Olivia Kirtley, CPA, CGMA, is steeped in corporate governance issues. As the new president and board chairman of the International Federation of Accountants (IFAC), she is bringing to bear her knowledge as a business consultant on strategic and corporate governance issues and nearly 20 years of experience as a member of boards of directors to advance the profession.

Her professional path led her from a predecessor of EY to vice president of finance and CFO of Vermont American Corp., a global manufacturer that was publicly traded until taken private by Emerson Electric Co. and Robert Bosch GmbH. In the mid-1990s, she started serving on boards of directors and has since been named by the National Association of Corporate Directors as one of the top corporate directors and governance professionals in the United States. Kirtley currently serves on the boards of three U.S. companies: the financial services holding company U.S. Bancorp; the pizza-delivery chain Papa John's International; and ResCare, a large private service provider to the elderly and people with disabilities.

Here's what Kirtley, a member of the AICPA's governing Council and former chair of the AICPA board of directors, said she thinks about corporate governance issues such as attacks by hackers, the looming risk of reputational damage in the age of social media, and international tax laws that can be in conflict:

What's top of mind these days for companies and boards in regard to strategic, risk, and compliance issues?

Kirtley: In today's global and often unpredictable business environment, boards have an important and critical role to play in overseeing strategic and risk issues. Compliance is also a very challenging issue right now with all the regulatory activity and new laws. It is a board's job to make sure the company is in compliance, but, at the same time, board members must maintain focus on the strategic direction of the company, because the world continues to change, and the strategy and the risk change accordingly.

Businesses operate to take risks, because with risks come rewards. You have to decide strategically what the proper level of risk is, what your risk appetite is, and how that matches your people skills. We are in a very complex global environment, and so you have to have the ability to analyze the risks that you are taking and relevant experience in various parts of the world to truly understand what risks are embedded in the strategies that you undertake.

It's very easy to allow compliance issues to dominate your time. You have to be very disciplined so that everyone doesn't get drawn into that very demanding area.

Managing the agenda of a board meeting-how you schedule the meetings, what to bring before the various committees and the board, and making sure that you continuously engage in dialogue about strategy-is an important tool to keep board members disciplined and focused.

Many companies set their agenda for the whole year for all of the meetings in the organization. The governance committee will often review and approve the meeting agendas for the entire year. It's not that they can't be changed based on circumstances, but that's one way to make sure that you're really having a proper allocation of time and that the board is covering everything that is important throughout the year.

How much time are boards spending on cybersecurity right now, and do board members have the technical proficiency to provide adequate governance in this area?

Kirtley: Cybersecurity is a very hot topic right now. There are a lot of industry-coordinated efforts to try to inform each other, so if it's being encountered at one company, other companies know about it, which helps with managing the issues.

As board members, we can also call in subject matter experts to advise the company and the board and to have an independent view of whether systems and controls are as robust as they should be. Another area that we look at is broadening the use of internal audit, which means that assessing talent, skills, and relevant experience on the audit staff is critical.

Companies are experiencing a constant barrage of cyberattacks. Looking at some of the recent breaches, they've gotten in through one of the vendors or one of the third parties. What is more and more challenging is that you don't just have to look at the controls within your company and make sure that you're as strong as you can be. You also have to be aware of the controls in place for the people and organizations with access to your systems to provide third-party services.

Risk in general-and, particularly, reputational risk-has become a big area of concern for many companies. How are boards helping companies manage this?

Kirtley: First of all, strategy and risk must be considered together-to know what risks are embedded in the approved strategy. Boards are concerned with enterprise risk management plans and controls, and how management focuses on emerging issues. This includes things like social media, what your risk mitigation plans are, what your response time would be, and whether you have expert advisers that could be on call in the event you did have a critical issue. It's sort of like a crisis management plan, quite frankly.

In the area of reputational risk, things can go viral quickly. If you do not have immediate awareness of something that is out there in social media, or if you don't handle whatever the event is very quickly, in the first few hours, then the issue can get away from you quite rapidly, and that increases your reputational risk.

Also, part of the board's job is making sure that internal controls and risk infrastructures within companies have the proper oversight and management involvement before any issue ever gets to the board.

Some boards have separate risk committees; others oversee risk in the audit committee. On some boards, it's a general board function. So while every board has its own particular structure, the important thing is that there is a well-defined and well-functioning risk management and oversight process.

What role does the board perform in setting a strategic vision for companies right now?

Kirtley: Boards always take an oversight and advice role. You want to make sure management is focused on the strategic vision and strategic direction and engages in the dialogue with the board. You have board members with a lot of experience and expertise and insights, and so you want to take advantage of that in setting the strategy. And as I said before, strategy and risk go together. You have to make sure there is general agreement between management and the board regarding the risk embedded in that strategy.

As a director of a financial services company for the past eight years, you're well aware of the increased regulatory oversight of the banking industry following the global financial crisis. Where do you see regulatory oversight of the banking industry going in the next five to 10 years?

Kirtley: Not only do we have new regulations, we have new regulators. Part of what came out of the financial crisis is the Consumer Financial Protection Bureau. There is also somewhat of a rebalancing of who is responsible for what.

The banking and financial services industry and its regulators are adjusting to the new regulatory structure and environment. I think it's going to remain, at least in the short term, at this level of intensity. And the demands on the companies are tremendous. They are adding staff in the areas of compliance and internal audit very rapidly to meet all the regulatory requirements and demands. I don't see that changing in the near term.

The bar has been raised, as far as the expectations and the attention given to compliance and regulatory matters. The industry has used the services of accounting firms and other advisers to meet requirements and timelines of new regulation and new regulators.

There is a great need for accountants to be knowledgeable about new regulations and new requirements, in order to assist and advise clients. Any time you have a changing environment and regulatory landscape, the pressure is on the professionals, such as auditors and CPA firms, to become proficient and knowledgeable very quickly.

As the former CFO of a global manufacturing company, how do you view the increased worldwide regulatory focus on corporate tax avoidance? What do you see in store for multinationals and their corporate tax compliance?

Kirtley: The fact is there are laws in effect around the globe to incentivize domiciles and structures that minimize tax. Companies have the responsibility to make sure that they are totally compliant with the laws, but many companies are looking at issues beyond strict legal compliance. A key issue is the reputational risk that has arisen from doing things that are legal but may be viewed by some as not paying a "fair share." This is a difficult situation for everyone. However, companies can't do the government's job. If the laws in place aren't producing the desired results, they should be changed.

Unfortunately, tax laws are very complex. Most have been in place for a very long time, and they are often based more on exchange of tangible goods rather than intellectual property or other things. Changing tax laws to produce the results that governments expect from a revenue and a competitive standpoint will be a complicated process. Currently, there is a focus by the G-20 and OECD [Organisation for Economic Co-operation and Development] on enhancing the transparency and exchange of appropriate information between jurisdictions, but all of this will take time. In the meantime, balancing compliance and reputational issues, as well as shareholder value and returns, will be an ongoing challenge for multinational companies.

Sabine Vollmer is a JofA senior editor. To comment on this article or to suggest an idea for another article, contact her at svollmer@aicpa.org or 919-402-2304.

Olivia Kirtley has a unique perspective as the first IFAC president with operational experience in business and industry and as the first woman at the helm of the global organization. These traits flavor what she wants to accomplish in the position that she will hold for the next two years, and how she plans to pursue those goals.

"My goals and objectives are twofold," Kirtley said. "One will be external focus, and the other will be internal focus.

"The external focus will be on interacting with regulators, governments, and professional accountancy organizations around the world, and strategically looking at what we should be doing to maximize the value and effectiveness of the global profession in serving all stakeholders and the public interest.

"From an internal standpoint, how IFAC operates and how we disseminate and coordinate knowledge and among IFAC member bodies in 130 countries is very, very important. Finding more ways to leverage technology and share knowledge and resources is a very keen focus, because the potential benefits are tremendous."

Expect her to travel a lot, she added, talking to the regulatory community and member bodies, and listening.