If power and cellular phone service to your plant were inoperable because of a devastating hurricane, how would you reach employees to confirm their safety first, and then address the status of the facility? If your company handled classified projects and a building’s power grid failed in a natural disaster, how long would backup generators work before being refueled by trucks that might not have an easy route to the building? What if the building’s doors were unlocked after the back-up locks failed—could the classified work within the facility be compromised?
These real-life stories, shared at the April program of the NACD Carolinas Chapter, illustrate the unpredictable nature of crises. How can companies prepare for the unknown, and what role does the board play in oversight and direct response in the event of a crisis?
James H. Hance, director for The Carlyle Group, Cousins Properties, Acuity Brands, and Ford Motor Co. (and a former director of Sprint Nextel Corp., Bank of America, and Morgan Stanley), and Linda P. Hudson, chair and CEO of The Cardea Group, and director of Bank of America, Southern Company, and Ingersoll Rand, shared their experiences and advice on crisis management. They were joined by Deloitte’s Henry Phillips and Theresa Drew, who moderated the conversation.
Lessons learned from real-world crises and how the boards of their companies responded follow.
1. Establish and understand what amounts to a crisis.
“As a director, you know the company will have a crisis,” said Hance. “But what will that crisis be and how do you prepare?” He defined a crisis as an immediate problem that “requires the CEO of the company to be involved.”
Further, the initial measure of a company’s successful response tends to be tied to how early the crisis is identified. Social media may lead to the whole world knowing about the crisis very quickly, so the company must be agile enough to respond very quickly in kind.
2. Prepare for the known, but expect the unknown.
According to Hudson, if your company hasn’t thought through the possible risks involved in crisis scenarios, then the company likely will fail in its response. However, even if risks have been evaluated, there “isn’t a high probability the crisis that happens will be what was originally identified.” Hance added that those companies with a robust enterprise risk management function will likely be more prepared for a crisis, whatever it might be.
During her time as CEO at BAE Systems, Hudson deployed playbooks that addressed key crisis management questions. Some of the most critical items included in those playbooks follow.
Who will identify the situation as a crisis?
Who is on the team that is pulled together to respond to a crisis?
What is the escalation protocol?
Who calls whom (ex., customers, regulators, and other stakeholders)?
Who will be the public face of the company?
3. Board oversight is critical.
“The board must be in the escalation cycle in a crisis management plan,” said Hudson. Hance agreed. He also added that the board should exercise policy oversight. Hance pointed to a recent story in the news. A board would not, for example, look at how passengers are removed from planes. However, it would review the airline’s policy for bumping passengers, as well as the company’s culture, and make suggestions to management based on those considerations.
Phillips also emphasized the role of the lead independent director given that a crisis can be very emotional for board members closer to the company. The lead independent director can act as a source of calm leadership through a crisis. In addition, Hance emphasized, “The CEO needs to have a sounding board, and this group of people should be identified and set up ahead of time.”
4. Learn from each crisis and study your competitor’s crises to help prepare for your own.
Each crisis—whether one of your own or one happening at a competitor’s company—is an opportunity to learn. For example, panelists pointed out how well the CEO of General Motors Co. handled the ignition switch crisis, and called out the genuine connection the company made with affected people. Hance concurred and noted that other car companies were watching and learning. He also shared how Ford changed some of its processes after Toyota Motor Corp.’s crisis over sticking accelerators.
Unexpected events like 9/11 and Hurricane Katrina taught companies valuable lessons. For example, many New York banks routed electronic traffic through networks at the World Trade Center. When those networks went down, so did the banks’ ability to do business, according to Hance. Similarly, Hudson shared that after Hurricane Katrina made landfall on the Gulf Coast in 2005, landlines and cell phones alike stopped functioning. Now the company has satellite phones in each of its locations, enabling seamless communications in the event of a communications-disrupting crisis.
5. Use outside help judiciously.
Depending on the industry, Phillips noted the importance of ensuring that the company has the right connections to important officials in the event of a crisis. For example, does the company have an established contact at the Federal Bureau of Investigations in case of a cyber-attack?
The panel agreed that, while legal help can be critical, it is also important to be open and honest, resisting any advice to keep silent during the crisis. Liability will follow, regardless. When asked about involving public relations firms, Hudson shared that each company “should tell its own story.” Doing so can be more authentic.
6. Always do the right thing.
The panelists agreed that the best defense in a crisis is to be sure the company directly addresses the personal needs of those impacted—whether they’re employees or members of the community. After Katrina, Hudson’s company assisted employees in Mississippi who had no access to banks by meeting their need for cash through the recovery period. The company never asked for that cash back.
Hance noted that the board is likely to be criticized in a crisis regardless of whether the proper oversight was exercised. So, as a company, the best approach is to identify what feels like the correct response for each event, and simply to “do the right thing.”
NACD Carolinas would like to thank the panelists for sharing their experiences with attendees and Deloitte for its support of the program.
Kimberly Simpson is an NACD regional director, providing strategic support to NACD chapters in the Capital Area, Atlanta, Florida, the Carolinas, North Texas and the Research Triangle. Simpson, a former general counsel, was a U.S. Marshall Memorial Fellow to Europe in 2005.
Reputation is a precious but fragile enterprise asset. What takes decades to build can be lost in a matter of days once the spotlight shines on unethical or illegal practices that place an organization’s stakeholders or the public at risk. Environmental catastrophes, financial restatements, fraudulent reporting to regulators, massive product recalls, efforts to mislead investors, and other highly publicized events erode brands and impair reputation. We define reputation risk as the current and prospective impact on earnings and enterprise value arising from negative stakeholder opinion.
We see 10 key functions of the board’s oversight of reputation risk management, and classify them in five critical areas below.
Effective board oversight – Reputation risk management starts at the top. Strong board oversight on matters of strategy, policy, execution, and transparent reporting is vital to effective corporate governance, a powerful contributor to sustaining reputation, and is the ultimate checkpoint on CEO performance. The board’s active risk oversight effort is important because effective, early identification, and management of risks can reveal major threats to the company’s reputation and ensure that the threats are reduced to an acceptable level.
Integration of risk into strategy-setting and business planning – The board must ensure that risk is not an afterthought in the strategy-setting and business planning processes. Integrating awareness of risks with core management processes makes risk a relevant factor at the decision-making table, facilitates a big picture view to undertaking risk, and intersects risk management with performance In an effort to make the strategy more robust, directors should understand the critical assumptions underlying the strategy; ask tough, constructive questions to challenge assumptions; and consider plausible scenarios that could render one or more assumptions invalid.
Effective communications and image- and brand-building – Building brand recognition unique to a business is vital and, when all else is working well, augments reputation. A good story is easier to tell than one with flaws, but every savvy board knows that some companies are better at telling their stories than others. Therefore, directors need to understand management’s image- and brand-building game plan and how significant changes to that plan could present a significant risk to the company’s reputation.
Strong corporate values, supported by appropriate performance incentives – The notion that, if tone at the top is good, the organization’s culture must be good, doesn’t always hold. Lower-level employees often pay more attention to the messaging and behavior of their supervisory middle managers than to communications from the organization’s leaders. Boards need to ensure that executive management implements a strong tone at the top, effective escalation processes, and periodic assessments of the tone in the middle and at the bottom. Directors need to ensure that management is paying attention to warning signs posted by independent risk management functions and in audit reports: failure to give these warning signs adequate attention on a timely basis reflects on the tone set by executive management. For example, the executive leadership of Barings ignored warnings from internal audit of the consequences of the lack of segregation of duties in its Singapore operations because those operations were making the bank a lot of money. Ultimately, the hidden trading losses took down the institution.
Positive culture regarding compliance with laws, regulations and internal policies – Few incidents undermine reputation more than serious, highly publicized compliance violations. Directors should ascertain that effective internal controls – including monitoring processes and robust training of employees – over compliance matters are implemented and executive management: “walks the talk” with respect to compliance; periodically conducts a comprehensive risk assessment; refreshes the compliance program for changes arising from new regulatory developments; and understands the players and third-party agents in countries in which the organization does business and monitors their dealings closely.
Priority focus on positive interactions with stakeholders – The board should ensure that there is a passionate focus on improving stakeholder experiences. These are the accumulation of day-to-day interactions that customers, employees, suppliers, regulators, shareholders, lenders, and other stakeholders have with a company as a result of its business operations, branding, and marketing. These interactions constitute moments of truth that, if internalized and acted upon, provide a powerful driving force for improving and sustaining reputation.
Quality public reporting – The markets take quality public reporting at face value. Once a company loses the public’s confidence in its reporting, it’s tough to earn it back. These points suggest that a strong audit committee is an imperative.
Strong control environment – A critical component of internal control, the control environment lays the foundation for achieving operational, compliance and reporting objectives. In addition to the board’s oversight and the organization’s commitment to integrity and ethical values, as mentioned above, the control environment consists of: the organizational structure and assignment of authority and responsibility; the processes for attracting, developing and retaining appropriate talent; and the rigor around setting the appropriate performance measures, incentives and rewards that drive accountability for desired results. Embarrassing control breakdowns can tarnish reputation; therefore, boards should demand a strong control environment.
Company performance relative to competitors – Market recognition of success is a huge validation of a company and its management team. Recognition of differentiating strategies, distinctive products and brands, proprietary systems, and innovative processes are intrinsic sources of value that can translate into superior quality, time, cost, and innovation performance relative to the company’s competitors. However, significant performance gaps can diminish reputation if not addressed in a timely manner. These factors should weigh heavily on a board’s evaluation of company performance over time.
World-class response to a high-profile crisis – Sooner or later, every company is tested. No company is immune to a crisis. As a crisis event is a severe manifestation of risk, crisis management preparation is a natural follow-on to risk assessment, particularly for high-impact risks with high velocity, high persistence, and low response readiness. The board should ensure that the risk assessment process is designed to identify areas where preparedness and a response team are needed. Fires cannot be fought by committee.
While a one-size-fits-all approach does not exist, the 10 keys listed above offer boards a framework for focusing on whether executive management is focused on the appropriate fundamentals for enhancing and preserving the enterprise’s reputation.
Jim DeLoach is managing director with Protiviti, a global consulting firm.
The challenges posed by the epic turbulence in the price of oil will highlight how effective the boards of directors of different companies are in providing meaningful guidance and counsel to their CEOs. The advisory role of the board is all the more essential because three decades ago, during the last upheaval of this magnitude, the current cohort of CEOs were only junior or middle managers. Little of what was successful for them then will help now that they must lead entire companies rather than merely manage a team as they did when they were more junior. Most CEOs thus find themselves in uncharted territory.
Based on my experience working with hundreds of boards and CEOs in a range of market environments, there are three essential things boards can do to help their CEOs in this uncertain time. And because many CEOs may not know to ask for them, boards need to take the lead and provide them proactively.
Increase interaction between chair and CEO. Boards should be sensitive to the fact that CEOs may subconsciously view the current environment as a “test” of their leadership ability, with any calls for help to be interpreted as weakness. Of course, the exact opposite is true: even in the C-Suite and boardroom, the survival of downturns is a team effort. Let the CEO know that if there is a test, it is of his or her readiness to draw on the experience and perspective of the board to find the best solution.
Hold up the mirror. Even the best leaders are human and can take on unflattering characteristics during periods of extended volatility. Watch for common leadership styles that derail CEOs: leading by decree, having unrealistic performance expectations, or only taking a short-term view. Provide empathetic but firm feedback to help the CEO continue to be his or her best self.
Don’t let the crisis go to waste. It’s been said that experience is a harsh teacher because it gives the test first and the lesson afterward. In the same way, the current turbulence serves as an unforgiving but highly effective finishing school for future CEO candidates. Both the board and the CEO have a vested interest in leveraging this reality. Make sure the CEO draws upon his or her team, letting them hash out possible approaches. The CEO’s job isn’t to solve the problems solo, but create the environment of discussion and creative tension that leads to innovative solutions. Every person involved will become a better leader because of it.
From activist investors to ongoing regulatory scrutiny, energy company boards have their own challenges. In the current environment, however, the board’s number one priority needs to be giving their CEO the guidance and care needed to be the leader this dynamic period demands.
Steve Goodman, based in Houston, leads Egon Zehnder’s Energy Practice in North America, serving clients across all energy segments, and he is active in the firm’s Private Equity Practice. He has a major focus on CEO and board placements along with succession planning and board effectiveness consulting.