About Me

My photo
Reputability LLP are thought leaders in the field of reputational risk and its root causes, behavioural risk and organisational risk. Our book 'Rethinking Reputational Risk' received excellent reviews: see www.rethinkingreputationalrisk.com. Anthony Fitzsimmons, one of its authors, is an authority and accomplished speaker on reputational risks and their drivers. Reputability helps business leaders to find these widespread but hidden risks that regularly cause reputational disasters. We also teach leaders and risk teams about these risks. Here are our thoughts, and the thoughts of our guest bloggers, on some recent stories which have captured our attention. We are always interested to know what you think too.

Wednesday, 11 June 2014

New FRC Guidance on Reporting Behavioural and Organisational Risks

On 9 June 2014 the Financial Reporting Council published new guidance as to boards' reporting important behavioural, organisational and reputational risks in the annual Strategy Report of companies it regulates.  The guidance effectively comes into force immediately.  You can find background here.

The FRC's "Guidance on the Strategic Report" ("the Guidance") provides:
"The Strategic Report should include a description of the principal risks and uncertainties facing the entity together with an explanation of how they are managed or mitigated."
This explicitly includes risks with their origins in behaviour and organisation and risks to reputation.

Implications

The 'principal risks' which boards should now disclose and describe are defined to include risks and risk combinations that could seriously affect the performance, future prospects, reputation or business model of the entity.  Boards should disclose principal risks with their origins in various sources including behaviour or organisation.  This ruling encourages boards to fix the gap in current risk analysis practice that leaves behavioural and organisatinal risks unrecognised and therefore unmanaged.

It follows that boards should disclose and describe behavioural and organisational risks that could cause serious reputational or other damage were they to materialise as well as how those risks are mitigated.  Descriptions should be sufficiently specific that a shareholder can understand their potential impact and any mitigation applied.

Current analytical approaches identify some reputational risks but the most widely used are unsystematic and miss important areas of reputational risk.  There are no widely used techniques to identify behavioural and organisational risks.  Few even endeavour systematically identify the reputational and other consequences of behavioural and organisational risks.  These gaps must be filled if boards are to be able to follow this FRC guidance.

Given that specific guidance on reporting such risks has been given, there may be legal consequences for boards that report inadequately.  We would hope that courts will in practice allow boards a reasonable period of grace to bring behavioural, organisational and reputational risks under systematic management.

Since the FRC's revised draft guidance to boards on risk, including behavioural and organisational risks, is already available, we believe that boards should start work in this area without delay.

Action for Chairmen and Company Secretaries

Boards cannot report on these risks until they have systematically identified and evaluated behavioural, organisational and reputational risks. 

However, boards cannot insightfully specify the work they require to be done, let alone monitor its progress and consider its conclusions or report on 'principal risks', unless they understand the recently identified family of behavioural and organisational risks.

This is an exceptionally acute problem.  One of the findings of 'Roads to Ruin' was that even classically trained risk professionals lack both the necessary skills and the authority needed to find risks of these kinds.  The most astute Chief Risk Officers are starting to tackle the issue, but many face difficulties in engaging their boards and gaining their authority.  Some also see personal risks in raising the subject with their boards because many of these risks have their root cause at board level.  This confirms the conclusion in 'Roads to Ruin' that board leadership is essential to bringing this family of risks under control within organisations.

How can boards gain adequate knowledge to understand and deal with these newly recognised risks?  The first step is for Chairmen and Company Secretaries to commission tailored board education about behavioural and organisational risks and their relationship with reputational damage.

Armed with that education, boards can re-brief and empower their risk and internal audit teams.  The aim will be to put boards into a position where they can meet both the guidance on risk disclosure and the forthcoming FRC guidance on the management of behavioural and organisational risks.

Boards that initiate prompt action should have little difficulty in meeting the new guidance.

Anthony Fitzsimmons
Reputability LLP
London

No comments:

Post a Comment