Category: Risk Management

When Trump Comes Tweeting: A New Playbook for Boards

Published by
Richard_Levick1

Richard Levick

What would you recommend if you were on the board of Ford Motor Co., Boeing Co., or Lockheed Martin Corp., all of which have had tête-à-têtes with the incoming leader of the free world? Welcome to the age of the suddenly very bully pulpit. The most powerful thumbs in the world belong to Donald J. Trump, who will soon become the 45th President of the United States.

In mid-December, when Trump despaired that Lockheed Martin’s cost overruns on the F-35 joint strike fighter “were tremendous,” the company’s stock lost $4 billion in market capitalization in a matter of hours. Even though the company quickly recovered those losses when its stock price stabilized, Trump’s tweet triggered some discomfiting moments.

No one understands better how to wield the powers of Twitter, the 24/7 news cycle, and a cult of personality than Donald J. Trump quite like the man himself. To one extent or another, Lockheed Martin Corp., Toyota Motor Corp., Carrier, Mondelez International (parent of Nabisco), Ford Motor Co. , and Boeing Co., have all been caught in Trump’s Twitter maelstrom. Fiat Chrysler Automobiles, in a proactive move to get the target off its back before the opening salvo, wisely announced that it would invest $1 billion and create 2,000 U.S. jobs. A smart play, but as all newlyweds ask, “Will it last?”

We’re in unchartered waters here—and by “we,” I include C-suite executives, corporate directors, and communications counselors like me who advise corporations on how to enhance their brand equity, engage with decision makers, and weather inevitable storms that come with doing business. Social media, fake news, and a new president have changed the rules of engagement.

So what is the new rubric? For most publicly traded companies over the near term, the right response is the easy one: for your shareholders’ sake, meet Trump more than halfway if his demand isn’t too outrageous, and give him the early victory lap. But at some point, after Trump’s modus operandi on these matters inevitably hits some turbulence, that dynamic is likely to change. Watch this space closely, particularly the business-to-consumer tech companies who have millions of customers conditioned to social engagement.

In the meantime, how can a company prepare for presidential squalls or getting caught in the crosswinds of a Twitter-induced tsunami?

There are scores of precautions a publicly traded company should consider, but they can be boiled down to four imperatives.

Engage employees. Trump’s “Make America Great Again” mantra proved enormously popular in America’s industrial heartland. His administration’s public positioning will be devoted to job preservation, reinvigorating the manufacturing base, and sticking up for the little guy. In such a climate, relations with national and local union leaders and heads of employee groups will be doubly important. If a company is suddenly the subject of public scrutiny, its labor and management will want to present a united front. Politics, it is said, makes strange bedfellows. So does business in tough situations.

Enlist allies. Empowering third-party champions has always been an important part of any corporation’s public affairs and communications arsenal, but now it’s absolutely vital. The press and public in today’s environment are inherently suspicious of big corporations and paid spokespeople. In the clutch, customers, vendors, suppliers, community leaders, local environmental advocates, philanthropic heads, Chambers of Commerce, et al., will have far more credibility. The more social media-savvy—and more genuinely connected to grassroots movements—these champions are, the better allies they are for your company.

Prepare now. Companies should use “peacetime” wisely by distilling facts and messages into 140 characters; creating photos and videos for other social channels (e.g., Facebook, Snapchat, YouTube, etc.) that make emotionally appealing messages; track media socially in a sophisticated way that predicts trends; and build a social army now to articulate track records in U.S. job creation and economic growth.

Emphasize speed. Virtually every crisis communications plan in corporate America can be rendered obsolete by the proliferation of Donald J. Trump’s use of social media. If a company is being attacked via social media, it cannot rely on conventional communications to respond. Corporations need to put in place ultra-quick turnaround systems that tap leading-edge media. Build your arsenal of information, army of activists, and strengthen your reflexes now. Have the leader of the company’s digital media team report directly to the board. Integrate your silos so that legal, investor relations, government relations, public relations, digital, and brand practices all know and trust each other. Board members and senior teams need to be put through their paces via scenario drills and full-scale rehearsals.

The most effective way for a company to combat thumb power is through thumb power of its own.


Richard Levick, Esq., @richardlevick, is chair and CEO of Levick, a global communications and public affairs agency specializing in risk, crisis, and reputation management.

8 Risk Oversight Practices to Master in 2017

Published by

Boards and executive teams are challenged by a fast-changing, highly interdependent, and often ambiguous external environment that continually creates unforeseen opportunities and risks. Volatility is the new normal. Not surprisingly, according to the National Association of Corporate Directors’ (NACD) most recent public company governance survey, global economic uncertainty ranks as the top trend corporate directors believe will impact their company in 2017. In yet another NACD poll conducted during a recent webinar, 49 percent of directors did not feel that management was providing them with a reliable view of the future.

The recent election of Donald J. Trump as President of the United States is likely to contribute to this growing sense of uncertainty, with the corporate director community evenly divided about the potential impact, according to the NACD webinar poll. Forty-two percent of directors report that his administration will be good for business, while 42 percent are unsure about the impact, and still another 16 percent believe that a Trump presidency will not be good for business.

RiskOversightBlogDiagram

Click to enlarge in a new window.

In this complex, uncertain environment, what can boards do to gain more comfort from management that risks are accurately identified and well-controlled?

The International Standards Organization in ISO 31000 defines risk as “the effect of uncertainty on objectives,” which can be a negative or positive deviation from what is expected. More specific to business, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is currently defining risk as “The possibility that events will occur and affect the achievement of strategy and business objectives.” Each of these definitions of risk exposes a company to potential loss—indeed, yet another definition of risk authored by insurance professionals highlights risk as the possibility of loss. Yet when viewed as part of an active business dynamic, risk, as daunting as its manifestations may be, is far more than the chance of loss. Rather, risk is a level of uncertainty that can create economic opportunity.

The recently released Director Essentials: Strengthening Risk Oversight identifies eight leading risk oversight actions that directors can take to seize opportunities and avoid the loss possibilities inherent to risk. A brief outline of each action and a key question boards should consider asking follows.

1.) Clarify the Roles of the Board, Committees, and Management. The board, all board committees, and all members of senior management need to know their unique roles in risk oversight. Without clarity on ownership of specific responsibilities, redundancies and lapses can occur.

The practice of role definition helps establish a clear mandate for risk oversight by the board and offers management a blueprint for the execution of risk management.

  • Is there a common understanding among management, the board, and board committees about their respective roles, responsibilities, and accountabilities on strategy?

2.) Understand the Company’s Risk Profile. Especially in light of the new environment, all board members should be aware of the company’s key risk exposures, which collectively are referred to as the company’s risk profile. Oversight of any business requires understanding the major risks that it faces now and in the future, and making decisions accordingly. Although the universe of risks that a company faces may be almost limitless, a company’s risk profile is the composite (and analysis) of the most pressing risks that impact strategy and reputation.

  • What are the strategic assets we must protect at any cost? Are they at greater risk now?

3.) Define the Company’s Risk Appetite. Companies take risks in order to grow and compete in the marketplace, yet they need parameters for how much risk they are willing to accept. The board plays a critical role in defining the boundaries of risk for the company.

  • Given our risk profile, strategy, and the uncertainty surrounding the current business environment, what risk appetite should our company have? Have we clearly cascaded our risk appetite into decision-making processes at the level of operations?

4.) Integrate Strategy, Risk, and Performance Discussions. All too often, risk and business performance assessments are divorced from the strategy process in the organization. These silos increase the likelihood of poor, costly decisions.

  • When we discuss strategy in this evolving environment, how do we consider both risks to the strategy and the risks inherent in our chosen strategy?

5.) Ensure Transparent and Dynamic Risk Reporting. Risk reporting must reach the right people with the right information. Reports should not be limited to the metrics mandated by external disclosure rules—they should include all the information the board needs to assess the company’s risk exposure. Similarly, reporting should be dynamic, taking into consideration the velocity by which existing risks change or new risks emerge.

  • What is the threshold for risk-related reporting to the board (e.g., categories of risk, specific issues or incidents)? What situations may call for greater board engagement (e.g., perceived management failure to disclose or address a critical risk)? Do we have a protocol that defines these situations? 

6.) Reinforce Clear Accountability for Risk. The management of risk in today’s often-extended enterprise is complex, with executive teams typically transferring ownership of risks to specialist functions. But examination of recent risk disasters reveals that diffuse accountability for risk management is a major problem.

  • As we reward our executives, do we take into account their ability to anticipate and manage risk? Are accountability for and performance in managing risks effectively embedded in incentive structures at all levels of the organization? How far down the reporting chain do our incentives for risk management excellence go?

7.) Verify That Mitigation Reduces Risk Exposure. The success or failure of risk mitigation is often underreported, leaving boards with a limited understanding of whether or not risks are effectively minimized over time.

  • Do we clearly differentiate between risks that can and cannot be mitigated? Are our mitigation plans realistic? Do we understand that mitigation does not mean elimination? Have we clearly communicated our expectations for reporting on risk mitigation?

8.) Assess Risk Culture. Culture is often described as how work really gets done when no one is looking, and it is critical to ensuring a successful and sustainable strategy. More specifically, risk culture is a critical subset of overall corporate culture defined as the behavioral norms inside a company that drive both individual and collective risk decisions. A well-balanced risk culture can unleash innovation, and deter fraud and abuse.

  • Do we have a culture in which staff at all levels know what risks to take and what risks to avoid? How willing are employees to speak up about problems that can cause significant risk to the organization?

By adopting the above eight practices, directors can help their companies prepare for risks in 2017 and beyond.

For more NACD insight and support on board risk oversight, please visit our Risk Oversight Resource Center.

The Most Important Risks to Face in 2017

Published by
Jim DeLoach

Jim DeLoach

The National Association of Corporate Directors’ (NACD) 2016-2017 Public Company Governance Survey reported that, according to the vast majority (96%) of directors, “big picture” risks are overseen at the full board level. The big-picture view of risks includes those with broad implications for the organization’s strategic direction, including issues that can create significant reputation damage.

NACD’s findings are complemented by a recent survey of more than 700 c-suite executives who were asked to identify the top risks for 2017. Conducted in the fall of 2016 by Protiviti in partnership with North Carolina State University’s ERM Initiative, the study indicated that the overall global business context is noticeably riskier than in the two previous years, while respondents’ results in the United States implied that the risk landscape is about the same as before.

The common risk themes were ranked in order of overall priority providing context for understanding the 10 most critical uncertainties companies face in 2017.

  1. Economic conditions in the global marketplace may significantly restrict growth opportunities. There are many sources of economic uncertainty in the markets that companies operate within. Examples of factors impacting growth include market volatility, Brexit, a strong U.S. dollar, central bank monetary policies, the aftermath of the U.S. 2016 election, sluggish growth rates in various global markets, rising global debt, and the threat of deflation. Survey participants may have concerns about a “new normal” of operating in an environment of slower organic growth.
  2. Regulatory changes and scrutiny may increase, noticeably affecting the manner in which organizations’ products or services will be produced or delivered. Ranked at the top in our prior surveys, this risk fell to the second spot for 2017. Companies continue to display anxiety about regulatory challenges affecting their strategic direction, how they operate, and their ability to compete with global competitors on a level playing field. This risk may be particularly relevant in 2017, given the climate of uncertainty surrounding the new U.S. executive and congressional administrations and their influence on the role of government and the business environment. Any major regulatory change—whether perceived as positive or negative—is of significant interest to executives and directors.
  3. Organizations may not be sufficiently prepared to manage cyberthreats that could significantly disrupt core operations or damage their brand. Cyber risks have evolved into a moving target. Many factors are driving change, including the ongoing digital revolution, new innovations to enhance customer experience, cloud adoption, social media, mobile device usage, and increasingly sophisticated attack strategies, among others. The harsh reality is that new technology offerings and developments in organizations are quickly extending beyond the security protections that they currently have in place.
  4. The rapid speed of disruptive innovations and new technologies within the industry may outpace the organization’s ability to compete or manage the risk appropriately. A company’s inability to respond in a timely manner to changing market expectations can be a major competitive threat for organizations that lack agility in the face of new market opportunities and emerging risks. The speed of change and development of emerging technologies can occur anywhere and in any industry, and this risk reaches far beyond the retail marketplaces. Disruption affects all industries. No company is immune.
  5. Privacy, identity, and information security risks are not being addressed with sufficient resources. The technological complexities giving rise to cybersecurity threats also spawn increased security risks to privacy, identity, and other sensitive forms of information. As the digital world evolves and connectivity increases, new opportunities emerge for identity theft and for the compromise of sensitive customer information. Recent hacks exposed tremendous amounts of identity data involving large companies and the federal government in the United States. These underscore the harsh realities of this growing risk concern.
  6. Succession challenges and the ability to attract and retain top talent may limit the ability to achieve operational targets. A number of factors are driving this risk—changing demographics in the workplace, slower economic growth, increasingly demanding customers, and growing complexity in the global marketplace. As a result, organizations are being forced to elevate their recruitment and retention efforts to acquire, develop, and retain talent with the requisite knowledge, skills, and core values to execute challenging growth strategies.
  7. Anticipated volatility in global financial markets and currencies may create significant challenges for organizations to address. Given questions surrounding the United Kingdom’s eventual exit from the European Union, as well as uncertainties in China and other world markets, it is not surprising that this risk remains among the top 10 for 2017. Factors indicated earlier—including rising public debt, falling commodity prices, sluggish economic growth, the strong U.S. dollar, and uncertainty regarding monetary policies—all contribute to uncertainty in global financial markets and currencies.
  8. The organization’s culture may not sufficiently encourage timely identification and escalation of significant risk issues. An organization’s culture has a huge impact on the manner in which risk issues are brought to the attention of decision makers when there is still time to act. Given the overall higher levels of risk-impact scores for all risks in 2017 relative to the year before, this cultural issue may be especially concerning to senior management and boards.
  9. Resistance to change could restrict organizations from making necessary adjustments to their business model and core operations. The cultural issues noted above combined with a lack of organizational resiliency can be lethal in these uncertain times. Organizations committed to continuous improvement and breakthrough change are more apt to be early movers in exploiting market opportunities and responding to emerging risks than those companies that cling to the status quo.
  10. Sustaining customer loyalty and retention may be increasingly difficult due to evolving customer preferences and demographic shifts in the existing customer base. Protecting the customer base is not easy in today’s highly competitive environment of disruptive change. This may be what is on the minds of the survey participants rating this risk.

The company’s directors may want to consider the risks ranked here when determining the organization’s “big picture risks” to be evaluated in 2017. Boards should be aware of the context of the nature of the entity’s risks inherent in its operations. If your board has not identified these issues as risks, your company’s directors should consider their relevance and ask why not.


Jim DeLoach is Managing Director of Protiviti.