Reputation: A Standalone Risk?

You can’t place a high enough value on reputation in today’s world. And executives understand this, especially after high-profile scandals shook companies like United Airlines, Wells Fargo, and others to the core. A recent report shows that corporate reputation is now responsible for 38% of market capitalization for the Financial Times Stock Exchange (FTSE) 100 and 250, an increase of 5% over last year.

In a business context, Jim DeLoach defines reputation as “…an interpretation or perception of an organization’s trustworthiness and integrity.”

Since reputation is increasingly important to an organization’s overall value, it is a recurring topic of discussion among risk practitioners, executives, thought leaders, and others.

As an ERM professional, one thing that has become clear to me is the idea of looking at reputation risk in two different ways. The simple way of explaining this is to ask – is it all about risk of a reputation event, or is it about the impact of another risk to the organization’s reputation?

This may seem insignificant on the surface, but as I’ll explain below, the lens through which you view reputation can dramatically impact how you address these threats and opportunities.

Let’s look at how you can consider reputation as a stand-alone risk…

For many, the tendency is to say “…reputation is our biggest risk!”

But how do they know?

How do they know the ultimate impact to reputation if a certain event were to occur?

A risk basically means the potential for something, negative or positive, to happen. For the risk professional, this naturally raises questions around the impact to the organization and the probability of it occurring. Because of questions like this and the all-encompassing nature of reputation, it can be difficult to have these conversations with executives.

If you or your executives choose to look at reputation as a stand-alone risk, there are two possible methods for assessing reputation: scenario analysis and modeling.

Let me say this first about computer modeling. If your organization doesn’t or can’t do this with internal resources, then please talk to someone who does data crunching all the time, like an actuarial firm. (Hint: It is also a subject I don’t handle hands-on.) Don’t be shy – because you are not the only one! It can be quite complicated. Computer modeling first requires data. Using this data, a confidence interval can be established to say you are 95% sure there will be a certain impact. This impact will fall somewhere on a spectrum – will the risk cause significant harm but has a small chance of occurring, or will it cause minimal damage but has a medium or high chance of occurring?

Scenario analysis is the other method that is much easier and useful for most organizations.

If done properly, scenario planning can be an effective tool for decision-making and establishing a competitive advantage.

One scenario could be a vendor disruption. How will this event impact you and your customers? Through this process, a root cause can be identified and analyzed to determine the extent of the impact, how soon it may occur, and its duration. Although this process is typically used when formulating strategic objectives, there are a few general scenario planning questions to consider when discussing reputation.

There are two downsides to this approach: 1) it can very easily become convoluted to explain to the executive team, audit committee, or board; and 2) the scenarios will likely become duplicative of risks already identified.

These two reasons are why I prefer the next approach.

Now let’s consider how other risks will impact reputation…

This method involves looking at reputation as to risks, in addition to understanding the impacts to customer service, operations, finances, and other factors, some of which can be unique to your organization.

Instead of lumping them all into one big risk that will be hard to explain and overwhelming, you are examining reputation as part of your broader risk assessment and risk analysis. From this perspective, damage to a reputation happens as a result of impacts from a risk event.

One example could be risks around conduct.

If an employee engages in illegal or questionable behavior, how will this impact or damage your reputation?  Then you also assess this risk for impacts to finances, operations, etc.

Or a data breach, how will this impact reputation?

Like reputation as a stand-alone risk, impacts can fall anywhere on a sliding scale. These impacts can be measured in a number of ways. The metrics you ultimately choose depends on what matters to the organization.

If your organization is publicly traded, you can use its stock price as a measurement of impact. If a particular risk were to occur, how would it affect the company’s stock price? Will it make it go up by 5% or down by 3%? It’s important that any impacts like this should be expressed as a percentage rather than a dollar amount. Below is a screen shot of how one publicly traded company uses its stock price to gauge the reputational impact of a particular risk.

Analyzing impacts by stakeholder is another method…stakeholders can include customers, media, employees, investors, regulators, and more.

For example, if reputational impacts could cause you to lose 10% of your customers, is that acceptable? Another impact could be an increase in negative mentions on social media and news outlets. If an increase of 10% is not acceptable, what can the organization do to keep impacts below this threshold?

To see how this method of analyzing impact may look, check out 5 Ways to Better Understand and Quantify Reputation Risk, and scroll down to Method #5.

Examining reputation as a dimension of other risks is much more straightforward than looking at it as a stand-alone risk based on my experience, and my clients agree. There also doesn’t have to be a separate discussion – reputation is factored into the analysis of risks and opportunities. It also becomes a much easier conversation and concept for others to grasp.

It can be beneficial to consider reputation from both perspectives, but it can get complicated, especially in light of limited time and financial resources.

Once impacts are understood, what’s next?

Once you understand the impact of reputation on the organization, or the impact of a particular risk on the organization’s reputation, you can (and should) move on to how best to respond.

Many circumstances will not require a public response, but for situations where the impacts are high or you feel like reputation is significantly at risk, good communication is key. How you communicate in a crisis can either help or hurt any reputation, sometimes quite significantly. Although it would be hard to have a plan for each possibility, prudent organizations have a general response plan they can put into action should the need arise (called crisis management plan).

Everything we do as an organization has an impact on reputation and will be reflected to one degree or another by different stakeholders, the company’s share price, in the media, and elsewhere.

Since there are different ways of looking at reputation, I’m interested in hearing your opinion.

How is your organization looking at reputation? Is it best to look at reputation as its own risk, or is it better to examine it as one of several factors of individual risks?

Share your thoughts by leaving a comment below or joining the conversation on LinkedIn.

And if your organization is struggling to understand reputation and how it is impacting strategic objectives, contact me today to discuss your specific situation, goals, culture, and more.

Posted in

Sign Up For Our Newsletter

Sign Up For Our Newsletter


Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More