irm forum workshop€¦ · a degradation in the firms csr profile (damageto environment / abuse of...
TRANSCRIPT
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Risk Intelligence Insight Reward
IRM Forum Workshop
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Risk to Reputation
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Risk to Reputation is new and relevant to ERM practitioners
R2R is a vital part of ERM, ignored
at your peril
Like all key Risk metrics, it is measureable
R2R will enhance value and strategic
continuity
Copyright © 2010 The Tom Vesey Group. All rights reserved .
But how?
And what do industry thought
leaders say?
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Risk to Reputation is new to ERM and relevant to ERM practitioners
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Copyright © 2010 The Tom Vesey Group. All rights reserved . Copyright © 2010 The Tom Vesey Group. All rights reserved .
The ‘Inside → Out’ perspective
This is vital but, on its own, insufficient...
Enterprise Risk Management:
Expert assessment by enterprise of what is seen, can be foreseen
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Strategic
Operational
Compliance
Reporting
Copyright © 2010 The Tom Vesey Group. All rights reserved .
But time and again, catastrophic risks appear unexpected
Generally, these are not unknowable ...Just not known to the right people
Copyright © 2010 The Tom Vesey Group. All rights reserved .
The ‘Outside → In’ perspective is absent
No external view
No grass roots view
No objective view
No view from receiving end
Caught unawares
Copyright © 2010 The Tom Vesey Group. All rights reserved .
The ‘Inside → Out’ perspective
The ‘Outside → In’ perspective
Copyright © 2010 The Tom Vesey Group. All rights reserved .
The ‘Inside → Out’ perspective
The ‘Outside → In’ perspective
Copyright © 2010 The Tom Vesey Group. All rights reserved .
The ‘Inside → Out’ perspective
The ‘Outside → In’ perspective
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Customers
Agencies
Analysts
Partners
Local communitiesPoliticians
NGOs
Media
Regulators
Stakeholders watching all
firm’s actions /manifestations
closely
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Together, organisations get a 360ᴼ view of Risk
ERM:What firm can see
and foresee
R2R:What others see and can foresee
Copyright © 2010 The Tom Vesey Group. All rights reserved .
R2R is a vital part of ERM, to be ignored at your peril
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Influence of
pressure groups
Comms Technology / Globalisation
Stakeholders matter more
than ever
Rise in expectations
Importance of intangibles
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Clientsdon’t buy Agencies
don’t rate
Analystsdon’t back
Partnersdon’t promote
Local communitiesdon’t accept
Politiciansdon’t support
NGOs don’t approve
Mediadon’t believe
If regulatorsdon’t allow
Just how important is such data?
Reputationin tattersStrategy
unachievable
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Some know just how vital to their cost ...
Reputation damaged > Strategy disrupted > Value plummeted
Supreme
$20bn value lost in week
CEO humiliated in Congress
Confident
Value halved in 6 months
Massive strategic change, later abandoned
Beyond problems
15 deaths, $85mn in fines Damages in billions
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Analysts
Regulators
Government
NGOs
Customers
Partners
Suppliers
LocalCommunities
Strategy &
Reputation
Staff
Media (Classic &
social)
Health analysts made the link between
McDonald’s marketing and Child Obesity
Analysts
Partners and Customers knew of
problems with Toyota 14 months before
crisis
Partners
Customers
BP staff made the link between cost cutting and refinery risk in
many emails, before Texas refinery
explosion
Staff
The information was not unknowable, ...Just not known to the right people: Top management
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Like all key Risk metrics, Risk to Reputation is measureable
“Companies struggle to categorise— let alone quantify —
reputational risk” (Economist)
Copyright © 2010 The Tom Vesey Group. All rights reserved .
The starting point is reputation ...
Risk is the tough part!
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Reputation Management alone is not enough
Good reputation
...
All well then!
All Drivers
look OK?
All Stake holders
covered?
But so what?
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Risk to Reputation :Analysing Reputation in context of Execution of Strategy
22
Mission
Strategy
Execution
of
Corporate
Reputation as
to Execution of strategy
Risk Lever
Copyright © 2010 The Tom Vesey Group. All rights reserved .
But the heart of the system is
Instil & maintain cost discipline
Develop international platforms
Develop renewables profitably
Realise full potential of arctic World leading oil
& Gas company
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Driver Likelihood Risk Impact of Risk
Vision and promises to
partners
Statoil ‘s vision / promise of responsibility is unlikely to impact this strategy. It has a weaker cost discipline profile (Solomon Indices) than peers for manufacturing, pursuit of cost rigour should simply bring it into line with peers.
Rare Risk, Insignificant Impact
CSR profile
A degradation in the firm’s CSR profile (damage to environment / abuse of local communities) could impede this strategy given the company’s commitment to behave above expectations. Therefore any linkage between cost cutting and CSR damage would place pressure on cost cutting measures
The impact would be minor and on the fringes of financial rigour
Human capitalThe ‘Norwegian model’ of social capitalism implies above average treatment of staff (future as well as present). Degradation of this will limit room for manoeuvre on labour costs
Impact is modest; Statoil is a likely to remain a company Norwegians wish to work for given its size in the economy and career opportunities.
Finance & value No Risk, as markets will expect this discipline Rare Risk, Insignificant Impact
Regulatoryprofile
Possible: Any cuts in costs must never be linked to lowering of safety standards, training etc. Failure to do this would result from domestic regulator and escalate into political, then labour and public outcry at home
Should a link be made between cost cutting and safety, the risk would be moderate as it would undermine Statoil’s promise of responsibility. Risk is not major as demonstrated by recent lapses of safety; but could escalate if Regulator found major flaws in H&S. This in turn is very unlikely.
Outreach / Communications
Only significant risk comes in distancing linkage in public announcements between cost discipline and sensitive drivers (safety, CSR, staff training etc.). Given ability of media to modify statement, risk is present
Impact of Risk is higher than likelihood as media attacks – even poorly founded as in the case of Statoil’s oil sands investments – can make life publicly very difficult (political intervention / questioning of strategy)
Operations XYZ has a strong operational safety record. But accidents happen in a dangerous industry. Should they happen, there is a possibility of linkage to cost cutting, which would bring Risk
The impact of such an eventuality would be major. It would cost $millions in fines (BP Texas). And it would undermine XYZ’s core values, attack a major expectation of nation’s people and call into question other strategic factors such as the NCS
Leadership / governance
As Statoil becomes more privately than publicly owned, focus on cost will be expected. But Leadership will be burdened with Brand Promise
If link were made between cost policy and brand promise, management could be under under public pressure to change
Sector profileStatoil is late to the process of cost discipline. Peers have been there for years. There is therefore insignificant risk from the industry
Rare Risk, Insignificant Impact
Instil & maintain cost discipline
Instil & maintain
cost discipline
The impact of such an eventuality would be massive and cost $billions in fines . It would undermine core values, attack a major expectation
of people and call into question other strategic factors such as arctic
XYZ has a strong operational safety record. But accidents
happen in a dangerous industry. Should they happen, there is a
possibility of linkage to cost cutting, which would bring Risk
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Customers
Agencies
Analysts
Partners
Local communitiesPoliticians
NGOs
Media
Regulators
Jan
-09
FEB
MA
R
AP
R
MA
Y
JUN
JUL
AU
G
SEP
OC
T
DEC
NO
V
Jan
-10
FEB
MA
R
AP
R
MA
Y
JUN
+5+4+3+2+10-1-2-3-4-5
The biggest challenge:Aggregating data from different sources into one Index
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Instill cost discipline
NCS exploitation
International platforms
Profitable renewables
Ris
k P
rofi
le
Strategies can be mapped by risk profile ...
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Q109 Q209 Q309 Q409 Q110 Q210 Q310 Q410 Q111 Q211
Int P'forms
Costs
Arctic
Renewables
Development in Risk to Reputation can be tracked
Copyright © 2010 The Tom Vesey Group. All rights reserved .
28
The end game:Enhance strategic continuity. Protect value and reputation
Key exploration strategy threatened
Interconnected opposition from stakeholders detected
CEO enabled to launch turn around program
Cancellation of global re-launch averted
Credible threat of racism and plagiarism detected
CGC enabled to negotiate take pre-emptive action
Timely detection of strategic risk to NGO
‘Negative stereotyping’ in southern hemisphere
Counter positioning enabled, reputation assured
Strategic continuity assured. Value and Reputation protected
Copyright © 2010 The Tom Vesey Group. All rights reserved .
So how?
Copyright © 2010 The Tom Vesey Group. All rights reserved .
3030
The Risk to Reputation Programme:Three stage process to assure strategic effectiveness
Discovery
‘Inside : Out’ perspective
7. Conduct Risk to Reputation Workshop (review of all of above)
6. Establish key listening posts
5. Establish company / industry key stakeholders
4. Establish corporate vulnerability points
3. Review company and competitor vision / brand promises
2. Review key risks and opportunities for firm
1. Explore major company strategies and assumptions
Baseline‘Outside : In’Perspective 9. Present baseline, review findings, fine-tune project
8. Launch listening program
Execution‘360ᴼ’
perspective 11. Introduce ‘Execution of strategy enhancement plan’
10. Launch ongoing project
Copyright © 2010 The Tom Vesey Group. All rights reserved .
For operational managers, real-time reporting is attractive
For senior management, where a compilation of KRIs that highlights potential deviations, a less
frequent (e.g., monthly) report may be sufficient
At the board level, reporting is often aggregated to allow for a more strategic evaluation of the data
Intelligent risk alerts
Monthly dashboards
Quarterly strategic analysis
Reporting: What COSO recommends
Copyright © 2010 The Tom Vesey Group. All rights reserved .
What does risk industry thought leadership say?
Copyright © 2010 The Tom Vesey Group. All rights reserved .
“How Key Risk Indicators can Sharpen Focus on Emerging Risks”, COSO, December 2010
“KRI identification process may benefit from experts within the organization, best positioned to know where stress
points (i.e., root cause events and intermediate events) exist”
“These individuals may be biased towards existing risk metrics already in
use, and that they are comfortable with, at the expense of possibly improved measures that require
additional analysis and validation before adoption”
“The closer the KRI is to the ultimate root cause of the risk event, the more
likely the KRI will provide management time to proactively take action to
respond to the risk event”
“Relevance of external data, given that many root cause events and intermediate
events that affect strategies arise from outside the organization”
“Discussions with key stakeholders such as customers, employees and suppliers
may provide important insights into risks they face that may ultimately create risks
for the organization”
“KRI data sourced from external and/or independent parties
provides the benefit of objectivity”
Classic ERM
Inside:Outnot enough
Focus investigation
on root cause
Criticality of external
objectivity
Outside:Inperspective
vital
Importance of data from Stakeholders
Copyright © 2010 The Tom Vesey Group. All rights reserved .
Not listening to customers
& dealers
Not aware of concern of
scientists and parents
Not able to detect email
traffic between key managers
These crises were avoidable
Reputation damaged. Strategies disrupted. Massive loss of value
The ‘Outside : In’ Perspective’ was absent
Risk to ReputationRisk Intelligence Insight Reward
How is your firm going to manage this key discipline?
Contact: [email protected]
www.risk2reputation.com