By Dr. Andrea Bonime-Blanc – CEO and Founder of GEC Risk Advisory
Governance, Risk and Reputation
Governance, risk and reputation have all become hot button issues in and outside of the boardroom. Governance is clearly the domain of the boardroom and in recent years improved governance has been widely discussed and debated in the wake of so many corporate scandals and even systemic industry breakdowns (the financial sector comes to mind).
As a result of the many scandals since Enron, key governance questions that are often asked include: Where was the board when these scandals happened? Did the boards understand the governance, risk and reputation issues of their companies? Was there someone on the board with relevant experience? Sadly, the answer has often been that these boards were either ill equipped to understand risk and reputational issues or, more alarmingly, passive puppets of a domineering chairman and/or CEO.
Until very recently, risk too was not thought of as a major part of board oversight. Yes, audit committees have generally had oversight responsibilities for risk, but risk has been pretty much the stepchild of audit — more of an afterthought or a crisis-generated subject. This too is quickly changing in view of the many material and complicated global risks companies are facing and likely to face for a long time to come: corruption, fraud, cyber-crime, environmental damage, health and safety and human rights, just to mention a few.
Both boards and management have been struggling with how best to tackle risk management. On the one hand, and in defense of boards, management sometimes goes too far in the direction of overstuffing boards with too much unstructured enterprise risk management “big data” and not enough nuanced and useful analysis that prioritises and defines relevant risk. Feeding a board a fire-hose of massive and largely meaningless information is not conducent to effective risk management.
“For governance, risk and reputation, it all begins and ends at the very top of the food chain: the board”
On the other hand, in defense of management, boards frequently do not have members with deep and broad industry or multi-sector risk and reputation expertise so they don’t know what questions to ask and thus management is left to its own devices without the benefit of effective oversight.
The board therefore faces a serious conundrum: either it receives too much useless risk information or too little. The results are the same: the company will face crises and scandals no one is prepared for with stakeholders suffering the consequences – whether there are hits to stock value, employee morale or jobs, poor products or reputational hits.
“Reputation” is a little understood, intangible and even virtual concept long considered the domain of brand and public relations executives and often housed in a narrow silo within the corporate pantheon. Now, reputation and reputation risk have suddenly become sexy topics – maybe not that sexy, but certainly much talked about and often misunderstood.
Suffice it to say that reputation risk (according to several leading surveys) is now considered a top, even a #1, strategic risk for global corporations. Part of the reason: the advent of the age of hyper-transparency where information (the good, the bad, the ugly, the accurate and inaccurate) travels at the speed of light and reputations are lost much faster than overnight.
Key Drivers of an Effective Strategic Approach
For governance, risk and reputation, it all begins and ends at the very top of the food chain: the board. If the board has its governance, risk and reputation house in order, it will be able to provide the oversight necessary to management to oversee the creation and implementation of proper risk and reputation management, which are critical components of a resilient organisation.
So what are the key drivers of a coordinated, effective approach to governance, risk and reputation? It is all about achieving organisational resilience by:
- Understanding and mitigating risks
- Managing reputation and reputation risk
- Managing and withstanding the crises that will inevitably come
- Lowering costs of losses and litigation
- Transforming risk into value
- Developing and maintaining a strong culture of organisational resilience
Just like the financial and business aspects of a company are inter-related and should be coordinated strategically and operationally, so should governance, risk and reputation issues and functions. In addition, these aligned elements should also be connected directly to the company’s business plan and overall strategic roadmap.
The Board’s Role: Practical Strategy Tips
So what’s a board to do to help a company accomplish these strategic governance, risk and reputation alignments?
- It starts at the board level with proper governance: is that in place?
- Does it make sense for the company to give another board committee beyond audit to tackle risk, compliance and/or sustainability?
- Should there be a senior level risk, reputation, compliance or corporate responsibility leader sitting on the board, chairing a risk committee?
- Specific questions that boards should ask management:
o What is the state of risk management within the company?
o Is there a strategic risk plan?
o What are the global, strategic and material risks facing the company?
o Is reputation management on this list? If not, why not?
o Who’s in charge of risk generally?
o Who’s in charge of reputation risk?
o Is there an executive level risk and reputation expert and do they report to the CEO or another C-level executive?
o Is there a cross-functional or silo’d approach to risk and reputation management?
o Are there risk owners?
o Are there risk coordinators?
o Is there a crisis management plan?
o Does it take into account likely risks and reputation risk?
o Is anyone connecting risk and reputation management to the business?
o Is anyone thinking about how solving risks might enhance business value?
o Talk offline to risk experts in the company
o Bring in outside experts for benchmarking, knowledge sharing and perspective
By zeroing in on the internal alignment of governance, risk and reputation and strategically aligning them back to the company’s business and strategic planning, companies will unlock value that is otherwise lying fallow and untended. It is an essential responsibility of a board to help management drive these two critical strategic objectives, which in the end will create greater entity value for all stakeholders and sustainable organisational resilience.
Dr. Andrea Bonime-Blanc is CEO and Founder of GEC Risk Advisory, which provides global strategic governance, risk, ethics, compliance & reputation advice to boards, executives, investors and advisors (http://www.gecrisk.com). She is a 2014 100 Top Thought Leader in Trustworthy Business, a frequent keynote speaker, board chair and chair emeritus. Her latest book, The Reputation Risk Handbook, will be published in October 2014 by Dō Sustainability. She writes the monthly “Ask the GlobalEthicist” Strategic Column for Ethical Corporation Magazine and tweets @GlobalEthicist.