6. 125 years of leading governance
ICSA125
This October we celebrate 125 years since the institute first was first formed.
⢠1891: the Institute of Secretaries
⢠1971: the Institute of Chartered Secretaries and Administrators
⢠2016: ICSA: The Governance Institute
7. 125 years of leading governance
⢠Positioning ourselves for the future
⢠ICSA: The Governance Institute
⢠Royal Charter to lead âeffective governance and efficient administration of
commerce, industry and public affairsâ
8. 125 years of leading governance
Where weâre heading:
⢠ICSA to be the provider of products and services to support the skills and
knowledge of professionals working in governance and legal and regulatory
compliance roles in organisations of all types and sizes and in any sector
⢠A wider set of products and services, particularly qualifications, for people
outside of the corporate market
⢠Revision of qualifications to keep them current and in demand
⢠Higher public profile in the media
9. 125 years of leading governance
How weâre getting there:
⢠Continued focus on raising our public profile
⢠Increased public profile courtesy of the Policy team, ie Code of Governance for
CCGs, blogs, technical briefings, articles, speaking at events and responding
to consultations
⢠Positioning ICSA as a thought leader in national and regional media
⢠Governance and Compliance magazine
⢠Research projects
⢠www.icsa.org.uk
10. 125 years of leading governance
Encouraging the future faces of governance:
⢠One to Watch, ICSA Awards
⢠Tom Morrison Essay Prize â the Keating twins!
11. 125 years of leading governance
Governance professionals are right at the heart of things, promoting accountability,
transparency, integrity and stewardship to ensure that organisations operate in a
manner which is most productive.
âGovernance focus has increased, the company secretaryâs role has increased,
[there is] more work to do, and that work is more visible.â (The Company Secretary:
Building trust through governance, Henley Business School)
The study, development and practice of governance are here to stay.
ICSA: The Governance Institute has a bright future ahead of it!
17. Bringing the ease of an attack homeâŚ..
B|17 Jared Carstensen | 24th May 2016
18. Information Security â People, Processes & Technology
Each of us is only ever one click away!
How easy is it? An example scenario of what could happen!
18 | Jared Carstensen | 24th May
2016
20. The Threat Landscape
Criminals, Hacktivists, Insiders, Nation States
20 | Jared Carstensen | 24th May
2016
This is Real â if you use the internet or send email, you are a targetâŚ.
⪠Affecting every single person & business (viruses, malware, cybercrime etc.)
⪠World Economic Forum highlights risk of cyber attack among its highest global risks
⪠Over 90% large corporates (globally) have experienced incidents & attacks
⪠Top 5 priority for CEOâs â FTSE 100 & FTSE 250 â Wall Street Journal
⪠Breaches impact negatively on share price, consumer, people & partner confidence
⪠Cyber crime makes more money than the narcotics / drugs trade and is a truly
international âborderlessâ crime
22. Danger Signs for Security
Common mistakes that lead to failed programmes
10 | Jared Carstensen | 24th May2016
Ineffective security programmes / departments do the following:
Χ âWhy would anyone want to hack usâ mind-set.
Χ Treat all information and systems the same.
Χ Use âNoâ often to block projects or initiatives.
Χ Apply checklist based security!
Χ Drive policies as the primary way to change behaviours.
Χ Try to fix all security risks with technologies and products.
Χ No metrics or reporting to Audit Committee / Board.
Χ Treat security as a technical area that is looked after by the IT department.
Χ Inability to communicate in simple and concise business terms.
24. Effective Security Beats âGoodâ or CompliantSecurity
Focus on the small steps to yield big changes
12 | Jared Carstensen | 24th May2016
Effective security programmes / departments do the following:
ďź Endorsement, mandate and comment of support from highest member of company.
ďź Prioritised and categorised list of critical services, functions and systems.
ďź Embrace organisational culture and promote positive behaviours.
ďź Make the message stick and memorable â people first / focussed approach!
ďźOngoing reporting to Management, Audit Committee and Board.
ďźWhich projects have been seen as a success, why they succeeded & replicate those.
ďź Focus on capability and enhancing maturity as opposed to purely controls based security.
ďź The best form of security is the one this is invisible to the user and has various layers.
ďź Consistently enhance practices to help prepare for incident response / breach activities.
26. Cyber Sales / Scaremongering â it has got to stop!
Call for calm, actionable and measured steps
26 | Jared Carstensen | 24th May2016
27. Car Accidents vs Cyber Breaches!
Are there similarities / comparisons?
27 | Jared Carstensen | 24th May2016
⢠Rules of road to protect drivers and pedestrians
⢠Regulations and standards to protect businesses and consumers
⢠Speed limits depending on the type of road
⢠Regulations depending on the type of industry and sector
⢠Wide choice of cars available depending on your needs
⢠Wide choice of solutions and providers depending on your requirements
⢠By not adhering to rules and laws of the road, you put your own and othersâ lives at risk
⢠By not adhering to security rules, standards, frameworks and best practice, thousands of
incidents are happening every day putting your organization and itâs customers at risk
⢠Despite all road safety guidelines, laws and awareness there are countless road accidents
and fatalities every day
⢠Despite all the standards, guidance, frameworks, regulations and more solutions and
services than ever before; countless incidents, breaches and non-compliance continue
Is your organization driving recklessly, or are they simply asleep at the wheel?
28. Thank you
28 | Jared Carstensen | 24th May2016
Jared Carstensen
Chief Information Security Officer
30. 30
Managing Risk and Reputation
Niamh Boyle, Managing Director, The Reputations Agency
24th May 2016, ICSA Annual Conference
31. About The Reputations Agency
31
The Reputations Agency is a full service Consumer Brand, Corporate PR and Reputation
Management agency and part of Irelandâs biggest ideas company, the ddfh&b Group and
the global JWT network.
Across our three divisions we tell brand stories and manage the reputations of some of the
worldâs biggest brands. Using global and local insights which shape and inform our
thinking, we deliver smart strategies and great ideas with a single minded focus - getting
your brands and companies talked about.
We are the leading experts in reputation management in Ireland, and exclusive partners of
the global Reputation Institute, with our Ireland RepTrakÂŽ Report a calendar feature for the
CEOs of many of Irelandâs best known organisations.
Our TRA Brands team builds campaigns from the ground up in partnership with some of the
top marketers in the country. We are a key part of the inter-agency planning process with
some of the most experienced brand experts and freshest thinkers in the country.
Our Corporate and Financial team are PR experts with strategic marketing, financial, legal
and reputation management capability who act as trusted advisors to leading Irish
businesses. We offer analysis, strategy, media relations and expert counsel to build profiles
and engage stakeholders while also providing issues and crisis management support when
organisations need it most.
32. About the Reputation Institute
⢠Reputation Institute is the worldâs leading
reputation management consultancy, founded
in 1997.
⢠Its Global RepTrakŽ Pulse study is the
world's largest reputation study, measuring
more than 2,000 companies from 25
industries across 40 countries.
⢠The study provides key insights into what
drives perceptions and how they influence
marketplace behaviour, and powerful
global benchmarking.
⢠RepTrakŽ also serves as the basis for
continued thought leadership in the
reputation management field.
⢠RIâs Reputation Leaders Network is the
premier network of senior executives from
more than 100 global member companies
who work together to advance the practice
of corporate reputation management
collectively and for their organisations.
United Arab Emirates
c
Canada
United States
Colombia
Chile
Brazil
South Africa
Australia
Malaysia
India
Japan
China
Portugal Spain
Russia
Turkey
Ukraine
Germany
Norway
Greece
Ireland
United Kingdom
France
Switzerland
Denmark
Netherlands
Sweden
Italy
Mexico
Panama
Puerto Rico
PerĂş
Argentina
Knowledge
Publication
Conferences
Training
Research
Information
Analysis
Presentation
Advice
Insight
Strategy
Activation
34. Direct experience
What a company
communicates
What others say
Touch Points Reputation Behaviour Business Results
A strong reputation increases supportive behaviours
and delivers positive business results
36. Note: The RepTrakÂŽ Index was calculated from the daily stock market values of the 10 most reputed companies with a RepTrakÂŽ Pulse score above 70 in the
UK RepTrakÂŽ Pulse rankings and adjusted each year in January. The values of the RepTrakÂŽ Index and FTSE100 Index shown are percentage changes from
January 1, 2009.
Ten most highly reputed companies outperform FTSE100 Index 2009â2015
Analysis of the share price of the most highly reputed companies shows that they consistently outperform the market â in the U.S.,
FTSE, CAC and Nordic countries.
Why should we care about reputation?
37. âŚand thereâs much more at stake!
17%
32%
68%
80% 81%
83% 68% 32% 20% 19%
0%
20%
40%
60%
80%
100%
1975 1985 1995 2005 2009
Components of S&P 500 Market Value
Intangible Assets Tangible Assets
38. * Who you are as a Company matters more than what you Sell
Product Enterprise
38% 72%
The companies that are investing here
are capturing competitive advantage
39. Would buy the
products
6%
Would recommend
the products
Would work for
Would welcome into
local community
14% 34% 56% 86%
4% 9% 26% 53% 86%
5% 11% 28% 54% 84%
7% 16% 35% 59% 86%
0-39 40-59 60-69 70-79 80+
RepTrakÂŽ
Pulse Score
POOR
<40
AVERAGE
60-69
STRONG
70-79
WEAK
40-59
EXCELLENT
>80
* A Strong Reputation Reduces the Transaction Cost of doing Business
40. * How do we know what external audiences believe about us?
Why do you love me? Do you love me? What are the
practical consequences?
Defines what drives
corporate reputations
Direct measurement of
corporate reputation (as a
proxy for trust)
Defines the consequences of
corporate reputations in terms
of intended behaviour
Dimensions Reputation Behaviour
41. 55.00
60.00
65.00
70.00
75.00
80.00
85.00
Y 2010 Y 2011 Y 2012 Y 2013 Y 2014
REPUTATION DEVELOPMENTS
THE COCA-COLA COMPANY
United States of America Australia China Spain
⢠RepTrakŽ enables a firm to see in
time negative trends in public opinion,
regarding key issues like for example
OBESITY
⢠Coca-Cola, just like McDonalds,
could have seen the gradual
decrease in the perceptions of the
company that appeared to be linked
to growing worries among external
audiences regarding healthy food.
RepTrakÂŽ works as an Early Warning System
42. ⢠The company does well as a brand as it is in the
Top 3 of Interbrandâs Global Ranking
⢠However, its reputation is substantially lower and decreasing:
â Global RepTrakÂŽ 2016 - The Coca-Cola company ranks #83
â Global RepTrakÂŽ 2015: Rank #67
â Global RepTrakÂŽ 2014: Rank #52
â Ireland RepTrak 2016 ÂŽ - Rank #68
⢠As a consequence performance decreases
43. 74.58
78.55
RepTrakÂŽ Score
Globally
All Global Pulse scores that differ by more than +/-0.9 are significantly different at the 95% confidence level.
Pulse scores are based on questions measuring Trust, Admiration & Respect, Good Feeling and Overall Esteem (captured in the RepTrakÂŽ Pulse score on a 0-100 scale).
78.98
85.41
79.19
83.19
83.34
84.77
78.95
79.29
76.64
88.33
76.19
75.19
69.80
71.26
POOR
<40
AVERAGE
60-69
EXCELLENT
>80
STRONG
70-79
WEAK
40-59
BMW Group â Reputation profile across 15 markets
44. Ireland RepTrak ÂŽ 2016 â
Reputations of the largest & most visible companies in Ireland
45. Ireland RepTrakÂŽ 2016 â
Reputations of the largest & most visible companies in Ireland
56. 56
The difference between then and now is extremely different
â Impacts today are immediate and globalâŚ
TodayYesterday
57. 57
For BP, the Deep Water Horizon incident had a devastating impact on their
reputation â and consequently their financial performance
58. HOW VW LOST THE PUBLICâS TRUST
September 2015 - US EPA announced Volkswagen had been installing sophisticated
software to cheat diesel emission tests - Volkswagenâs cars were environmentally
friendly no more. The general publicâs trust in the automaker was highly damaged in the
US as well as globally.
Country Q1 RepTrakÂŽ
Pulse
Q4 RepTrakÂŽ
Pulse
Î RepTrakÂŽ
Pulse
UK 82.7 52.8 -29.9
SPAIN 74.8 47.1 -27.7
ITALY 77.9 52.2 -25.7
FRANCE 76.1 51.3 -24.8
GERMANY 80.6 57.1 -23.5
US 69.7 61.0 -8.7
VW RepTrakÂŽ Pulse in Germany and VOW.DE Stock Price: Q1 2015
through January 2016
59. 59
Crisis hits your reputation harder if your reputation is already weak.
Be aware of industry belonging!
RepTrakÂŽ Pulse
Score 40-59 70-7960-69
Reputation Loss
post a negative
event
- 15 - 11 - 6
CRISIS AND
REPUTATION
Industry
Reputation Loss
post a negative
event
- 23 - 8 - 6
CRISIS AND
INDUSTRY
Banking
Consumer
Goods
Pharma
1
2
3
4
60. 60
Reputation risk and how to manage it
âŚThat impacts stakeholdersâ
perception and
behaviourâŚ
A reputation risk is a
potential negative eventâŚ
What it is
âŚand ultimately impacts on
business results
66. 66
1 Accounting malpractices
2 Bankruptcy fraud
3 CEO resignation after a financial scandal
4 Child labor in a supplier's factory
5 Delayed reporting of defects
6 Fraud and abuse allegations
7 Homophobic comments of top management
8 Incoherent communication of corporate strategy
9 Labor strike in emerging market
10 Mandatory product recall
11 NGOs very critical against a plant
12 Price increase
13 Product fraud
14 Bribery of Public officials
15 Repeated product recalls
16 Service changes and interruption
17 Sexual harassment
18 Strong layoffs
19 Unaware utilization of toxic packaging
20 Wage Renegotiation
The top 20 reputation risks
Every company needs to monitor
How many of you are
monitoring these
risks?
67. 67
The process that tracks
PROGRESS and
input to the organisation
over time
The factor that describes how
likely it is that the RISK
will materialize and how it
will impact stakeholder
perceptions & support
3. Monitoring1. Impact 2. Readiness
The factor that defines how
PREPARED the company is
to identify, mitigate and
respond to a crisis
M
I
T
I
G
A
T
I
O
N
Reputational Risk â
Three key variables need management
68. 68Risk Register
Template - Risk Register
No. Description of Risk Area/Division Risk Type Impact Likelihood Control rating Risk Score Planned Response Mitigation/controls Risk Owner
Summary of Risks:
X = Low
Y = Medium
Z = High
1 = minor
2 = significant
3 = v
significant
1 = may
occur
2 = likely
3 = very
likely
1 = fully under
control
2 = somewhat
controlled
3 = poor/inability
to control
1 -4 = Low
5-11 =
Medium
12-27 = High
red alert
69. 69
Risk Readiness - five steps
1.âŚidentify reputation risks
2.âŚpredict potential damage
3.âŚresponsibility is clear
4.âŚcrisis management plans are well defined
5.âŚreputation embedded in company culture
71. Dennis Tourish
Professor of Leadership
Royal Holloway, University of
London
Co-editor of âLeadershipâ
Email:
Dennis.Tourish@rhul.ac.uk
DYSFUNCTIONAL LEADERSHIP
IN CORPORATIONS
Ken Lay
AKA âKenny Boyâ
Jeffrey Skilling
72. Amazon May 2016- 163253 books with âLeadershipâ in their
title. If you read one every day including weekends it would
take you 447 yearsâŚ.
BUT â there are only
346 books with
âFollowershipâ in their
title
We have a fixation on
leadership, though
without followers
there are no leadersâŚ
73.
74. SOME ASSUMPTIONS
⢠Followers should
conform â mostly, do
what they are told
⢠Leaders know best
(but do they always?)
⢠Dissent is resistance to
be overcome
Whoâs
the boss
BBC 2
March
2016
78. A MAJOR SOURCE
OF ERROR???
âThe temptation to tell a
Chief in a great position
the things he most likes
to hear is one of the
commonest explanations
of mistaken policy. Thus
the outlook of the leader
on whose decision fateful
events depend is usually
far more sanguine than
the brutal facts admit.â
Winston Churchill (1931)
INGRATIATION...
79. âA lot of times in politics you have
people look you in the eye and tell
you what's not on their mind.â --
George W. Bush, Sochi, Russia, April
6, 2008
80. EFFECTS OF FLATTERY
⢠A study of 451 CEOs looked at the impact on them of more
intense and frequent flattery (e.g., offering exaggerated
compliments) and opinion conformity (e.g., expression of
agreement even when people don't agree).
⢠Flattery and opinion conformity
linked to CEOs having more
favourable evaluations of their own
strategic judgments and leadership
skills, being less likely to make
strategic changes when firm
performance suffered, and more
prone to lead firms that suffered
persistently poor performance.
Hyuan Park, Westphal and Stern, ASQ,
2011
81. EFFECTS OF NARCISSISM
⢠Highly narcissistic CEOs less responsive to
whether recent firm performance was good or
bad - continued to make equally risky
investments (e.g. acquisitions of new companies)
regardless of recent performance. Their less
narcissistic peers more cautious in bad times and
tended to take bigger risks during good times.
Chatterjee and Hambrick, ASQ, 2011
82. EFFECTS OF NARCISSISM
⢠Less narcissistic CEO's werenât affected much by
media praise. The highly narcissistic made riskier
investments after getting praised in the media.
The narcissists were swayed more by "social
praise" and less by recent performance!
⢠âThe only benefit of flattery is that by hearing
what we are not, we may be instructed what we
ought to be.â
Jonathan Swift
83. IRRATIONAL BIASâ
ILLUSORY SUPERIORITY
⢠69% of drivers consciously worry about being
killed when driving
⢠Only 1% believe they drive worse than average
⢠98% think they are safer than, or as safe, as the
average driver.
Brake (Road Safety Charity) Survey of 800 UK
adults, March 2011
84. âHave you ever noticed that anybody
driving slower than you is an idiot, and
anyone going faster than you is a
maniac?â
George Carlin
87. HOW WE TREAT
CRITICAL FEEDBACK
⢠Subjecting critical
feedback to criticism/
accepting positive
feedback
⢠âI DONâT BELIEVE ITâ
⢠Deny failure
88.
89.
90.
91.
92.
93. WHAT CAN BE DONE?
⢠Seek out formal and informal
contact with people as often as
possible
94. WHAT CAN BE
DONE?⢠Scrutinise positive
feedback more rigorously
than negative feedback
⢠Institutionalise dissent
into the decision-making
process â e.g. promote/
cherish/ reward
contrarians
⢠Create a culture that
confronts âthe brutal
facts of realityâ â i.e.
where the truth is heard
95. A CLIMATE WHERE THE
TRUTH IS HEARD
Lead with questions,
not answers
Practice saying:
⢠âI donât knowâ
⢠âWhat do you think?â
⢠âWhere have we gone wrong?â
⢠âWhat could we do better?â
96. A CLIMATE WHERE THE
TRUTH IS HEARD
Engage in debate, not coercion
⢠Have chaotic meetings
⢠Loud debate
⢠Heated discussions
⢠Healthy conflict
Dennis.Tourish@rhul.ac.uk
97. Career development for
company secretaries
Valerie Teller, Switched On Coaching
With Conor Ryan FCIS, President, ICSA Ireland
98. Outline for this session
1. What are your long-term career aspirations?
2. How do you raise your profile?
99.
100. 1 | What are your long-term career aspirations?
⢠What do you really want?
⢠What is important to you?
⢠When you are 95, what will you want to say about your
life?
101. 2 | How do you raise your profile?
From their perspectiveâŚ
⢠When it comes to your career,
who are your stakeholders?
⢠Whatâs important to them?
⢠How can/do you make their
jobs easier?
From your perspectiveâŚ
⢠What is it that you see/know
about your organisation that
others donât?
⢠What is important about what
you do?
⢠How does the co sec function
add value to your
organisation?
102. 2 | How do you raise your profile?
A few tips
⢠Create opportunities by creating connections
⢠Stretch your comfort zone â itâs like a muscle
⢠Get support
103. 2 | How do you raise your profile?
BE CURIOUS
104. Career development for company secretaries
What will you take away from todayâs session?
106. Risk Culture and Risk Culture Inspections
ICSA Conference 2016
24th May 2016
Mark Burke
Chief Risk & Compliance Officer, Mediolanum Ireland
107. 10
Agenda
Background & Context
What do regulatory authorities mean by culture?
Drivers of Culture in a firm
Conclusion
Indicators of a sound risk culture
108. What has brought about this focus on culture?
108
How to safeguard rather that
inadvertently profit from these?
Prevailing view that weakness in
culture at the heart of the financial
crisis
Is point-of-sale material there to
protect the company or inform the
customer?
109. 10
Agenda
What do regulatory authorities mean by culture?
Background & Context
Drivers of Culture in a firm
Conclusion
Indicators of a sound risk culture
110. 11
What do regulatory authorities mean by culture?
Culture is like DNA: it shapes judgements, ethics and behaviours that
matter to the reputation and performance of the business
It shapes the service provided to customers and clients
An effective culture is one that supports:
⢠the fair treatment of customers, and
⢠Promotes sound risk taking and risk aware decisions throughout
the business
Examine culture though the lens of doing the right thing
Ownership and responsibility for ensuring risk aware and client
focussed outcomes rests with each and every employee and should
not be seen as something that can be delegated to the risk &
compliance functions
111. 11
Agenda
Drivers of Culture in a firm
What do regulatory authorities mean by culture?
Background & Context
Conclusion
Indicators of a sound risk culture
112. 11
Drivers of Culture at a firm
Examine culture through the lens of doing the right thing whether from a risk or conduct perspective
- Strong Corporate Governance
- Setting the tone from the top
- Translating this into easily understood business
practices through values such as accountability and
ensuring effective communication and challenge
- Supporting the right behaviours through
performance management, employee development
and reinforcing these through reward programmes
The responsibility for ensuring the right outcomes resides with everyone at the firm, led by senior management, and not
something delegated to compliance or control functions
113. 11
Agenda
Indicators of a sound risk culture
What do regulatory authorities mean by culture?
Drivers of Culture in a firm
Conclusion
Background & Context
114. ⢠Succession planning processes for key positions
⢠Focus on financial and non-financial incentives
⢠Job rotation between control functions and
business lines
Incentives and Behaviours
Tone from the Top
Accountability
Effective
Communication &
Challenge
⢠Board Ownership of Strategy
⢠Alignment of Strategy with Core Values
⢠Leading by example
⢠Learning from mistakes
⢠Ownership by the front line
⢠Common understanding and awareness at all levels
⢠Clear escalation processes to support risk management
⢠Consequences are clearly established
⢠Established mechanisms to facilitate communication and
⢠Bring alternate views to the decision making process
⢠Risk function seen as a genuine business partner
⢠Ongoing training on the institutionâs desired behaviours
Indicators of a sound risk culture
116. 11
Key Takeaways
⢠Greater awareness of the importance of culture in driving key behaviours in firms
⢠Having a framework to demonstrate the various mechanisms in place to
⢠Monitor,
⢠Shape, and
⢠Influence the culture within the firm over timeâŚ
to deliver risk aware decision making and good consumer outcomes.
119. ODCE and the Companies Act
One Year on
Kevin Prendergast
Head of Enforcement, ODCE
120. ODCE Impacts
ď§ In insolvency
ď§ Offering restriction undertakings to remove the need for
High Court proceedings
ď§ Power to wind up companies in public interest â none to
date
ď§ In examinership
ď§ ODCE must get copy of report to the Court â small
number to date
121. ODCE Impacts
ď§ In enforcement
ď§ Auditors must report offence of financial statements
failing to give a true and fair view â no reports to date â
preparing guidance for auditors
ď§ Directorsâ loans can be validated by new Summary
Approvals Procedure â have found one example of this
being undertaken
122. Other judicial developments
ď§ Significant Court of Appeal judgement
ď§ DCE v Walsh & Ors, disqualification action by the
Office under what was s160(2)(h) CA 1990, now
s842(h) CA 2014, company struck off with debts
owing
ď§ High Court declined to disqualify on basis of general
economic downturn, lack of qualifications of
directors, scale of enterprise, past behaviour
ď§ Court of Appeal judgement in January 2016
123. Other judicial developments
ď§ Key aspects of judgement
ď§ âFinancial maelstromâ does not change nature of the
law
ď§ Scale of enterprise and qualifications of directors are
irrelevant
ď§ Other past behaviour irrelevant
ď§ Passive directors cannot be exonerated on that basis,
all director expected to take steps to secure compliance
125. Panel discussion:
The Companies Act â one year on
Conor Sweeney, CLS Chartered Secretaries
Maureen OâSullivan, Registrar of Companies
Kevin Prendergast, ODCE
Ruairi Cosgrove, PwC
Sal Nash, KPMG