In A Short Guide to Reputation Risk, business strategist and reputation risk specialist Garry Honey defines reputational risk as involving an organisation acting, behaving or performing in a way that falls short of stakeholder expectations.
Reputational risk is essentially behavioural and cannot be conceded to a third party. Therefore there is no possible way to completely transfer the risk in this situation, but the following risk handling strategies can make a difference through successful risk avoidance, management, and mitigation.
1. Risk Avoidance
Any reputational damage translates into avoidable loss revenue, unexpected increased operating, capital or regulatory costs, and reduction or even destruction of shareholder value.
It is no wonder that most enterprise risk management systems are designed to identify and avoid potential risks with negative financial impact. “Avoiding risk is how most risk managers see their roles in business,” writes Honey.
Reputation risk can and should be avoided to some extent. The matter is more complicated than, for example, naturally avoiding risks in the workplace concerned with health and safety regulations where a strict code of conduct is enforced.
It is because reputational risk can expose profit-driven enterprises to serious ethical and legal problems. Legal boundaries can be a subject of interpretation, for example in the difference between tax avoidance and evasion.
An enterprise can avoid damaging its reputation by focusing on ongoing, up-to-date compliance with legislative and corporate requirements and tracking regulatory parameters as a starting point.
SHEQX’s solution transforms your company’s data into rich visuals for you to collect and organise, so you can focus on what matters to you. Stay in the know, spot trends as they happen and push your business further.
2. Risk Management
“Risk sits in the gap between stakeholder expectation and company performance. Managing the risk is all about closing, or trying to minimise, this gap,” says Honey.
“This simple explanation is complicated by the fact that different stakeholder groups have different expectations depending on their perspective and concerns.”
Reputational risk management involves not only enterprise leadership, but also the extended community in which the company activates, shareholders, suppliers, clients, contractors, and even industry unions – each with its own expectations.
Stakeholder expectations are also subject to other influences including media exposure, market knowledge, and competitor claims. Therefore an organisation needs to anticipate where and how stakeholder expectations will shift and deliver against these risks.
Some reputational risk has to be effectively managed as it cannot be outsourced or transferred to a third party, as it becomes an integral part of the executive or operational process.
At an executive level, reputational risk refers to the quality of the leadership’s and board’s decision-making process, where any shortfall can be addressed through change management and replacement of key leadership positions (Chair, CEO, CFO etcetera).
At an operational level, reputational risk is more common, e.g., due to faults in the production or distribution process leading to product recalls. Proper operations and quality control system can successfully address these issues.
3. External Risk Mitigation
Most reputational damage can be mitigable if it lies outside the organisation’s direct control.
External reputation risks can materialise through business relationships, dependence on suppliers or contractors, or environmental hazards (the latter specifically due to negligence, and due to business closure after devastating events).
“For these risks, the strategy must be reduction or mitigation as the organisation has no direct control over them. The organisation has no choice in accepting the risks,” says Honey.
Known as ‘contamination risk,’ the risk to reputation from association with a business partner or supplier whose actions are damaging to the organisation needs to be determined through a thorough risk assessment of all stakeholders involved.
The effective mitigation of reputational risk involves a carefully considered alignment of organisational values, goals, and procedures among stakeholders.
An integrated management system enables leadership and management to mitigate, manage and prevent risk and to identify potential opportunities.
STRATEGIX assists management teams in organizations to drive performance and compliance with its XGRC product range which is based on harmonised international standards and guidelines for best business practices.
MSX, part of the XGRC product range, is an integrated management system which assimilates various business risk, compliance, and sustainability.
Reputational Risk is managed through the Stakeholder Engagement modules in MSX, including Community Management, Contractor Management, Supplier Management, Customer Management, Government Management, Shareholder Management, Union Management.