When we asked directors personally, many said they approach risk on a case-by-case basis in connection with a specific strategic issue such as a merger or acquisition or the entrance into a new market. This may not constitute a sufficiently robust process to satisfy directors’ fiduciary responsibilities.”
The new research found significant differences in how directors understand risk and how their companies manage risk. Moreover, directors may have more of a top down understanding of risk. The Conference Board study finds: Although 89.5 percent of directors say they fully understand the risk implications of the current strategy,
- Only 77.4 percent of directors say they fully understand the risk/return tradeoffs underlying the current strategy.
- Only 73.4 percent of directors say their companies fully manage risk.
- Only 59.3 percent of directors fully understand how business segments interact in the company’s overall risk portfolio.
- Only 54.0 percent have clearly defined risk tolerance levels.
- Only 47.6 percent of boards rank key risks.
- Only 42 percent have formal practices and policies in place to address reputational risk.
Directors are, however, sensitive to the need for additional information:
- While 71.8 percent of directors believe they have the right risk metrics and methodologies in making strategic decisions, 47.6 percent of directors would like to see more data analysis related to the company’s risk profile.
The good news is that almost half of those surveyed think that they need more data analysis to determine the companies true risk profile. The bad news is the same number of Boards actually rank their risks. This means that half of those surveyed, do not rank their risks. Is this possible?
Certainly these organizations are measuring risk. They have tools and systems to gather the data and to analyze it. They have some kind of Risk Model to assist in the ranking of those areas that have high impact and high exposure. These areas of risk in the upper right quadrant, correct?
The report, is authored by Carolyn Kay Brancato, Matteo Tonello, and Ellen Hexter of The Conference Board. These findings are based on a comprehensive research effort on the topic that incorporated personal interviews with 30 board members, analysis of Fortune 100 board committee charters, and a broad survey of 127 board members. The report has not yet been released, but is forthcoming.
It seems that at least with this small number of board members surveyed, the topic of Reputational Risk is still a mystery as 58% say they still don't have policy in place. In Brian Murray's book Defending the Brand his introduction says it all:
Digitalization and the convergence of networked communications mediums have forever changed the way we live and conduct business. Broadband and wireless technologies, networked appliances, and multipurpose consumer devices promise to embed digital networks even deeper into our everyday routines. Unfortunately, while such technological advances have created fantastic opportunities, they have also facilitated new, unscrupulous business tactics and provided a haven for criminals who thrive on the victimization of corporations and consumers alike.
The Board of Directors who are not taking "Reputation Risk" seriously may have more work ahead of them. Protecting your assets goes well beyond the surveillance cameras and the clear presence of armed guards. 9 out of 10 incidents that impact corporate reputation will begin with information. And it may end with that information being in the hands of those that will exploit you with piracy, fraud, counterfeiting and deceit. Mr. Murray is correct when he says: "Fierce competition and economic pressures have exacerbated the situation as ethics fall by the wayside in the struggle for profits and survival."