5.5 Corporate reputation

The European Commission defines CSR as?

'the concept that an enterprise is accountable for its impact on all relevant stakeholders. It is the continuing commitment by business to behave fairly and responsibly and contribute to economic development, while improving the quality of life of the workforce and their families, as well as of the local community and society at large.'

mapping the components of reputation

A chart which enables the organisation to map its overall reputation, within the context of the sector in which it operates. For each of the 4 segments / 8 attributes, an organisation can plot its current status in a ranking of 1 to 4 (poor, adequate, good, and excellent), so that they can identify the sectors that represent the greatest threats to the reputation of the organisation. Corporate social responsibility is an example of one of the main pillars of reputation. Organisations rely on a positive reputation for their continued prosperity, and indeed existence. Loss of reputation can impact sales, relationships, regulatory licensing, the ability to attract employees and ultimately profits

The business model

All organisations will have a business model that represents how they deliver the customer offering. Customers receive the offering because it utilises the resources that it has available. The customer offering is underpinned by the resilience of the organisation and by arrangements to ensure that the organisation remains sustainable.

CSR and public opinion

CSR is an area of concern where it is likely that public opinion will be ahead of the thinking within many organisations, so it would be beneficial to develop CSR plans and actions that respond to public opinion. The list in table 20.1 above provides an indication of the stakeholders who are likely to have an interest in the CSR agenda (employees, customers, suppliers and the general community etc).

What information on risk are companies required to disclose in their annual report and accounts?

Companies are required to disclose their principal risks and uncertainties in their annual report and accounts.

CSR

Corporate social responsibility (CSR) is part of the overall corporate governance requirements of an organisation. CSR is a wide-ranging agenda that involves organisations looking at how to improve their social, environmental and local economic impact and their influence on society and human rights

Damage to reputation

Damage to reputation is usually regarded as a consequence of the occurrence of a risk, rather than a risk in itself, so great importance should be placed on the effective management of risks that could damage reputation.

Risk management and the business model

Each component of the business model can be subjected to a risk assessment, with the starting point of an assessment of the customer segment at which the offering will be targeted.

Supply chain and ethical trading

Failure to ensure appropriate ethical behaviour is increasingly recognised as a major business risk. There are several areas where unethical trading can result in -damage to reputation -the loss of future profitability -a refusal on the part of the customers and suppliers to deal with the organisation. These issues include trading with undesirable overseas governments, false allegations against competitors, failure to comply with rules and regulations or tax evasion or dubious tax arrangements. If a sports club wants all merchandise for sale to be ethically sourced, it can require the importer to produce a routine CSR report as part of the contract terms and conditions to include details of the policy that the porter has on ethical behaviour of suppliers, or details of staff training, accident/absence rates and pay/conditions, or results of audits/physical inspection of manufacturing premises etc. The club can then advertise to fans that all goods are ethically sourced which will gain good publicity and promote the club as having high corporate social responsibility awareness. Many organisations now include comments on CSR in their annual report and accounts, and some produce a separate CSR supplement. This enables the organisation to gain advantage from the CSR agenda.

Effects of good CSR standards

Good CSR standards can enhance reputation/brand/trust and build stakeholder value, as well as: • Attract, motivate and retain talent • Manage and mitigate risk • Improve operational and cost efficiency • Develop new business opportunities • Create a more secure and prosperous operating environment.

Why do you think the audit committee should be independent of the day-to-day business?

Independence of the audit function, and the audit committee of the board, gives the auditors the ability to raise questions about working practices, uninfluenced by potential difficulties of being actively involved in the process being reviewed. When problems or non-compliance with operating practices are discovered, the audit team can challenge the operational managers in regard to the issues and seek remediation actions. The audit committee is an important conduit of risk assurance to the board, providing information and analysis on the risk and control environment that the board might not be able to access in other ways.

Why do many organisations not regard 'reputation' as a risk category?

Most organisations regard damage to reputation as a consequence of the occurrence of risk events in one of the organisation's risk categories.

CSR and risk management

Organisations should seek to develop their level of sophistication in relation to CSR (comply with the CSR obligations), then look at the opportunities that are available e.g. supermarkets offering goods that have been procured on a 'fair trade' basis to gain additional sales from offering this range of products.

Consider the control environment in your own organisation and assess how well it meets the guidance. Are there areas where improvements can be made?

Seek information about the written procedures manuals or work process instructions, and policies and terms of references that exist. Possibly look at what claims have been made following an insured loss (organisation's insurance) to get a feel for the effectiveness of the control environment.

Severn Trent's principal risks

Severn Trent's principal risks include loss of data, pension funding and changes in legislation, as is the case with many other organisations, but organisations will also have their specific risks.

Components of the business model

The components of the business model as customer, offering, resources and resilience (CORR): • Customer includes analysis of customer segments, recruitment and retention, as well as how products or services will be delivered • Offering refers to the customer value proposition and the related benefits that are delivered to those customers • Resources include the data, capabilities and assets of the organisation, as well as partnerships and networks • Resilience of the organisation is reputational (based on ethos and culture) and financial resilience (based on expenditure and revenue)

What do we mean by 'control environment'?

The control environment can be viewed as the whole range and interaction of controls that address risks.

What are the four overarching responsibilities of an audit committee?

The four main areas of responsibility for an audit committee are: 1. external audit 2. internal audit 3. financial reporting 4. regulatory reports.

The value of a brand

The intangible estimate of the value of a brand becomes tangible when a company that owns the brand is acquired by a buyer, thereby realising the brand value in the sale price. Any detriment to the brand's market perception can have a financial effect on the organisation that owns the brand.

Importance of reputation

The reputation of an organisation is the most valuable asset that it possesses. The importance of a good reputation is that customers or clients will have a desire to trade with that organisation, so they should look carefully at the reputation of the sector within which they work, as well as their own reputation within that sector. Together, the capabilities and activities of the organisation define that organisation from an internal perspective

What type of information is included in risk reporting in your organisation?

The risk register is likely to be the main source of information for upward risk reporting, covering the full range of risks and control assessments. There are also other types of risk information - these may include employee accident and injury records, financial reconciliations, motor accidents, theft losses, and so on. Many organisations are now including information on cyber risks and data losses. Also, analysis of reputation through customer feedback and brand value measures.

The role of internal audit

The role of internal audit is to provide assurance over the effectiveness of the control environment and it also assesses the operation of the risk management strategy and activities in the organisation

What impact did the crisis have on the reputation of the banking sector?

There have been many negative responses to the banking industry following the financial crisis as public opinion of the working practices at banks deteriorated. The impact of the financial crisis has been a hardening of lending practices as banks seek to control credit risks, which has created more negative views in the public and businesses.

The components of reputation (CASE):

• Capabilities, which should be reflected in a clear statement of purpose, and resources • Activities, including processes and finances to support the activities • Standards, including standards of services/products and support • Ethics, including values which demonstrate integrity (through e.g. monitoring of performance in order to learn and achieve continuous improvement in performance)