The boardroom must confront new and evolving challenges of risk management without foregoing innovative business opportunities. The best prepared will stay two steps ahead of the competition, burnishing their reputations and separating themselves from organisations that have not adapted as quickly or as effectively.
Where there is a serious risk of management failure, the boardroom may face scrutiny – on the basis of what the board said or did or, perhaps, what it failed to say or do – highlighting the serious reputational and financial impacts of a major risk management failure.
Clifford Chance will help you assess your organisation’s current risk profile against the prevailing legal framework and develop a robust structure and proactive risk management strategy across your global business. We work with the world’s leading businesses to understand their legal, reputational and financial exposure to risk, and put in place effective risk management frameworks.
Be clear on corporate risk management
5 questions to ask yourself
Do we know where a crisis could emerge from?
The political and media landscape is evolving quickly, as is society's tolerance of "big business" practices. Your company should constantly review its systems/culture against the latest demands of investors, politicians, lenders and customers. Areas of risk that used to be "compliance" risks are now reputational risks that need to be assessed at board level. Is your board taking a dynamic approach to reputational risk management?
Does our board fully understand the material risks facing the organisation?
A full understanding of the organisation's current and future risk profile is essential. It is only when key risks are understood by decision-makers, and an informed tolerance is set at board level, that commercial decisions can properly be made by management. Does your board understand the emerging risks and the full breadth and depth of key risks facing the organisation? Are you confident that this translates into resources being directed to the right risk areas?
Do our internal controls, processes and policies mitigate current risks to within our risk tolerance?
Do the company's risk controls and processes tie into the day-to-day decision-making of the organisation and the material risks identified? Are they robust and effective? Have current processes and policies been renewed and updated to reflect your evolving risk landscape – for example, the developing international frameworks around specific risks – and to deal with developments in your own business?
Do we adapt our risk management approach as our business evolves?
As the business grows or diversifies, including into new markets/product areas, its risk profile changes. Periodic reviews are advisable, as well as a reassessment when the company undertakes a major step change or acquisition, or enters a new market. When did you last reassess your organisation’s risk profile? When undertaking M&A, do you always measure the target’s practices against your own policies and introduce risk mitigation measures?
What is our crisis management plan?
When a risk incident or scandal breaks, the reputational risk management needs to be immediate – an initial misstep in the communication strategy or missed opportunity for initial damage control can have a lasting, negative impact. Have you notified all your stakeholders including regulators, investors, creditors and employees? Have you issued an initial company response across the organisation to ensure that business leaders, legal, IT, HR, IR and PR teams work together as one? You will want your legal adviser to have intimate knowledge of your risk mitigation strategy, so that they can put forward your best case.