Reputational risk

Business reputation is established by gaining and retaining the confidence and trust of the stakeholders in the business: customers, suppliers and employees, as well as shareholders.

Reputation is gained over time. Sometimes business reputations may be gained over a short period of time but, more frequently, over the longer term by maintaining the trust and confidence of its stakeholders through benign and adverse economic cycles.

Business reputations are hard to win but quickly lost. Loss of confidence by any group of stakeholders can quickly lead to the decline of any enterprise, most strikingly in service businesses such as finance or professional services.

What is reputational risk?

It is a self-evident that reputation is important to any enterprise. Reputation may be an intangible but highly prized asset, often equated with the goodwill of the business. It is seen as a key source of competitive advantage. While the processes and procedures for managing reputational risk may differ, there is general agreement that reputational risk management is supported by "the plans, processes and practices, which engender and sustain the trust of all and each category of corporate stakeholder".

There are, however, contrasting, if not contradictory, views of where reputational risk should be positioned as a role in the business enterprise. For example, compare the following statements:

"Reputational risk is about getting everything else right", which roughly translates as "good reputational risk management is achieved by managing all other risks satisfactorily".

"Reputational risk is the starting point for all risks...if you have no reputation, you have no business," which roughly translates as "the management of all other risks is predicated on good reputational risk management".

How important is reputational risk?

Reputational risk is very important. For the majority of enterprises it is seen as the most critical risk, as reputation is becoming a key source of competitive advantage as products and services become less differentiated.

It is the one risk for which CEOs have direct and individual responsibility, though many other risks have reputational elements embedded in them. In a recent respondent programme on risk management by the Economist Intelligence Unit (EIU), it emerged as the highest ranking priority (52 per cent) above regulatory (41 per cent) and human capital (41 per cent) risks.

Changes in business practices arising from increasing governance, legal and regulatory influences have made companies more vulnerable to reputational damage. Equally, the power and intrusiveness of media and communications industries has intensified the focus on corporate reputations.

How should reputational risk be managed?

While the CEO may be directly responsible for the management of reputational risk, this is normally shared with the Board of Directors, while deploying a number of functions such as corporate communications in its day-to-day operational mode. Again, the recent EIU survey found that 62 per cent of companies interviewed stated that reputational risk was the most difficult risk to manage. Among the major challenges are categorisation and quantification of reputational risk.

There is, however, some consensus on the key elements of managing reputational risk:

• Prompt and effective communication with all categories of stakeholder - shareholders, employees, customers and suppliers.
• Strong and consistent enforcement of controls on governance, business and legal compliance.
• Continuous monitoring of threats to reputation.
• Ensuring ethical practice throughout the supply chains.
• Establishment and continual updating of a crisis management plan and establishment of a crisis management team, empowered with specific power and authority.

Loss of reputation is systemic in nature. Once germinated, it is difficult to manage and eradicate and other elements of business begin to suffer. Re-establishing reputation takes a long time. Loss of reputation arises as a reaction to the failure of detailed processes and procedures in risk management, business continuity, consolidation and compliance.

Copyright © 2006, IT-Analysis.com