Directors & Boards: Reader Profile

Home |

Subscriptions |

Articles Archive |

Current Issue |

Back Issues |

Shopping

Advertising |

List Rental |

Editorial Calendar |

Background |

Reader Profile

Matteo Tonello
Associate Director, Corporate Governance
The Conference Board

Editor's note: Each month, we ask a Directors & Boards reader to comment on critical issues facing directors today. If you'd like to participate in this section in the future, please email Scott Chase.

How has the protection of corporate reputation evolved into a board-level concern?

Public perception of a business positively affects profitability and stock performance as well as the firm’s ability to efficiently raise new capital. There is plenty of research supporting this correlation. Likewise, reputable firms are more successful in the mergers and acquisitions market (not only for their bargaining power as bidders but also for the higher price premium they are likely to obtain when they are being purchased) and in the pursuit of growth and internationalization strategies.

For these reasons, reputation risk is today a significant threat posed to a company’s business operations. In fact, it may be harder for a firm to recover from a reputation failure than to build and maintain reputation in the first place.

What is the role of the board of directors in enhancing and protecting this pivotal corporate asset?

To answer this question, The Conference Board held a Corporate/Investor Summit in Washington, D.C., in conjunction with the Council of Institutional Investors. Delegates to the Summit were representatives from major corporations and investors as well as academics and other experts in the field. The group called attention to the need to embed considerations of corporate reputation into a comprehensive enterprise risk management (ERM) program, arguing in particular that treating reputation risk separately would fundamentally damage those risk management integration initiatives on which many companies have embarked in recent years.

What are the outcomes of the Summit discussion? Did The Conference Board issue recommendations to directors?

Yes, six top recommendations came out of the discussions.

1.    Reach an understanding of the concept of corporate reputation and tie its discussion to a comprehensive analysis of the firm’s stakeholder base.

Corporate reputation is the way the business is seen by a variety of stakeholders (e.g., shareholders, customers, employees, local communities). As such, it is a relative and dynamic concept which may be difficult to capture. First of all, a fact regarding the organization or the behavior of an executive may be judged differently by different people, according to their business culture, set of moral values, and relationship with the firm. As a result, expectations can shift over time (for example, with the changing of the underlying regulatory environment in which a stakeholder operates) or according to the region or country where a group of interests is based. Furthermore, in forming their own impression about a business, some individuals may be more sensitive to the company’s financial achievements; others may pay attention to the corporation’s solvency and capacity to serve its debt obligation; and still others may care about the social or environmental impact of the company’s strategy.

For these reasons, members of the boards should tie any discussion on the firm’s reputation to an accurate analysis of its constituencies so as to ensure that no key stakeholder relation is neglected.

2.    Become familiar with management’s rationale for prioritizing stakeholder relations and be persuaded that any selected relation is instrumental to achieve the company’s long-term goals.

Stakeholder relations should be analyzed from a situational and contextual point of view and prioritized according to such criteria as their actual influence; the criticality and urgency of stakeholders’ interests and claims; their access to and control of key business resources; and the likelihood that, if dissatisfied, stakeholders take action against the corporation. From this analysis, a company might even conclude that a relation with a specific group of stakeholders should be weakened or severed rather than strengthened because the association with that group would, in fact, damage corporate reputation.

In this context, the role of the board is to become familiar with the nexus of key stakeholder relations and be persuaded about the prioritization rationale used by senior executives. In particular, directors should remain aware not only that different groups of stakeholders have different perceptions of the firm but also that managers may attribute different importance to the same group of stakeholders, according to the degree of interaction they have with the group. For example, sales personnel are naturally more sensitive to customer satisfaction issues than the company’s buyers, who care primarily about the suppliers’ view of the organization.

By gathering information from a variety of ranks in the organization, the board should try to develop an informed opinion on all of these perspectives.

3.    Discuss the nature of reputation risk as an effect of certain business operational incidents, not as a separate and distinct category of uncertainties.

Reputation failures do not stem from a separate and autonomous risk category. Instead, they are one of the effects of strategic and operational risks facing the business. For example, BP, the British oil giant, suffered a recent reputation failure as a result of a string of grave accidents at U.S. facilities and the subsequent revelations of negligent safety and security. In spite of their consequences on the company’s reputation, the accidents were – first and foremost – serious operational risks.

Given the compounded nature of reputation risk as a “risk of risks,” companies should not make the mistake of fragmenting the responsibility for the underlying risk between the operational risk owner and a dedicated office in charge of reputation. If they did so, they would undermine the system of accountability on which business unit managers and other risk owners operate. For obvious reasons, a business unit manager who knows that an operational incident is being measured by Reputation Quotients and corrected through a communication strategy has less incentive to invest in preventing a new occurrence and can simply hide behind a well designed public relation plan.

4.    Oversee the design and implementation of a strategic, top-down and holistic risk management program where business events with potential consequences on the firm’s reputation capital are identified, measured and addressed in a timely manner.

Experts have long advocated the need to integrate risk management activities. Enterprise Risk Management (or ERM) was formulated by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and other self-regulatory bodies as an actionable tool to depart from the traditional, segmented approach to risk management and foster a strategic, top-down, and holistic view of business risk. The risk of reputation failures (intended as the effects of operational incidents on reputation capital) should not be left out of this picture. In fact, it should take center stage in the risk management integration effort.

5.    Oversee the process adopted by senior executives to identify, categorize, and prioritize business uncertainties with respect to their reputation effects.

In performing their oversight role, directors should remain aware that certain business risks may represent personal opportunities for dishonest, ill-intentioned managers. In those cases, managers may bear an interest in avoiding having those categories of potential events brought to the surface and addressed in a systematic and effective way, despite the potentially disastrous consequences that the company’s reputation could suffer from those occurrences.

For example, delegates to The Conference Board Corporate/Investor Summit discussed the situation where a company risked a grave reputation capital loss due to the failure by a business unit to report new data on the environmental hazard of a local production process. In this case, the underlying operational risk was identified at the business unit level but not elevated to the entity level through the official identification process because the linkage between the compensation of senior business unit managers and local production output functioned as a disincentive. To avoid similar pitfalls, the board should consider becoming familiar with the risk event identification techniques chosen by senior executives (e.g. interviews, questionnaires and surveys, focus groups and workshops, market analyses, etc.), understand their limitations, and be able to critically analyze their outcomes in light of circumstances facing the company or its divisions.

Directors should also consider encouraging senior managers to include among identification, categorization, and prioritization criteria a set of reputation metrics so that business risks are fully evaluated even with respect to the likelihood and significance of their reputation effects.

6. Oversee the determination of a proper response strategy to each risk category affecting corporate reputation.

A response strategy may consist in avoiding, mitigating, or even embracing the effects of a risk event, including its effects on corporate reputation.

Here is an example of reputation risk undertaking. Since the 1980s, Benetton Group used a series of aggressive and provocative advertising campaigns which, in a few years, made its clothing brand recognizable worldwide. The group embraced a significant reputation risk (the backlash of an ill-suited promotional message) based on the calculated consideration that the benefits that its product brand could derive from such a risk undertaking strategy would outweigh its negative effects on corporate reputation. In assessing reputation risk, Benetton concluded that its relation with a young generation of liberal customers should be given more importance than the relation with special interest groups.

Is there more to the reputation risk management equation?

When it comes to risk mitigation, directors should be skeptical of attempts at restoring stakeholder confidence solely through the use of savvy communication tactics, and request instead that response strategies fully address the underlying operational risks. In a well-designed ERM program, communication tactics and better disclosure should be seen as tools to corroborate and complete a business risk response strategy, not to replace it.

For example, an important point debated by Corporate/Investor Summit delegates is whether it is good practice for a company to issue a public apology for an operational incident as well as what the form and substance of such apology should be. Delegates recommended that, in deciding whether and how to say sorry, chief executives and the board chairman should not rely on communication experts alone. Instead, the merit of a public apology should be discussed in an integrated risk management context and be part of a precise response strategy.

In that context, the company could, for example, realize that an immediate apology would sound affected (if not self-interested) and only exacerbate the sentiments of certain key stakeholders – whereas the most important action to show a sincere concern for the effects of a business incident is to promptly take the necessary steps, even where costly, to absolutely prevent any additional risk occurrence. Also, before making amends, it should be kept in mind that the mea culpa could be used against the company by litigious shareholders or third parties.

Matteo Tonello is Associate Director, Corporate Governance at The Conference Board and the author of Reputation Risk: A Corporate Governance Perspective. Recently, he co-authored Corporate Governance Handbook: Legal Standards and Board Practices and directed a working group on hedge fund activism. He is a licensed attorney in New York and Italy.