Consider all the things that can go wrong at a company today, and risk oversight seems like a near impossible task. From industrial accidents to disgruntled employees caught on camera, today’s digital world accelerates the flow of information—often leaving companies with more risks to manage and less time to respond. This tumultuous environment can be challenging for boards to oversee.
In a recent collection of publications titled the Risk Oversight Series, PwC’s Governance Insights Center refocuses the board’s attention on the risks that matter most (i.e., the ones that directly impact a company’s strategic objective). These key risks can vary by industry and company size; yet, one area of oversight that tends to be virtually ubiquitous is reputation risk.
What makes overseeing reputation risk tricky is that it’s usually another risk that triggers reputation risk—faulty products and loss of customer confidence, repeatedly missing earnings numbers and loss of investor confidence, or an industrial accident and loss of employee confidence, for example. And reputation problems can quickly impact the bottom line— especially at consumer products companies. Think of consumer response to poor working conditions in overseas factories, health scares in restaurant chains, or the loss of customer personal information at retailers.
In our episode with Dr. Richard Leblanc (Will “Tone at the Bottom” Impact Your Shareholder Value?), we discussed recent examples of reputational crises (e.g., Wells Fargo, United Airlines) and how other boards can learn from them.
“Traditionally, boards have been structured to get all of their information from the CEO,” said Leblanc. “Now with social media…anybody can put the reputation of your company at risk in ten minutes.” Thus, today’s boards must broaden the scope of their information gathering and evolve their tactics. In this blog, we discuss four best practices:
1. Focus on your key risks and role play.
While corporate crises are unfortunate events, incidents at Wells Fargo, United Airlines, Chipotle, BP, and Volkswagen provide a template by which other companies and boards can assess their own vulnerabilities.
“This a teachable moment—what happened with United Airlines,” said Leblanc. “Boards should be asking management teams: Can our reputation be impacted by something we do? What would our response plan be for this?”
Leblanc suggests focusing on the two to three risks that can be most damaging to the company and asking management to demonstrate how the company is prepared.
Great boards now are hiring mock social media teams to attack the company in a mock exercise to determine, “If we had these scenarios, how would we respond?”
Boards must also consider how these potential risks tie together, explains PwC’s Governance Insights Center. For example, the wrong compensation plan may lead to compromises in workplace safety; a workplace accident can then result in significant reputation damages, which could affect company earnings.
The full board must devote discussion time to how key risks interact with each other. When separate committees are overseeing different risks, it’s often difficult to see how one risk may impact the next. PwC’s Risk Oversight Series offers guidance on how boards can best structure their risk oversight efforts between dedicated committees and the full board.
2. Examine Your Company Culture and Set KRIs.
Risk and company culture are inextricably tied. In any discussion of risk oversight, this relationship can’t be overstated.
Culture is vital because it predicts how companies are going to operate. When you think about a typical company, [it] has managers throughout the country (maybe throughout the world) making a number of decisions everyday. Without the proper culture, boards will have a tough time being confident that those managers throughout the company are making decisions in a thoughtful way—and in a way that respects the kinds of risks the company wants to take.
In her recent episode, PwC’s Catherine Bromilow demonstrates how culture issues oftentimes precede corporate crises, as we saw with both Wells Fargo and United Airlines.
“Do you think, at Southwest Airlines, someone would have been dragged off [the plane] in this fashion?” asked Leblanc. “I doubt it. It’s not something that Southwest Airlines would do.”
The best boards emphasize training and education. They have a whistleblowing procedure that allows cultural complaints to flow directly to the board or committee, stresses Leblanc.
Boards must develop key risk indicators (KRIs), which serve as early warning signs for impending cultural issues. KRIs should be closely tied to the company’s KPIs and strategic objectives. For example, a drop in gross domestic product or a spike in unemployment can signal more than just a slow quarter; boards need to outline how these metrics can be used to indicate cultural red flags. More information on KRIs in PwC’s publication, Why Your Board Should Refocus on Key Risks.
3. Organize a Network of Objective Sources.
While quantitative KRIs are valuable indicators that tie risk to company performance, qualitative interactions can prove equally as valuable—particularly when the board branches outside its formal information-gathering network.
“Look for ways that [your board] can get objective information about the culture,” says Bromilow. She outlines several ways that boards can go about this:
Tune into the responses on the cultural survey. Most organizations conduct a survey on company culture; if not, it’s something the board should be asking about. Beyond the empirical results, what are employees saying about the culture when given the opportunity for open-ended response?
Use one-on-one time with members of management to probe about culture. Board-management interactions often take the form of formal reports. How can board committees use their one-on-one time with members of management to ‘get a read’ on culture. When given a forum, management can be effective at identifying potential pockets of bad culture, says Bromilow.
Get out of the boardroom. When traveling to company locations for any reason, directors should get out of the boardroom and talk to individual employees, says Bromilow. These occasional interactions allow directors to compare what they’re hearing in the boardroom to what’s being said on the shop floor.
4. Align Incentives with Good Behavior
To promote a healthy company culture, boards must align compensation with the behavior they wish to see. While this blog only touches briefly on incentives and culture, we can’t overemphasize the importance of this ‘best practice’.
“People behave the way they’re paid,” said Leblanc. “Good pay committees now are starting to tie nonfinancial metrics—integrity, diversity, ESG, conduct—to executive pay.”
Indeed, compensation committees must be both skeptical and cautious when setting performance targets and associating incentives. In her episode, Bromilow outlines an example that demonstrates how even small misalignments can have damaging cultural implications that pose great risk to an organization.
This ongoing series from PwC’s Governance Insights Center tackles every question that boards are asking about risk oversight. How can we be sure that management is focusing on the right risks? How can we begin to improve a damaged culture? How do we know if we need a risk committee? Access the Risk Oversight Series here.