Our guest blogger Hans - Kristian Bryn provides his view on reputational risk and the role of the CAD
- Reputational risk - where do the responsibilities of the Corporate Affairs Director start and end?
A view by our guest blogger Hans-Kristian Bryn, an international risk management and governance advisor, formerly UK leader of Deloitte’s Strategic Risk Practice.
Reputational risk management is a hot topic and often debated with and amongst Corporate Affairs Directors (CADs). However, CADs are only one of the key executives with a role to play and a sense of ownership of reputational risk. This blog attempts to shed some light on the current situation and provide some action and learning points based on recent discussions with both CADs as well as risk management professionals.
The job of the CADs (as well as their fellow directors) has become more challenging as the business environment has turned more Volatile, Uncertain, Complex and Ambiguous. This increase in VUCA (as it is more commonly referred to) has a strong link to how we view reputation and indeed the volatility of reputation.
Reputational impact / reputational risk has therefore come up both the ExCo and Board agendas over the last 5+ years. Most industries have had their own reputational risk events over that period. However, the management disciplines and processes are at different stages of development across the cohort of companies we have been exposed to.
The nature and characteristics of reputational risk management vary significantly in a Business-As-Usual Vs Crisis situation. It is critical for both CADs as well as Chief Risk Officers (CROs) to define their respective roles clearly in both situations, recognising that a collaborative rather than siloed approach is required.
In a Business-As-Usual context, the focus is on the core management disciplines of establishing a reputation risk management framework that includes a clear definition of reputation risk appetite. In addition, the framework should enable the organisation to incorporate reputational impact into risk assessments as well as consideration of key strategic and operational decisions. It is not clear that CADs have taken a lead role in developing this – or have worked effectively with the CRO to do so.
In a crisis situation, the focus quickly changes to the activation of the crisis plan and associated communications strategy. The CADs are then undoubtedly in their sweet spot and will be taking centre stage, working closely with ExCo and the Board to manage the event. They will also be a key player in the liaison with external advisors and media.
In conclusion, it is easy to see that reputation and hence reputation risk management matters, and there is evidently more work to be done. However, based on a number of recent discussions, we can conclude the following:
- There is a strong consensus amongst CADs that they ‘own’ the reputational risk agenda
- This is reflected in their regular reporting to the Board and strong evidence of increased Board awareness and engagement on the topic
- There are however, a number of other executives who also see themselves as ‘owning’ all or part of the reputational risk agenda
- Most of the organisations have reputational risk as a separate category rather than viewing it as an impact of other risks crystallising
- There is some evidence of cross-functional approaches however, it is not uniformly implemented across firms
- A challenge for decentralised organisations is how to achieve consistency of
- Skills / capabilities
- There is still limited evidence of an explicit link to decision-making at all levels; ExCo / Board and Divisional / Business level
- There is evidence of oversight forums for reputational risk emerging
- Reputational risk forums / committees are in place in some organisations
- Some examples of risk and reputation being brought together in oversight committees
- Example of reputation risk committee being chaired by a Non-Executive Director
- There is also heightened awareness of the disclosure considerations around reputational impact however, there is limited evidence of reputation risk appetite being articulated and incorporated into the overall risk appetite framework
So what are some of the practical steps that CADs should take the lead on going forward:
- Implement, in close collaboration with the CRO, a cross-functional approach to address the full range of reputational impacts, and linkages to the key processes and decisions within the organisation
- Apply effort to quantification. Data, metrics, analytics are required to better incorporate reputational impact in decision-making – both at the top of the house as well as within the business. For example, companies should define which metric (e.g. volume, price, cost, management time, regulatory fine) they are most concerned with and model the impact of reputational evens on that metric
- Reputational risk management need to span the ‘life-cycle’ of reputation rather than have a bias towards the crisis situation
« Back to Blog