In the aftermath of several unprecedented corporate crises in recent years, reputation risk has emerged as the No. 1 danger for every organization. Anthony Johndrow, CEO of Reputation Economy Advisors LLC, outlines the emergence of risk management and its impact on communicators.
What is reputation risk?
Reputation risk is the risk of losses that might result from damage to an organization’s reputation, such as lost revenue; increased operating, capital or regulatory costs; or lost shareholder value (decreased stock price). Many types of events can impact an organization’s reputation and cause these losses, not all of which are the organization’s own fault.
Unfortunately, as we all know, there is no actual “court of public opinion,” so winning a positive PR judgment after being falsely accused is more difficult than in a legal fight.
Why has reputation risk received so much more attention lately?
CEOs, chief financial officers and the boards they report to have been citing it as their No. 1 risk for several years now but only recently has reputation risk received universally intense scrutiny.
How did it get on their radar?
It’s not just the prevalence of distracting headlines — in which CEOs, CFOs and boards are dragged through the mud — that have brought reputation risk to the fore. In fact, a new process called “enterprise risk management,” which has been adapted and implemented across most large organizations, has also helped put reputation risk on the radar.
Enterprise risk management gives organizations a thorough, systematic way to identify, quantify and prioritize the risks they face. This more-holistic process has been available for less than 10 years. Before, CFOs and chief risk officers (where they existed) evaluated risks that fit naturally into spreadsheets — financial risks, operational risks and, on occasion, strategic risks. Reputation risk was not something they could easily fit into a spreadsheet. In fact, in the early days of reputation risk, many chief communications officers found the CFO at their door asking, “Hey, could you pull together a list of our reputation risks?”
What does enterprise risk management mean for communicators?
Before the emergence of enterprise risk management, we knew many of the risks a company might face and could do a pretty good job of describing them, but we ran into two big problems.
One was that there are few “pure” reputation risks. Almost any risk that an organization faces can threaten its reputation. Imagine a major financial loss that turns out to have been caused by senior management committing fraud, for example.
Another problem was that many communicators don’t like numbers. Communications professionals can describe reputation risks, but they’re often challenged when it comes to quantifying the potential impact of those risks.
So, for communicators, enterprise risk management created a process we could participate in that also quantified risks. Suddenly, senior management saw how important reputation risk was to the organization — and the communications function could finally be heard.
Now we know, so what’s the problem?
Enterprise risk management has validated for us that reputation risk is by far the largest, scariest and least manageable of all operational risks. Enron may have started the fire in 2001 when it collapsed after hiding massive losses, but now negative reputation events have become commonplace in almost every industry.
The Wall Street Journal has even developed a “Crisis of the Week” section that reports on the latest firestorms. Meanwhile, board members of large companies find their seats growing uncomfortably warm, too — with less and less confidence that their executives even know what major reputation flare-ups wait around the corner or are hidden in social media. Board members are undergoing a crisis of confidence.
Where are the risk models, insurance products and off-the-shelf mitigation plans?
Maybe none of the traditional risk-smoothing tools works.
Organizations usually become interested in doing something about reputation risk only after a major crisis, which results in additional resources for crisis management and maybe an attempt to better anticipate and manage future reputation risks through the existing (CFO/CRO-driven) corporate risk-management process. The former, otherwise known as “better firefighting prep,” is not very satisfying. The latter simply doesn’t work.
Why can’t the CFO or CRO just deal with reputation risk like they do all other risks?
They face two primary barriers. One is that the subjective nature of reputation can be reduced through perception analytics, but it cannot be boiled down into a neat financial model. Another is that reputation risk lives everywhere in a large organization and cannot be fully understood by a single functional expert.
In fact, its ubiquity means the entire organization needs to understand and be equipped to identify, evaluate and mitigate reputation risk. Traditional approaches to managing risk are not built to deal with something this broad or interconnected.
What can communicators do?
Communicators need to bring a new approach to their organizations: a low-tech, high-touch, cross-functional effort facilitated by the executive who understands reputation risk best, the chief communications officer.
Imagine the CCO as the chair of a cross-functional team of leaders that meets regularly to identify, evaluate, report and mitigate reputational risk. When specific risks are discussed in these meetings, potential sources and multiple aspects (e.g., new initiatives, new products, HR issues, regulatory changes, customer shifts, etc.) are brought to the table. The CFO’s representative would provide financial perspective, but added dimensions brought by other functional experts would still be needed to identify and evaluate reputation risks.
The CCO has the broadest knowledge about any given risk and can describe anticipated scenarios in ways the board can understand, but lacks the depth needed to suggest or execute a mitigation strategy. Other functional experts participating in this process not only bring their particular perspectives to the conversation; they also have eyes and ears into parts of the organization not visible or audible to the CFO or CCO.
Initially, participants might find that these meetings fall outside their comfort zones. But over time, the tangible reports and plans they produce will create a discipline that cuts across the company. Perhaps more important, the functional experts will return to their jobs with knowledge and awareness that affects the day-to-day decision-making which underlies all reputation risk.
By bringing their outside-in expertise, the CCO can be a facilitator and fulfill a strategic role that every organization and board needs.
Prominent organizations have stopped waiting for a magic financial formula (or crisis vaccine) and are turning to this systematic approach to reputation risk. When will yours?
Beginning on May 16, PRSA will offer a Reputation Risk Management Certificate Program to equip management-level communicators with advanced perspective and best practices to managing reputation risk. Details at prsa.org/pd.