May’s session on risk, hosted by Grant Thornton International, covered strategies for reputation management and mitigating political risk for professional services organisations. Keith Tracey, managing director at Aon Global Professions, introduced the discussion with survey findings showing that most organisations are concerned with emerging risks that are outside their control, including the pace of change, different competitive conditions, the effects of disruptive technology and political uncertainty.

Presentations by John Rowland, executive director at public affairs consultancy Cicero Group, Peter Barrett, who heads Infinite Global’s crisis communications team and Dan Lichtenstein, general counsel at Grant Thornton International, whose legal duties include protecting Grant Thornton’s brand, were followed by questions from representatives of member firms.

Culture, politics and business risk

John Rowland, who advises financial and professional services organisations on political and geopolitical risks explained the connection between politics and corporate reputation. Business is an inherently political activity, he said, and the bigger and more highly regulated a business is, and the broader its social footprint, the more likely it is to be affected by politics.

Rowland quoted former White House strategist Steve Bannon, who said, “Culture is upstream of politics,” adding that culture is shaping politics and politics are shaping business communication. For example, the global financial crisis was followed a decade later by the current crisis in political institutions. Politics has become more unpredictable, more combative and fundamentally more challenging for businesses.

Furthermore, politics have become almost unlobbyable, observed Rowland because voters’ motivation has changed. In the UK, people – and politicians – did not vote for Brexit according to their left-right political allegiance, disrupting traditional patterns of behaviour. The instinct for business is to step away from politics, yet Brexit is a challenge for companies, as it will change patterns of trade, the way businesses are regulated and how they engage with government.

Business is beset by one scandal after another. The challenge, according to Rowland, is that businesses are not engaging with the new political reality. Services organisations – including professional services – are handling scandals badly because they fail to recognise that the communications environment has changed. Boards are still nodding through executive pay deals and perks. They need to understand the business implications of the current unreliable political environment:  they can no longer count on a right-wing government to be pro-business. We have seen a shift in the public mood from left-right politics to social identity politics, and a move away from the free-market consensus. For example, the nationalisation of rail franchises is a popular proposal across party political lines. Business needs to engage with the public mindset and its implications for the market and include political risk analysis in decision making.

The role of public affairs consultancies has also changed. Whereas previously they were used to lobby for legislative and regulatory changes, now they focus on scenario planning and decision making that considers the implications of political change. When it comes to Brexit, timing is critical. For example, banks’ relocation plans are based on political timelines and risk analysis.

The behavioural economics of risk

Peter Barratt is the UK lead for special situations and crisis management for Infinite Global. He helps professional services businesses mitigate risk, handle emergent crises and prevent recurrent crises.

Barratt addressed the effect of behavioural factors on crisis management. Why do organisations consistently make questionable decisions around crisis preparation, handling and repair? For example, the probability of a professional services organisation being hit by a cyber-attack in the next 12-24 months is practically a certainty, yet they regularly cut corners in their approach to cyber and other risks. Why do experienced senior decision-makers panic under crisis? Why do organisations allow the same crises to recur? A root cause is that leadership teams overlook the emotional and cognitive social biases that affect their ability to manage and mitigate crises.

Behavioural science has been getting a lot of attention: aviation, medical and pharmaceutical organisations are leading the way. Barrett and his team believe that significant risks are attached to failing to consider these ingrained biases.

Professional services are increasing their risk exposure because:

  • They fail to prepare for crisis scenarios
  • They respond slowly, ineffectively or not at all
  • They don’t learn lessons and history repeats itself

And although leadership teams understand

  • The role of hindsight
  • The damaging effects of group think
  • How optimism can distort risk appraisal

they rarely take these factors into account in their crisis management planning.

Finally, Barrett highlighted major biases affecting decision-making at each stage of the crisis risk lifecycle.

At the pre-crisis stage, organisations regularly have crisis management plans that are non-existent or out of date. This is caused by optimism bias – or overconfidence.

They are also affected by single action bias – when taking a single action towards an objective removes its urgency. For example, a firm calls in Barrett and his team to look at the crisis management plans and infrastructure and make recommendations. Having taken some initial steps, they never complete the programme.

The second phase is when leaders react badly or unwisely to a live crisis. This is often caused by a flight or fight response when experienced decision makers panic and circumvent agreed protocol. A typical response is known as the ‘mile-long screwdriver’ – an army term describing the tendency for senior leaders to react to a crisis by taking out a mile-long screwdriver to fix a tank in the field. The best crisis management plans can be derailed by senior decision-managers responding emotionally under pressure.

At the third, post-crisis stage, organisations return to business as usual, and sweep past crises under the carpet without sufficient critical evaluation. Institutional amnesia sets in and lessons learned are not built into the fabric of the organisation as hindsight and outcome bias distort people’s perspectives. Furthermore, individuals responsible for managing crises rarely self-critique effectively.

Barrett and his team help organisations conduct post-crisis analysis and build lessons learned into institutional knowledge management and training programmes. He highlights the importance of feedback to senior leadership and the risk function so that lessons learned post-crisis can be built into mitigation strategies going forward.

Safeguarding a global brand

Daniel Lichtenstein, general counsel for Grant Thornton International (GTI), explained how the organisation’s structure shapes its approach to crisis preparation and management. GTI is the coordinating entity for the Grant Thornton network of independent member firms in 140 countries.

As the umbrella entity of the GT network of independently owned and managed firms, GTI is responsible for safeguarding its brand. GTI deals with risk at board level and maintains a robust risk management framework. Leadership engagement underpins its top-down strategic approach. GTI’s crisis management plan reflects its global values and is subject to continuous improvement. A critical element is having the right team and knowing who to involve in the event of a crisis.

Consequently, member firms are required to have a crisis management plan and a person designated to handle crises and in the event of a crisis, the centre needs to be notified.

Scenario planning is critical. Lichtenstein advocates developing a table-top exercise at the centre and cascading it to member firms. Regulators, who have to be informed of any significant cyber breach, also believe in table-top exercises, he adds. A few years ago, a UK regulator invited accounting firms to undertake a table-top exercise on what would happen if a cyber breach affected all major firms.

Equally important is learning from other organisations’ mistakes and best practices. This includes staying up to date with what’s happening in the industry as one firm’s crisis is another’s opportunity. Dealing with a crisis offers an opportunity to review organisational values and market opportunities

A particular challenge for GTI is getting member firms to think more globally as their actions – or inaction – will likely have an impact outside their country.

The presentations were followed by questions from the floor, covering the challenges of applying crisis mitigation scenario planning to large corporations with stakeholders from multiple locations and cultures. There was general recognition that crises involving corporate reputation are commonly exacerbated by risk averse or over-confident senior leaders, underlining the value of the expert speakers’ advice.

Joanna Goodman