As the person representing ERM at your organization, reputation risk is likely at the top of the list of concerns. You bring it up frequently with people across the organization and have tried to figure out how in the world to include it in your risk assessments.
I know…because I struggled with this same thing.
There’s good reason to place a high priority on reputation risk – according to a study by Ocean Tomo, intangible assets like reputation account for around 75% of a company’s market value today, while in the mid-1980s, it was less than 1/3.
But people continue to ask the question – how can the impact of reputation risk be quantified?
Below are 5 methods to help you give them a solid answer. All methods may not work for every organization, so make sure to select the method(s) that work best for you and your organization’s needs and capabilities. Remember, you can always mature the process and build upon what you have already done!
Method #1: Track your organization’s reputation in key markets and demographics using social media listening tools
I talk about social media listening in an earlier post about how General Motors identifies risks, which provides some ideas on how social medial listening results can be used.
Use filters to only get the relevant posts. Be sure to include the social media handles for your organization and combine that with key words for positive or negative sentiment.
- Negative keywords: “dis“ or “not” or “poor” or “bad” or “horrible”
- Positive keywords: “great” or “satisfied” (with wild cards for various uses) or “pleased”
Apply weights based on the source and frequency of the message or sentiment being expressed.
For example, a major news outlet in a key market would be weighted significantly more than a few negative tweets about a poor customer experience.
Note: Every negative tweet about an experience should be responded to individually, so that the customer’s perception is made positive.
Method #2: Identify and quantify reputation of products and services
Identify any of your specific products or services that receive more negative attention than others.
Have conversations to identify the root cause for why the negative attention.
Once you have the root cause, it is time to conduct a cost benefit analysis from a risk perspective.
- Is having the product worth the negative attention? If not, then it may be time to pull the plug.
- What can be done to correct the reason for the negative attention?
- Can the organization do any damage control on the historical negative attention?
Method #3: Put a value on the impact of specific events
This isn’t the case of “name every possible scenario” that people get so tired of hearing. Rather, examine the most likely scenarios (positive and negative) and assign a specific value. Some examples would be:
- Revenue – gain versus loss
- Customers – new versus lost
- Recruiting time – days versus months
- Regulatory scrutiny – minimal versus heavy oversight
Compare these values to the organization’s risk appetite and tolerance. Where do they fall? If outside the risk tolerance, then develop an action plan to either: 1) prevent the event from occurring, 2) reduce the chances of it occurring, or 3) develop a response plan in case it does occur to minimize the damage.
Method #4: Link reputation to your organization’s key performance indicators (KPIs)
Every organization’s leadership swears by its KPIs as being the rule to know if they are achieving their goals. So why not use that and link reputation risk to it as well?
Create a Key Risk Indicator (KRI) around a specific KPI, giving lower (and, if appropriate upper) thresholds to indicate what is acceptable and what isn’t.
For example, Retail Company A has a KPI for sales revenue growth of 3% every month for the U.S. I would suggest 3 KRIs that can affect the outcome of that goal:
- Negative social media sentiment
- Weekly Store Traffic Volume
- Weekly Online Revenue
Method #5: Break out reputation tolerances by stakeholder
The impact of one stakeholder’s perception on an organization’s reputation can be different from another stakeholder.
Therefore, it seems logical to analyze the reputation impact based on the different groups of stakeholders.
For example, you could break out the information like this:
Some would say reputation is everything, and that’s true in a lot of ways. If damages to reputation reach a critical mass, it could have devastating consequences. Recent scandals at Wells Fargo serve as a great example – reputation hits caused by employees creating fraudulent accounts and engaging in nefarious auto loan practices will take years to recover from…
Using the five methods outlined above can help minimize or eliminate risks to your organization’s reputation. Taking proactive steps to avoid trouble is always preferable to having to suffer the consequences of a damaged reputation.
In fact, being proactive rather than reactive is a key difference between traditional and enterprise risk management…
How is your organization addressing reputation risk? Do you have other methods of understanding and communicating reputation risk to leadership?
Please comment below or join the LinkedIn conversation.
If you need assistance to better understand your organization’s reputation risk, please email me to discuss your unique needs. Or you can continue browsing ERMInsightsbyCarol.com to learn more about the value ERM can bring and my approach to ERM.