You may well have heard about this matter - it has been in several legal publications, newspapers, and even the news.

A very general description of the facts is as follows: McDonald's fired its CEO in 2019 due to his "inappropriate personal relationship with a McDonald's employee in violation of corporate policy." The following year's proxy statement reported that he had been terminated "without cause" and described his termination arrangements.

SEC Enforcement

The SEC went after both the CEO and the company. The CEO was targeted because, among other things, he withheld material information from the company. Ultimately, the company was able to claw back more than $100 million of compensation from the CEO, who has also been barred for five years from serving as a director or officer of a public company and was required to pay fines of more than $400,000 to the SEC.

Interestingly, the SEC sanctioned McDonalds for failing to properly disclose the nature of the CEO's termination and the bases on which his severance compensation was determined. We've all seen proxy statement after proxy statement explaining that the CEO (or another executive) was terminated without cause and received extensive severance pay. The SEC message here seems to be that when someone is terminated for engaging in bad behavior - even if it doesn't constitute cause under his/her employment agreement, the company has to come clean. Such disclosures might have the beneficial effect of reducing the level of "pay for failure" severance packages that failed executives have often received. McDonald's avoided any serious penalties due to its cooperation with the SEC investigation, at least for now.

Assignment

The Board of Directors of McDonald's has hired you as an independent Risk Management Consultant to evaluate the SEC Order and current operations and make recommendations for improvement. The goal is to advise McDonald's how to address the current issues and mitigate SEC scrutiny in the future.

Using the COSO ERM Framework [1] and information from the SEC Order and McDonald's 2022 Proxy Statement,

• explain in which you analyze the strengths and weaknesses of McDonald's current ERM Program/efforts and make suggestions for an action plan to address the SEC's concerns (as set forth in the below SEC Order) going forward.
• Also point out where you are missing information or additional investigations may be warranted to make your report.

Be sure to reference/cite to specific portions (using page numbers) of the SEC Order and Proxy Statement that you use in your report.

[1] IMA, Enterprise Risk Management: Frameworks, Elements, and Integration, Exhibit 4 (page 13 of 39).

Be sure to address the following topics in your report:

• Governance and Culture
  1. Focus on the following pages (out of 148) in the Proxy Statement: 9, 11, 16, 17, 18, 23, 30, 43, 44, 46, 47, 49, 51, 54, 101-102
  2. SEC Order
• Strategy and Objective-Setting:
  1. Focus on the following pages (out of 148) in the Proxy Statement: 2,22,45, 49, 50, 53, 55, 56, 61, 73, 78-79, 83-84, 95
  2. SEC Order
• Performance
  1. Focus on the following pages (out of 148) in the Proxy Statement: 14, 47, 62, 64, 68, 70-72
  2. SEC Order
• Review and Revision
  1. Focus on the following pages (out of 148) in the Proxy Statement: 46, 47, 51, 53, 81, 96
  2. SEC Order
• Information, Communication, and Reporting
  1. Focus on the following pages (out of 148) in the Proxy Statement:48, 49, 54, 63, 64, 74
  2. SEC Order

Also note the ERM discussion starting on page 53/148 of the Proxy Statement.

Reference Documents

McDonald's 2022 Proxy Statement

SEC Order