Reputation risk is used to describe risks that result in damage to the reputation of the organisation which in turn exposes the entity to additional risks such as reduced revenues, loss of stakeholder support and employee turnover. Reputation damage is a potential consequence of a myriad of risks within the organisation. All risks identified in an entity’s risk profile have the potential to expose the entity to reputation damage.
So, how can the board or executive team have a sensible conversation regarding reputation risk without having to include every potential risk exposure that the entity has registered on its profile? A starting point is to ask the question – on what is our reputation built?
For some companies, it may be the superior quality of their product, for others it might be the environmentally conscious philosophy they employ, for others it may be the caring nature of their service provision.
Having considered the platform on which the “trust’ of the organisation is based, the executive and board can construct scenarios of events that have the potential to significantly erode that platform of trust.
While these events/risks might be different organisation to organisation, there are generic types of risk that tend to have the potential to impact organisations similarly.
- Strategy related
- Culture related
- Crisis related
- Operations related
- Governance related
This relates to failure of significant strategic initiatives where the actions of the organisation are seen to be operating well outside the risk appetite determined as appropriate for the organisation. This does not relate to isolated pockets of discontent. It covers issues where the strategic initiatives are seen by many as inappropriate to the organisation, where the strategic initiative fails spectacularly or, in the pursuit of new strategies, the organisation drops the ball on its core business activities.
These risks relate to inappropriate behaviour by staff or contractors and the more senior people involved, the greater the significance of the reputation damage. While a ‘rogue’ operator might be forgiven by shareholders and the community, lingering doubts will remain regarding how the perpetrator was able to operate without the organisation knowing. Equally, circumstances where the organisation sanctions “ends justifies the means” behaviour in achieving organisation objectives can come back to badly bite the organisation when that behaviour is seen to run contrary to expected standards of ethics and decency.
This relates to how the organisation responds to a crisis. History shows that organisations that respond poorly to a crisis have the ability to destroy more value than the crisis itself. Alternatively, organisations that respond well have the ability to enhance the organisation’s reputation despite the crisis that has occurred. The nature of a crisis is that it is unexpected, occurs rarely and creates highly charged environments not conducive to calmly and objectively considering appropriate responses. The organisation’s crisis preparedness is the single most important capability that will guide the entity through a crisis soundly.
This relates to issues that could jeopardise the reputation platform relevant to the entity. If the platform is built on product quality for instance, then the key risks that could threaten reputation include product failure, product recall, death/injury from recommended use of product, or failure of quality accreditation for example.
This relates to events that involve the governance standards of the organisation and speak directly to the interface between the shareholders, Board of Directors and executive management of the organisation. Governance is a professional discipline and, at times, people become involved in governance roles without the training, emotional intelligence or understanding of the rules and expectations around these positions. Where the behaviour and the performance of the key governance players becomes dysfunctional, this can erode trust in the entity very quickly. Examples might be related to inappropriate responses to conflicts of interest, gaining material personal benefit, personality conflicts, operating contrary to constitution and shareholders’ agreements, or legal requirements.
Reporting of Reputation Related Risks
Having identified the broad, generalised set of risks that have the potential to lead to significant reputation damage, the organisation can review these on a regular basis to determine whether the management systems in place are adequate to prevent the risk occurring or what more can be done to better enable the organisation to respond in the event that the risk occurs. Reporting might be annually or every six months to the board with a quarterly review by the executive team. In addition, the CEO could include a commentary on any area of emerging risk that may have significant reputational consequences to the entity in reports to the board.
Because every risk in an organisation has the potential to lead to reputation damage to some degree, there is a tendency by some people to want to focus on any issue (no matter how low its impact may be) and demanding an urgent response to protect reputation. This can lead to over- reactions by the organisation to what are often insignificant events. The governance oversight should be on issues of potential high impact or systemic issues which, overtime, significantly erode the reputation standing of the organisation as a whole.