by Jim DeLoach
Reputation is a complex concept. A prerequisite for doing business, reputation is like a ticket to a concert or sporting event – you can’t get in without it. Reputation is fragile. What takes decades to build can be lost in a matter of days. While it is hard to define in terms of exactly what it is, everyone agrees it’s important and recognizes a reputation that has been damaged beyond repair.
From a risk oversight standpoint, a company’s reputation management is inextricably linked to its risk management and crisis management. Effective identification and management of risk can reveal major threats to reputation and ensure they are reduced to an acceptable level. In addition, effective response plans and teams can minimize reputation damage when threatening events occur. Together, these two disciplines are fundamental to managing reputation risk.
The organization’s culture sets the tone for protecting reputation. When organizational blind spots cause executive management to miss warning signs that something is wrong or isn’t working – which objective parties can see easily from a mile away – reputation is clearly at risk. A reputation-preserving culture often encourages a strong control environment, a balanced incentive compensation structure, clear accountability for results, open communication, transparent reporting, continuous process improvement and a strong commitment to ethical and responsible business behavior.
Reputation risk management begins with an effective risk assessment process. From a reputation standpoint, it is important to consider the following factors in addition to significance of impact and likelihood of occurrence: (a) velocity to impact once an event occurs, (b) persistence of the impact, and (c) resiliency of the company in responding to the event. These criteria help management identify threats to reputation.
A complicating factor in managing reputation risk is the “boundaryless” enterprise. Uncompensated risks sourced across the value chain can be sources of reputation risk. These risks require attention because they offer the potential for catastrophic events with significant downside and little or no upside potential, and which could cause severe damage to reputation. They include “stop- the-show” supply chain disruptions, mega-warranty costs and/or product recalls, or headline-grabbing environmental, health and safety exposures. Lead content, toxic materials, impure ingredients and other inputs provided by suppliers that fail to meet specifications set by the laws and regulations to which a company is subject can damage that company’s brand and reputation. Corporate social responsibility (CSR) initiatives offer an opportunity to enhance reputation with the organization’s various constituencies and drive responsible business behavior among its suppliers. Prevention is the prescription for severe uncompensated risks. Effective due diligence when evaluating strategic suppliers, channel partners and M&A candidates is time well spent.
Innovation can be vital to enhancing reputation. Organizations that are known for their differentiating strategies, distinctive products and brands, proprietary systems, and innovative processes are more likely to possess a strong, sustainable reputation. They also acquire, develop and retain the best people, providing the cornerstone for enhancing and protecting reputation.
Often, reputation damage is a result of unmanaged risks. Strategic error and financial surprises can result in lost investor confidence. Significant operational issues can cause the loss of customers and market share. For example, high-profile security breaches and quality failures and breakdowns can severely affect reputation. Noncompliance with laws, regulations and/or contractual arrangements can result in penalties, fines, increased costs and lost revenue, calling into question the “tone at the top.” For public companies, financial reporting is a high-profile compliance risk.
Crisis management is an integral component of effective reputation management. Rapid and effective response to sudden, unexpected events can enhance reputation, as astute observers know that even the most respected organizations can be tested. It is a management imperative to build a crisis management capability for high-impact, high-velocity and high-persistence risks. A world-class response to a severe crisis is vital to the company’s ultimate recovery, and is enabled by a crisis management plan updated and tested periodically by a designated crisis management team that is properly trained and supported by a communications plan preapproved by legal.
The organization should have a clear view of how it deploys media to inform and educate the market and the industry. Social media offers a new model for connecting with markets and customers and obtaining insights for improving processes and products. In today’s environment, a company must be watchful for parties squatting on its brands or using them for nefarious purposes. Top-level domains, social network sites and news sites are all potential sources of online traffic where potentially damaging commentary on the company’s products and services may exist. Companies must know how to respond during times of crisis.
Ultimately, the CEO and the board own the responsibility to protect the enterprise’s reputation. They should ensure that those conducting enterprise risk assessments are senior individuals who understand the business and are respected in the organization.
Questions for Boards
Following are some suggested questions that boards of directors may consider, in the context of the nature of the entity’s risks inherent in its operations. Is the board satisfied that:
Management is focused on the fundamentals for enhancing and preserving the enterprise’s reputation?
The risk assessment process sources significant threats to the company’s reputation and identifies areas requiring consideration of response plans to improve preparedness?
Management apprises the board in a timely manner of significant changes in the enterprise’s risk profile, and there is a process for identifying emerging risks?
Jim DeLoach, a managing director with Protiviti, helps boards and their organizations succeed in responding to government mandates, share-holder demands, and a changing business environment in a cost-effective and sustainable manner that reduces risk to an acceptable level. He also assists companies with integrating risk management with strategy setting and performance management.
Topic tags: boards of directors, corporate governance, risk management, reputational risk