The stakes around reputational risk have never been higher for companies – with the potential for damaging everything from market value to the ability to recruit and retain the best talent. Regulations put in place post-global financial crisis called for boards to disclose their role in risk oversight, but the explosive disclosures around cyber hacks and sexual harassment have lifted reputational risk oversight to an even more heightened level of urgency.

A key issue is how crises today are creating significant reputational impact. When a company experiences a crisis event – whether it is a massive data breach or allegations of misbehaviour in the executive ranks – the reputation of every investor, every customer and every person who gets a pay cheque from that company is at risk.

There are a number of best practices for directors when facing the highly complex and sensitive issues emerging today. Below are a number of best practices for boards, who are more involved in managing reputational risk than ever before.

Require preparation of a full list of reputational risks. The board is well within its purview, through the audit committee, executive committee or full board, to ask management for a complete listing of all the reputational risks facing the organisation. This should include, of course, those that are apparent and predictable, as well as unpredictable ‘black swan’ risks – from an extreme geopolitical event to technological disruption to human failing. The dashboard of risks, both internal and external, should be updated every quarter, reprioritised as new information and new risks emerge.

Apr-Jun 2018 Issue