A strong risk culture, a proactive board and operational resilience are among the keys to successful reputational risk management.
As Warren Buffett once said, “It takes 20 years to build a reputation and five minutes to ruin it.” This rings especially true today, as high-profile crises – including handling a pandemic, economic collapse, cyberattacks, product recalls and damaging social media posts – are prevalent.
Reputation represents an interpretation or perception of an organization’s trustworthiness or integrity. Reputation equals integrity and integrity equals social responsibility – i.e., sustaining the “social license to operate” and ensuring that business practices, operating procedures and corporate behaviors are acceptable to employees, stakeholders and the public.
Reputation can be influenced by the way a company messages its brand, but it also includes many other influences companies don’t directly control. It is at the nexus of reputation, the perception others have of our company, and indirect company control that risk management plays a key role. Here is a short piece that describes how brand and reputation differ, The Value of Our Reputation. The article includes examples of how CFOs have historically described the difference between book value and market value, frequently using reputation (incorrectly labeled “brand”) value as an intangible asset explaining part of the gap.
Reputational risk is the current and prospective impact on earnings and enterprise value arising from stakeholder opinion. To understand and address reputational risks, and to create a sustainable plan for mitigating them, an organization must first identify and assign ownership for each of its risks and then determine its appetite for risk/reward.
Management of reputational risk can then be addressed via the three lines of defense, which include strategic alignment, cultural alignment and operational focus.
Create effective board oversight.
Reputational risk management starts at the top. Matters of strategy, policy, execution and transparency (particularly with respect to reporting) must be closely overseen by the board. Indeed, these issues are vital to effective corporate governance, which plays an important role in sustaining reputation.
Managing reputational risk doesn’t typically fit neatly into a single function. Ultimately governed by the board, it requires clear accountability, leadership and engagement across numerous teams.
Integrate risk into strategy setting and business planning.
The board and executive management must ensure that risk is not an afterthought to strategy setting and business planning. Reputational risk must be identified as both a material risk and a strategic risk, and should be inextricably linked to the company’s risk management and crisis management disciplines.
Board and senior management should also ensure there is adequate focus on the critical enterprise risks that could impair the firm’s reputation. What’s more, a process for identifying emerging risks on a timely basis must be established, and the company’s risk profile must be continuously appraised.
Emphasize effective communications, image and brand building.
Building brand recognition unique to a business is vital to market success and, when all else is working well, augments reputation. A good story is easy to tell. Typically, though, the best companies (1) develop powerful and distinctive messaging; (2) establish accountability for results with metrics and monitoring; (3) work social media effectively; and (4) passionately live up to their values every day.
Pay close attention to crisis planning and operational resilience.
Successful management of a crisis event can mitigate potential reputational damage. Through an effective crisis management framework, an organization can integrate the right processes, roles and governance into existing contingency plans.
Of course, it often takes practice to know when to mobilize a crisis response, what information to communicate to which stakeholders and how to coordinate communications across different teams. Companies can test processes and gain experience by running crisis simulation rehearsals based on the most critical reputational risks.
Collaborate with stakeholders.
The executive team and board of directors should interact with customers, employees, suppliers, regulators and shareholders. News about risks, business operations and branding should be communicated proactively.
No organization or brand will be able to succeed without doing good and doing well — i.e., delivering ﬁnancial performance while also making a positive contribution to society. Social purpose needs to be embedded into the very fabric and heart of the enterprise.
Establish strong corporate values, supported by appropriate performance incentives.
Boards need to ensure that executive management implements a strong tone at the top, a variety of effective escalatory processes and periodic assessments of the tone in the middle and tone at the bottom. To shape and influence the corporate culture from end-to-end, the executive team must align performance incentives with corporate values.
Moreover, executives and directors need to pay attention to the warning signs posted by the independent risk management function and to audit reports that offer evidence of possible dysfunctional behavior.
Comply with laws, regulations and internal policies.
Few incidents undermine reputation more than serious compliance violations. The accompanying media headlines can drag a company’s brand through the mud. Senior executives, with board oversight, should take steps to implement effective, compliance-driven internal controls.
Build a strong control environment.
Embarrassing control breakdowns, especially in the arena of public reporting, can tarnish reputation. Every board should therefore expect and demand a strong control environment that not only signals management’s commitment to integrity and ethics but also lays the foundation for a risk-aware culture.
Develop an early warning system.
Embedding risk sensing into an organization’s risk governance program enables the continual identification of emerging threats. To spot potential risks, many leading companies perform 24/7 monitoring of traditional and social media outlets and internal data sources.
Monitoring teams can support both daily reputational threat sensing and crisis management response. Companies with strong monitoring capabilities can more effectively analyze and interpret data, leading to better, more-informed business decisions. For more on setting up effective internal controls go here, Monitoring Your Controls.
Reputation is everything, and financial institutions must therefore do everything in their power to better measure and mitigate reputational risk. This is a challenging task, but a strong risk culture, a proactive board and a comprehensive framework for operational resilience are excellent starting points. To be effective, they must all act in harmony with each other; this is not the place for compromise or shortcuts.
For an Investment Banker’s take on what reputational risk management is protecting, enjoy this article, “What is the value of our company’s reputation?”
Not a member-scholar yet? Join our financial community here!
Identify your path to CFO success by taking our CFO Readiness Assessmentᵀᴹ.
For the most up to date and relevant accounting, finance, treasury and leadership headlines all in one place subscribe to The Balanced Digest.