On Risk – It’s the Reputation, stupid!

By Frans Cornelis, MBA83J, IDP-C

Risk management is one of the “big three” attention items for non-executive directors, along with strategy and talent. And the current COVID-19 crisis has left many scratching their heads, wondering what lessons one should draw from this highly unpleasant experience.

Previous worldwide crisis situations that virtually no-one had planned for gave rise to concepts like “The Black Swan”. So is COVID-19 a “Black Swan”? Probably not – to quote Michele Wucker, it is more like a “Grey Rhino”: a known risk, rare but by no means fully extinct, and with very destructive properties.

So what is a non-executive director to do? Classic “risk management” often has a financial and statistical focus. One can and should insist that an organization maintains sufficient reserves. Of all types. And it is obvious that the idea that if you have less than your maximum leverage you are inefficient or in some way not maximizing things for your stakeholders is probably overdue for a rethink. One organization I am involved with, and that had to close down completely for almost three months, is now very happy with the fact that they did not go anywhere near the limit, and that they are therefore surviving where others have already gone bankrupt.

Over the decades, “Risk management”  has almost been developing in a specialized science. In many if not most major businesses, there are elaborate schemes to assess risk; usually on the financial side (interest rates, policy changes, but also things like fashion change etc.). Mostly drawn up by accounting people. As a non-executive director, you could be forgiven for thinking that you have done your job well when you have scrutinized, probed and discussed the typical complex and serious report on “Risk Management” that has been produced for inclusion in the annual report.

And yet…… The Covid-19 crisis should also make us think first and foremost about something the Coca Cola leadership used to say: “You can take away everything, but if you leave the brand and some of our key people, we will rebuild the business”.

And, interestingly, science backs this up. The annual AON risk management surveys have a consistent item in the #1 spot for largest risks for decades now: Reputation.  Not industrial policies, fashion, monetary policy, flooding or what have you. They all figure in the lists, but Reputation comes out on top.  Almost every time, usually by some margin.

Also, the Boston based Reputation Institute, in cooperation with the Rotterdam School of Management (RSM), runs serious longitudinal studies of many thousands of organizations worldwide measuring “Reputation”. They also point out that Reputation is closely linked to another concept: Identity.

And there are quite a few cases, with verified examples, where they can prove that a high reputation score allows you to recover quickly from a disaster, whereas a poor reputation score does not.

Studies by prof. Cees van Riel (RSM, now emeritus) also show that the actions in the initial phases by the company executives and spokespeople are critical for benefiting from that “Reputation cushion” or not. The wrong actions quickly destroy that reputation, sometimes forever.

Like in the well-known case of once world leading Perrier water, where a contamination was detected in their flagship product. While a recall was forced on the company in the USA, the management sought to play for time and declared, untruthfully, that this had been a one-off mistake. In reality, it soon became clear that water all over the world had this contamination, and that it would have had this for quite some time. In a post mortem, it turned out it was due to bad quality and process control at the source itself.  Why did management lie, did they know they were lying? Hard to tell, but certainly the attitude was one of denial, at the expense of their customers, and subsequently, the other stakeholders. The company never got anywhere near its previous market share, valuation and standing. It was sold 18 months later – to a direct competitor.

So does this mean that non-executive directors should also insist on better PR people, or that they should have probed the quality systems at the core processes better? That cannot be the right answer, as they would end up firmly on the chairs of the management.

What it does mean is that we should all be aware that while Reputation is the key risk, it is very closely linked to the actual Corporate Identity. That Identity is defined by norms, values, ethical choices, character. Not so much the beautiful words in the corporate statements, but the real actions and the actual paradigms.

What it does mean is that we should all be aware that while Reputation is the key risk, it is very closely linked to the actual Corporate Identity.

What you do in a crisis will be seen by all stakeholders, and they will immediately notice when, faced with a tradeoff between the interests of various groups of stakeholders, the company chooses against its customers.

This “Identity” (the actual one, not just the one on paper or in advertising slogans) is something formed over many years, and ingrained in the character of the employees. It is heavily influenced by the actions and personal examples of the management. The “value statements”, “purpose statements”, “brand” or whatever they are called are certainly important, and one has to start from somewhere, but actual behavior is the deciding factor.

That Identity is, as the Germans like to say, “Chefsache”. So yes, a Risk Analysis does deserve the full attention of good non-executive directors. If the report does take Reputation into account, so much the better. But in my mind, great non-executive directors have also made sure that the core values inside the organization, what people feel they stand for, and the ways the outside world perceives the organization, have been carefully defined and strengthened.

When a highly appreciated Identity as externally perceived is aligned with the “employer brand”, the  “corporate brand promises”, the investor reputation, and the actual internal and external actions, you have a fantastic foundation that will also guide and determine the right actions in a crisis, when there is no time to weigh and ponder each individual statement or action.

In the current COVID-19 crisis, there are many examples of companies that were quick, open and transparent when they could not keep their promises. I know of some organizations where clients literally sent emails saying ”Keep my money, hang in there, and we’ll see what you can do when this is over”. But there are also many companies who leapt from promise to promise, did not follow through on the promises for many months, got into overly legalistic and “small print” conversations and lost a lot of sympathy with their stakeholders.

I have a hunch who, a few years from now, the winners will turn out to be.

So my recommendation for non-executive directors in these times is: do read your Risk paragraphs – but also do check whether the crisis actions harm or bolster the reputation of the organization. And whether there is a clear, admirable and effective “Identity”. Because once survival is more or less assured, that is what will determine how well you can bounce back – or not.

We did not see it coming

By Xavier Bedoret, IDP-C, IDN Belgium Ambassador and Consultant in Corporate Governance

The arrival and subsequent impact of the current coronavirus crisis has taken many organizations and states unaware.

This phenomenon can be best explained as the appearance of a metaphorical “black swan”. The theory goes that human beings will assume that, because all the swans they have seen in their life are white, all swans must be white. It is a classic error of induction resulting from one’s limited experience in life (I have not seen it) or from one’s cognitive biases (I do not want to admit that I have seen it).

As a matter of fact, the error arises from an individual or entity having been blind, having been unprepared “not having seen it coming”, or not having considered “unknowns”, as Donald Rumsfeld put it.

Nassim Taleb, Researcher and Risk Analyst, identifies three reasons why we do not see these events coming:

  • The world is too complicated and random to understand what is really going on;
  • We are very good at making sense of events after they have happened; and
  • Putting elements into categories (which we do to make sense of things) always oversimplifies reality.

As we can see from the events unfolding today, this blindness can have a severe impact on human society.

How can companies avoid these “black swans”?

First of all, let’s make the distinction between (1) risks – that are manageable; and (2) uncertainties – that are unpredictable.

  • Let’s define risks as events that may be predicted, monitored, hedged, insured or avoided. In today’s corporate world, risks are studied, measured, and even exploited. The risks that fall into the category of “high probability and small impact” are considered part of the daily management of operations. These are the responsibility not only of the risk manager but of each front-line manager who is in charge of dealing with those manageable risks.
  • Let’s define uncertainties as unknowns. By definition, we cannot know the nature, the size, the timing, … or anything, about these unknowns. Companies cannot find on the market an insurance policy that adequately covers events with a “very low probability and a very high impact”.

The audit committee today is in charge of risk monitoring. They establish a strong communication line with the company’s risk manager to ensure the board’s risk appetite and the field risk mitigation are aligned. This will ensure that manageable risks are well monitored through sound processes. As we know, moderate risks lead to good business and a healthy company.

As the Danish proverb goes “forecasting is difficult, especially when it concerns the future”. The audit committee should, therefore, approach the subject of uncertainties in a different manner:  leaving the path of prediction and taking the path of agility, seizing opportunities, and avoiding rationality and argumentation.

  • Maintaining agility means:
    • training the muscles of the corporate strategy: design various scenarios;
    • Ensuring the adaptability of the organization: encourage speed of reaction;
    • Promoting the flexibility of the people and systems: break silos and develop networks.
  • “Chance favors the prepared” said the French scientist Louis Pasteur. Opportunities are seized by companies that are vigilant. The board should foster the company’s exposure to positive contingencies that might be as beneficial as negative contingencies might be hurtful.
  • Avoid rationality and argumentation since, as Taleb explained, relying on it is the very reason why boards and audit committees do not see these “black swans” coming.

Xavier BEDORET is a consultant in corporate governance. Drawing on his experience as a certified accountant, financial controller, internal auditor and committee chair, he gives audit committees support and guidance for improving their actions.

Why boards have a duty to reinforce resilience

By Didier Duret IDP-C, Non-Executive Director and Independent Adviser

Change is risky for firms and boards of directors must see beyond talk of disruption and innovation to ensure companies focus on their essential qualities and a handful of best practices

The current global lockdown, enforced by governments to minimise the Covid-19-led public health emergency, has led to the shelving of many firms’ multi-decade strategies to correctly allocate resources across different regions.

Boards of directors must now re-focus on their organisations’ long-term resilience. This must not be confused with short-term crisis management, which demands quick reactions, analysed relentlessly across digital media.

Prudence and strength

Resilience is a mixture of prudence and strength before a crisis and should be ingrained in firms. It is defined as “the degree of freedom we can deploy to act on events we cannot control”, by Boris Cyrulnik, French psychiatrist, author and Holocaust survivor. For most firms, it derives from a mix of efficient risk management and organisational flexibility. In order to boost resilience, boards must question assumptions, nail down governance principles and adopt sound stewardship.

The idea of resilience in business was popularised by Nassim Taleb in his 2012 best-seller Antifragile: Things That Gain From Disorder, which argued that both humans and organisations are poorly equipped to cope with shocks that accelerate change and have cascading consequences. While hardwiring to think in categories has helped our species survive, most phenomena in nature and society follow non-linear patterns with little respect for categories. Although we can model risk from yesterday’s data, we cannot apply it confidently to tomorrow’s uncertainties.

In modern corporate life, despite a professional culture that has elevated disruption to a virtue, change remains risky and unpredictable. Many start-ups do not survive, and large firms struggle to adapt. Disruptive ideas facilitated by ‘agile management’ have limited impact once they encounter bureaucratic inertia. The board is in a key position to see beyond management techniques and reflect on the essential qualities of a resilient firm.

Focus on what works

Rather than being hypnotised into a reverie of ‘innovation’, it makes sense to focus on a handful of best practices. Of these, financial resilience and access to cash is the most important. Heavy debt and weak solvency ratios undermine resilience. Boards have explicit responsibility for their firm’s capital structure and access to finance, plus oversight of remuneration and dividend and share buyback policies. In a crisis, when survival is at stake, board members may seek access to new capital, renegotiate bank loans or seek being bought out by a larger firm. Board oversight is crucial for the firm to exit a crisis with resilient, if battered, financials.

Diversification of activities, markets, products and suppliers makes good business practice. Diversity of opinions, talents and skills among management, staff and board members also contributes to strategic resilience. A mix of genders, races, cultures, languages and expertise strengthens reliability of operations and leadership competencies. External advisers and independent board members can help identify new trends signifying a paradigm shift. They reduce groupthink and corporate bias, constructing a vision differing from the past. External think-tanks or business school experts can be valuable resources for the board to refocus long-term strategy based on short-term crisis-induced changes.

Discernment through judgemental resilience is a major governance skill exercised by the board. It can be reinforced to balance quantitative resource optimisation versus qualitative operational resilience. Better data-driven “dashboards” do not mean better resilience, just as last week’s stock price does not tell us what next week’s will be. The board can ask the CEO to review crisis planning and solidity of the strategy though a qualitative-scenario lens differing from traditional quantitative-scenario planning. which, most of the time, is consensual to the industry or macro environment.

ESG goes mainstream

Environmental, social, and governance (ESG) policies have become mainstream, reinforcing resilience by reducing financial, operational, and reputational risks through selecting reputable commodity providers or avoiding financing controversial industries. But ESG-driven governance does not guarantee resilience. Recent 20-year-low oil prices are just as disruptive for power producers using wind farms and solar panels in the transition to renewable energy as for shale oil firms, radically transforming capital spending plans. But today’s unprecedented economic crisis is impacting global social and political dynamics as well as consumers’ visions of the world and leadership expectations. Authentic ESG culture may yet prove a competitive advantage in the post-Covid-19 ‘new normal’.

Humility offers a hidden dimension to resilience, counterbalancing the excessive risk-taking and corporate hubris associated with charismatic CEOs. Would WorldCom have survived with board members questioning its overmighty CEO Bernard Ebbers more explicitly? Good practice involves yearly independent assessment of performance and behaviour of the board chairman, members, CEO and executive committee. Humility does not mean timidity, as it can be courageous. An advisory board I sat on during the early weeks of the Covid-19 crisis pursued investment in strategic areas that had suffered from heavy losses through massive disruptions, but gave the CEO wide latitude to implement high-level decisions.

I believe boards of directors, by focusing more on conditions for resilience, can help firms achieve better financial, ethical and environmental results. Resilience in all its aspects, has become a strategic requirement and unless boards take a more socially-oriented and strategic outlook for their organisations, billions of people will suffer, to the ultimate detriment of these firms.

Didier Duret IDP- C is a non-executive director, an investment committee member, and independent adviser to several private family offices and foundations. 

This article was first published in the Private Wealth Management Magazine from the Financial Times on 23 May 2020, and can be found at https://www.pwmnet.com/Wealth-Management/Business-Models/Private-View-Blog-Why-boards-have-a-duty-to-reinforce-resilience

Align Risk Management with Strategy and Operating Performance, Reward and Remuneration

This blogpost is shared as part of a series of insights from INSEAD Directors Network, based on roundtable discussions held during INSEAD Directors Forum October 2018. The Directors Forum Round Table Discussions were held with IDN members led by IDN board members or IDN Ambassadors. Other Blogpost in Series shared last. 

___________________________

(Photo: Pixabay) 

The round table discussion “Align Risk Management with Strategy and Operating Performance, but also Reward and Remuneration” was led by Susana Gomez-Smith, NED and IDN Ambassador for Portugal with the introduction

As the ultimate steward of value and overseer of risk, the board must grasp the relationship between strategy and risk and assist management, in gaining that understanding but also in putting it to practical use. The Board must also ensure that remuneration policies/practices are consistent with and promote sound and effective risk management and in line with the business strategy.

  • Why should the Board consider and discuss strategy and risk appetite in tandem? How to do it in practice?
  • What can the board do to drive greater awareness of the risks to the strategy throughout the organization?
  • “Remuneration forms part of the culture and governance priority as set out in our Business Plan. As a key driver of behavior, remuneration of senior and risk taking staff is an important area of focus for the FCA to ensure that risk and reward are aligned in firms that we regulate through our Remuneration Codes (the Codes). Whilst our remuneration rules only apply to specific groups of firms, remuneration is a key driver of behavior for all firms and individuals. Implementing appropriate remuneration policies and practices helps to ensure appropriate outcomes and reduces the likelihood of harm from occurring “
    Financial Conduct Authority, Remuneration Codes

    How can Boards satisfy themselves that firms remuneration practices lead to appropriate outcomes and risk and reward are aligned?

Pre-readings:
Strategic Risk Management: A Primer for Directors, Harvard Law School Forum on Corporate Governance and Financial Regulation
The UK Corporate Code, Financial Reporting Council (from page 16)

Roundtable discussion

The strategy and risk areas has historically kept as quite separate topic, as the risk focus has tended to be quite operational in focus. As the strategic risk has been in steep increase for many companies the boards needs to find more appropriate ways to work with the topics in tandem.  Some key insights from the board members were noted as;

  • The strategy of the firm is and has to be the starting point of all the considerations
  • The Strategy should comprise the areas of the core business and potential new business areas
  • The risk appetite for both areas has to be set and will be overseen by the Board (in a regular exercise)
  • The risk culture is set at the top of the company!
  • The second line of defence (Risk Management, Compliance) as well as the third line of defence are supporting the first line (operations) – clear definitions needed
  • Especially the Risk Management and Compliance functions must be filled with experienced and independent staff
  • With regard to risk measurement and risk identification, the right KPIs (which are rather backward looking) and KRIs have to be defined (better start with few but the most telling ones). Monitor not only your risks but also how the probability, impact of such risk is evolving.
  • The Risk Management process is not static, it is a constant effort. Risk managers should be incentivized to identify emerging risks. Some companies on the side of the regular Risk Committees perform regular exercises to reflect on emerging risks. It is advisable to include in such exercises different areas of the company and not only a closed inward exercise of the risk department.
  • At Board level, a trade-off between investments in new business areas and investments to mitigate/eliminate existing risks has to be found
  • The remuneration should be linked to
  1. Implementation of the strategy (s-t, m-t, l-t) and hence parts of the variable compensation be deferred
  2. Accomplishments in the core business areas as well as in developing new business areas
  3. Risk taking and risk management
  4. Implementation and living the risk culture in the firm
  • The Remuneration Committee should be given the power to override formulaic outcomes of bonus schemes
  • Remember: The Management is responsible for Risk Management, the Board is responsible for Risk Oversight.

Conclusion: Strategy and risk needs a framework to be jointly considered as the strategic risk is increasing for many companies, and it needs to be fully aligned also with new and balanced remuneration schemes.

Recommended additional reading;

Enterprise risk Management – Integrating with Strategy and Performance, (COSO)

Using a Risk Appetite Framework to Align Strategy and Risk, (Moody’s)

Letters to Remuneration Committee Chairs (FCA UK)

 

By Susana Gomez- Smith,

Certified Independent Director IDP-C and IDN Ambassador Portugal

___________________________________________

 

Other blogpost in this series: 

Governance in a Disruptive World by IDN Board Member Liselotte Engstam

From Board oversight of Strategy, to creating a Sustainable Business, by Helen Pitcher OBE, IDP-C, Vice President IDN

Anticipate and manage for geopolitical trade, corporate governance codes and regulatory changes by Cleopatra Kitty, IDN Cyprus Ambassador 

The impact of technology on​ Strategy & Business Models by Mary Francia, IDN Board Member

Align Risk Management with Strategy and Operating Performance, Reward and Remuneration by Susana Gomez- Smith, IDN Portugal Ambassador

Accelerate Board Effectiveness by IDN Board Member Thomas Seale

 

More insight from INSEAD Directors Network, will be shared based on INSEAD Directors Forum 2018, Round Table Discussions – Look out for more upcoming blogposts!

Anticipate and manage for geopolitical, trade, corporate governance codes and regulators changes

This blogpost is shared as part of a series of insights from INSEAD Directors Network, based on roundtable discussions held during INSEAD Directors Forum October 2018. The Directors Forum Round Table Discussions were held with IDN members led by IDN board members or IDN Ambassadors. Other blog posts shared last. 

__________________________

The roundtable discussion was led by Cleopatra Kitti, IDN Ambassador Cyprus, with the introduction

Anticipate & manage for geopolitical, trade, corporate governance codes & regulators changes

  • Anticipate: Define, Measurement, Audit
  • Proactive VS Reactive: crisis management, resonse mechanism, measurement and evaluation
  • What does this mean for the Board? (perspective, information, connecting the dots, risk measurement, scenario planning, regular review)

* Pre-Reading:

Measuring Geopolitical Risk, Dario Caldaraa and Matteo Iacoviello
__________________________

As disruption is the key word for business society and of the wider operating environment for boards, there is much discussion on how to anticipate and navigate through such a complex environment. Especially when decisions need to be taken within short, medium, and longer term horizons.

The context: The benchmarks and guide books of performance shift goalposts:  In capital markets there is much debate on assessing performance and return on investment not in quarterly results but over a longer horizon; governance codes differ region by region or country by country; whilst disruption by politics, trade wars and social movements add an additional layer of complexity for performance.

This complexity calls for strong business ethics, culture and values at the top, at board level.

Our pre-reading looked at how different global institutions and boards identify, measure and respond to risk and opportunity. How markets, politics and society interact and intercept progress. How Information flow for proactive and reactive decision making tools are important elements to board work and decision making.

The discussion: after setting the context and key parameters for our discussion, we centered on two case studies brought forward by fellow IDN directors:

  • One case study dealt with governance and decision making at board level of a sovereign wealth fund, required to decide on a cross border investment decision that had political significance with less significant investment value. This is a real time case study;
  • the other case study looked at a national, publicly listed telecommunications company where the board decision on international expansion led the company down the path of missed opportunity and eventual loss of market share.

We identified these important parameters:

  • Geopolitics is seen as a “long term” impact and usually falls outside the core competence of most directors
  • Proactive and reactive measurement tools, scorecards, or benchmarks of success are required tools for level playing field decision making
  • The unclear landscape of differing governance codes and regulations across jurisdictions creates unclear paths to decision making
  • The board must understand the “timing” element of its decision making
  • The composition of the board must reflect the differing dimensions today’s complex business environment.

 

Conclusion:  Boards are operating in an increasingly complex environment of politics, markets, trade wars and social movements, which calls for in increased focus from directors setting the agenda and decisions based on ethics and values driven by the top of the organization’s leadership.

Image: courtesy of www.ceopatrakitti.com

By Cleopatra Kitti

Certified Independent Director IDP-C, NED and IDN Ambassador Cyprus

www.cleopatrakitti.com

___________________________________

Other blogpost in this series: 

Governance in a Disruptive World by IDN Board Member Liselotte Engstam

From Board oversight of Strategy, to creating a Sustainable Business, by Helen Pitcher OBE, IDP-C, Vice President IDN

Anticipate and manage for geopolitical trade, corporate governance codes and regulatory changes by Cleopatra Kitty, IDN Cyprus Ambassador 

The impact of technology on​ Strategy & Business Models by Mary Francia, IDN Board Member

Align Risk Management with Strategy and Operating Performance, Reward and Remuneration by Susana Gomez- Smith, IDN Portugal Ambassador

Accelerate Board Effectiveness by IDN Board Member Thomas Seale

 

More insight from INSEAD Directors Network, will be shared based on INSEAD Directors Forum 2018, Round Table Discussions – Look out for more upcoming blogposts!