Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey | 2014 . Table of Contents 1 | Introduction 2 | About the Research 4 | Key Observations and Insights 7 | Concerns About Risks Confronting Boards 20 | About EisnerAmper 21 | Contacts . Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey Introduction Our 5th annual edition of Concerns About Risks Confronting Boards continues EisnerAmper’s exploration of the trends, changes, and issues facing American boards today. Reputation, cybersecurity and social media are largely intertwined and the associated risk has captured the attention of most boards. However, the executives seem to lack significant understanding, and organizations are missing robust plans to address the identified concerns. In this edition, we review and analyze the general trends of more than 250 boards, through the survey responses of their directors. As we did last year, we contrast the responses of those serving on public, private, not-for-profit and, in some cases, private equity-owned boards. Additionally, we’ve reviewed the responses of board members based on the organization’s revenue. Our Executive Summary delivers insight based on our data, professional observations and conversations. We welcome the opportunity to discuss these findings in detail with you. Michael Breit, CPA Steven Kreit, CPA Co-Chair, Audit and Assurance Services Partner, Audit EisnerAmper LLP EisnerAmper LLP 212.891.4089 212.891.4055 michael.breit@eisneramper.com steven.kreit@eisneramper.com 1 .

About the Research EisnerAmper’s 5th annual Board of Director’s Survey was designed to gain insights into the risks being discussed and addressed in American boardrooms. Directors were polled via a web-based survey sent to select EisnerAmper contacts and members of the NACD Directorship database. 36% TYPES OF BOARD 38% 26% This survey was conducted during January, February, and March 2014. It measures the opinions of directors serving on the boards of more than 250 publicly traded, private, not-for-profit, and private equity-owned companies across a variety of industries. This report focuses primarily on the responses from directors on the boards of public, private and not-for-profit boards. n Public n Private n Not-for-Profit 12% 24% These directors serve on boards that govern organizations with an average age of 40 years (some just a year old, others 100 years old) and represent a considerable range in revenue size: 19% 13% 18% 7% 7% n under $1M n $1-10M n $10-50M n $50M-100M n $100M-250M n $250M-1B n $1B+ More specifically, the largest groups of respondents were from organizations with over $1 billion in revenue (24%) and those that served on public company boards (38%). As may be expected, the majority of respondents (67%) with revenues over $1 billion served on public company boards, while not-for-profits accounted for the majority of the respondents reporting less than $50 million in revenue.

However, there was a wide distribution, and organizations of all types were represented at all revenue levels. To gain better insight to the concerns facing boards and how they were being addressed, we also wanted to find out about the structure of these boards. Specifically, were there committees relevant to the issues raised in this survey? 2 . Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey THE FOLLOWING IS A LIST OF COMMITTEES. PLEASE INDICATE IF THESE COMMITTEES CURRENTLY EXIST WITHIN YOUR BOARD AND IF SO, IF YOU ARE PART OF THEM. Audit 53% Nominating 41% Compensation 37% Risk 47% Governance 46% The majority of committees identified supported the efforts of an organization’s operations, including “write-ins” such as finance and executive committees. The responses reflected a good mix of those who did and did not serve on these committees and those designed to address the issues discussed in this survey. EisnerAmper Intelligent Data (EisnerAmper ID) uses proprietary market research conducted by EisnerAmper and leading market research firms, along with analysis from EisnerAmper’s partners and principals, to produce insightful articles, events and data designed to educate and stimulate discussion on the issues of most interest to business leaders today. The survey results were prepared by EisnerAmper and are accompanied by EisnerAmper’s observations of industry trends and issues. While EisnerAmper believes the information is from reliable sources, it should not be relied upon as, or considered to be, investment or legal advice. • Percentages throughout this report are rounded to the closest whole number. • Not all of the survey participants answered all of the questions. •  elect questions provided the opportunity for respondents to choose more than one response. S EisnerAmper ID Contact: Stacy Robin, Director of Marketing | EisnerAmper LLP | 347.735.4636 | stacy.robin@eisneramper.com 3 . Key Observations and Insights Reputation Remains the Leading Concern; Cybersecurity a Growing Threat Reputation is an ever-increasing concern among board members, particularly for public companies and not-for-profit organizations. However, both private companies and organizations with more than $1 billion in revenue felt they were more at risk from cybersecurity/IT than reputation issues. “Reputation is still a company’s best calling card, and a board’s best armor. In that light, EisnerAmper’s survey and report accurately reflects its enduring importance.” Christopher Y. Clark Publisher NACD Directorship Magazine Since the beginning of the year, organizations ranging from the DMV to banks to technology players have found themselves not only vulnerable, but struck by cybersecurity breaches. These attacks exposed vulnerabilities across what were perceived to be insulated corporate and financial infrastructures — and within apps, routers, hardware, and websites. It proved that cyber thieves target more than financial and banking information; there is a premium on private communications and other stored data.

It further “Realize that everything demonstrated that social media “When we try to pick out connects to anything by itself, enable these reputation issues to everything else.” we find it hitched to take on a life of their own, both in – Leonardo da Vinci everything else in the Universe.” terms of viral dispersion as well – John Muir as an uncontrollable timeline, with a footprint that is almost impossible to erase. Inconsistency Remains Consistent Ironically, despite the material and reasonable concern about reputation, there was little in the survey that showed support for resources to address it. Many respondents wrote in that they had no plans — or relatively unsophisticated plans — to protect their reputations. Overwhelmingly, C-suite executives and the board were referenced as the go-to resources to execute a plan to preserve a company’s reputation during a crisis. Crisis management, which could include plans on how to avert a substantial impact on an organization’s reputation (including social media showdowns developing from any issue and risk listed — and then some), generated concern from only 31% of respondents — garnering a rank even lower than last year, when it included disaster recovery. 4 . Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey “The financial cost and damage to reputation from a cyber/privacy breach is growing exponentially. Directors have recognized the increasing risk companies face related to cyber/ data security. Now they need to roll up their sleeves and, with the companies, address these risks.” Nancy Brady Director, IT Risk Services EisnerAmper LLP And, with plans for the C-suite and/or board members to take the helm during a disaster, the perceived level of knowledge of CEOs and CFOs around cybersecurity — and more importantly, social media — leaves an observer with an uneasy feeling about how a response would effectively factor in the fallout from these facets of any crises. Anecdotally, many executives (and board members) readily admit their lack of understanding of new media and cyber issues — two areas in which mere general knowledge can miss the critical nuances necessary for effective strategic and operational decisions. With the growing role of social media as a marketing tool — from overall reputation to the interpretation of earnings reports to business transactions and activities — it was surprising that only 30% and 36% of boards of public companies and not-for-profits respectively were focusing on marketing and sales. Private companies did show an increase in attention to marketing and sales efforts. Despite all of these contradictions, most companies continue to feel they are addressing risk either very well or well enough, from a variety of approaches. Yet less than 40% of respondents indicated their organizations have a comprehensive ERM program that is fully implemented; 22% don’t even have a program. A Lack of Interest in…Money?! Over the past few years, our survey has included questions pertaining to the JOBS Act.

It is a topic — and legislation — that the media and its supporters has portrayed as significantly affecting an organization’s access to funds, financial strategy and structure, and audience of potential investors. Despite the media frenzy, less than 10% of boards responded affirmatively to our question about planning to leverage opportunity associated with the existing and pending changes. It may be worth considering: Is the opportunity as significant and/or as far-reaching as the current coverage portrays it to be, or does the remainder of the legislation need to be written prior to the engagement of these organizations? 5 .

External Investment Opportunities Commercial real estate as an investment opportunity could not hold the attention of three-quarters of the boards. Social impact/sustainability/triple bottom line investments followed, overall, capturing the interest of less than half the boards. Mergers and acquisitions (and similar asset purchases) were also found to be losing favor. Of all the organizations surveyed, public companies, generally most sensitive to the market’s sense of immediacy and need for “instant gratification,” are forced to manage for the short-term. Therefore, of all respondents, directors from those boards keep the greatest focus on M&A, potentially in a bid to stay on top of the next big thing that will satisfy the market. Overall, boards seem to be favoring looking inward: Strategic planning and internal growth and expansion continue to be viewed as a key opportunity investment.

These are followed closely by business process improvement and strategic staffing. 6 . Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey Concerns About Risks Confronting Boards RISKS DRIVING CONCERN Our first question is based on the most fundamental concept driving this survey: What specific risks are top of mind for boards today? This creates an important lens through which to evaluate how boards are addressing risk: from identifying it to managing it, strategically and operationally. ASIDE FROM FINANCIAL RISK, WHICH OF THE FOLLOWING AREAS OF RISK MANAGEMENT ARE MOST IMPORTANT TO YOUR BOARD? John Fodera, CPA Partner, Consulting Services EisnerAmper LLP Reputational Risk 72% 73% Cybersecurity/IT Risk 62% 53% Regulatory Compliance Risk 50% 56% CEO Succession Planning 47% 44% Crisis Management “Cybersecurity is a constant and growing concern, increasing with exposure to new technologies and relationships with third parties.” 31% 39% Disaster Recovery 30% 39% Product Risk 29% 31% Risk Due to Fraud 29% 27% Outsourcing Risk 15% 13% Tax Strategies 14% 14% n 2014 n 2013 Cybersecurity/IT risk has risen almost 10%. It has overtaken regulatory/compliance risk (which also increased 4%) as the second most important concern to all boards. Crisis management and disaster recovery, now ranked independently, each fell close to 10% from their combined listing. Breaking out the data according to the type of organization can provide additional insight and benchmarks for your own boards and concerns. The contrasts continue to grow, but tend to align with expectations based on the divergent fundamental goals, needs and operating issues of public, private, and not-for-profit organizations. 7 . ASIDE FROM FINANCIAL RISK, WHICH OF THE FOLLOWING AREAS OF RISK MANAGEMENT ARE MOST IMPORTANT TO YOUR BOARDS? Reputational Risk 74% 59% 82% Cybersecurity/IT Risk 71% 66% 50% Regulatory Compliance Risk 60% 54% 38% CEO Succession Planning 55% 34% 50% Risk Due to Fraud 39% 21% 26% Disaster Recovery 36% 39% 17% Product Risk 35% 37% 14% Crisis Management 30% 23% 38% Tax Strategies 23% 13% 5% Outsourcing Risk 12% 27% 9% n Public Company n Private Company n Not-for-Profit As might be expected, reputational risk was of paramount concern (82%) to not-forprofit organizations. Organizations with revenue of $1-10 million were least concerned about reputational risk with 60% of directors indicating it was a concern important to their boards. Cybersecurity was the number one concern for private companies — and a very close second for public companies. Directors serving organizations with revenue over $1 billion also favored cybersecurity (73%) as the top risk, followed immediately by reputational risk (72%). Though risk due to fraud did not rank in the top third of concerns, 39% of public company board members did show concern, making it a significant outlier among other types of organizations. Concern about CEO succession planning for private companies dropped by 14%, to 34%, bringing it far out of line with public companies (55%) and not-for-profits (50%). This is especially interesting considering the plethora of discussions around global battles for executive talent. However, private company boards are generally 2-3 times more concerned about outsourcing risk as compared to public and not-for-profit boards. 8 .

Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey WOULD YOU SHARE WITH US PERTINENT DETAILS BEHIND YOUR SELECTIONS AS TO WHY YOUR BOARD FEELS THESE ARE MOST IMPORTANT? We asked the directors to detail why their selections were top concerns for their boards. Many of their responses reflected the top-ranked risks: “IT/Cybersecurity is also tough to understand — but could cause severe damage.” “As risk management and oversight in the business world become increasingly more difficult to manage, it is imperative that boards understand how technology is used in their companies, the safeguards around data, and the monitoring efforts around these actions.” Michael Breit, CPA Co-Chair, Audit and Assurance Services EisnerAmper LLP “IT because much of the vital…work the org does depends on reliability and security of IT” “Cybersecurity risks are increasing and evolving.” “Our reputation is our business.” “Reputational risk impacts everything; our ability to attract and retain talent, customers, shareholders, banking partnerships, etc....” “…regulatory compliance risk and IT risk being the most discussed as they are rapidly evolving and difficult to mitigate.” And, perhaps providing us a better lens for not-for-profits and less financially robust organizations, respondents wrote, “We’d like all of them to be important, but as we are a relatively small nonprofit we don’t have the resources to mitigate all the types of risk at the level we’d prefer to.” Only one director indicated that the issues she or he identified were significant because “We have just completed a comprehensive risk assessment and these are areas we identified as needing further improvements.” It is somewhat peculiar to see minimal concern for crisis management (31%) when compared to the premium put on reputational risk (72%). Additionally, cybersecurity and IT management would likely drive a crisis (and impact reputation if not managed well). The lack of correlation in the numbers is something our firm anticipates exploring further in future surveys — but it did get addressed in some responses when we asked directors why these issues were of most concern to their boards: “Reputational and IT risk are tied together to the extent that a response via the internet can be critical, including how quickly you can respond.” “Due to the nature of our business, the potential for massive damage to our brand could be accomplished via cyber attacks and or other IT related issues.” 9 . WHEN ADDRESSING REPUTATIONAL RISK, WHAT PROTECTIONS/PLANS DO YOU HAVE IN PLACE? Given the consistent concern about reputational risk, we asked directors about the protections and plans they had in place to address it. There were a surprising amount — close to a quarter of respondents — who had no plans, and others just informally “doing their best.” This lack of formality to address the most significant risk identified existed across all organizations. When plans existed, they included both everyday operations — such as to keep a positive reputation and reduce the risk — and strategies to address a crisis affecting reputation. Plans to address reputational risk centered around: • Response/communication plans • Training/education • Relying on culture, ethics, policies • Monitoring • Leveraging internal controls •  everaging specific professionals, L primarily PR/marketing and legal counsel WHO (INTERNALLY AND EXTERNALLY) IS INVOLVED WHEN EXECUTING A PLAN TO RESPOND TO A CRISIS INVOLVING REPUTATIONAL RISK? We wanted to understand who was going to lead a plan or response to a situation that put an organization’s reputation at risk. We extrapolated information from written responses to identify the following categories: 40% 39% Board CEO/ President 34% 25% 23% C-level/ External In-House Executives Consultants, PR/Comm Counsel, Team/ PR Firms Mktg 16% 9% 5% In-House Counsel CFO Risk Mgmt Team 4% 3% Investor Relations CCO 2% Once again, we find some irony in the response. Considering the minimal plans articulated by the directors responding to this survey, they seem to hold themselves primarily responsible for addressing reputational risk (along with their organization’s executives). 10 HR .

Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey ADDRESSING RISK Overall, risk may be addressed by different sources both inside and outside an organization. Performance of these sources may drive the success of risk mitigation. HOW IS YOUR BOARD ADDRESSING IDENTIFIED RISKS? V ery Well Well Enough Poorly Not at All 2014 2013 2014 2013 2014 2013 2014 2013 Regular Board and 37% 32% Committee Meetings 53% 58% 9% 10% 1% 1% Risk Management Insurance Providers 18% 15% 51% 52% 12% 15% 19% 17% External Auditors 18% 15% 52% 8% 9% 5% 7% Accounting Department 30% 24% 59% 56% 8% 12% 3% 8% Legal and Compliance Group 34% 55% 55% 6% 6% IT Department 16% 69% 60% 21% 3% 57% Note: Blank boxes represent issues not posed in 2013 survey HOW IS YOUR BOARD ADDRESSING IDENTIFIED RISKS? n Very Well n Well Enough n Poorly n Not at All Regular Board and Committee Meetings Risk Management Insurance Providors External Auditors Accounting Department Legal Compliance Group IT Department Overall, the trends show improving confidence in regular board and committee meetings, external auditors and accounting departments. In addition, legal/compliance and IT, both new areas, have garnered a great deal of confidence from the board members. (There is slightly less confidence in risk management insurance providers.) 11 . This supports the general consensus that the boards are addressing risk “well enough.” It also shows that there is a basis for reliance on these approaches. HOW HELPFUL HAS INTERNAL AUDIT BEEN IN IDENTIFYING RISKS? Public Private 6% 7% 29% Not-for-Profit 9% 15% 17% 19% 25% 54% 37% 38% 45% n Not Helpful n Slightly Helpful n Helpful n Very Helpful With a bit more favor than last year, public companies found internal audit was the most beneficial asset for identifying risk (of course, they are also the most likely to have an internal audit function). The majority of private companies also found value in internal audit for identifying risk. However, slightly less than half of not-for-profit organizations found internal audit helpful or very helpful in this role. However, when broken down by revenue, it becomes clear that the majority of organizations find internal audit helpful, if not very helpful. Under $1M 29% $1M-10M $10M-50M 4% 13% 2% 26% 35% 36% $50M-100M 10% 5% 17% 35% 52% 29% 35% 50% 34% $100M-250M 28% $250M-1B 20% 2% 12% 6% 36% 34% 50% 22% n Not Helpful 12 $1B+ 40% n Slightly Helpful 51% n Helpful n Very Helpful . Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey While 46% of boards are not proposing any changes, 32% are looking to enhance staff and 24% are looking to increase audit coverage. Overall, these responses are similar to last year’s survey and indicate the positive impact of the internal audit function and reliance on it for protection. A more detailed analysis shows that directors of public companies, the group rating internal audit most favorably in identifying risk, continue to invest the most in its growth. “The confluence of the time required releasing financial results and the complexity of financial reporting is driving analysts and investors to request, and companies to release, information that may not be subject to internal controls over financial reporting.” WHAT TYPES OF CHANGES ARE YOUR BOARD(S) PROPOSING TO THE INTERNAL AUDIT FUNCTIONS? Public Companies Private Companies Not-for-Profits 44% 28% 21% Outsourcing the Entire Internal Audit Process 7% 10% 11% Co-sourcing (using outside resources to supplement internal audit staff) 35% 13% 16% Increased Audit Frequency 8% 7% Increased Audit Coverage 33% 28% 14% No Changes are Being Proposed at This Time Peter Bible, CPA Chief Risk Officer EisnerAmper LLP Enhancement of Staff 38% 43% 58% 7% RISK MANAGEMENT Risk is managed differently by every company. One of the more widely discussed, commonly accepted tools is an ERM program. While there remains a low level of implementation, there seems to be a perceivable trend in moving towards implementing this tool. DO THE COMPANIES FOR WHICH YOU SERVE AS DIRECTOR HAVE/FOLLOW A COMPREHENSIVE ERM PROGRAM? 2014 2013 Yes, we have a comprehensive program and it is fully implemented 36% 33% Yes, we have a program but it is not comprehensive 29% 27% Yes, we have a program but it has not been adequately implemented 13% 14% No, we do not have program 22% 26% 13 .

More significant is the breakdown: • 55% of public companies have a program that is fully implemented. •  ore than 50% of private companies have a program, but only 26% have M a comprehensive, fully implemented one. •  nly 20% of not-for-profits have a fully implemented program; 38% of not-forO profits did not even have an ERM program. The disparity is also evident by revenue, on the extremes: •  7% of companies with more than $1 billion in revenue have a fully implemented, 5 comprehensive program — compared to only 16% of companies with less than $1 million. •  3% of companies with less than $1 million do not have an ERM program — 5 compared to 4% of companies with revenues over $1 billion. However, there was less disparity among companies that fell between the two extremes. REGULATORY COMPLIANCE Issues in regulatory compliance continue to change and steal the spotlight, be it through media attention, scandals, indictments, investigations and/or new or changing rules. WHAT LEVEL OF CONCERN DOES YOUR BOARD HAVE REGARDING THESE AREAS OF REGULATORY COMPLIANCE RISK? Not Concerned 2014 2013 Minimal Concern 2014 2013 Concerned 2014 2013 Very Concerned 2014 2013 Health Care Reform/PPACA 18% 20% 41% 31% 10% 24% Dodd-Frank 23% 18% 35% 28% 25% 40% 17% 14% Energy Legislation 35% 27% 41% 46% 16% 20% 8% 7% Environmental 28% 22% 30% 37% 31% 29% 11% 12% Accounting Standards 9% 9% 32% 27% 43% 51% 16% 14% Tax 16% 8% 28% 30% 39% 42% 18% 19% 33% 23% Overall, there were few significant changes of those issues for which boards had notable or negligible concern. General accounting standards and taxes garnered the most attention (and are of most concern for public and private companies.) Overall, board member concerns about Dodd-Frank and health care reform are not as prominent; how14 . Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey ever, energy legislation remains of least concern. When asked about other government intervention that concerns them, the most common answer was the Foreign Corrupt Practices Act. The JOBS Act, which has garnered a significant amount of regulatory and media attention (and its own separate questions in our survey) does not seem to have the attention of the board for any type of organization. More than 90% of respondents did not anticipate leveraging the Act’s opportunities, at all. “Technology continues to open new avenues for companies from an operational standpoint and in go-to-market and delivery strategies and processes. Board members must recognize the opportunities—and risks—inherent in our new environment and drive the changes that will help their organizations succeed.” The minimal interest was shared across organization-type. However, 30% of companies under $1 million planned to leverage opportunities, followed, surprisingly, by 14% of companies with more than $1 billion in revenue. STRATEGIC LEADERSHIP Overall, strategic direction remains the most important issue addressed by boards, followed by finance and operations. WHAT ARE THE MOST IMPORTANT STRATEGIC TOPICS BEING ADDRESSED BY YOUR BOARD? Finance 51% Marketing and Sales 39% M&A 34% Steven Kreit, CPA Audit Partner EisnerAmper LLP Strategic Direction 77% Operations 42% International/Global Resources 20% and Opportunities Buy/Source/Manufacture “Local” Opportunities 7% There were few areas skewed heavily by revenue.

However, finance was most important (74%) to boards of companies with less than $1 million. Companies in the $10-50 million range also focused heavily on finance, marketing and sales (in addition to strategic direction). Boards of companies with more than $1 billion in revenue saw the greatest interest in leveraging international opportunities. Yet, it did not gain traction with more than 50% of those respondents. 15 .

Public Companies Private Companies Not-for-Profits Finance 44% 59% 53% Marketing and Sales 30% 57% 36% M&A 55% 30% 11% Strategic Direction 89% 65% 71% Operations 47% 39% 38% International/Global Resources and Opportunities 23% 24% 9% Buying/Sourcing Local 8% 7% 6% More than half of the respondents on boards of private and not-for-profit companies spend their time discussing finance. This could simply be a reflection of their day-today concerns or an indication of the information readily available in different types of companies. The responses regarding investment opportunities also offer insight, painting a picture of companies looking to strengthen themselves internally — and furthering the board’s interest in strategic planning. Internal growth and expansion, specifically, have continued to remain strong. Strategic staffing almost doubled in identified opportunity.

Far less attention is being paid to external opportunities — from commercial real estate and M&A to social impact. DOES THE COMPANY YOU SERVE SEE NEW INVESTMENT OPPORTUNITIES IN THESE AREAS IN 2014? Not At All Medium High Commercial Real Estate 56% 19% 15% 10% M&A or Other Asset Purchases 29% 19% 27% 25% Information Technology 11% 29% 37% 23% Internal Growth and Expansion 9% 18% 35% 38% Strategic Staffing 10% 22% 41% 27% Business Process Improvement 7% 18% 48% 28% Social Impact/Sustainability/ Triple Bottom Line 21% 33% 31% 14% Strategic Planning 16 Low 4% 14% 39% 44% . Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey MANAGEMENT While the board may govern an organization and set strategy, management is running its operations. Ultimately, management determines how to execute the strategy. Therefore, it is paramount for CEOs and CFOs to understand the issues that will impact operations — and their organizations (perhaps even more so than the board members). So, we asked the directors if they felt their CEOs and CFOs have a strong understanding of topics related to risk. Yes, the CEO Does No, the CEO Does Not Yes, the CFO Does No, the CFO Does Not 2014 2013 2014 2013 2014 2013 2014 2013 Broad-Based Risk Assessment 85% 80% 15% 18% 75% 69% 14% 17% IFRS-Preparing for Implementation 36% 32% 56% 58% 66% 72% 23% 21% Creating Financial Models for Strategic Direction 67% 64% 27% 25% 81% 78% 9% 12% Cybersecurity 51% 49% 44% 43% 58% 59% 32% 30% Updates on Regulatory Compliance Changes 74% 67% 21% 27% 79% 79% 10% 12% Changes to Tax from New Government Regulations 48% 41% 42% 46% 82% 84% 10% 9% Aligning Business Goals to IT 65% 63% 30% 31% 63% 65% 26% 23% Social Media 56% 42% 36% 49% JOBS Act 40% 54% 41% 49% Note: Blank boxes represent issues not posed in 2013 survey In the past year, the changes in the perception of the CEOs’ and CFOs’ knowledge of these topics were all less than 10%; many showing 3% or less. The outliers included: •  6% increase in those who felt the CFOs were knowledgeable around broad-based A risk assessment and a 5% increase for those reviewing the CEO. 17 .

•  6% decrease in respondents who expected the CFO had the ability to prepare for A IFRS (CEOs improved in this area, but the majority of respondents still felt they did not understand it.) •  % more respondents felt the CEOs had a solid understanding of changes to tax from 7 new government regulations, yet there were also 6% more respondents who had the perception that CEOs lack knowledge of regulatory compliance changes. We continue to posit: Who is taking ownership of these issues on a daily basis — and are they really suited to do so? Last year, one director stated: “…most fellow directors cannot spell IT.” Considering the growth of concern for cybersecurity, unless an organization is relying heavily on its board leadership for direction, it’s underwhelming to see confidence levels below 60% for both the CEO and CFO in their knowledge of this topic. (That being said, this survey has not considered (or questioned) the role of the CIO and/or CTO in these organizations.) Yes, the CEO Does Topics No, the CEO Does Not Yes, the CFO Does No, the CFO Does Not Public Private NfP Public Private NfP Public Private NfP Public Private NfP Broad-Based Risk Assessment 91% 85% 79% 9% 14% 21% 81% 80% 62% 8% 10% 24% IFRS-Preparing for Implementation 33% 46% 32% 58% 46% 63% 75% 68% 50% 18% 21% 35% Creating Financial Models for Strategic Direction 81% 57% 60% 15% 34% 35% 89% 79% 70% 1% 12% 16% Cybersecurity 56% 65% 36% 40% 35% 55% 68% 54% 50% 24% 35% 40% Updates on Regulatory Compliance Changes 83% 74% 64% 11% 26% 29% 90% 64% 80% 4% 19% 7% Changes to Tax from New Government Regulations 53% 50% 44% 40% 44% 44% 90% 81% 74% 7% 8% 14% Aligning Business Goals to IT 75% 70% 51% 22% 29% 38% 74% 60% 55% 16% 29% 35% Social Media 55% 62% 55% 45% 38% 42% 40% 34% 33% 46% 53% 51% JOBS Act 46% 43% 33% 48% 55% 61% 49% 39% 33% 44% 50% 54% 18 . Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey We also continue to be puzzled by results such as board members showing little concern about the JOBS Act. If they feel the majority of CEOs and CFOs don’t understand it, based on the response to an earlier question, why aren’t boards more concerned? It’s understandable, especially in larger organizations, that the people running the show don’t need to memorize the entire script. However, if you take a good look at these numbers, many directors are saying that perhaps management doesn’t understand the plot. Public company board members had far more confidence in their management teams (CEO, CFO), followed by private companies. Not-for-profits lagged significantly — though, this may certainly be due to resources available to attract the right people for the job.

Additionally, not-for-profit leaders, many times, lead out of concern for the constituency and growing the impact and programming — failing to as eagerly address the health of the business. There is a general gap between the issues important to the board and the competencies of leadership. Overall, the most confidence is shown in the most general/vague topics — and in some critical areas, a pronounced and definitive lack of confidence. “Given the results of the survey, we have a concern that boards need to have deeper intelligence about issues that might create reputational harm in their companies and must be better prepared to move quickly in the event of a problem. Boards recognize the potential harm, but they have yet to plan accordingly.” Charles Weinstein, CPA Chief Executive Officer EisnerAmper LLP 19 . About EisnerAmper EisnerAmper offers responsive accounting, tax and consulting services with an entrepreneurial focus, providing clients with smart, analytical insights delivered in an approachable style. The firm works with enterprises as diverse as sophisticated financial institutions and start-ups, global public corporations and middle-market companies, as well as family offices, not-for-profit organizations, and entrepreneurial ventures across a variety of industries. EisnerAmper is one of the largest accounting firms in the nation with nearly 1,200 employees, including 180 partners. The firm is also one of the nation’s leading auditors of SEC registrants and maintains one of the largest public company practices of any independent firm, providing audit, tax, internal audit, pension audit, and a variety of other services to more than 150 public companies. Recognized internationally as one of the premier firms providing audit, tax and advisory services to the financial services industry and related portfolio companies, EisnerAmper serves more than 1,500 financial services entities including 1,200 hedge funds and more than 150 private equity and venture fund families with more than 1,000 entities. The firm works with more than 75 broker-dealers serving investment banks and retail brokerages.

EisnerAmper also provides services to more than 150 insurance entities and banks. EisnerAmper Fund Services provides accounting and administrative services to more than 75 hedge funds, including funds of funds and family offices. EisnerAmper‘s knowledge of the capital markets helps clients seeking advice on issues such as mergers and acquisitions, debt financing, IPOs, due diligence, valuation, international expansion and restructuring. In addition, the firm provides full audit services to clients with off-shore needs through EisnerAmper Cayman. The firm provides a comprehensive set of services to closely held companies and high net worth individuals and families, including tax planning and compliance, investment planning, international wealth advisory services, risk management, trusts and estate planning, cash flow and asset protection planning. EisnerAmper has deep expertise providing audit, tax and advisory services to clients in major industry groups including life sciences, clean tech, technology, digital media, entertainment, sports, real estate, construction, not-for-profit, manufacturing, distribution and retail. With offices in New York, New Jersey, Connecticut, Pennsylvania, California, and the Cayman Islands, and as an independent member of PKF International, EisnerAmper serves clients worldwide. Engage with EisnerAmper! www.eisneramper.com Follow: Like: Link: Follow: Watch: Write: 20 survey@eisneramper.com . Concerns About Risks Confronting Boards Fifth Annual Board of Directors Survey Contacts Michael Breit, CPA Co-Chair, Audit and Assurance Services EisnerAmper LLP 212.891.4089 michael.breit@eisneramper.com Michael Breit is Co-Chair of the firm’s Audit and Assurance Services and Partner-in-Charge of the Sports and Entertainment Group. He is also a member of the firm’s Executive Committee. Prior to joining the firm, he was a Partner at a Big 4 firm. Michael has extensive Securities and Exchange Commission experience and has been involved in the initial public offerings of several premier broadcasters and cable TV operators. Michael has also participated in numerous due diligence efforts relating to the formation of programming ventures and acquisition of sports franchises.

In addition, he possesses significant retail experience, having served many retailers throughout his career. As a Certified Fraud Examiner, Michael has led cable TV defalcation investigations and has served as an expert witness in several arbitration and litigation matters. An active community member, Michael serves as Treasurer and Director of WISE (Working in Support of Education), a leading New York City based not-for-profit dedicated to serving educational needs. Steven Kreit, CPA Partner, Audit EisnerAmper LLP 212.891.4055 steven.kreit@eisneramper.com Steven Kreit is an Audit Partner with significant expertise in serving entrepreneurial growth companies across major markets, including life sciences, pharmaceuticals, media, technology, manufacturing and distribution. He has extensive experience auditing public companies and working with the SEC. Steven has assisted clients with initial public offerings and numerous registration statements, including drafting sessions with investment bankers, attorneys, and ensuring compliance with SEC rules and regulations. He has led numerous training sessions on critical topics including audit methodology and Section 404 of the SarbanesOxley Act.

In addition, he has been quoted in professional publications and contributes articles to the firm’s newsletters. Previously, Steven was with a Big 4 accounting firm. He is a member of the New York State Society of Certified Public Accountants (NYSSCPA) where he serves on their SEC Practice Committee. Steven is a member of the Board of Directors of the Hewlett East Rockaway Jewish Center. ©2014 EisnerAmper LLP.

All rights reserved. www.eisneramper.com 21 . www.eisneramper.com New York | New Jersey | Connecticut | Pennsylvania | California | Cayman Islands EisnerAmper LLP is a member firm of the PKF International Limited network of legally independent firms and does not accept any responsibility or liability for the actions or inactions on the part of any other individual member firm or firms. .