In a business environment where a damaging Twitter post can have disastrous effects on a company’s financials, reputational risk remains the top nonfinancial concern for corporate directors, according to a new survey report.
Another risk rooted in technology—cybersecurity and information technology risk—is rising quickly among directors’ concerns, according to the fifth annual Board of Directors Survey report by accounting, tax, and consulting firm EisnerAmper.
Directors from more than 250 boards participating in the survey were asked which areas of risk—aside from financial risk—were most important to their board. Respondents—who participate on boards of publicly traded, private, and private-equity-owned companies as well as not-for-profits in the United States—were allowed to list multiple areas of risk concern.
Almost three-fourths of all respondents (72%) listed reputational risk among those areas, nearly identical to the 73% who listed reputational risk in 2013. Meanwhile, cybersecurity and IT risk rose nine percentage points from 2013 to 62%, overtaking regulatory compliance risk, which fell six percentage points to 50%.
Private company directors chose cybersecurity and IT risk as their No. 1 concern.
Steven Kreit, a partner in EisnerAmper’s public companies practice, said in a news release that regulatory concerns seem to have dropped following the rollout of legislation in the United States such as the Dodd-Frank Wall Street Reform and Consumer Protection Act, P.L. 111-203, and the Patient Protection and Affordable Care Act, P.L. 111-148.
“When we take into account additional feedback from the participants, it paints a picture of boards coming to terms with both Dodd-Frank and health care reform,” Kreit said.
The survey was completed before two separate and opposing appeals court decisions Tuesday fanned the flames of the political debate over U.S. health care reform legislation.
Meanwhile, rising cybersecurity and IT concerns create an imperative for senior management to get up to speed on risks related to the security of technology. While 74% of directors said their CEOs have a strong understanding of regulatory compliance challenges, barely half (51%) said their CEOs possess a strong understanding of cybersecurity topics.
CFOs also were perceived by board members as more often having a strong understanding of regulatory compliance changes (79%) than cybersecurity (58%).
“Given the results of the survey, we have a concern that boards need to have deeper intelligence about issues that might create reputational harm in their companies and must be better prepared to move quickly in the event of a problem,” EisnerAmper CEO Charles Weinstein, CPA, said in the report. “Boards recognize the potential harm, but they have yet to plan accordingly.”
Accounting standards remain a significant area of regulatory compliance concern for board members. As companies begin to digest the new, converged accounting standard on revenue recognition, which was released in May, 59% of directors said they are concerned or very concerned about accounting standards as an area of regulatory compliance risk.
Tax ranked second (57%) in areas of regulatory compliance concern. None of the other areas—health care reform, Dodd-Frank, energy legislation, and environmental—exceeded 42%.
Ken Tysiac (
) is a JofA editorial director.