You can’t place a high enough value on reputation in today’s world. And executives understand this, especially after high-profile scandals shook companies like United Airlines, Wells Fargo, and others to the core. A recent report shows that corporate reputation is now responsible for 38% of market capitalization for the Financial Times Stock Exchange (FTSE) 100 and 250, an increase of 5% over last year.
In a business context, Jim DeLoach defines reputation as “…an interpretation or perception of an organization’s trustworthiness and integrity.”
Since reputation is increasingly important to an organization’s overall value, it is a recurring topic of discussion among risk practitioners, executives, thought leaders, and others.
As an ERM professional, one thing that has become clear to me is the idea of looking at reputation risk in two different ways. The simple way of explaining this is to ask – is it all about risk of a reputation event, or is it about the impact of another risk to the organization’s reputation?
This may seem insignificant on the surface, but as I’ll explain below, the lens through which you view reputation can dramatically impact how you address these threats and opportunities.
Let’s look at how you can consider reputation as a stand-alone risk…
For many, the tendency is to say “…reputation is our biggest risk!”
But how do they know?
How do they know the ultimate impact to reputation if a certain event were to occur?
A risk basically means the potential for something, negative or positive, to happen. For the risk professional, this naturally raises questions around the impact to the organization and the probability of it occurring. Because of questions like this and the all-encompassing nature of reputation, it can be difficult to have these conversations with executives.
If you or your executives choose to look at reputation as a stand-alone risk, there are two possible methods for assessing reputation: scenario analysis and modeling.
Let me say this first about computer modeling. If your organization doesn’t or can’t do this with internal resources, then please talk to someone who does data crunching all the time, like an actuarial firm. (Hint: It is also a subject I don’t handle hands-on.) Don’t be shy – because you are not the only one! It can be quite complicated. Computer modeling first requires data. Using this data, a confidence interval can be established to say you are 95% sure there will be a certain impact. This impact will fall somewhere on a spectrum – will the risk cause significant harm but has a small chance of occurring, or will it cause minimal damage but has a medium or high chance of occurring?
Scenario analysis is the other method that is much easier and useful for most organizations.
If done properly, scenario planning can be an effective tool for decision-making and establishing a competitive advantage.
One scenario could be a vendor disruption. How will this event impact you and your customers? Through this process, a root cause can be identified and analyzed to determine the extent of the impact, how soon it may occur, and its duration. Although this process is typically used when formulating strategic objectives, there are a few general scenario planning questions to consider when discussing reputation.
There are two downsides to this approach: 1) it can very easily become convoluted to explain to the executive team, audit committee, or board; and 2) the scenarios will likely become duplicative of risks already identified.
These two reasons are why I prefer the next approach.
Now let’s consider how other risks will impact reputation…
This method involves looking at reputation as to risks, in addition to understanding the impacts to customer service, operations, finances, and other factors, some of which can be unique to your organization.
Instead of lumping them all into one big risk that will be hard to explain and overwhelming, you are examining reputation as part of your broader risk assessment and risk analysis. From this perspective, damage to a reputation happens as a result of impacts from a risk event.
One example could be risks around conduct.
If an employee engages in illegal or questionable behavior, how will this impact or damage your reputation? Then you also assess this risk for impacts to finances, operations, etc.
Or a data breach, how will this impact reputation?
Like reputation as a stand-alone risk, impacts can fall anywhere on a sliding scale. These impacts can be measured in a number of ways. The metrics you ultimately choose depends on what matters to the organization.
If your organization is publicly traded, you can use its stock price as a measurement of impact. If a particular risk were to occur, how would it affect the company’s stock price? Will it make it go up by 5% or down by 3%? It’s important that any impacts like this should be expressed as a percentage rather than a dollar amount. Below is a screen shot of how one publicly traded company uses its stock price to gauge the reputational impact of a particular risk.
Analyzing impacts by stakeholder is another method…stakeholders can include customers, media, employees, investors, regulators, and more.
For example, if reputational impacts could cause you to lose 10% of your customers, is that acceptable? Another impact could be an increase in negative mentions on social media and news outlets. If an increase of 10% is not acceptable, what can the organization do to keep impacts below this threshold?
To see how this method of analyzing impact may look, check out 5 Ways to Better Understand and Quantify Reputation Risk, and scroll down to Method #5.
Examining reputation as a dimension of other risks is much more straightforward than looking at it as a stand-alone risk based on my experience, and my clients agree. There also doesn’t have to be a separate discussion – reputation is factored into the analysis of risks and opportunities. It also becomes a much easier conversation and concept for others to grasp.
It can be beneficial to consider reputation from both perspectives, but it can get complicated, especially in light of limited time and financial resources.
Once impacts are understood, what’s next?
Once you understand the impact of reputation on the organization, or the impact of a particular risk on the organization’s reputation, you can (and should) move on to how best to respond.
Many circumstances will not require a public response, but for situations where the impacts are high or you feel like reputation is significantly at risk, good communication is key. How you communicate in a crisis can either help or hurt any reputation, sometimes quite significantly. Although it would be hard to have a plan for each possibility, prudent organizations have a general response plan they can put into action should the need arise (called crisis management plan).
Everything we do as an organization has an impact on reputation and will be reflected to one degree or another by different stakeholders, the company’s share price, in the media, and elsewhere.
Since there are different ways of looking at reputation, I’m interested in hearing your opinion.
How is your organization looking at reputation? Is it best to look at reputation as its own risk, or is it better to examine it as one of several factors of individual risks?
Share your thoughts by leaving a comment below or joining the conversation on LinkedIn.
And if your organization is struggling to understand reputation and how it is impacting strategic objectives, contact me today to discuss your specific situation, goals, culture, and more.