Why compliance isn't stopping scandals

In Rethinking Reputational Risk, Anthony Fitzsimmons and Derek Atkins explore the problem of managing risks, but provide only half the solution.

by Simon Burton
Last Updated: 07 Dec 2016

Tesco, Volkswagen, BP, Serco, RBS - there seems to be a never-ending stream of companies who have messed up. Yet this is happening at the same time as companies are spending more money on risk management and compliance than ever before in the history of business. So why do things still keep going wrong?

I was working inside one of those multinational companies when they famously screwed up. My experience at the commercial coalface has given me some insight into why the current huge effort on risk management doesn't always reap rewards. And this is a perspective which is shared by the authors of this new book on tackling reputational risk.

Risk management all too often apes the starting point of economics: it is predicated on rational human beings acting in a rational way. But senior executives are not always rational; neither are a company's various stakeholders (investors, NGOs, media or employees). It is this heady brew that can often give rise to reputational risk which, if not anticipated, managed or mitigated, creates the headlines and ultimately hurts the value of the business.

The authors give the reader some classic vignettes of eye-catching corporate behaviour in recent years, and lift the lid on them to try and explain what actually happened. From the aggressive accounting practices at Tesco to the culture at Barclays that led to the rigging of the Libor rate benchmark, from Volkswagen's cheating on emissions testing to Mid-Staffordshire NHS Trust's failure to care for patients - all these and other case studies are forensically dissected in the quest to see what lessons can be learned.

For a topic that can easily be trapped in the abstract and wrapped in jargon, the authors have produced a crisply written tome which is easy and engaging to read. Its format of insights, followed by case studies and then solutions works well. This should be no surprise. The authors Anthony Fitzsimmons and Derek Atkins are well versed in this area - their previous publication Roads to Ruin on behalf of Cass Business School for the insurance and risk industry is rightly highly regarded. They bring their experience to bear in this book.

The analysis is insightful on a number of levels. They pinpoint the potential deficiencies in a company around culture and process, whether that be in the boardroom or on the factory floor. They also identify how much of the real risk comes from how reputation is (or isn't) organised internally within a business - ie responsibility is often split across functions so leaving cracks.

However, the authors' starting point and focus is predominantly on reducing negative reputation incidents. This is valuable, but it doesn't really 'rethink' how reputational risk management should evolve in the corporate environment.

Preventing or reducing the impacts of negative incidents is only one half of the reputational risk story. It is relatively easy for boards and senior executives to look back at recent big corporate crises and ask: what do we need to learn from these cases and how can we protect ourselves from similar incidents? But there are limits to the impact of any retrospective analysis. It would be far more effective to incorporate reputational risk into a company's mainstream decision-making processes. That is the other half of the story to rethinking reputational risk.

The most stark omission in the solutions section of the book is the relative lack of references to the supportive role that any in-house corporate affairs director can play in helping a business manage its reputational risk.

The corporate affairs function has the responsibility for managing corporate reputation: they have the expertise in managing the stakeholder relations that give rise to reputational risk and which are vital to mitigating it. Their work is part of a company's self-insurance on reputational risk. To pay relatively so little attention to their role, and how their function needs rethinking, leaves a glaring gap in the solutions that the authors propose.

The case for corporates to rethink reputational risk is strong. The authors make good advocates but their book only gives half the answer.

Rethinking Reputational Risk, by Anthony Fitzsimmons and Derek Atkins, is published by Kogan Page, £29.99.

Simon Burton is a partner at Headland Consultancy and leads the firm's reputational risk practice.


Find this article useful?

Get more great articles like this in your inbox every lunchtime