Corporate boards play a crucial role in ensuring effective risk management systems and in establishing company cultures that prioritize safety and compliance. It is the responsibility of the board to establish a commitment to risk oversight, good corporate citizenship, and avoiding compliance failures — and to ensure these expectations are understood, integrated, and followed at all levels of the enterprise. As we recently wrote, the board’s supervision of material risks has become a key metric to assess overall board effectiveness, as shareholder, regulatory, and societal expectations continue to evolve.

The board’s risk oversight role has been brought into sharp focus with the publication of the Boeing Report, an assessment of the effectiveness of risk management systems with respect to safety at The Boeing Company prepared by a panel of aviation experts. Boeing’s safety practices have been the subject of significant public attention in recent years, following fatal crashes of Boeing 737 planes in 2018 and 2019 that led to the grounding of Boeing planes. In addition, in January 2024, a Boeing plane suffered detachment of a cabin door plug that again led to the grounding of Boeing planes. The report follows an extensive fact-finding mission that included reviewing over 4,000 pages of Boeing documents, conducting seven surveys and over 250 interviews, and hosting meetings with Boeing employees across the company’s locations.

Despite a variety of safety initiatives established both at the board level and at lower levels in the organization, and the purported focus of the board on establishing a strong culture of safety and compliance, the panel of aviation experts found that Boeing lacked consistent, clear, and effective safety reporting processes.  While attention was paid at Boeing to the “Speak” part of Boeing’s “Seek, Speak & Listen Habits,” the company failed to translate its safety expectations into specific, functional directions for employees. The report highlighted “a disconnect between Boeing’s senior management and other members of the organization on safety culture,” a “lack of awareness of safety-related metrics at all levels of the organization,” and the absence of documents that distilled the high-level safety guidance described in company-wide documents into language, terms, and descriptions used at the working levels across Boeing’s organization. As a result, employees and contractors were not equipped to apply Boeing’s safety standards to their individual job responsibilities. Moreover, the expert panel questioned whether Boeing’s safety reporting policies functioned in a way that empoweredemployees to communicate openly and without fear of retaliation.

A company’s board is charged with establishing and continuously overseeing risk management policies that are calibrated to the company’s strategy, risk profile, and business purpose. In the case of Boeing, the relevant risks related to product safety, but in other cases, risks may relate to regulatory considerations, environmental or governance factors, labor and human capital issues, or cybersecurity and data privacy. As the Boeing example illustrates, the board’s role is not only to establish risk management systems appropriately tailored to the material risks the company faces, but also to oversee their operation to ensure that these systems are embedded company-wide and are, in practice, followed throughout the organization. When the board and senior management team satisfy these responsibilities, a company will be best positioned to achieve sustainable, long-term value creation.

While the Boeing situation is unique, it sends a resounding message to all boards to oversee and regularly review risk management. We are adding to our annual “Risk Management and the Board of Directors” memo specific reference to the Boeing situation.