Founder and CEO of Risk Smart Inc.
As Warren Buffett once said, “It takes 20 years to build a reputation and five minutes to ruin it.”
Reputation equals integrity and integrity equals social responsibility. By sustaining the “social license to operate” through social responsibility, organizations ensure that business practices, operating procedures and corporate behaviors are acceptable to employees, stakeholders and the public.
We can look at reputational risk as the current and prospective impact on earnings and enterprise value arising from negative stakeholder opinion. In order to understand and address reputational risks, an organization first needs to determine the identification, ownership, management and the risk or reward at stake in order to put forward a plan that can mitigate reputational risk. Once these areas are addressed, the management of reputational risk can be undertaken with three lines of defense — strategic, cultural and operational alignment.
There are five areas to concentrate your efforts in order to secure strategic alignment throughout your organization:
Effective board oversight: Reputation risk management starts at the top. Strong board oversight on matters of strategy, policy, execution and transparent reporting is vital to effective corporate governance, and it’s a powerful contributor to sustaining reputation.
Integration of risk into strategy setting and business planning: Reputation risk must be identified as both a material risk and a strategic risk. Reputation risk management is inextricably linked to the company’s risk management and crisis management disciplines, as well as to the alignment of strategy and culture with the enterprise’s commitment to operational excellence.
Priority focus on identification of risks through stakeholders’ lens: The executive team and board of directors should ensure that there is a focus on improving stakeholder experiences. Only through a collaborative relationship can it be a force for improving and sustaining reputation within the marketplace.
Effective communications, image and brand building: Building unique brand recognition is vital to market success and, when all else is working well, augments reputation. A good story is easy to tell, and organizations with positive reputations have developed powerful and distinctive messaging.
The last component of strategic alignment is to formalize a crisis response program. Establishing an effective crisis management framework can allow organizations to integrate the right processes, roles and governance into existing contingency plans.
Boards need to ensure that executive management implements a strong tone at the top, a variety of effective escalatory processes and periodic assessments of the tone in the middle and tone at the bottom. To that end, the executive team needs to ensure alignment of performance incentives with corporate values to shape and influence the corporate culture end to end.
Along with assessing the internal cultures, organizations should be in compliance with laws, regulations and internal policies. Few incidents undermine reputation more than serious compliance violations. Once your organization’s name appears in a headline because of compliance violations, the brand’s reputation is damaged. Senior executives with board oversight should prioritize that effective internal controls over compliance matters are implemented.
A strong control environment is critical here, and the control environment should not be overlooked as a vital component of internal control. It lays the foundation for a strong culture and demonstrates management’s commitment to integrity and ethical values. The board of directors should provide oversight in this area because embarrassing control breakdowns, especially in the arena of public reporting can tarnish reputation. Every board should expect and demand a strong control environment.
Embedding “risk sensing” into an organization’s risk governance program can allow companies to continually identify emerging threats. To spot potential risks, many leading companies perform 24/7 monitoring of traditional and social media outlets as well as internal data.
When considering how your organization can mitigate reputational risk, it all comes back to the link to social responsibility. When organizations conduct themselves with integrity, they uphold their end of the “social license to operate.” For this to be successful all the elements strategic, culture and operational must be aligned in perfect harmony.
Don’t let your organization end up in the headlines. As many organizations sources have learned the hard way, reputation is everything.
John Thackeray is the founder and CEO of Risk Smart Inc., a consulting firm that specializes in the writing of risk documentation. Over his long career, he has held many risk positions, including CRO posts at Societe General and Penson Worldwide Holdings, where he interacted and engaged with U.S. and European regulators.