Reputation is a precious but fragile enterprise asset. What takes decades to build can be lost in a matter of days once the spotlight shines on unethical or illegal practices that place an organization’s stakeholders or the public at risk. Environmental catastrophes, financial restatements, fraudulent reporting to regulators, massive product recalls, efforts to mislead investors, and other highly publicized events erode brands and impair reputation. We define reputation risk as the current and prospective impact on earnings and enterprise value arising from negative stakeholder opinion.
We see 10 key functions of the board’s oversight of reputation risk management, and classify them in five critical areas below.
- Effective board oversight – Reputation risk management starts at the top. Strong board oversight on matters of strategy, policy, execution, and transparent reporting is vital to effective corporate governance, a powerful contributor to sustaining reputation, and is the ultimate checkpoint on CEO performance. The board’s active risk oversight effort is important because effective, early identification, and management of risks can reveal major threats to the company’s reputation and ensure that the threats are reduced to an acceptable level.
- Integration of risk into strategy-setting and business planning – The board must ensure that risk is not an afterthought in the strategy-setting and business planning processes. Integrating awareness of risks with core management processes makes risk a relevant factor at the decision-making table, facilitates a big picture view to undertaking risk, and intersects risk management with performance In an effort to make the strategy more robust, directors should understand the critical assumptions underlying the strategy; ask tough, constructive questions to challenge assumptions; and consider plausible scenarios that could render one or more assumptions invalid.
- Effective communications and image- and brand-building – Building brand recognition unique to a business is vital and, when all else is working well, augments reputation. A good story is easier to tell than one with flaws, but every savvy board knows that some companies are better at telling their stories than others. Therefore, directors need to understand management’s image- and brand-building game plan and how significant changes to that plan could present a significant risk to the company’s reputation.
- Strong corporate values, supported by appropriate performance incentives – The notion that, if tone at the top is good, the organization’s culture must be good, doesn’t always hold. Lower-level employees often pay more attention to the messaging and behavior of their supervisory middle managers than to communications from the organization’s leaders. Boards need to ensure that executive management implements a strong tone at the top, effective escalation processes, and periodic assessments of the tone in the middle and at the bottom. Directors need to ensure that management is paying attention to warning signs posted by independent risk management functions and in audit reports: failure to give these warning signs adequate attention on a timely basis reflects on the tone set by executive management. For example, the executive leadership of Barings ignored warnings from internal audit of the consequences of the lack of segregation of duties in its Singapore operations because those operations were making the bank a lot of money. Ultimately, the hidden trading losses took down the institution.
- Positive culture regarding compliance with laws, regulations and internal policies – Few incidents undermine reputation more than serious, highly publicized compliance violations. Directors should ascertain that effective internal controls – including monitoring processes and robust training of employees – over compliance matters are implemented and executive management: “walks the talk” with respect to compliance; periodically conducts a comprehensive risk assessment; refreshes the compliance program for changes arising from new regulatory developments; and understands the players and third-party agents in countries in which the organization does business and monitors their dealings closely.
- Priority focus on positive interactions with stakeholders – The board should ensure that there is a passionate focus on improving stakeholder experiences. These are the accumulation of day-to-day interactions that customers, employees, suppliers, regulators, shareholders, lenders, and other stakeholders have with a company as a result of its business operations, branding, and marketing. These interactions constitute moments of truth that, if internalized and acted upon, provide a powerful driving force for improving and sustaining reputation.
- Quality public reporting – The markets take quality public reporting at face value. Once a company loses the public’s confidence in its reporting, it’s tough to earn it back. These points suggest that a strong audit committee is an imperative.
- Strong control environment – A critical component of internal control, the control environment lays the foundation for achieving operational, compliance and reporting objectives. In addition to the board’s oversight and the organization’s commitment to integrity and ethical values, as mentioned above, the control environment consists of: the organizational structure and assignment of authority and responsibility; the processes for attracting, developing and retaining appropriate talent; and the rigor around setting the appropriate performance measures, incentives and rewards that drive accountability for desired results. Embarrassing control breakdowns can tarnish reputation; therefore, boards should demand a strong control environment.
- Company performance relative to competitors – Market recognition of success is a huge validation of a company and its management team. Recognition of differentiating strategies, distinctive products and brands, proprietary systems, and innovative processes are intrinsic sources of value that can translate into superior quality, time, cost, and innovation performance relative to the company’s competitors. However, significant performance gaps can diminish reputation if not addressed in a timely manner. These factors should weigh heavily on a board’s evaluation of company performance over time.
- World-class response to a high-profile crisis – Sooner or later, every company is tested. No company is immune to a crisis. As a crisis event is a severe manifestation of risk, crisis management preparation is a natural follow-on to risk assessment, particularly for high-impact risks with high velocity, high persistence, and low response readiness. The board should ensure that the risk assessment process is designed to identify areas where preparedness and a response team are needed. Fires cannot be fought by committee.
While a one-size-fits-all approach does not exist, the 10 keys listed above offer boards a framework for focusing on whether executive management is focused on the appropriate fundamentals for enhancing and preserving the enterprise’s reputation.
Jim DeLoach is managing director with Protiviti, a global consulting firm.