definition of the word ‘strength’, as well as the literature consulted earlier. The word ‘strength’ may be described as a “useful ability”9_{. An appropriate definition for}

‘ability’ is “the quality in a person or thing which makes an action possible” 10_{. The board’s actions in}

this regard are related to the governance functions (Renz, 2004). Hence, this study defines board strength as the overall ability of the board of directors to carry out the governance functions effectively.

2.4.1 Board Strength Characteristics

A number of board and firm-level characteristics can affect the strength of the board. Jegers (2009, p. 147) documents three groups of variables that can be observed in non-profit organizations: (1) board members attributes, including gender, prestige of members, managerial tenure and credentials; (2) organizational features, including the level of bureaucratization, age and size; (3) environmental aspects, including inter-organizational ties, board dependency, stability and governmental funding. Empirical studies of listed companies (e.g. DeFond et al., 2005; Carcello et al., 2006; Dhaliwal et al., 2007; Hoitash et al., 2009; Hunton et al., 2011) have identified board and audit committee size and independence, share-ownership by directors, board expertise, tenure and diligence. The studies bundled the characteristics to construct a composite measure for capturing board strength. The main premise in using a composite score is that if board strength is affected by multiple factors, a combined measure – comprising all these factors – will better capture the overall board strength (DeFond et al., 2005; Schnyder, 2012).

In line with prior studies (e.g. DeFond et al., 2005; Carcello et al., 2006; Dhaliwal et al., 2007; Hoitash et al., 2009; Hunton et al., 2011), this study uses a composite measure to capture board

9_{In Longman Dictionary of Contemporary English, Fifth Edition [Computer Software]. Retrieved March 17, 2014.} 10_{In Oxford English Dictionary. Retrieved March 17, 2014, from: http://www.oed.com}

(13)

12

strength. The board strength comprises the following board characteristics: board size, board expertise, board diligence, board tenure and existence of audit committee. These characteristics have been chosen, as they are most relevant for the purpose of the study. In the discussion below, each board characteristic is explained on the basis of studies related to private corporations. Following this, a brief explanation is given about whether the results of the studies are applicable to semi-public entities.

Board Size

Consistent with Leng and Ding (2011) and Ntim et al. (2013), board size is defined as the number of directors on the board of an organization. According to Leng and Ding (2011), given that board size reflects the board’s ability to cope with the challenges in the monitoring and decision-making process, a large board is desirable, as it is likely to contain more professionals with expertise in multiple areas. Other studies, such as the one conducted by Ntim et al. (2013), report that large boards are positively associated with risk disclosure. Platt and Platt (2012) have empirically indicated that smaller boards are positively related to bankruptcy, implying that large boards are more effective at monitoring the financial performance of the organization.

Nonetheless, Jensen (1993) argues that boards should be kept small, as oversized boards can be easily controlled by the CEO and are less effective in coordination and communication. Other academics (e.g. DeFond et al., 2005; Hoitash et al., 2009; Hunton et al., 2011) claim that smaller boards are related to good governance. Empirical evidence provided by Yermack (1996) shows that an organization’s profitability and operating efficiency decrease when board size grows. Mak and Kusnadi (2005) confirm an inverse relationship between board size and firm value, indicating that when the board increases in size, the value of the firm decreases.

Board Expertise

According to previous studies (Carcello et al., 2002; Hoitash et al., 2009), the number of directorships of board members can proxy for expertise. Dhaliwal et al. (2010) posit that directors who serve on multiple boards might be afraid to lose their reputation, and consequently, be more effective in their monitoring. Carcello and Neal (2003) have also found that board members holding multiple directorships are unlikely to terminate the relationship with an auditor for issuing a going-concern report. This suggests an association between expertise and effective board monitoring. Platt and Platt (2012) have indicated that organizations with interlocking boards – boards that “share at least one board member in common” (p. 1141) – are less likely to file for bankruptcy. Platt and Platt (2012) argue that by being part of an interlocking board, directors may obtain information that can assist them in coping with the economic uncertainties of the industry. The concerns with the independence of interlocking boards cannot be ignored. It is debatable whether the seat of an organization’s director on the supervisory or management board of another organization may “impair the director’s ability to exercise independent judgment or objectivity” (Peregrine and Broccolo, 2006, p. 523).

(14)

13

Board Diligence

Generally, a diligent board is described as a board of members who work hard and are meticulous and thorough11_{. Factors related to board diligence are board-meeting frequency, behavior of directors}

before and during the meeting, attentiveness and attendance frequency (Carcello, 2002), and the quality (content and depth) of the meetings. Carcello et al. (2002) and Raghunandan and Rama (2007) maintain that the only publicly observable element of diligence is meeting frequency. This characteristic is included in the composite score, as several professional bodies (e.g. COSO, 1992; Blue Ribbon Committee, 1999) argue that the board should meet frequently in order to deal effectively with its responsibilities. Empirical studies (e.g. Xie et al., 2003; Bronson et al., 2006; Owusu-Ansah and Ganguli, 2010) substantiate the proposition that a high meeting frequency is associated with good governance.

Board Tenure

The board tenure is the average tenure of the board members. Board tenure can determine board quality; boards with a long tenure are more effective in their monitoring work as they are more experienced, have more expertise and are likely to be more familiar with the practices and the state of the organization (Dhaliwal et al, 2010; Yang and Krishnan, 2005). Vafeas (2003) has empirically proven that directors with a long tenure tend to be bankers, consultants or lawyers, thereby suggesting that long tenure is related to expertise. Furthermore, Vafeas (2003) has found that long-term directors are more likely to serve on board committees. Considering the fact that these committees are specialized in particular areas that require expertise (Dhaliwal et al, 2010), this finding substantiates the relationship between expertise and tenure.

Audit Committee

Numerous academics and professional bodies have called for the establishment of audit committees (e.g. George, 2005; Blue Ribbon Committee, 1999; COSO, 1992, 2004; Deloitte, 2009). An audit committee is an extension of the board of directors. It consists of a select number of board members whose main responsibilities are to oversee the risk management and the financial reporting process. More specifically, the committee must initially ensure that the organization complies with accounting standards and applicable laws and regulations. Second, the committee must ensure that internal quality controls are in place and working effectively. Third, it must be confirmed that the internal and external auditor are independent and objective. Finally, the organization must disclose accurate, qualitative and timely (financial and non-financial) information (Blue Ribbon Committee, 1999; COSO, 1992).

It is postulated that the formation of audit committees can enhance the governance of an organization. George (2005), for instance, argues that each semi-public organization must have an audit committee, as it is an important component of public accountability and effective governance. Professional bodies such as Deloitte (2009) claim that the effectiveness of the board can be improved if there are committees in place to deal with specific matters. Additionally, the positive effect of an audit committee on governance has been empirically examined. Barako et al. (2006), in consonance with

(15)

14

Ho and Wong (2001), report that organizations with an audit committee are more likely to voluntarily disclose financial, strategic and corporate social responsibility information. Pridgen et al. (2007) have found that non-profit organizations with an audit committee report less internal control problems. In general, these findings support the notion that the existence of an audit committee strengthens the effectiveness of the board.

Application to Semi-Public Organizations

The findings of the studies mentioned above cannot be automatically generalized to the semi-public sector. Board size, for instance, can affect financial performances such as profitability and firm value (Yermack, 1996; Mak and Kusnadi, 2005). Naturally, these findings are confined to for-profit corporations, as such profitability and firm value as performances indicators are not relevant in semi-public organizations (Jegers, 2009). Some results, however, may be applicable to the semi-semi-public domain, such as the findings regarding the positive relationship between an audit committee and information disclosure (Barako et al., 2006), or the association between the number of board meetings and good governance (e.g. Bronson et al., 2006). Although it cannot be validated whether they apply to the semi-public sector, it is likely that if such a relationship exists in private companies, the same may be true in the semi-public domain. Arguably, semi-public organizations experience governance problems that resemble the problems experienced by private companies (Jegers, 2009). In addition, it is widely known that many “governance best practices transcend the distinction between for-profit and nonprofit corporate organization status; i.e., that in many cases they apply as readily to nonprofit corporations as they do to for-profit, publicly traded, corporations” (Peregrine and Broccolo, 2006, p. 508).

2.4.2 Board Strength and Risk Disclosure

Several studies have documented a positive relationship between risk information disclosure and various board characteristics considered proxies for board strength. The study conducted by Owusu-Ansah and Ganguli (2010), for instance, has found that the more meetings held by the audit committee per year, the more likely the company is to voluntarily issue a report about internal control. Bronson et al. (2006) reported similar findings, as did Ismail and Rahman (2011) and Leng and Ding (2011). The latter reported that the quality of risk information disclosure is greater when board members are in possession of an accounting qualification and a higher level of education. Ntim et al. (2013), in line with Mokhtar and Mellet (2013), have gained support for their contention that a higher number of board members leads to an increased level of risk information disclosed by companies. The two studies suggest that board characteristics, deemed important elements for strengthening the board, have a positive effect on risk disclosure. This strengthens the notion that a strong board will induce risk-based behaviors and is capable of demanding risk transparency. Hence, the following is hypothesized:

Hypothesis 1: A positive relationship exists between board strength and the quantity of risk disclosure.

(16)

15

2.5 Board Diversity

The concept of board diversity is defined by Van der Walt and Ingley (2003, p. 219) as “board composition and the varied combination of attributes, characteristics and expertise contributed by individual board members in relation to board process and decision-making”. Hafsi and Turgut (2013, p. 466) use the term ‘diversity in board’ and describe it as the “dissimilarities in directors’ attributes”, as the concept highlights the variety within a given board. These attributes can be categorized into directly observable board features such as age, ethnicity, gender, and nationality, and less visible attributes such as education, occupation and religion (Ntim et al. 2013; Ntim and Soobaroyen, 2013).

In short, it is believed that board diversity contributes to a better market understanding, increased creativity and innovation, effective problem solving, superior leadership and effective global relationships (Carter et al. 2003). From a stakeholder’s perspective, board diversity is desirable in that it indicates the organization’s sensitivity for the preferences, aspirations and concerns of the stakeholders involved (Hafsi and Turgut, 2013). This study focuses on ‘gender’, as this is an easily observable variable and according to Hafsi and Turgut (2013), the most important indicator of diversity within boardrooms.

2.5.1 The Effect of Gender Diversity

According to the literature, a gender diverse board improves organizational outcomes. Research conducted by Hafsi and Turgut (2013) reveals a positive effect of the inclusion of women in boardrooms on corporate social performance. In other words, organizations that have a high percentage of female directors perform better on social issues such as community, employee relations, environment and human rights. Others studies (Campbell and Minguel-Vera, 2008; Carter et al., 2003; Erhardt et al., 2003) indicate a positive relationship between financial performance and women on the board, suggesting that an organization with female directors may achieve better financial results.

Konrad et al. (2008) claim that the inclusion of female directors can enhance the monitoring ability of the board. Based on interviews conducted with female directors, the researchers report several benefits of the presence of female directors in boardrooms. First, directors that form part of a diverse board seem to express their opinions in a more visible way, so as to avoid misunderstandings, which in turn may result in better decision-making. It is additionally argued that some issues within an organization can only be solved by including women, given their experience with certain subjects. A neat example of this is a board discussion on birth control medicine in a pharmaceutical company. It is furthermore stated that female directors are more likely to broaden the discussion by including ‘soft’ issues such as health and safety, the working environment and well-being of employees; it is important to consider such issues, as they can affect the company’ reputation, not merely the financial matters. Another benefit mentioned is that female directors are more likely to thoroughly investigate and raise questions about doubtful or ambiguous matters. Inferred from Konrad et al. (2008) is that the presence of women on a board can improve the effectiveness with which the board operates. Adams and Ferreira’s (2009) study on women in boardrooms and their influence on governance has yielded several interesting findings. First, female directors attend board meetings more often than

(17)

16

male directors do. Second, the attendance behavior of male directors is enhanced when female directors are present, indicating greater board diligence that leads to better firm performance (Bronson et al., 2006; Owusu-Ansah and Ganguli, 2010; Xie et al., 2003). Third, female directors are more likely to serve on monitoring committees. Finally, gender diverse boards are more likely to hold CEOs accountable for poor performance. These findings thus lend credence to the notion that gender diverse boards lead to better monitoring.

2.5.2 Gender Diversity and Risk Disclosure

With respect to disclosure, Barako and Brown (2008) have found a significantly positive correlation between gender diversity (measured by the proportion of female directors) and corporate social reporting. Similar findings have been reported by Ntim and Soobaroyen (2013), who have indicated a positive relationship between gender and the extent of corporate social reporting; unfortunately, their results are statistically insignificant. Empirical studies on board gender and risk disclosure are seemingly scarce. The only example found is the empirical research conducted by Ntim et al. (2013). The authors used a sample of South-African listed companies to investigate the impact of board diversity (based on ethnicity and gender) on both the quantity/volume and quality/level of corporate risk disclosure. They reported positive and significant results, implying that corporations with gender and ethnically diverse boards tend to disclose more risk information. It is unclear whether these findings can be generalized to semi-public organizations. Nonetheless, it is likely that female directors serving on semi-public boards will also have a positive effect on the extent of risk disclosure. The following hypothesis has thus been constructed:

Hypothesis 2a: A positive relationship exists between gender diversity and the quantity of risk

disclosure.

As discussed, the presence of women on boards improves the effectiveness of the board’s oversight role, implying that a board with female directors is stronger. With this in mind, it is proposed that gender diversity will have an enhancing effect on the relationship between board strength and risk disclosure (Figure 1). The according hypothesis is the following:

Hypothesis 2b: The positive relationship between board strength and the quantity of risk disclosure is

strengthened by gender diversity.

+

________________________________________________ Figure 1: Conceptual Model - Hypothesis 2b

Board Strength Risk Disclosure

(18)

17

2.6 CEO-Power

The board of directors is entitled to persuade the CEO to disclose risk information (OECD, 2004; COSO, 2004, 2009). The degree to which the CEO is influenced depends on the board strength and the amount of power held by the CEO (Jegers, 2009). Finkelstein (1992, p. 506) defines power as “the capacity of individual actors to exert their will” and argues that the key basis of the CEO’s power is “the ability to cope with internal and external sources of uncertainty” (p. 508). According to Finkelstein (1992), the board of directors can form one of the main internal sources of uncertainty, as they have the power to constrain the discretion of the CEO. Major external sources of uncertainty for the CEO include the task and institutional environment of the organizations. All external parties directly involved with the organization (customers, suppliers, competitors and the government) may form part of the task environment. The institutional environment consists of external institutions and individuals to which the organization turns for support.

2.6.1 Dimensions of CEO-Power

Finkelstein (1992) describes four dimensions of CEO power: structural, ownership, expert and prestige power. The first relates to the position held by the CEO within the organization, as well as his compensation in relation to the compensation of other top managers. More positions and higher compensation are associated with greater structural power. This type of power allows the CEO to achieve his desired objectives, as he is more independent and he can control his subordinates and the board of directors more effectively (Finkelstein, 1992). Several studies related to listed companies (e.g. Ting, 2013) use the variable CEO-duality as a proxy for structural power. CEO-duality refers to the situation in which the CEO is simultaneously the chairperson of the board of directors (Finkelstein, 1992). In semi-public entities in the Netherlands, CEO-duality is not permitted on the basis of sector-specific principles of good governance.

Ownership power is determined by the CEO’s ownership position and founder status. In an attempt to attain their desired objectives, CEOs with high levels of ownership can exert their influence in order to control the board of directors. As founders of the organization, they can gain power through their long-term relationship with the members of the board (Finkelstein, 1992). Ownership power enables the CEO to dominate the company and to decide which strategy to use and which policies and rules to implement (Khan et al., 2013). Ownership power occurs in private companies, but not in semi-public organizations. In the Netherlands, semi-public organizations are non-profit organizations (foundations) that no one shareholder owns (Burger et al., 2001). Instead, they are governed by a supervisory and management board (Goodijk, 2012).

Expert power refers to the CEO’s ability to deal with environmental contingencies that could control the organization’s success or failure. Generally, environmental contingencies refer to the uncertainties that arise when dealing with the external parties of the task environment. The ability of the CEO to cope with such uncertainties increases when good contact and relations are developed with these

(19)

18

parties. CEOs that possess this expertise exert their power by influencing strategic choices. This is especially true if the CEO’s expertise exceeds that of the board members (Finkelstein, 1992).

Prestige power arises from membership of a managerial elite group. Such groups are comprised of individuals with formal positions and authorities in social organizations and institutions. Being a member of a managerial elite group tends to imply that the CEO holds a good reputation within society. This may increase his reputation within the organization, thereby facilitating the achievement of his personal goals. In addition, CEOs can gain power by maintaining good contacts in social elite groups, which may provide them with a significant amount of valuable corporate information that will aid the organization in coping with uncertainties (Finkelstein, 1992).

2.6.2 CEO-Power and Risk Disclosure

There are several pieces of evidence of dominant CEOs’ reluctance to disclose information. Abdelsalam et al. (2007), based on data from London listed companies, have found a negative correlation between CEO-duality and information disclosure. Allegrini and Greco (2013) report similar findings for Italian listed corporations. Another example is Lewis et al. (2012), who have found that newly appointed CEOs are more likely to disclose information, which suggests a negative association between disclosure and long CEO tenure – a proxy for expert power (Henderson et al., 2010; Ting, 2013). In essence, the studies confirm that greater CEO-power results in less information disclosure. These results are related to private firms, however, the question remains whether they are applicable to semi-public organizations, as well. As mentioned, disclosure enables the stakeholders of a semi-public entity – such as the government – to scrutinize the way in which a CEO deals with risk management. Consequently, the government may intervene when it believes that the organization is not dealing with risk management effectively. Such involvement may create uncertainties for the CEO (Finkelstein, 1992). A dominant CEO will seek to reduce any uncertainties that threaten to negatively affect his or her managerial work (Finkelstein, 1992). As such, if risk disclosure creates uncertainties for CEOs, they are likely to reduce the extent of risk information disclosure. Accordingly, the following hypothesis has been formulated:

Hypothesis 3a: A negative relationship exists between CEO-Power and the quantity of risk

disclosure.

In section 2.4.2, it was hypothesized that board strength is positively associated with risk disclosure: a greater extent of risk information will be disclosed when a powerful board is in place, thereby emphasizing the importance of disclosure. A dominant CEO, in contrast, is less likely to disclose great amounts of information. Finkelstein (1992) claims that a dominant CEO will exert control over the board of directors in an attempt to achieve his desired objective, which in this case may be decreased disclosure. As such, hypothesis 3b contends that despite a powerful board, an organization with a dominant CEO will disclose less risk information (Figure 2).

(20)

19

Hypothesis 3b: The positive relationship between board strength and the quantity of risk disclosure is

weakened by CEO-Power.

-

________________________________________________ Figure 2: Conceptual Model - Hypothesis 3b

Board Strength Risk Disclosure

(21)

20

3. RESEARCH DESIGN

3.1 Sample and Data Collection

The target population of this study is organizations that provide public services in the healthcare field, the educational arena and the housing sector in the Netherlands. For data access reasons, only the organizations that are members of a branch association12_{have been included. A total of 926}

organizations was identified: 415 (45%) healthcare entities, 122 (13%) educational institutions and 389 (42%) housing corporations. Within the scope of this study, the analysis is based on a sample rather than on the entire population. By means of random sampling, roughly 250 organizations have been selected, based on the proportion of the population of each sector to ensure equal representation of all sectors. The 2011 annual report of each organization was directly obtained from their respective websites, after which all the data necessary for the variables was extracted. If data was found to be missing from the annual report, LexisNexis, LinkedIn and Orbis were consulted. Organizations whose data could not be retrieved from any of these sources were removed from the sample. This resulted in a final sample of 105 semi-public organizations, of which 50 (47%) are healthcare entities, 19 (18%) educational institutions and 36 (34%) housing corporations (a list of the names of the organizations is provided in the Appendix). Table 2 provides a summary of the population and sample distribution by sector.

Table 2

Sample Selection

Panel A: Sector Representation

Sector Population Sample

Healthcare 415 45% 50 48% Education 122 13% 19 18% Housing 389 42% 36 34% Total 926 105

Panel B: Sector Composition of Sample

Sector Category Sample

Healthcare Hospitals 23 22%

Nursing Homes 27 26%

Education Colleges 8 8%

Universities of Applied Science 8 8% Research Universities 3 3%

Housing Housing Corporations 36 34%

105

12_{The organizations are members of one of the following branch association: Vereniging Gehandicaptenzorg Nederland, GGZ Nederland,}

(22)

21

3.2 Dependent Variable

The dependent variable in this study is the quantity of risk-related information disclosed in the annual reports of the sample organizations. In order to measure this, the content analysis approach was applied, one of the most widely used methods in risk disclosure studies (e.g. Linsley and Shrives, 2006; Abraham and Cox, 2007; Amran et al., 2009; Elzahar and Hussainey, 2012; Ntim et al., 2013). Content analysis involves classifying content units into various pre-defined categories (Beattie et al., 2004) in order to draw valid inferences from data, according to their context (Beretta and Bozzolan, 2004, p. 276). A content unit (unit of analysis) can be defined as a set of words, sentences, phrases, paragraphs, pages, tables or graphs (Unerman, 2000; Linsley and Shrives, 2006; Hooks and Van Staden, 2011; Ntim et al., 2013). In line with Ntim and Soobaroyen (2013) and Mahadeo et al. (2011), this study uses words as the unit of analysis. Given that words are the smallest unit of analysis, they can provide maximum robustness in terms of examining the quantity of disclosure (Wilmshurst and Frost, 2000). Using words can avoid inconsistency in measuring the extent of disclosure (Wilmshurst and Frost, 2000), which in turn will enhance reliability (Ntim and Soobaroyen, 2013).

Following the method of Beretta and Bozzolan (2004), the quantity of risk disclosure is measured by the ratio of risk-related words to the total number of words in the annual report (RiskRatio). Simultaneously, a robustness check is performed by using the absolute number of risk-related words (RiskWords). In this analysis, using the RiskRatio is preferred over using RiskWords, for the following reason: the writing style of organizations may influence the results when determining the extent of the reported information (Abraham and Cox, 2007). An annual report can contain a substantial amount of risk information. However, if the risk information is embedded in a large amount of non-risk information, the relevance of the risk information may be diminished. Unerman (2000) purports that this may reduce the relevance of the study’s results.

The procedure for measuring the RiskRatio comprises three steps. First, in order to perform a word count, the entire risk section in the annual report is selected and copied into an online word counter13_.

To ensure robustness, the text is also copied to Microsoft Word, where the words are counted by the ‘word count’ function. Second, the total number of words in the narrative portion of annual report is counted, excluding the financial statements and the notes. The word count is performed by the computer application Foxit Advanced PDF Editor, which contains a built-in word count function. Finally, the quantity of risk disclosure is calculated by dividing the number of words in the risk section by the total number of words in the narrative part of the annual report. This yields the RiskRatio, which is employed in the main analysis to measure the amount of risk information disclosed in the narrative section of the annual report.

.

(23)

22

3.3 Independent Variables

Board Strength

In line with DeFond et al. (2005), Dhaliwal et al. (2007) and Hoitash et al. (2009), board strength is measured by a composite score, which constitutes the five board characteristics previously mentioned: board size, board expertise, board diligence, board tenure and the presence of an audit committee. In order to compute the composite score, each board component is assigned a score of 0 or 1, depending on the conditions described below. A value of 0 implies that certain characteristics of the board are weak, whereas a value of 1 indicates the opposite. Next, the scores assigned to each component are totaled. The sum of the five components equals the composite score that ultimately measures board strength. The range of the composite score varies from 0 to 5; 0 being the lowest score and 5 being the highest. The higher the score is, the greater the board strength. The following conditions have been considered in assigning the scores to the components:

1) Board Size – board size is defined as the number of directors on the supervisory board (Leng and Ding, 2011; Ntim et al., 2013). To determine the score of this component, the techniques of Dhaliwal et al (2007) and Hoitash et al. (2009) were consulted: first, the sample median is computed. Next, a value of 1 (strong board) is assigned if the sample board size is smaller than the median size in the sample, and 0 if the board size is equal or greater than the median.

2) Board Expertise - As prior studies have established (Carcello et al., 2002), the proxy for board expertise is the number of directorships held by the board members. The coding condition employed for this component is the same as the condition used by Dhaliwal et al. (2010). A score of 1 is assigned (strong board) if at least one board member holds multiple directorships.

3) Board Diligence - Board diligence represents the number of meetings held per annum (Carcello et al., 2002; Raghunandan and Rama, 2007). The score for this component was determined first by computing the sample median of meeting frequency, and consequently by assigning the sample organization a score of 1 (strong board) if the meeting frequency of the organization is greater than the sample median, or 0 if the meeting frequency is equal or smaller than the median (Hoitash et al., 2009).

4) Board Tenure – The board tenure is the average number of years of board service for all directors. To determine the score, the average tenure among the board members was calculated for each organization, as well as the median average tenure in the sample. A value of 1 (strong board) is assigned if the average board tenure of the organization is above the tenure median in the sample and 0 if the average tenure is equal or below the median (Hoitash et al., 2009).