Boards continue to see reputation risk as their top concern. In the third annual study by EisnerAmperLLP among board members, two thirds (66%) see reputational risk at the top of their agendas for concern, ahead of regulatory issues (59%). In fact, reputational risk has grown while regulatory risk has remained stable year over year. Both IT risk and privacy risk showed increases from the last survey and reflect the many breeches in systems security that we’ve seen which inevitably led to attacks upon a company’s reputation. Similarly, according to the report, crisis management, is also an indicator of reputational concern.
What do board members really mean when they say they worry about reputational risk? In an open ended question, board members are most likely to be talking about product quality, liability and customer satisfaction (30% of all responses) followed by concerns about integrity, fraud, ethics and specifically the Foreign Corrupt Practices Act, (24%). IT concerns fell in at about 12% and environmental concerns at 8%. It always surprises me how little attention is paid to environmental issues at the top.
How are risks assessed? About two in 10 get reports from executive management, discuss risk issues at board meetings and get help from professionals or outside experts. About one in 10 get information from the risk committee. That seems like an area ripe for assistance. The report interestingly mentions that recent years have not been kind to risk teams and that with all the recent issues and crises stealing headlines, boards are realizing that CFOs need greater support. In fact, the survey found that nearly two-thirds of boards are planning to enhance staff and increase audit coverage and about one in three are leaning towards hiring outside service providers.