irm forum workshop€¦ · a degradation in the firms csr profile (damageto environment / abuse of...

Copyright © 2010 The Tom Vesey Group. All rights reserved .

Risk Intelligence Insight Reward

IRM Forum Workshop


Risk to Reputation


Risk to Reputation is new and relevant to ERM practitioners

R2R is a vital part of ERM, ignored

at your peril

Like all key Risk metrics, it is measureable

R2R will enhance value and strategic

continuity


But how?

And what do industry thought

leaders say?


Risk to Reputation is new to ERM and relevant to ERM practitioners


Copyright © 2010 The Tom Vesey Group. All rights reserved . Copyright © 2010 The Tom Vesey Group. All rights reserved .

The ‘Inside → Out’ perspective

This is vital but, on its own, insufficient...

Enterprise Risk Management:

Expert assessment by enterprise of what is seen, can be foreseen


Strategic

Operational

Compliance

Reporting


But time and again, catastrophic risks appear unexpected

Generally, these are not unknowable ...Just not known to the right people


The ‘Outside → In’ perspective is absent

No external view

No grass roots view

No objective view

No view from receiving end

Caught unawares


The ‘Inside → Out’ perspective

The ‘Outside → In’ perspective


Customers

Agencies

Analysts

Partners

Local communitiesPoliticians

NGOs

Media

Regulators

Stakeholders watching all

firm’s actions /manifestations

closely


Together, organisations get a 360ᴼ view of Risk

ERM:What firm can see

and foresee

R2R:What others see and can foresee


R2R is a vital part of ERM, to be ignored at your peril


Influence of

pressure groups

Comms Technology / Globalisation

Stakeholders matter more

than ever

Rise in expectations

Importance of intangibles


Clientsdon’t buy Agencies

don’t rate

Analystsdon’t back

Partnersdon’t promote

Local communitiesdon’t accept

Politiciansdon’t support

NGOs don’t approve

Mediadon’t believe

If regulatorsdon’t allow

Just how important is such data?

Reputationin tattersStrategy

unachievable


Some know just how vital to their cost ...

Reputation damaged > Strategy disrupted > Value plummeted

Supreme

$20bn value lost in week

CEO humiliated in Congress

Confident

Value halved in 6 months

Massive strategic change, later abandoned

Beyond problems

15 deaths, $85mn in fines Damages in billions


Analysts

Regulators

Government

NGOs

Customers

Partners

Suppliers

LocalCommunities

Strategy &

Reputation

Staff

Media (Classic &

social)

Health analysts made the link between

McDonald’s marketing and Child Obesity

Analysts

Partners and Customers knew of

problems with Toyota 14 months before

crisis

Partners

Customers

BP staff made the link between cost cutting and refinery risk in

many emails, before Texas refinery

explosion

Staff

The information was not unknowable, ...Just not known to the right people: Top management


Like all key Risk metrics, Risk to Reputation is measureable

“Companies struggle to categorise— let alone quantify —

reputational risk” (Economist)


The starting point is reputation ...

Risk is the tough part!


Reputation Management alone is not enough

Good reputation

...

All well then!

All Drivers

look OK?

All Stake holders

covered?

But so what?


Risk to Reputation :Analysing Reputation in context of Execution of Strategy

22

Mission

Strategy

Execution

of

Corporate

Reputation as

to Execution of strategy

Risk Lever


But the heart of the system is

Instil & maintain cost discipline

Develop international platforms

Develop renewables profitably

Realise full potential of arctic World leading oil

& Gas company


Driver Likelihood Risk Impact of Risk

Vision and promises to

partners

Statoil ‘s vision / promise of responsibility is unlikely to impact this strategy. It has a weaker cost discipline profile (Solomon Indices) than peers for manufacturing, pursuit of cost rigour should simply bring it into line with peers.

Rare Risk, Insignificant Impact

CSR profile

A degradation in the firm’s CSR profile (damage to environment / abuse of local communities) could impede this strategy given the company’s commitment to behave above expectations. Therefore any linkage between cost cutting and CSR damage would place pressure on cost cutting measures

The impact would be minor and on the fringes of financial rigour

Human capitalThe ‘Norwegian model’ of social capitalism implies above average treatment of staff (future as well as present). Degradation of this will limit room for manoeuvre on labour costs

Impact is modest; Statoil is a likely to remain a company Norwegians wish to work for given its size in the economy and career opportunities.

Finance & value No Risk, as markets will expect this discipline Rare Risk, Insignificant Impact

Regulatoryprofile

Possible: Any cuts in costs must never be linked to lowering of safety standards, training etc. Failure to do this would result from domestic regulator and escalate into political, then labour and public outcry at home

Should a link be made between cost cutting and safety, the risk would be moderate as it would undermine Statoil’s promise of responsibility. Risk is not major as demonstrated by recent lapses of safety; but could escalate if Regulator found major flaws in H&S. This in turn is very unlikely.

Outreach / Communications

Only significant risk comes in distancing linkage in public announcements between cost discipline and sensitive drivers (safety, CSR, staff training etc.). Given ability of media to modify statement, risk is present

Impact of Risk is higher than likelihood as media attacks – even poorly founded as in the case of Statoil’s oil sands investments – can make life publicly very difficult (political intervention / questioning of strategy)

Operations XYZ has a strong operational safety record. But accidents happen in a dangerous industry. Should they happen, there is a possibility of linkage to cost cutting, which would bring Risk

The impact of such an eventuality would be major. It would cost $millions in fines (BP Texas). And it would undermine XYZ’s core values, attack a major expectation of nation’s people and call into question other strategic factors such as the NCS

Leadership / governance

As Statoil becomes more privately than publicly owned, focus on cost will be expected. But Leadership will be burdened with Brand Promise

If link were made between cost policy and brand promise, management could be under under public pressure to change

Sector profileStatoil is late to the process of cost discipline. Peers have been there for years. There is therefore insignificant risk from the industry

Rare Risk, Insignificant Impact

Instil & maintain cost discipline

Instil & maintain

cost discipline

The impact of such an eventuality would be massive and cost $billions in fines . It would undermine core values, attack a major expectation

of people and call into question other strategic factors such as arctic

XYZ has a strong operational safety record. But accidents

happen in a dangerous industry. Should they happen, there is a

possibility of linkage to cost cutting, which would bring Risk


Customers

Agencies

Analysts

Partners

Local communitiesPoliticians

NGOs

Media

Regulators

Jan

-09

FEB

MA

R

AP

R

MA

Y

JUN

JUL

AU

G

SEP

OC

T

DEC

NO

V

Jan

-10

FEB

MA

R

AP

R

MA

Y

JUN

+5+4+3+2+10-1-2-3-4-5

The biggest challenge:Aggregating data from different sources into one Index


Instill cost discipline

NCS exploitation

International platforms

Profitable renewables

Ris

k P

rofi

le

Strategies can be mapped by risk profile ...


Q109 Q209 Q309 Q409 Q110 Q210 Q310 Q410 Q111 Q211

Int P'forms

Costs

Arctic

Renewables

Development in Risk to Reputation can be tracked


28

The end game:Enhance strategic continuity. Protect value and reputation

Key exploration strategy threatened

Interconnected opposition from stakeholders detected

CEO enabled to launch turn around program

Cancellation of global re-launch averted

Credible threat of racism and plagiarism detected

CGC enabled to negotiate take pre-emptive action

Timely detection of strategic risk to NGO

‘Negative stereotyping’ in southern hemisphere

Counter positioning enabled, reputation assured

Strategic continuity assured. Value and Reputation protected


So how?


3030

The Risk to Reputation Programme:Three stage process to assure strategic effectiveness

Discovery

‘Inside : Out’ perspective

7. Conduct Risk to Reputation Workshop (review of all of above)

6. Establish key listening posts

5. Establish company / industry key stakeholders

4. Establish corporate vulnerability points

3. Review company and competitor vision / brand promises

2. Review key risks and opportunities for firm

1. Explore major company strategies and assumptions

Baseline‘Outside : In’Perspective 9. Present baseline, review findings, fine-tune project

8. Launch listening program

Execution‘360ᴼ’

perspective 11. Introduce ‘Execution of strategy enhancement plan’

10. Launch ongoing project

../../../../Client docs/CalPERS/CalPERS Disco/RiiR CalPERS Discovery analysis.pptx


For operational managers, real-time reporting is attractive

For senior management, where a compilation of KRIs that highlights potential deviations, a less

frequent (e.g., monthly) report may be sufficient

At the board level, reporting is often aggregated to allow for a more strategic evaluation of the data

Intelligent risk alerts

Monthly dashboards

Quarterly strategic analysis

Reporting: What COSO recommends

../../../02 Risk/Standard docs/RiiR alert.pptx

../../../02 Risk/Standard docs/RiiR dashboard.pptx

../../../02 Risk/Standard docs/R2R Report example .PPTX


What does risk industry thought leadership say?


“How Key Risk Indicators can Sharpen Focus on Emerging Risks”, COSO, December 2010

“KRI identification process may benefit from experts within the organization, best positioned to know where stress

points (i.e., root cause events and intermediate events) exist”

“These individuals may be biased towards existing risk metrics already in

use, and that they are comfortable with, at the expense of possibly improved measures that require

additional analysis and validation before adoption”

“The closer the KRI is to the ultimate root cause of the risk event, the more

likely the KRI will provide management time to proactively take action to

respond to the risk event”

“Relevance of external data, given that many root cause events and intermediate

events that affect strategies arise from outside the organization”

“Discussions with key stakeholders such as customers, employees and suppliers

may provide important insights into risks they face that may ultimately create risks

for the organization”

“KRI data sourced from external and/or independent parties

provides the benefit of objectivity”

Classic ERM

Inside:Outnot enough

Focus investigation

on root cause

Criticality of external

objectivity

Outside:Inperspective

vital

Importance of data from Stakeholders


Not listening to customers

& dealers

Not aware of concern of

scientists and parents

Not able to detect email

traffic between key managers

These crises were avoidable

Reputation damaged. Strategies disrupted. Massive loss of value

The ‘Outside : In’ Perspective’ was absent

Risk to ReputationRisk Intelligence Insight Reward

How is your firm going to manage this key discipline?

Contact: [email protected]

[email protected]

www.risk2reputation.com

mailto:[email protected]

mailto:[email protected]

irm forum workshop€¦ · a degradation in the firms csr profile (damageto environment / abuse of...

Documents