For the second year in a row, a survey of members of corporate boards found that their major concern, aside from financial risk, is reputational risk.
Two-thirds (66%) of the directors on the boards of more than 190 public and privately held companies surveyed by the accounting firm EisnerAmper reported reputational risk remains their biggest nonfinancial concern, down slightly from the 69% who said the same thing last year.
EisnerAmper partner Steven Kreit, one of the study’s authors, says he was not surprised at the concern board members expressed about reputational risk. “Particularly with all the news relating to reputational risk we’ve seen—the BP well blowout, the security breaches of customer credit data, and so on—it’s understandable,” Kreit says. “Before we did this third annual survey, I was thinking that risk meant product risk, and you know, if the product was good, then the corporation had no problem. But with all these other things that can happen, it’s obviously a much bigger issue.”
Jim Mack, another EisnerAmper partner specializing in risk management, adds, “Remember, it’s not just reputational risk. Every other kind of risk also contains reputational issues. And it’s a kind of risk that you can’t really quantify. Remember the Exxon Valdez oil spill in Alaska?” That was an environmental problem, says Mack, who's pictured above, but it became a huge reputational risk issue for Exxon. “When people see Exxon today, they still remember the Exxon Valdez, and that happened almost 25 years ago!”
Three other types of nonfinancial risk were rated as top concerns by more than 50% of respondents: regulatory compliance risk (59%), CEO succession planning risk (53%) and IT risk (54%). All of those risks have obvious potential to affect a company’s reputation. Among the top concerns, only IT rose in importance from last year, when it was cited by 51% of directors surveyed.
Crisis management, which was not included in previous EisnerAmper surveys, was a top concern this year for 47% of responding directors, perhaps a reflection of the reputational damage BP suffered from its rig blow-out in the Gulf of Mexico.
“Risks are integrated, and reputational risk is a part of most risks,” says Noel Seaman, a board member of the Risk Management Society (RIMS), and manager of risk management and insurance at the University of Saskatchewan in Canada. Seaman says his institution views reputational risk as an “impact risk” of other risks.
According to the survey, the categories of risk where reputational impact is of biggest concern include operational issues such as product liability, succession planning and IT systems, as well as fraud and inadequate training of employees.
Recognizing the importance of reputational risk is one thing, but what can boards and board members do about better dealing with it?
“There are examples where boards are setting up a separate risk committee,” Mack says, noting that the survey found 11% of responding boards have established such committees. “More common though is to see reputational risk—and other risks—dealt with by the board’s audit committee or the executive committee.”
“What we’re seeing at some of the best boards, and especially on board audit committees, is a shift in focus more away from day-to-day to becoming more forward-looking regarding reputational risk,” he adds. “What could go wrong? What is management doing to avoid problems that might be around the corner?”
Prompt and open handling of problems is also important. “Boards are telling management that they want transparency and a quick reporting of problems. No cover-ups,” Mack says. “Cover-ups of reputation-causing problems are much worse than the crime itself.”
To read about insurance products aimed at reputation risk, see Guarding Reputations. For a look at how companies use media monitoring to check what others are saying about them, see Media Monitoring’s Role in Managing Reputation Risk.