On February 8, 2021, ISS announced the updated methodology guide the firm uses to determine a company’s Governance QualityScore (GQS), its proprietary rating system designed to help institutional investors assess companies for governance quality and risk. Seventeen new factors have been added, which ISS states is the largest GQS methodology release in recent years.

What GQS Measures

GQS is a decile-based score meant to indicate the corporate governance risk relative to other companies in a respective index or region. The GQS grading platform covers each company in the S&P 500 and Russell 3000 (as well as in several foreign indices). Scores range from 1 to 10, with a score of 1 indicating the lowest level of governance risk (meaning the best governance quality). ISS analyzes the corporate governance risk based on specified factors across four categories: Board StructureCompensation/Remuneration, Shareholder Rights & Takeover Defenses and Audit & Risk Oversight. Depending on the region, up to 127 of more than 230 possible governance factors are evaluated for each company. The GQS methodology is meant to closely align with the ISS benchmark voting policies (we discuss the 2021 updates here) and reflect developments in regulatory and market practices.

A company’s GQS is included in the proxy research report ISS prepares in connection with the company’s annual shareholder meeting. Yahoo! Finance publicly-available profile page also includes the ISS GQS score for many companies, particularly large caps.

What Is New to U.S. Companies?

New to the Guide. ISS believes that the methodology enhancements reflect several areas of emerging concern to investors, with the management of cyber risk being the most paramount. Eleven of 17 new factors address information security risk management and oversight. These factors include the number of board members with security expertise, the frequency of board briefings on security-related matters, the existence of an information security risk insurance policy, the existence of, and financial impact from, security breaches over the last three years, and other factors. The 11 new factors span across two new subcategories, Information Security Risk Management and Information Security Risk Oversight, within the Audit & Risk Oversight category.

In addition, new key factors address diversity and inclusion (D&I), compensation controversies and board practices. With respect to D&I, ISS will take into account whether the board is racially or ethnically diverse and, separately, the extent to which a company discloses D&I performance measures in connection with a short-term or long-term executive incentive plan. Additionally, new factors will evaluate whether a company has afforded certain executives special grants in the most recent fiscal year, and the percentage of the CEO’s total compensation that was attributable to special grants in the most recent fiscal year. In addition, ISS will consider the extent to which a board sustainability committee is independent. Also, ISS will look at, but not score, what percentage of the board has familial relationships with other directors.

Newly Extended Factors to U.S. Companies. Existing factors that will now apply to all U.S. companies include whether board chairs and executive directors serve on an excessive number of boards based on ISS benchmarking polices. With regard to shareholder rights, ISS will now consider the percentage of multiple voting rights or voting certificates relative to total voting rights in stock classes with multiple voting rights. Using this methodology, higher values indicate that more voting power is concentrated.  Finally, ISS will also consider the percentage of issued share capital that is non-voting shares. ISS notes that an excessive volume of non-voting shares hampers shareholders’ influence on the company.

Below is the full list of new and newly applied factors for U.S. companies.

*  *  *

Updates as of January 29, 2021  For U.S. Companies 

New Factors 

  • Audit (Information Security Risk Oversight) 
    1. What percentage of the committee responsible for information security risk is independent? (Q403)
    2. How often does senior leadership brief the board on information security matters? (Q404)
    3. How many directors with information security experience are on the board? (Q405)
  • Audit (Information Security Risk Management)
    1. Does the company disclose an approach on identifying and mitigating information security risks? (Q402)
    2. What are the net expenses incurred from information security breaches over the last three years relative to total revenue? (Q406)
    3. Has the company experienced an information security breach in the last three years? (Q407)
    4. What are the net expenses incurred from information security breach penalties and settlements over the last three years relative to total revenue? (Q408)
    5. Has the company entered into an information security risk insurance policy? (Q409)
    6. Is the company externally audited or certified by top information security standards? (Q410)
    7. Does the company have an information security training program? (Q411)
    8. How long ago did the most recent information security breach occur (in months)? (Q412)
  • Board Structure (Diversity and Inclusion) 
    1. Does the board exhibit ethnic or racial diversity? (Q390)
  • Board Structure (Board Practices) 
    1. What percentage of the sustainability committee is independent? (Q396)
  • Board Structure (Board Composition)
    1. What percentage of the board has familial relationships with other directors? (Q401) (for informational purposes only, not scored)
  • Compensation (Communications and Disclosure)
    1. What is the level of disclosure on diversity and inclusion performance measures for the short-term or any long-term incentive plan for executives? (Q398)
  • Compensation (Compensation Controversies)
    1. Has the company made special grants to executives excluding the CEO in the most recent fiscal year? (Q399)
    2. What percentage of the CEO’s total compensation was due to special grants in the most recent fiscal year? (Q400)

Application of Existing Factors to U.S. Companies 

  • Board Structure
    1. How many executive directors serve on an excessive number of outside boards? (Q36)
    2. Does the Board Chair serve on a significant number of outside boards? (Q39)
  • Shareholder Rights
    1. What is the percentage of multiple voting rights or voting certificates relative to total voting rights? (Q57)
    2. What percentage of issued share capital is composed of non-voting shares? (Q63)