|In February 2017, the U.S. Department of Justice (DOJ) Fraud Section published its latest guidance on corporate compliance programs with the release of the very useful document titled “Evaluation of Corporate Compliance Programs.”
While many legal and compliance scholars have rightly stated that this latest publication isn’t anything radically different than prior authoritative guidance issued by the DOJ and other organizations, what jumps out is the reframing of the well-worn expression, “tone at the top,” with the potentially more insightful, and arguably much scarier, “conduct at the top.” In a just-released Flash Report, we put forth questions and insights that illustrate the degree to which the DOJ is examining senior management and the board of directors while evaluating a corporate compliance program.
Warren Buffett once famously said that it takes 20 years to build a reputation and just five minutes to ruin it. All of us see evidence of how true this bit of wisdom is all the time. In the wake of recent corporate scandals, I thought now might be a good time to revisit some of the advice we give our clients on how to preserve reputation and brand.
These “Ten Keys to Managing Reputation Risk” were originally published in April 2013, in Volume 5, Issue 2 of The Bulletin, but they are as relevant today as they were then. They represent what I believe to be the nuts and bolts of reputation risk management, and their effectiveness or absence can make or break a company, as many have discovered first hand. We have organized them below according to five broad imperatives.
Strategic Alignment – A sustainable reputation begins at the top.
- Effective board oversight – Sets the expectations and lays a foundation for managing reputation risk. The board is an organization’s last line of defense in preserving its reputation and brand image.
- Integration of risk into strategy-setting and business planning – Makes risk a factor at the decision-making table and facilitates the intersection of risk management with performance management. (This is a critical connection.)
- Effective communications, image and brand building – While a good story is easy to tell, some companies are better at it than others. Messages that the press, analysts and others communicate are influenced by the good marks on the other nine keys discussed here.
Cultural Alignment – The importance of ethical and responsible business behavior has never been more evident.
- Strong corporate values, supported by appropriate performance incentives – Tone at the top is vital to effective corporate governance and appropriate incentives help drive a consistent tone in the middle.
- Positive culture regarding compliance with laws and regulations – A record of having made a strong effort to prevent and detect fraud and corruption is essential to demonstrating the “reasonable assurance” regulators expect.
Quality Commitment – All companies with a strong reputation are noted for their commitment to quality people, processes, products and services.
- Priority focus on positive interactions with key stakeholders – Stakeholder experiences, or the accumulation of everyday interactions with customers, employees, vendors, regulators, shareholders and other stakeholders in the company, get noticed in the marketplace and are a powerful approach to improving and sustaining reputation. They represent critical “moments of truth” that collectively define an organization’s reputation.
- Quality public reporting – Quality public financial reporting is something investors expect. If management doesn’t deliver it, it may take a long time for the markets to forgive and forget.
Operational Focus – A strong operational focus is vital to managing reputation risk.
- Strong control environment – The control environment comprises, among other things, the organization’s commitment to integrity and ethical values; the organizational structure and assignment of authority and responsibility; the process for attracting, developing and retaining competent people; and the rigor around performance measures, incentives and rewards to drive accountability for results. The standards, processes, structures and technologies that provide the basis for carrying out internal control across the organization, lay the foundation for a strong controls culture.
- Company performance relative to competitors – Even if a company does everything else right, its reputation will suffer if its business model is not competitive in the marketplace.
Organizational Resiliency – A company’s reputation is inextricably linked with the resiliency provided by its risk management and crisis management.
- World-class response to a high-profile crisis – Sooner or later, every company faces a crisis. Its reputation depends on the rapid and decisive response to crisis situations, putting responsibility to the safety of people first. It is a management imperative to build a rapid-response crisis management capability for sudden and unexpected events, especially where they relate to security, safety and environmental issues.
The ten keys outlined above represent the key components to address to reduce reputation risk to an acceptable level. Their common thread is a consistent and sustaining culture that recognizes the value of reputation and actively protects it with a systemic commitment to quality, ethics, communication, controls and preparation.
No company should believe it is immune to a reputational crisis. Nevertheless, a sincere and concerted effort to manage reputational risk by paying attention to the ten components outlined above gives a company a good shot at making it through the fire with its reputation intact.
We recently published our M&A FAQ Guide and the timing could not be better. M&A activity, including carve-outs and divestitures, is on the rise around the globe as organizations sharpen their strategic focus. Yet, as noted repeatedly in articles in Forbes and the New York Times, among other media, the majority of companies fail to realize the desired value of their transactions. Why? Simply put, organizational responses are not comprehensively designed to match the complexity of an integration or separation.
Our M&A Guide offers considerations that may better prepare your organization. Mergers and acquisitions tend to be corporate-wide initiatives that, by their very nature, are sprung on employees with little analysis of people, process and technology interdependencies. Additionally, planning is rushed, runways for execution are shortened and key personnel become overcommitted. Our guide can accelerate your M&A activities by providing insights for many of the key challenges that organizations must solve to meet expectations.
- What is a typical deliverable of the due diligence team?
- Have we sufficiently defined the scope and change control process?
- How do we structure the team without detracting from daily business demands?
- What are the unique issues facing Finance, IT, Marketing and Sales?
- What are the key risks?
To make a merger or divestiture succeed, you must align the growth strategy with your corporate strategy; identify the right markets and targets; define and execute thorough, fast due diligence; prepare a detailed plan by phases; and follow up with well-resourced execution.
While nothing replaces focused thought and aggressive action, the information in our guide can help sharpen your focus while reducing risk, improving your chances of realizing desired value – and maybe get a little sleep.
If it’s true you can’t legislate morality – and all evidence, including but certainly not limited to corporate malfeasance such as the Enron and Worldcom scandals or the questionable corporate behavior of reckless risk-taking to maximize short-term profits and compensation (under “heads I win, tails you lose” compensation structures that left shareholders with the short stick) that contributed to the financial crisis, supports this hypothesis – why do companies bother with ethics policies?
I know Section 406 of Sarbanes-Oxley requires publicly traded companies to disclose whether they have ethics policies and whether their executives are bound by them. But Enron had a beautiful 64-page ethics policy, suitable for framing – for all the good it did them. So what’s the big deal?