Dr. Andrea Bonime-Blanc – Chief Executive Oficer and Founder of GEC Risk Advisory
Volkswagen’s toxic mix of evolving and growing compliance risks (that should typically be caught in a robust enterprise risk management and compliance system) with the presence of strategic risks (that the board is responsible for overseeing) yielded what I would call the perfect reputation risk storm of 2015, or maybe even the decade.
Embedded in this crisis were several underlying and neglected compliance and strategic risks that explain why this scandal unravelled so quickly and had such a dramatic and immediate impact on stock price, car resale value, stakeholder value and more.
Two compliance risks and three strategic risks
It appears that Volkswagen had at least two serious underlying compliance risks:
■ Product fraud, misrepresentation and false advertising (the defeat software)
■ Environmental (toxic emissions many times higher than legally permitted)
If Volkswagen had a robust enterprise risk management and compliance system, and had conducted rigorous analysis of the downside impact on its key stakeholders, perhaps the perfect risk storm would not have occurred. The stakeholder analysis (below) provides a quick overview of the multitude of stakeholders affected.
The two underlying compliance risks were either allowed to develop or were actively ignored. With the passage of time and addition of the following three strategic risks, it was only a matter of time before the perfect strategic risk storm would gather.
Leadership risk It appears from the facts we know that the leadership style of the previous CEO Martin Winterkorn was authoritarian, single-mindedly driven to create the number one auto company in the world, whatever it took, tolerating little or no dissent along the way. This could be a textbook case of leadership risk, something that we have learned from past cases (Enron, WorldCom, Lehman Brothers) can doom a company.
Culture risk
Closely tied to leadership risk is culture risk. Why? The leadership style of a leader is often intimately linked to the performance, compensation, risk and reward structure of
an organisation. And the leader’s performance is in turn intimately connected to how the board treats that leader from a compensation and accountability standpoint. If all the board does is reward the CEO for financial metrics and not for how those metrics are achieved there is likely to be culture risk – a serious strategic risk.
Reputation risk
Reputation risk as it relates to an organisation is almost always a strategic risk because of its very nature.
“Reputation risk is an amplifier risk that layers on or attaches to other risks – especially Environmental Social and Governance (ESG) risks – adding negative or positive implications to the materiality, duration or expansion of the other risks on the affected organisation, person, product or service.”[1]
If one applies the reputation risk layer onto the underlying risks at Volkswagen the picture becomes clearer and more dramatic: the fact that the underlying environmental violation and product fraud risks were covered up or suppressed over a period of time (instead of addressed and repaired) explains why the reputation risk attached to these underlying risks grew over time.
“A lesson for the rest of us is to understand and repair the elements of organisational resilience that might be missing or under-deployed in our own organisations”
In the case of the other two strategic risks – leadership and culture risk – reputation risk is tailor-made to amplify and worsen the impact of these risks: it has been claimed that leadership encouraged (tacitly or openly) risk-taking and rule-breaking, creating a culture where no one (employees and suppliers) felt safe to speak up about possible problems that might derail the overall strategy of the company – becoming the number one global auto company.
The Volkswagen case: the role of the board
The Volkswagen case is very recent and much remains to be known. But the severity and intensity of this scandal yields a number of important lessons even at this early stage. There are important reputation and strategic risk lessons, for the highest echelons of an entity – specifically the board.
As Volkswagen scrambles to deal with the immediate crisis by deploying its crisis management, there are a number of critical medium- to long-term activities that the company, its supervisory board and executive management must undertake to address their long-term survival and to restore the trust of its stakeholders including:[2]
■ Deep SWOT (strengths, weaknesses, opportunities, threats) analysis
■ Corporate governance and culture overhaul
■ Establishment of an effective global ethics and compliance programme
■ Understand and deploy reputation risk within ERM
■ Undertake stakeholder impact analysis and repair plan
■ Build organisational resilience and long-term stakeholder trust
The rest of us must take advantage of this dark time to understand and repair the elements of organisational resilience that might be missing or under-deployed in our own organisations to build long-term resilience, trust and organisational strength for the longer term and to the benefit of our stakeholders.
About The Author:
Dr. Andrea Bonime-Blanc is the chief executive officer and founder of GEC Risk Advisory, a global firm that provides strategic and tactical governance, risk, ethics, compliance, CSR, reputation and crisis advice to boards, executives, investors and advisors (http://www.gecrisk.com). She is author of The Reputation Risk Handbook: Surviving and Thriving in the Age of Hyper-Transparency (http://bit.ly/1284TMR) and the 2015 Conference Board Research Report, Emerging Practices in Cyber-Risk Governance (http://bit.ly/1LO0MI5). She is a global keynote speaker, and member of several international boards. She can be reached at @GlobalEthicist and abonimeblanc@gecrisk.com.
Footnotes:
1 Andrea Bonime-Blanc, The Reputation Risk Handbook: Surviving and Thriving in the Age of Hyper-Transparency, 2014.
2The Reputation Risk Handbook Chapter 5.