Boardspan Library

A Board’s Eye View of Reputation Management

by Roxanne Decyk

When bad news surfaces, what is your plan?

In the advisory firm EisnerAmper’s 2013 survey of United States corporate boards, directors reported that their most pressing concern was reputational risk. Recent studies show that when it comes to reputational risk, the stakes are tremendously high. Echo Research claims that the combined value of the reputations of all S&P 500 companies is almost $3 trillion, or 22 percent of total market capitalization.

Of course, the primary responsibility for safeguarding a company’s reputation must lie with management. They know the environment, industry, company, key constituents, and history—and have the resources to address the issues. But through its oversight of the company at large, the corporate board plays a crucial role in managing reputational risk.

Most boards and management teams strike a good balance between their respective roles in the reputation-management process. But there is a risk in well-run companies that reputation-management procedures may lose effectiveness. Leadership may conduct an annual review of risk, but stop short of determining where the next problem will come from or what they will do about it when the problem arrives. So how can boards take initiative to revisit the nature of the risks they face and find ways to manage those risks before they become crises?

Critically, the board must take an active role in reputation management. If executives grow too reliant on old systems and procedures, they may miss emerging threats. This is why the board must oversee and be accountable—but not responsible—for reputation management. Short of an actual crisis, what steps can directors take to ensure that management stays on its toes and has a panoramic view of the reputational landscape?

Educate yourself

It is not enough anymore for a director to learn about the company, read the board materials, go to board meetings, and make site visits. To truly understand the environment in which a company operates, directors must interact with a variety of constituents and learn in ways that transcend the traditional notions of on-boarding and diligence.

Furthermore, directors themselves need to be well versed in responding directly to constituents on issues related to the company’s reputation. Investors are reaching out to individual directors, and many companies are now comfortable with having individual board members interact directly with high-profile stakeholders, including critics. With respect to board and executive compensation, for example, the chair of the compensation committee is now expected to meet with investors to explain compensation decisions in connection with disclosures in the company proxy statement.

Choose the governance structure that fits the company

There are many schools of thought on how governance structures handle risks and reputation most effectively. Some believe that risk management is the responsibility of the full board. Others believe the audit committee is best placed to oversee reputation management, since that is where enterprise risk management resides.

Some companies have established risk committees separate from the audit committee. These targeted risk committees are most valuable in companies still working to establish strong internal policies, systems, and processes. Others would rather see a different type of committee address these issues, for example, a committee on health and safety, or a corporate social responsibility or sustainability committee. Depending on the size and complexity of the company and the types of risks it might face, any of these governance options might make sense.

Create a robust intelligence system

Any governance effort must include a reputational intelligence system. It is almost impossible for the board to possess the breadth of experience needed to identify, evaluate, and monitor every situation, so having its own advisors in specific areas is critical. This is already the practice with compensation advisors and audit firms, but other disciplines can also find value in exposure to outside experts and stakeholders.

This intelligence gathering could include periodic sessions where the board interacts with independent experts to augment this information flow. Financial experts, senior government officials, heads of NGOs relevant to the company, cyber-security experts, and others can bring deeper expertise as well as independent views. In some cases it might not be a popular or pleasant experience—when a mining company brings in a Greenpeace representative to share the NGO’s point of view, for example—but it is crucial for getting a firm grasp on potential risks and knowing how to act on them.

Hire the right CEO

When hiring a new CEO from the outside, the first challenge is to make sure that this person is not himself a reputational risk—whether due to past experience, a mismatched management style, or a penchant for “living large” and interpreting expense policies in an unacceptable way.

Aside from the critical factors of experience, style, knowledge, and expertise, the sine qua non for CEO candidates is personal integrity. Integrity is key because it drives honest and transparent behaviors and portends a management style where the executive does not look for shortcuts to solve or obfuscate problems. The tendency to block the board from access to information—including bad news—has a direct bearing on risk-management effectiveness.

Boards also should consider how this individual sets the tone at the top. The CEO must live the values of the company and be willing to take responsibility for setting appropriate cultural norms.

Have a plan for when things go wrong

Finally, many boards do not have an adequate response plan for risks that reach critical mass. Directors should be alert to overengineered, process-heavy approaches that can act as a security blanket, under which directors and management alike are lulled into a comfort zone defined by the “known knowns.”

Sometimes even managing the first-order risks well is not enough to ensure that the risk is truly mitigated. It is possible for a company’s reputation to be tarnished even though they have technically done nothing wrong—perhaps by constituents that they failed to take the time to understand. Corporate boards must ensure that they work with management to explore both obvious and new or nontraditional potential sources of risk.

But even when those risks are identified, the most important part of safeguarding a company’s reputation is for the board to keep asking, “So what? What does this risk mean to us, what are you going to do about it, and what happens if things go wrong anyway?” In the event of a reputational crisis, having debated these questions in advance could mean the difference between a company’s long-term viability and oblivion.


Republished with permission from Kellogg Insight, a publication of the Kellogg School of Management at Northwestern University. For more, visit

More on Oversight