ICSA Ireland Conference 2016

The ICSA Ireland Conference
24 May 2016

Conference Chair
Conor Ryan, Chair, ICSA Ireland Branch

To view all the slides, go to the
conference webpage and click the link.

Follow us on: @ICSA_News
Please use the hashtag #ICSAIre16

ICSA 125
Simon Osborne, Ireland conference, 24 May 2016

125 years of leading governance
ICSA125
This October we celebrate 125 years since the institute first was first formed.
• 1891: the Institute of Secretaries
• 1971: the Institute of Chartered Secretaries and Administrators
• 2016: ICSA: The Governance Institute

• Positioning ourselves for the future
• ICSA: The Governance Institute
• Royal Charter to lead ‘effective governance and efficient administration of
commerce, industry and public affairs’

Where we’re heading:
• ICSA to be the provider of products and services to support the skills and
knowledge of professionals working in governance and legal and regulatory
compliance roles in organisations of all types and sizes and in any sector
• A wider set of products and services, particularly qualifications, for people
outside of the corporate market
• Revision of qualifications to keep them current and in demand
• Higher public profile in the media

How we’re getting there:
• Continued focus on raising our public profile
• Increased public profile courtesy of the Policy team, ie Code of Governance for
CCGs, blogs, technical briefings, articles, speaking at events and responding
to consultations
• Positioning ICSA as a thought leader in national and regional media
• Governance and Compliance magazine
• Research projects
• www.icsa.org.uk

Encouraging the future faces of governance:
• One to Watch, ICSA Awards
• Tom Morrison Essay Prize – the Keating twins!

Governance professionals are right at the heart of things, promoting accountability,
transparency, integrity and stewardship to ensure that organisations operate in a
manner which is most productive.
‘Governance focus has increased, the company secretary’s role has increased,
[there is] more work to do, and that work is more visible.’ (The Company Secretary:
Building trust through governance, Henley Business School)
The study, development and practice of governance are here to stay.
ICSA: The Governance Institute has a bright future ahead of it!

Keynote address
PJ Timmins, Director, The Alternative
Board and former CEO, Clerys plc

Cyber security:
What does it mean
for your business?
ICSA Conference 2016
Jared Carstensen
24th May 2016

About me…..
A|14 Jared Carstensen | 24th May 2016

My Journey….
Every kid dreams of their perfect job
Baby Firefighter Policeman Leader / Politician CISO
15 | Jared Carstensen | 24th May
2016

Perception vs Reality
Before & After
Before Breach
2016
During & Post Breach

Bringing the ease of an attack home…..
B|17 Jared Carstensen | 24th May 2016

Information Security – People, Processes & Technology
Each of us is only ever one click away!
How easy is it? An example scenario of what could happen!
2016

Context
C|19 Jared Carstensen | 24th May 2016

The Threat Landscape
Criminals, Hacktivists, Insiders, Nation States
2016
This is Real – if you use the internet or send email, you are a target….
▪ Affecting every single person & business (viruses, malware, cybercrime etc.)
▪ World Economic Forum highlights risk of cyber attack among its highest global risks
▪ Over 90% large corporates (globally) have experienced incidents & attacks
▪ Top 5 priority for CEO’s – FTSE 100 & FTSE 250 – Wall Street Journal
▪ Breaches impact negatively on share price, consumer, people & partner confidence
▪ Cyber crime makes more money than the narcotics / drugs trade and is a truly
international ‘borderless’ crime

Danger Signs
D|21 Jared Carstensen | 24th May 2016

Danger Signs for Security
Common mistakes that lead to failed programmes
10 | Jared Carstensen | 24th May2016
Ineffective security programmes / departments do the following:
Χ “Why would anyone want to hack us” mind-set.
Χ Treat all information and systems the same.
Χ Use ‘No’ often to block projects or initiatives.
Χ Apply checklist based security!
Χ Drive policies as the primary way to change behaviours.
Χ Try to fix all security risks with technologies and products.
Χ No metrics or reporting to Audit Committee / Board.
Χ Treat security as a technical area that is looked after by the IT department.
Χ Inability to communicate in simple and concise business terms.

Ensure the following….
E|11 Jared Carstensen | 24th May 2016

Effective Security Beats ‘Good’ or CompliantSecurity
Focus on the small steps to yield big changes
Effective security programmes / departments do the following:
 Endorsement, mandate and comment of support from highest member of company.
 Prioritised and categorised list of critical services, functions and systems.
 Embrace organisational culture and promote positive behaviours.
 Make the message stick and memorable – people first / focussed approach!
Ongoing reporting to Management, Audit Committee and Board.
Which projects have been seen as a success, why they succeeded & replicate those.
 Focus on capability and enhancing maturity as opposed to purely controls based security.
 The best form of security is the one this is invisible to the user and has various layers.
 Consistently enhance practices to help prepare for incident response / breach activities.

Final Thoughts….
F|25 Jared Carstensen | 24th May 2016

Cyber Sales / Scaremongering – it has got to stop!
Call for calm, actionable and measured steps

Car Accidents vs Cyber Breaches!
Are there similarities / comparisons?
• Rules of road to protect drivers and pedestrians
• Regulations and standards to protect businesses and consumers
• Speed limits depending on the type of road
• Regulations depending on the type of industry and sector
• Wide choice of cars available depending on your needs
• Wide choice of solutions and providers depending on your requirements
• By not adhering to rules and laws of the road, you put your own and others’ lives at risk
• By not adhering to security rules, standards, frameworks and best practice, thousands of
incidents are happening every day putting your organization and it’s customers at risk
• Despite all road safety guidelines, laws and awareness there are countless road accidents
and fatalities every day
• Despite all the standards, guidance, frameworks, regulations and more solutions and
services than ever before; countless incidents, breaches and non-compliance continue
Is your organization driving recklessly, or are they simply asleep at the wheel?

Thank you
Jared Carstensen
Chief Information Security Officer

30
Managing Risk and Reputation
Niamh Boyle, Managing Director, The Reputations Agency
24th May 2016, ICSA Annual Conference

About The Reputations Agency
31
The Reputations Agency is a full service Consumer Brand, Corporate PR and Reputation
Management agency and part of Ireland’s biggest ideas company, the ddfh&b Group and
the global JWT network.
Across our three divisions we tell brand stories and manage the reputations of some of the
world’s biggest brands. Using global and local insights which shape and inform our
thinking, we deliver smart strategies and great ideas with a single minded focus - getting
your brands and companies talked about.
We are the leading experts in reputation management in Ireland, and exclusive partners of
the global Reputation Institute, with our Ireland RepTrak® Report a calendar feature for the
CEOs of many of Ireland’s best known organisations.
Our TRA Brands team builds campaigns from the ground up in partnership with some of the
top marketers in the country. We are a key part of the inter-agency planning process with
some of the most experienced brand experts and freshest thinkers in the country.
Our Corporate and Financial team are PR experts with strategic marketing, financial, legal
and reputation management capability who act as trusted advisors to leading Irish
businesses. We offer analysis, strategy, media relations and expert counsel to build profiles
and engage stakeholders while also providing issues and crisis management support when
organisations need it most.

About the Reputation Institute
• Reputation Institute is the world’s leading
reputation management consultancy, founded
in 1997.
• Its Global RepTrak® Pulse study is the
world's largest reputation study, measuring
more than 2,000 companies from 25
industries across 40 countries.
• The study provides key insights into what
drives perceptions and how they influence
marketplace behaviour, and powerful
global benchmarking.
• RepTrak® also serves as the basis for
continued thought leadership in the
reputation management field.
• RI’s Reputation Leaders Network is the
premier network of senior executives from
more than 100 global member companies
who work together to advance the practice
of corporate reputation management
collectively and for their organisations.
United Arab Emirates
c
Canada
United States
Colombia
Chile
Brazil
South Africa
Australia
Malaysia
India
Japan
China
Portugal Spain
Russia
Turkey
Ukraine
Germany
Norway
Greece
Ireland
United Kingdom
France
Switzerland
Denmark
Netherlands
Sweden
Italy
Mexico
Panama
Puerto Rico
Perú
Argentina
Knowledge
Publication
Conferences
Training
Research
Information
Analysis
Presentation
Advice
Insight
Strategy
Activation

Why should we
care about
reputation?
*

Direct experience
What a company
communicates
What others say
Touch Points Reputation Behaviour Business Results
A strong reputation increases supportive behaviours
and delivers positive business results

Regulators
Media
&Social
Media
General
Public
Employees
Customers
Key
Opinion
Leaders Support/
Refer
Work For/Recommend
Necessary to
understand your
stakeholders, and how to
influence them across
communications touch-
points, in order to
drive/shape the
perceptions that support
your company’s results
Why should we care about
reputation?

Note: The RepTrak® Index was calculated from the daily stock market values of the 10 most reputed companies with a RepTrak® Pulse score above 70 in the
UK RepTrak® Pulse rankings and adjusted each year in January. The values of the RepTrak® Index and FTSE100 Index shown are percentage changes from
January 1, 2009.
Ten most highly reputed companies outperform FTSE100 Index 2009–2015
Analysis of the share price of the most highly reputed companies shows that they consistently outperform the market – in the U.S.,
FTSE, CAC and Nordic countries.
Why should we care about reputation?

…and there’s much more at stake!
17%
32%
68%
80% 81%
83% 68% 32% 20% 19%
0%
20%
40%
60%
80%
100%
1975 1985 1995 2005 2009
Components of S&P 500 Market Value
Intangible Assets Tangible Assets

* Who you are as a Company matters more than what you Sell
Product Enterprise
38% 72%
The companies that are investing here
are capturing competitive advantage

Would buy the
products
6%
Would recommend
the products
Would work for
Would welcome into
local community
14% 34% 56% 86%
4% 9% 26% 53% 86%
5% 11% 28% 54% 84%
7% 16% 35% 59% 86%
0-39 40-59 60-69 70-79 80+
RepTrak®
Pulse Score
POOR
<40
AVERAGE
60-69
STRONG
70-79
WEAK
40-59
EXCELLENT
>80
* A Strong Reputation Reduces the Transaction Cost of doing Business

* How do we know what external audiences believe about us?
Why do you love me? Do you love me? What are the
practical consequences?
Defines what drives
corporate reputations
Direct measurement of
corporate reputation (as a
proxy for trust)
Defines the consequences of
corporate reputations in terms
of intended behaviour
Dimensions Reputation Behaviour

55.00
60.00
65.00
70.00
75.00
80.00
85.00
Y 2010 Y 2011 Y 2012 Y 2013 Y 2014
REPUTATION DEVELOPMENTS
THE COCA-COLA COMPANY
United States of America Australia China Spain
• RepTrak® enables a firm to see in
time negative trends in public opinion,
regarding key issues like for example
OBESITY
• Coca-Cola, just like McDonalds,
could have seen the gradual
decrease in the perceptions of the
company that appeared to be linked
to growing worries among external
audiences regarding healthy food.
RepTrak® works as an Early Warning System

• The company does well as a brand as it is in the
Top 3 of Interbrand’s Global Ranking
• However, its reputation is substantially lower and decreasing:
– Global RepTrak® 2016 - The Coca-Cola company ranks #83
– Global RepTrak® 2015: Rank #67
– Global RepTrak® 2014: Rank #52
– Ireland RepTrak 2016 ® - Rank #68
• As a consequence performance decreases

74.58
78.55
RepTrak® Score
Globally
All Global Pulse scores that differ by more than +/-0.9 are significantly different at the 95% confidence level.
Pulse scores are based on questions measuring Trust, Admiration & Respect, Good Feeling and Overall Esteem (captured in the RepTrak® Pulse score on a 0-100 scale).
78.98
85.41
79.19
83.19
83.34
84.77
78.95
79.29
76.64
88.33
76.19
75.19
69.80
71.26
POOR
<40
AVERAGE
60-69
EXCELLENT
>80
STRONG
70-79
WEAK
40-59
BMW Group – Reputation profile across 15 markets

Ireland RepTrak ® 2016 –
Reputations of the largest & most visible companies in Ireland

Ireland RepTrak® 2016 –
Reputations of the largest & most visible companies in Ireland

RepTrak® Pulse
Ireland 2016
79,6
78,4
77,3
76,4
76,1
75,9
75,9
75,4
75,2
75,1
74,8
74,4
74,2
73,8
73,7
73,0
72,9
72,6
72,4
72,0
71,8
71,7
71,3
71,1
71,0
70,9
70,7
70,5
69,1
68,4
68,1
68,0
68,0
67,7
67,3
67,1
66,6
66,6
66,5
66,4
65,7
65,0
64,2
63,9
63,9
63,6
63,5
63,1
63,1
63,1

BordBía
Eason&Son
AnPost
Google
Lidl
CreditUnions
AldiStores
BMW
Ford
Boots
SuperValu
Intel
Toyota
Kellogg's
Glanbia
Cadbury
ourismIreland
AerLingus
SmythsToys
KerryGroup
Applegreen
Microsoft
IRFU
homasGroup
Spar
ydsPharmacy
ewlett-Packard
pencerGroup
heIrishTimes
ttLaboratories
Heineken
Coillte
Arnotts
Aviva
ESB
Primark
BordnaMóna
Nissan
Apple
IBM
IrishDistillers
Dell
yaHealthcare
VirginMedia
Allianz
Three
unnesStores
dGáisEnergy
GAA
News&Media
0
10
20
30
40
50
60
70
80
90
100
Excellent/Top tier 80+
Strong/Robust 70-79
Average/Moderate 60-69
Weak/Vulnerable 40-59
Poor/Low est tier <40
Ireland RepTrak® 2016
28 companies in the
Strong tier
41 companies in the
Average tier

41 companies in the
Average tier
30 companies in the
Weak tier
One company in the
Poor tier in 2015
RepTrak® Pulse
Ireland 2016
62,9
62,8
62,6
62,5
62,5
62,4
62,2
62,0
62,0
61,8
61,6
61,4
61,2
61,1
61,0
60,7
60,6
60,2
60,0
59,9
59,5
59,2
59,0
59,0
58,9
58,6
58,5
58,5
58,5
58,4
58,1
58,0
58,0
57,8
57,6
56,9
56,0
55,4
54,2
54,1
53,3
52,3
51,6
48,9
47,7
46,9
46,8
46,2
44,7
14,3

Centra
Pfizer
LifeAssurance
Vodafone
eann-IrishBus
DAA
IrishLife
arnrodÉireann
Volkswagen
Sky
Axa
Tesco
Ryanair
GSK
Diageo
RTÉ
KBCBank
ColaCompany
usÁthaCliath
PwC
FBD
VhiHealthcare
EY
Maxol
FriendsFirst
RSA
TV3
ertyInsurance
KPMG
EnergyGroup
ationalLottery
facebook
SSEAirtricity
Deloitte
Renault
PepsiCo
Permanenttsb
Meteor
CIÉ
PaddyPower
UlsterBank
BTIreland
EBS
Ladbrokes
FAI
McDonald's
BankofIreland
AIB
eir
IrishWater
0
10
20
30
40
50
60
70
80
90
100
Strong/Robust 70-79
Poor/Lowest tier <40
Ireland RepTrak® Pulse 2016

Ireland RepTrak® Pulse 2016 – Ranked 75-51
2015 2016
51 Centra 67,4 62,9 -4,5
52 Pfizer 68,5 62,8 -5,7
53 Zurich Insurance 67,1 62,6 -4,5
54 Vodafone 56,7 62,5 5,9
55 Bus Éireann- Irish Bus 67,2 62,5 -4,7
56 DAA 64,0 62,4
57 Irish Life 61,2 62,2
58 Iarnrod Éireann 58,1 62,0 3,9
59 Volkswagen 77,9 62,0 -15,9
60 Sky 62,8 61,8
61 Axa 63,0 61,6
62 Tesco 60,2 61,4
63 Ryanair 54,1 61,2 7,1
64 GSK 67,3 61,1 -6,2
65 Diageo 64,7 61,0 -3,7
66 RTÉ 65,0 60,7 -4,4
67 KBC Bank 60,8 60,6
68 The Coca-Cola Company 61,8 60,2
69 Dublin Bus - Bus Átha Cliath 53,2 60,0 6,8
70 PwC 56,8 59,9 3,1
71 FBD 61,9 59,5
72 Vhi Healthcare 56,0 59,2 3,1
73 EY - 59,0
74 Maxol 59,7 59,0
75 Friends First 59,2 58,9
n = 3.612 3.601
2015-
2016
Strong/Robust 70-79

Strong/Robust 70-79
Ireland
[sorted by 2016] 2015 2016 2015 2016
26 LloydsPharmacy - 70,9 51 Centra 67,4 62,9 -4,5
27 Hewlett-Packard 69,4 70,7 52 Pfizer 68,5 62,8 -5,7
28 Marks & Spencer Group 72,5 70,5 53 Zurich Insurance 67,1 62,6 -4,5
29 The Irish Times 67,1 69,1 54 Vodafone 56,7 62,5 5,9
30 Abbott Laboratories 67,8 68,4 55 Bus Éireann- Irish Bus 67,2 62,5 -4,7
31 Heineken 67,7 68,1 56 DAA 64,0 62,4
32 Coillte 65,9 68,0 57 Irish Life 61,2 62,2
33 Arnotts 74,5 68,0 -6,5 58 Iarnrod Éireann 58,1 62,0 3,9
34 Aviva 64,2 67,7 3,6 59 Volkswagen 77,9 62,0 -15,
35 ESB 63,7 67,3 3,6 60 Sky 62,8 61,8
36 Primark 73,4 67,1 -6,3 61 Axa 63,0 61,6
37 Bord na Móna 65,6 66,6 62 Tesco 60,2 61,4
38 Nissan 74,2 66,6 -7,7 63 Ryanair 54,1 61,2 7,1
39 Apple 71,1 66,5 -4,6 64 GSK 67,3 61,1 -6,2
40 IBM 71,6 66,4 -5,1 65 Diageo 64,7 61,0 -3,7
41 Irish Distillers 63,4 65,7 66 RTÉ 65,0 60,7 -4,4
42 Dell 70,9 65,0 -5,9 67 KBC Bank 60,8 60,6
43 Laya Healthcare 61,8 64,2 68 The Coca-Cola Company 61,8 60,2
44 Virgin Media 51,3 63,9 12,5 69 Dublin Bus - Bus Átha Cliath 53,2 60,0 6,8
45 Allianz 64,5 63,9 70 PwC 56,8 59,9 3,1
46 Three 57,2 63,6 6,4 71 FBD 61,9 59,5
47 Dunnes Stores 64,6 63,5 72 Vhi Healthcare 56,0 59,2 3,1
48 Bord Gáis Energy 59,2 63,1 3,9 73 EY - 59,0
49 GAA 71,9 63,1 -8,8 74 Maxol 59,7 59,0
50 Independent News & Media 53,4 63,1 9,7 75 Friends First 59,2 58,9
n = 3.211 3.619 n = 3.612 3.601
RepTrak® Pulse development
2015-
2016
2015
201

Strong/Robust 70-79
5 Lidl 72,9 76,1 3,2
6 The Irish League of Credit Unions 77,6 75,9 Lowest score 2016
7 Aldi Stores 72,9 75,9 Irish Water
8 BMW 71,8 75,4 3,6
9 Ford 72,7 75,2
10 Boots 81,6 75,1 -6,5
11 SuperValu 71,4 74,8 3,4 Biggest climb 2016
12 Intel 74,9 74,4 Virgin Media
13 Toyota 76,3 74,2
14 Kellogg's 81,0 73,8 -7,2
15 Glanbia 70,5 73,7 3,2
16 Cadbury 73,5 73,0 Biggest fall 2016 -15,9
17 Tourism Ireland 73,8 72,9 Volkswagen
18 Aer Lingus 74,9 72,6
19 Smyths Toys 75,5 72,4
20 Kerry Group 70,4 72,0
21 Applegreen - 71,8
22 Microsoft 74,7 71,7
23 IRFU 77,6 71,3 -6,2
24 Brown Thomas Group 71,3 71,1
25 Spar 66,4 71,0 4,6
n = 3.015 3.702
14,3
12,5
Ireland
[sorted by 2016] 2015 2016
1 Bord Bía 79,8 79,6 Highest score 2016
2 Eason & Son 72,8 78,4 5,6 Bord Bía
3 An Post 75,3 77,3
4 Google 84,4 76,4 -8,0
5 Lidl 72,9 76,1 3,2
8 BMW 71,8 75,4 3,6
9 Ford 72,7 75,2
10 Boots 81,6 75,1 -6,5
13 Toyota 76,3 74,2
14 Kellogg's 81,0 73,8 -7,2
15 Glanbia 70,5 73,7 3,2
16 Cadbury 73,5 73,0 Biggest fall 2016 -15,9
17 Tourism Ireland 73,8 72,9 Volkswagen
18 Aer Lingus 74,9 72,6
19 Smyths Toys 75,5 72,4
79,6
14,3
12,5
2015-
2016

Strong/Robust 70-79
Ireland
[sorted by 2016] 2015 2016
1 Bord Bía 79,8 79,6 Highest score 2016
2 Eason & Son 72,8 78,4 5,6 Bord Bía
3 An Post 75,3 77,3
4 Google 84,4 76,4 -8,0
5 Lidl 72,9 76,1 3,2
8 BMW 71,8 75,4 3,6
9 Ford 72,7 75,2
10 Boots 81,6 75,1 -6,5
13 Toyota 76,3 74,2
79,6
14,3
12,5
2015-
2016

52
Ireland RepTrak® 2016 - Industry ranking
Ireland Average
Pulse 63.6
Food - Manufacturing (4) n = 401
Retail - General (11) n = 1.701
Computer (6) n = 606
Automotive (6) n = 603
Public Services (5) n = 602
Pharmaceuticals (5) n = 502
Information & Media (6) n = 707
Energy (7) n = 1.406
Retail - Food (5) n = 899
Transport & Logistics (5) n = 799
Beverage (5) n = 1.000
Financial - Insurance (11) n = 1.099
Services (6) n = 1.102
Telecommunications (7) n = 604
Financial - Bank (7) n = 1.699
Total n= 13.732
Ireland
Industry rank
73.1
69.1
64.8
63.9
63.4
62.4
58.7
55.8
71.7
68.5
64.1
63.5
63.2
61.5
57.1
63.2
73.1
71.7
69.1
68.5
64.8
64.1
63.9
63.5
63.4
62.4
61.5
58.7
57.1
55.8
0 20 40 60 80 100

54
1978 1984 2001
The topic is not at all new…

55
20101989
…and the Energy/Petrochemical industry has seen some major incidents

56
The difference between then and now is extremely different
– Impacts today are immediate and global…
TodayYesterday

57
For BP, the Deep Water Horizon incident had a devastating impact on their
reputation – and consequently their financial performance

HOW VW LOST THE PUBLIC’S TRUST
September 2015 - US EPA announced Volkswagen had been installing sophisticated
software to cheat diesel emission tests - Volkswagen’s cars were environmentally
friendly no more. The general public’s trust in the automaker was highly damaged in the
US as well as globally.
Country Q1 RepTrak®
Pulse
Q4 RepTrak®
Pulse
Δ RepTrak®
Pulse
UK 82.7 52.8 -29.9
SPAIN 74.8 47.1 -27.7
ITALY 77.9 52.2 -25.7
FRANCE 76.1 51.3 -24.8
GERMANY 80.6 57.1 -23.5
US 69.7 61.0 -8.7
VW RepTrak® Pulse in Germany and VOW.DE Stock Price: Q1 2015
through January 2016

59
Crisis hits your reputation harder if your reputation is already weak.
Be aware of industry belonging!
RepTrak® Pulse
Score 40-59 70-7960-69
Reputation Loss
post a negative
event
- 15 - 11 - 6
CRISIS AND
REPUTATION
Industry
Reputation Loss
post a negative
event
- 23 - 8 - 6
CRISIS AND
INDUSTRY
Banking
Consumer
Goods
Pharma
1
2
3
4

60
Reputation risk and how to manage it
…That impacts stakeholders’
perception and
behaviour…
A reputation risk is a
potential negative event…
What it is
…and ultimately impacts on
business results

61
Exercise
Take two minutes to jot down
the reputational risks to your business
List the top five....

65
Perception
- 13,3
- 25,7
Max loss on reputation score in case of risk
1
2
3
4
What is more at stake in case of risks?

66
1 Accounting malpractices
2 Bankruptcy fraud
3 CEO resignation after a financial scandal
4 Child labor in a supplier's factory
5 Delayed reporting of defects
6 Fraud and abuse allegations
7 Homophobic comments of top management
8 Incoherent communication of corporate strategy
9 Labor strike in emerging market
10 Mandatory product recall
11 NGOs very critical against a plant
12 Price increase
13 Product fraud
14 Bribery of Public officials
15 Repeated product recalls
16 Service changes and interruption
17 Sexual harassment
18 Strong layoffs
19 Unaware utilization of toxic packaging
20 Wage Renegotiation
The top 20 reputation risks
Every company needs to monitor
How many of you are
monitoring these
risks?

67
The process that tracks
PROGRESS and
input to the organisation
over time
The factor that describes how
likely it is that the RISK
will materialize and how it
will impact stakeholder
perceptions & support
3. Monitoring1. Impact 2. Readiness
The factor that defines how
PREPARED the company is
to identify, mitigate and
respond to a crisis
M
I
T
I
G
A
T
I
O
N
Reputational Risk –
Three key variables need management

68Risk Register
Template - Risk Register
No. Description of Risk Area/Division Risk Type Impact Likelihood Control rating Risk Score Planned Response Mitigation/controls Risk Owner
Summary of Risks:
X = Low
Y = Medium
Z = High
1 = minor
2 = significant
3 = v
significant
1 = may
occur
2 = likely
3 = very
likely
1 = fully under
control
2 = somewhat
controlled
3 = poor/inability
to control
1 -4 = Low
5-11 =
Medium
12-27 = High
red alert

69
Risk Readiness - five steps
1.…identify reputation risks
2.…predict potential damage
3.…responsibility is clear
4.…crisis management plans are well defined
5.…reputation embedded in company culture

70
Niamh Boyle, Managing Director
Office: +353 1 661 8915
niamh@thereputationsagency.ie
www.thereputationsagency.ie
The Reputations Agency, 25 Merrion Square, Dublin 2

Dennis Tourish
Professor of Leadership
Royal Holloway, University of
London
Co-editor of ‘Leadership’
Email:
Dennis.Tourish@rhul.ac.uk
DYSFUNCTIONAL LEADERSHIP
IN CORPORATIONS
Ken Lay
AKA ‘Kenny Boy’
Jeffrey Skilling

Amazon May 2016- 163253 books with ‘Leadership’ in their
title. If you read one every day including weekends it would
take you 447 years….
BUT – there are only
346 books with
‘Followership’ in their
title
We have a fixation on
leadership, though
without followers
there are no leaders…

SOME ASSUMPTIONS
• Followers should
conform – mostly, do
what they are told
• Leaders know best
(but do they always?)
• Dissent is resistance to
be overcome
Who’s
the boss
BBC 2
March
2016

A MAJOR SOURCE
OF ERROR???
‘The temptation to tell a
Chief in a great position
the things he most likes
to hear is one of the
commonest explanations
of mistaken policy. Thus
the outlook of the leader
on whose decision fateful
events depend is usually
far more sanguine than
the brutal facts admit.’
Winston Churchill (1931)
INGRATIATION...

‘A lot of times in politics you have
people look you in the eye and tell
you what's not on their mind.’ --
George W. Bush, Sochi, Russia, April
6, 2008

EFFECTS OF FLATTERY
• A study of 451 CEOs looked at the impact on them of more
intense and frequent flattery (e.g., offering exaggerated
compliments) and opinion conformity (e.g., expression of
agreement even when people don't agree).
• Flattery and opinion conformity
linked to CEOs having more
favourable evaluations of their own
strategic judgments and leadership
skills, being less likely to make
strategic changes when firm
performance suffered, and more
prone to lead firms that suffered
persistently poor performance.
Hyuan Park, Westphal and Stern, ASQ,
2011

EFFECTS OF NARCISSISM
• Highly narcissistic CEOs less responsive to
whether recent firm performance was good or
bad - continued to make equally risky
investments (e.g. acquisitions of new companies)
regardless of recent performance. Their less
narcissistic peers more cautious in bad times and
tended to take bigger risks during good times.
Chatterjee and Hambrick, ASQ, 2011

EFFECTS OF NARCISSISM
• Less narcissistic CEO's weren’t affected much by
media praise. The highly narcissistic made riskier
investments after getting praised in the media.
The narcissists were swayed more by "social
praise" and less by recent performance!
• ‘The only benefit of flattery is that by hearing
what we are not, we may be instructed what we
ought to be.’
Jonathan Swift

IRRATIONAL BIAS–
ILLUSORY SUPERIORITY
• 69% of drivers consciously worry about being
killed when driving
• Only 1% believe they drive worse than average
• 98% think they are safer than, or as safe, as the
average driver.
Brake (Road Safety Charity) Survey of 800 UK
adults, March 2011

‘Have you ever noticed that anybody
driving slower than you is an idiot, and
anyone going faster than you is a
maniac?’
George Carlin

PROBLEMS
WITH FEEDBACK
People are especially
sensitive to negative
input – the ‘automatic
vigilance effect’

HOW WE TREAT
CRITICAL FEEDBACK
• Subjecting critical
feedback to criticism/
accepting positive
feedback
• ‘I DON’T BELIEVE IT’
• Deny failure

WHAT CAN BE DONE?
• Seek out formal and informal
contact with people as often as
possible

WHAT CAN BE
DONE?• Scrutinise positive
feedback more rigorously
than negative feedback
• Institutionalise dissent
into the decision-making
process – e.g. promote/
cherish/ reward
contrarians
• Create a culture that
confronts ‘the brutal
facts of reality’ – i.e.
where the truth is heard

A CLIMATE WHERE THE
TRUTH IS HEARD
Lead with questions,
not answers
Practice saying:
• ‘I don’t know’
• ‘What do you think?’
• ‘Where have we gone wrong?’
• ‘What could we do better?’

A CLIMATE WHERE THE
TRUTH IS HEARD
Engage in debate, not coercion
• Have chaotic meetings
• Loud debate
• Heated discussions
• Healthy conflict
Dennis.Tourish@rhul.ac.uk

Career development for
company secretaries
Valerie Teller, Switched On Coaching
With Conor Ryan FCIS, President, ICSA Ireland

Outline for this session
1. What are your long-term career aspirations?
2. How do you raise your profile?

1 | What are your long-term career aspirations?
• What do you really want?
• What is important to you?
• When you are 95, what will you want to say about your
life?

2 | How do you raise your profile?
From their perspective…
• When it comes to your career,
who are your stakeholders?
• What’s important to them?
• How can/do you make their
jobs easier?
From your perspective…
• What is it that you see/know
about your organisation that
others don’t?
• What is important about what
you do?
• How does the co sec function
add value to your
organisation?

A few tips
• Create opportunities by creating connections
• Stretch your comfort zone – it’s like a muscle
• Get support

BE CURIOUS

Career development for company secretaries
What will you take away from today’s session?

Risk Culture and Risk Culture Inspections
ICSA Conference 2016
24th May 2016
Mark Burke
Chief Risk & Compliance Officer, Mediolanum Ireland

10
Agenda
Background & Context
What do regulatory authorities mean by culture?
Drivers of Culture in a firm
Conclusion
Indicators of a sound risk culture

What has brought about this focus on culture?
108
How to safeguard rather that
inadvertently profit from these?
Prevailing view that weakness in
culture at the heart of the financial
crisis
Is point-of-sale material there to
protect the company or inform the
customer?

10
Agenda
Conclusion

11
Culture is like DNA: it shapes judgements, ethics and behaviours that
matter to the reputation and performance of the business
It shapes the service provided to customers and clients
An effective culture is one that supports:
• the fair treatment of customers, and
• Promotes sound risk taking and risk aware decisions throughout
the business
Examine culture though the lens of doing the right thing
Ownership and responsibility for ensuring risk aware and client
focussed outcomes rests with each and every employee and should
not be seen as something that can be delegated to the risk &
compliance functions

11
Agenda
Conclusion

11
Drivers of Culture at a firm
Examine culture through the lens of doing the right thing whether from a risk or conduct perspective
- Strong Corporate Governance
- Setting the tone from the top
- Translating this into easily understood business
practices through values such as accountability and
ensuring effective communication and challenge
- Supporting the right behaviours through
performance management, employee development
and reinforcing these through reward programmes
The responsibility for ensuring the right outcomes resides with everyone at the firm, led by senior management, and not
something delegated to compliance or control functions

11
Agenda
Conclusion

• Succession planning processes for key positions
• Focus on financial and non-financial incentives
• Job rotation between control functions and
business lines
Incentives and Behaviours
Tone from the Top
Accountability
Effective
Communication &
Challenge
• Board Ownership of Strategy
• Alignment of Strategy with Core Values
• Leading by example
• Learning from mistakes
• Ownership by the front line
• Common understanding and awareness at all levels
• Clear escalation processes to support risk management
• Consequences are clearly established
• Established mechanisms to facilitate communication and
• Bring alternate views to the decision making process
• Risk function seen as a genuine business partner
• Ongoing training on the institution’s desired behaviours

11
Agenda
Conclusion

11
Key Takeaways
• Greater awareness of the importance of culture in driving key behaviours in firms
• Having a framework to demonstrate the various mechanisms in place to
• Monitor,
• Shape, and
• Influence the culture within the firm over time…
to deliver risk aware decision making and good consumer outcomes.

Sports governance
Jim Boyce, former Vice President, FIFA

ODCE and the Companies Act
One Year on
Kevin Prendergast
Head of Enforcement, ODCE

ODCE Impacts
 In insolvency
 Offering restriction undertakings to remove the need for
High Court proceedings
 Power to wind up companies in public interest – none to
date
 In examinership
 ODCE must get copy of report to the Court – small
number to date

ODCE Impacts
 In enforcement
 Auditors must report offence of financial statements
failing to give a true and fair view – no reports to date –
preparing guidance for auditors
 Directors’ loans can be validated by new Summary
Approvals Procedure – have found one example of this
being undertaken

Other judicial developments
 Significant Court of Appeal judgement
 DCE v Walsh & Ors, disqualification action by the
Office under what was s160(2)(h) CA 1990, now
s842(h) CA 2014, company struck off with debts
owing
 High Court declined to disqualify on basis of general
economic downturn, lack of qualifications of
directors, scale of enterprise, past behaviour
 Court of Appeal judgement in January 2016

Other judicial developments
 Key aspects of judgement
 “Financial maelstrom” does not change nature of the
law
 Scale of enterprise and qualifications of directors are
irrelevant
 Other past behaviour irrelevant
 Passive directors cannot be exonerated on that basis,
all director expected to take steps to secure compliance

Thank You
Further Information is available from
www. odce. ie

Panel discussion:
The Companies Act – one year on
Conor Sweeney, CLS Chartered Secretaries
Maureen O’Sullivan, Registrar of Companies
Kevin Prendergast, ODCE
Ruairi Cosgrove, PwC
Sal Nash, KPMG

ICSA Ireland Conference 2016

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (14)

Similar to ICSA Ireland Conference 2016

Similar to ICSA Ireland Conference 2016 (20)

More from Institute of Chartered Secretaries and Administrators

More from Institute of Chartered Secretaries and Administrators (20)

Recently uploaded

Recently uploaded (20)

ICSA Ireland Conference 2016