Organizations around the world understand that corporate governance policies encompassing issues like board composition, cyber security and internal communications are designed to benefit shareholders, stakeholders, and even the board itself.

What isn’t always so clear is the effectiveness of policies already in place. An organization may have developed a corporate governance strategy, but could there be room for improvement? Might some aspects function well, while others require urgent modifications?

When evaluating the state of an enterprise’s existing corporate governance framework, a self-assessment checklist makes a good starting point. The following five questions are designed to help organizations analyze — and maximize — current policies, and put their corporate governance to work.

How strong is our board of directors?

High on this checklist is the board itself, and more specifically, its effectiveness. Board composition has long been associated with good corporate governance, due in large part to the fact that it has a direct impact on company performance.

For example, research conducted by Catalyst, a nonprofit organization whose mandate is to expand opportunities for women in business, has found that companies with the most women on their boards experience a higher return on sales and invested capital.

Yet, as reported by the Harvard Law School Forum on Corporate Governance and Financial Regulation, data gathered by State Street Global Advisors shows that one in four Russell 3000 companies do not currently have any women serving on their boards. Women may not be entirely unrepresented, but they’re a rarity. About 60 percent of those same enterprises have boards with a female representation that amounts to less than 15 percent.

Asset management firm BlackRock recently underscored the increasingly widespread belief that board diversity gives companies an edge in its engagement priorities for corporate board meetings in 2017, as Reuters reported. “Diverse boards, including but not limited to diversity of expertise, experience, age, race, and gender, make better decisions,” BlackRock wrote.

Given that board strength and board diversity work together, taking a closer look at board composition is vital for creating good corporate governance. A diverse group of directors can lead to better decisions, thus positively influencing the company’s bottom line.

Have we established a succession plan in preparation for director and C-suite departures?

If a company hopes to practice good corporate governance, a succession plan is also a must. At some point, a C-suite executive or director is bound to make a sudden and surprising departure, and organizations that aren’t prepared for this likelihood may scramble to find an adequate replacement. Company leaders who have discussed this possibility, and implemented a strategy for dealing with it, won’t be caught off-guard and can continue to serve the company’s needs uninterrupted.

There are other advantages to having a succession plan as well. “Thoughtful planning for CEO transitions can avoid downward pressure on a company’s stock price,” Ernst & Young wrote on the subject. “By avoiding prolonged and expensive executive searches, a company can reduce uncertainty, strengthen investor confidence in the board and improve employee morale.”

To create a holistic succession plan, boards should first determine what skills and industry expertise the executive team and board of directors lack. This will help directors assess the type of candidate they’ll need down the line. Executive search firm Russell Reynolds Associates also recommended that boards create a written plan outlining emergency succession procedures. The board should review this document twice a year.

Russell Reynolds added that when preparing for a C-suite-level transition, boards should observe other successful CEOs in order to suss out what traits are responsible for their high level of performance. They should work closely with human resources departments to identify and observe internal candidates who could be a good fit for the CEO position and select two or three finalists. Together, these efforts will serve to prepare the board for a swift and seamless leadership transition, with minimal disruption to corporate management efforts.

Do we have a risk management strategy?

Whether it’s a powerful new competitor or an unpredictable business decision, risk is a part of every organization. It’s essential, therefore, to ask if the board has drafted a strategy to confront and overcome the most difficult of potential challenges.

In an article that appeared in The Wall Street Journal‘s Deloitte-sponsored Risk & Compliance Journal, Nicole Sandford, now Deloitte’s Enterprise Compliance Practice Leader, said that risk oversight should be viewed as “the foundation for everything the board and management do to properly govern the organization and make sound decisions.”

Sandford noted that, “An organization’s success is, in large part, driven by how wisely it takes risks and how effectively it manages the risks it faces.” This includes decisions such as who the board elects as CEO, how that executive is compensated, the presence of performance-based pay and the use of incentive programs within the organization. The board should also ask whether it employs common best practices, or chooses instead to be a trailblazer by setting new industry standards. “Careful evaluation of skills and knowledge, process, information, and behavior can pinpoint areas of excellence and development opportunities, helping boards and executives understand which areas may need attention,” she said.

Internal risks like these are only part of the equation. Additionally, boards must prepare for risk in the form of external forces, from economic uncertainty to evolving industry regulations. That said, the Harvard Law School Forum on Corporate Governance and Financial Regulation stressed that “the board cannot and should not be involved in actual day-to-day risk management.” Rather, directors should occupy a risk oversight role, ensuring that risk management policies are in line with the organization’s “risk appetite,” and that the company as a whole supports them.

“Through its oversight role,” wrote Martin Lipton, founding partner of law firm Wachtell, Lipton, Rosen & Katz, “the board can send a message to management and employees that comprehensive risk management is neither an impediment to the conduct of business nor a mere supplement to a firm’s overall compliance program, but is instead an integral component of strategy, culture and business operations.”

Knowing how risk factors into the existing board and corporate infrastructure, and what measures the board is prepared to take concerning external risks, ensures organizations can improve this key aspect of their corporate governance policy.

Is our organization’s data secure?

As evidenced by WannaCry, the recent cyber attack that MarketWatch reported struck more than 200,000 computers worldwide, all organizations are vulnerable to hackers.

Cybersecurity and corporate governance are closely connected. In an article about the board of directors’ role in overseeing cybersecurity, global executive search and consulting firm Spencer Stuart shared the outcome of a panel discussion involving corporate executives and security experts. According to the panel, there are five ways in which the board can manage security:

  • Accept responsibility for cyber security
  • Set expectations for management
  • Understand your company’s potential exposure to cyber risk
  • Assess current cybersecurity practices
  • Plan and rehearse

Together, these best practices can ensure that boards are safeguarding their organizations’ information.

The adoption of a board portal can move this endeavor forward. Good corporate governance requires the development and distribution of effective board-related materials, but without impenetrable security, companies put themselves at risk of a hack, which can prevent them from accessing their data or result in the external release of proprietary company information.

Board portals are designed to facilitate the secure digital distribution of company materials, from board books to meeting agendas and archived corporate data, creating a direct line of communication between board directors and executives. With a board portal in place to allow for paperless board meetings and secure collaboration, companies can dramatically reduce the possibility that a cyber attack will negatively impact business operations.

How transparent is our board?

Is your board of directors open about its objectives and how it functions? Does it provide shareholders with the company-related information they’re entitled to, and honestly report on business developments? All of these practices are important for good corporate governance.

One way to gauge the transparency of an organization is by analyzing the extent to which transparency is currently being touted by the board, and where it fits into public-facing company materials. Visit Chevron’s website, for example, and transparency is front and center in the form of a pledge. The company explains efforts to disclose relevant information include discussing “operational, financial, governance, executive compensation, environmental, safety, social and policy issues” with investors directly. Also mentioned is Chevron’s “commitment to promoting revenue transparency.”

The issue of transparency arises several times in the Spencer Stuart Board Index 2016, which breaks down recent data on board-related issues like board composition and director compensation at S&P 500 companies. According to the report, today’s investors expect transparency in everything from the skills directors bring to the board, to board evaluations and how “boards address their own performance and the suitability of individual directors.”

This candor allows shareholders to make more informed decisions about their level of investment. But there’s another reason why transparency is a fundamental element of good corporate governance: The more a board discloses about its inner workings, the more trustworthy it becomes — both internally and to the public.

This applies to individual directors as well. As entrepreneur and angel investor Neil Patel explained in an article for Fast Company, “transparency engenders trust,” and organizations that embrace transparency “function at a higher level.” That means committing to adopting a culture of transparency, owning up to business mistakes and telling “the story of who you are and what you bring to the boardroom table.”

It isn’t always easy to evaluate existing operations, attitudes and management policies — particularly when viewed up close and from the inside. Consider these questions a litmus test for good corporate governance, and apply the aforementioned recommendations to boost company performance, improve shareholder relations and prepare for whatever lies ahead.