This article on the board at HP demonstrates very clearly how a dysfunctional board is the source of major risks. It is fascinating that the infighting among the board members led to their hiring a CEO that the majority had not met — and who had been terminated from his prior position as CEO of SAP after a short tenure.
Just one quote:
Interviews with several current and former directors and people close to them involved in the search that resulted in the hiring of Mr. Apotheker reveal a board that, while composed of many accomplished individuals, as a group was rife with animosities, suspicion, distrust, personal ambitions and jockeying for power that rendered it nearly dysfunctional.
The COSO Internal Control Framework tells us that board operations are a major element in an effective system of internal control. How can internal audit say that this source of corporate risk is outside the scope of their responsibilities and fail to even consider it for inclusion in the audit plan?
Let's leave aside for a moment how we will assess it. Surely, this is a risk we cannot afford to ignore!