, ,

Reputation risk – protect, not defend.

Reputation risk – protect, not defend.


Guest blog by Dr Dominic Heil

Most CEOs and C-suite executives see reputational risk as a top priority, and reputation risk is widely recognised as “the risk of all risks”. However, reading the UK news in the last few weeks it is clear reputation is not always at the forefront of those at the sharp end of business. Both the BBC and the Palace of Westminster, the seat of the UK elected government, are dealing with reputation-damaging scandals relating to inappropriate behaviour by senior staff. More recently, MacDonalds UK grapple with the same issue, but with the added complexity of managing a corporate reputation when franchise holders manage the risks on a day-to-day basis. This of course adds another layer of risk, but the common thread is that all relate to a cultural and process issue that poses a real threat to reputation.

Both valuing and safeguarding reputation are key to organisational resilience, indispensable for achieving strategic objectives and have potentially catastrophic consequences when it gets severely tarnished. We have seen this in recent coverage of the stories mentioned above. These consequences include loss of trust, clients, revenue, licensing (in extreme cases) and investor confidence.

Despite all these risks, most boards, executives and professional risk managers struggle with understanding how to build a resilient reputation that is strategically relevant and defensible. This is in highly dynamic environments. And they often fail to implement reliable processes to identify, assess and proactively manage reputation risk.

Throughout my professional career, I have been astounded by how many risk registers of listed companies either omit reputation risks altogether, see it only as a component of other already identified risks, or identify them but then provide only blanket remedies like ‘ethics training’ or similar. The pandemic and current economic challenges have gone some way to attune the board's focus on reputation risk. However, this tendency to adopt a comprehensive approach signals that reputation risks are inappropriately addressed and taken seriously.

The risk management community has traditionally paid 'lip service' to reputation risks. This is because, unlike most other risks, reputation risks don’t lend themselves to being comprehensively transferred to an outside entity like an insurance company. While there are insurance products that portend to insure reputation risks, these tend to be limited in liability and fall short of covering the full effect of a reputation crisis, such as loss of revenue. They, therefore, provide a false sense of security and are thus more dangerous than not having insurance in the first instance.

Therefore, understanding and managing these risks internally and taking appropriate early interventions is a much better approach.  This way allows reputation risk to be fully understood in a way that allows an organisation to constructively respond to a reputation crisis.

When adopting this approach, there are two overriding considerations when dealing with an event that threatens an organisation's reputation. The first one is whether this event relates to an aspect of the organisation that is important or unimportant to the overall reputation of the organisation.

Second and more importantly, to be prepared for a reputation crisis requires a deep understanding of whether the crisis is an isolated, untypical occurrence or a sign of your organisation's shortcomings.

Most stakeholders understand that things can go wrong for the best of us and are inclined to give the benefit of the doubt. Such events may require significant communications efforts and be unpleasant episode, but ultimately, they typically will not tarnish the organisation's reputation in the long run.

The forces at play are very different when an event exposes a systemic and cultural weakness in an organization.  Such events have the potential to endanger the very existence of the organisation.

The two Boeing 737 Max tragedies exposed significant systemic failings. A single tragic event involving an aircraft manufactured by a major aircraft producer in and by itself typically does not have the potential to create a long-term reputational problem as a stand-alone event when managed correctly. When it becomes clear that a tragic event reveals organisational and systemic failure around adhering to safety standards, there is a serious problem to address. In Boeing's case, there was a cultural shift from a focus on safety to short-term financial success. And so these events became a reputational disaster that the organisation would have been unable to survive without government support.

During my time advising large multinational companies on similar systemic issues and risks these present, I have applied my academic, research-led approach to examine every corner of organisational risk and track it how these impact reputation risk. This methodology is called ResoFact® and it is designed specifically to address these issues:

  • Identify potential reputation risk.
  • Assess their prominence in affecting the overall reputation in a material way.
  • Identifying whether such an event points to an organisation's deeper malaise.

The ResoFact® analysis allows prioritising those reputation risks that threaten the organisation. This is crucial because no organisation can prepare for all eventual negative events. Therefore, it requires a scientific base for prioritising crisis management planning on what is most important.

Most importantly, ResoFact® allows for the identification of categories of events that could expose internal shortcomings of the organisation. This allows for the design of mitigation strategies that protect the reputation in strategically crucial areas. In most cases, this includes bolstering reporting protocols, building the capacity to escalate and manage issues, and supporting leadership to make difficult decisions during times of intense pressure.

It may be uncomfortable news to executives and risk managers that reputation risks and the management of reputation crises can ultimately not be transferred and outsourced. However, ultimately this remains the responsibility of executives, risk managers and communicators. Governance is the ‘G” in ESG and the buck stops with leadership and those supporting them.

Taking action and implementing the right kind of analytical toolkit to understand reputation in a strategic way is the first step to strengthening your position when reputation is challenged. Furthermore, it demonstrates and reassures stakeholders that the organisation fully understands its responsibility towards managing and protecting its reputation and that it can meet this challenge in a structured, comprehensive way that paves the way for protecting what is arguably the organisation's greatest asset.

Photo credit:  Rafy Ansari, Unsplash