The 2015 Tone-at- the-Top worry is on Reputational Risk
While executive directors often blame regulatory risks
for taking much of their time, the concern for reputation risks has grown
over the years. The high-profile media coverage e.g. the BP oil spill in
the Gulf of Mexico, the global LIBOR and HSBC scandals, that has lead to
even greater banking regulation. The FIFA scandal that continued for a couple
of decades, before US authorities put their foot down, or Petrobras scandal
in Brazil, has changed the tone-at-the-top agenda.
The anatomy of a corporate scandal is
often due to the lack of consequent tone-at-the Top. This lack consequential
management of board responsibilities is detrimental to the ethical organisational
climate. The outcome is lack of transparency, accountability, and oversight,
resulting in fraudulent financial reporting or messy and disorganised
internal control, auditing, and governance. Later all hell breaks loose
when the company faces the consequences of the bubble economy and/or market
pressures. This scenario has been the primary cause of the past two crisis.
When Sarbanes-Oxley (SOX) was introduced in 2004, there was an overwhelming
focus on internal control and compliance. The board of directors and the
CEO/CFO were caught up in the regulation of small issues. The heavy fuss
and commotion for SOX compliance has resulted in CEO/CFO not taking a
step back and looking at some of the big things or looking at risk as
a comprehensive GRC scenario.
Reputational risks are at the core of profit and value creation
A decade down the compliance road, the CEO/CFO now view reputational risk
as their primary concern, right after financial risks as their number
one priority. Regulatory risks come in third.
The increase in concerns for reputational risk must be seen in connection
with the most operational risks like product quality, liability, and customer
satisfaction that are always at the core of profit and value creation.
However corporate concerns for integrity, fraud, ethics, and corruption
are also ion the rise.
Therefore, the focus of the 9th annual European GRC Summit at the World
Trade Center in Stockholm on the 22-23rd September focuses to provide
multiple answers on these issues as there is no one size fits all solution.
http://www.copenhagencompliance.com/2015/stockholm/
Take a step back and look at the big issues
The conference focuses on providing guidance and information on broad-based
risk assessment. This indicates a major interest in keeping up-to-date
on risk holistically, according to the survey. Almost half said that a
group of concerns including cybersecurity, protecting reputational risk,
and being current with regulatory compliance issues was topics they want
to know more about.
In 2015, management looks at risk as a big picture. With the added components
of governance and compliance management can then take a step back and
looking at some of the big issues that the business can face in the future.
Ask these 3 questions before developing a customized Tone-at-the-Top
framework;
- Have we defined the quantitative measures, balanced with a qualitative
evaluation of the current tone-at-the-top? (All Copenhagen ComplianceŽ
GRC structures and frameworks can be quantified for measurement, management,
and monitoring)
- Do we have enough focus on soft controls in the internal audit function
to evaluate the major tone-at-the-top components?
- Is the tone-at-the-top perception of operating units, functions
and the roles of managers in line with the overall strategy and mission/vision
of the organisation.
In the next newsletter see: Approaches to Assessing the Tone-at-the-Top