The 2015 Tone-at- the-Top worry is on Reputational Risk, Part II/II
While executive directors often blame regulatory risks for taking much of their time, the concern for reputation risks has grown over the years. The high-profile media coverage e.g. the BP oil spill in the Gulf of Mexico, the global LIBOR and HSBC scandals that have lead to even greater banking regulation. The FIFA scandal that continued for a couple of decades, before US authorities put their foot down, or Petrobras scandal in Brazil, has changed the tone-at-the-top agenda.
The Copenhagen Compliance roadmap and framework on reputation risk management provides structured guidance with ten different GRC components to address and assess the board of directors and senior management's approach to evaluating and measure their role and responsibility. The scores from the framework and roadmap surveys can be benchmarked with similar entities and compared year to year.
1. Benchmark the Extent and Nature of non-compliance
Any compliance breach will highlight the need for the involvement of senior management is to determine the gaps in the compliance policies. If management lets go the minor violations as unimportant, it feeds to creating a culture of noncompliance that later could develop into serious violations. Much significant compliance breached at e.g. Enron or Societé General started with rather small coverups that were not acted upon.
2. Whistleblowing and Anonymity in Incident Reporting
If employees are troubled to report wrongdoing or if there is a general feeling that protection of previous whistleblowers has been weak, the whistleblower function does not work appropiartelæy. If the company has a considerably higher than average proportion of anonymous whistleblower reports, management must act. The whistleblower source to figure fraud in the organisation is historically a valuable management tool.
3. Employee Surveys
One fo the first questions in such a survey should be if all employees feel that management "walks the talk" in integrity and ethics issues. Similar useful questions in annual surveys can help in understanding employees' perspectives on creating the right compliance culture to assess the responses that can provide insights into GRC areas that may require a renewed focus.
4. Management Attitude and Communications
Even Margaret Thatcher treated other ministers with scorn and despised. Reading management memo's and communications to both senior management and supervisory employees often provide insight on the lack of professional treatment. Respect, Integrity and trust are keywords to enforce the right language attitude in all communications.
5. Cluster Conversation
A formal meeting with the relevant agenda item with the governance, audit or risk committee together with management or compliance executives, to share knowledge, observations and perspectives will engage more employees on board level activities. The results can be then communicated to provide an opportunity to develop a cohesive view of several new risk and compliance implementation in the organisation the coming year.
6. Facility Visits different geographic locations
Informal conversations are an be informative to both sides. Revolving the place of the board, compliance, and risk management meetings can enable all members to witness different parts of the operations. To touch base with local control in various geographic locations can ensure that future communication lines exist if the need or an issue arises. Audit committee members may choose to visit local management without a formal senior management escort.
7. Social Media can disclose many reputation questions
Monitoring comments and criticism in social media can be illegal, but social media and several other online venues help management to identify culture issues that normally is far from the board communications. The tone and discussions that are used in the social media can inform management with new information. The internet can help build consensus on whether remedial action is needed in communicating enterprise-wide messages.
8. Exit Interviews
Departing employees will often provide insights into ethics and integrity issues or any other GRC issue that may have contributed to their departure. Online surveys can also be sent to ex. employees a few weeks after their departure, with the capability for responding anonymously.
9. Interviews and Focus Groups
Regular interviews with focus groups can be useful in assessing the overall performance in a structured way. This group can supplement to uncover the underlying issues that may exist in operations or management and draw out information that people are reluctant to share openly.
10. Customer Complaints
Monitoring trends in customer feedback and grievances always provide insight into the entity's culture. Swift and open handling of complaints is required to indicate that management is dedicated to compliance and ethics. Non-response, on the other hand, will create unfortunate customers to the detriment of the organisation.