It doesn’t take much to start a chain reaction that could lead to an organization’s downfall:
A click on the wrong popup that opens the door to hackers, allowing them to seize intellectual property ...
A disgruntled employee’s seemingly harmless vent on social media goes viral, causing a PR frenzy ...
A stock purchase based on a friend’s tip leads to an independence violation, causing increased regulatory scrutiny and investigations …
These examples — just three of many possible variations — have one thing in common. They all involve harm to one of an organization’s most valuable assets: its reputation.
How valuable? I believe it’s impossible for an organization to have long-term success without a strong reputation. Many investors seems to share that assessment and are making reputation an increasingly important consideration in deciding whether to invest in an organization.
But with value comes fragility. A reputation that's earned over several years can be tarnished in seconds. Many organizations that understand this dynamic are hitting reputational risk head-on.
Reputational risk is often created when an organization’s performance doesn’t match the expectations of its customers, shareholders, business partners, and other stakeholders. How an organization manages the variables of expectation and performance determines whether value is created or destroyed.
An organization’s reputation may be affected by business decisions and performance across a wide range of functions:
Innovation: Firms that differentiate themselves from their competitors through innovative processes and products tend to have strong name recognition and high reputational value.
Leadership: Effective leaders instill confidence and help strengthen an organization’s reputation.
Ethics and integrity: Organizations with strong ethical policies are often viewed as more trustworthy in the eyes of customers, business partners, and investors.
Corporate social responsibility: Actively promoting sound environmental management and social responsibility programs helps protect an organization’s reputation in a time of crisis.
Culture: Stakeholders often take into account working conditions and treatment of workforce when determining what to think about an organization.
Financial performance: Shareholders, investors, lenders, and many other stakeholders consider financial performance when assessing a firm’s reputation.
Quality: An organization’s adherence to quality standards in its products and services helps to enhance its reputation. Product defects and recalls have the opposite effect.
Security: Strong infrastructure to defend against physical and cybersecurity threats helps avoid security breaches that could damage an organization’s reputation.
Crisis response: Investors keep a close eye on an organization’s response to difficult situations. Any action during a crisis may ultimately affect reputation.
Safety: Strong safety policies help to affirm that safety and risk management are top strategic priorities for the organization, building trust, and value creation.
Everyone plays a role
Given the all-encompassing nature of reputation, it’s easy to understand why reputational risk is a top-of-mind issue for many executives. In reality, reputation needs to be top-of-mind across the entire enterprise. Hoping that your professionals will keep your organization’s core values in mind and act accordingly isn’t sufficient. I believe there needs to be a concerted effort to cementing the importance of reputation and the role each professional plays in upholding it.
At Deloitte, we reinforce the fact that reputation rests with our people. It’s our mantra, and is often included in our messaging.
I believe that when protecting, preserving, and enhancing an organization’s reputation is embedded in the culture, it’s less likely that a small, innocuous risk will turn into an all-out crisis.
3 key elements to managing reputational risk
A comprehensive, strategic risk management program is essential to help manage reputational risk. The following three elements may help get your program started:
Strong governance
Having dedicated risk officers who sit on the executive committee with the CEO and CFO is one key element in making risk more strategic. I’ve seen how effective risk management can be when the right people are in the right roles, meeting on a regular basis to talk about strategic and emerging risk issues. A strong governance model helps establish reputational risk as a priority in an organization.
Rigorous reporting
Having a robust, agile process to report risk – including reputational risk – is also important. Reporting lessens the likelihood of surprises that blindside an executive team. An effective, consistent reporting process allowed organizations to stay proactive on risk issues. Knowing what potential risks an organization faces – and knowing risk-sensing data is being reported consistently and uniformly – helps CEOs and board members accurately assess, prioritize, and provide context for each risk issue.
Listening skills
Leading edge “listening” or sensing tools allow organizations to monitor risks to their reputation 24/7/365, to better gauge their competition and the changing external environment, and to quickly adjust strategies and devise mitigation tactics. Reputation often evokes emotions, but emotional decision-making can lead to poor decisions. Risk sensing replaces emotion and second-guessing with facts and logic.
Chuck Saia is a partner and the chief risk, reputation and regulatory affairs officer at Deloitte LLP. In this role, he oversees strategic and reputational risk management, regulatory affairs, independence, ethics and compliance, as well as confidentiality and privacy matters at Deloitte.
He spends time with the Board and C-Suite executives of Deloitte’s client base, sharing insights on Strategic Risk and Reputation Management. He has more than 25 years of experience advising clients on corporate governance, regulatory issues, risk management and internal controls.