Measuring Reputational Risk

An organization's reputation is part of its intangible assets, which include brand, human capital, goodwill, and knowledge base. Moreover, it has value in the context of the organization's market capitalization.

The possibility that reputational risks can emerge to damage companies has become extremely high. In nonstop, globally connected business, a problem can arise in the organization or with a partner company that could spread virally through social media and escalate into a full-blown crisis. Most companies are unprepared for the damage that could happen from reputational harm.

Reputation is critical to the long-term health of any organization. Top-performing organizations in the country regard their reputation as their most significant asset. The result of this regard in solid reputation is a more robust in the high regard of their reputation better share price performance, customer trust, and the added value of the organization's product. A good reputation helps companies deal with future crises by creating a reserve of goodwill (sometimes called reputational capital or equity). Depending on the crisis event, this reserve of goodwill can bring an organization back from the brink of collapse and potentially spend a large amount of capital to recover its reputation in the public’s view. Businesses today must face the fact that Social media is a double-edged sword. Using social media to market your organization is a recognizable force in PR. It can also be the force that would shut your doors due to an adverse event to your reputation.

Good reputational risk management is more than responding to a crisis. It is about building the protections around the organization's reputation and tracking and building the organization's reputation every day. Some estimates provide support that a positive reputation is also the driver for being able to deliver resource growth, attract top talent, and avoid ethical mishaps. These estimates can account for 70% of the gap between an organization's book value and its ability to deliver market capitalization. The impact factors to an organization’s reputation are found in a study performed by Edelman trust barometer. A distrusted organization will experience 57% of its stakeholders believing negative information after hearing negative reputation information about the organization. Moreover, only 15% will believe the positive information after hearing the negative information. On the flip side, in an organization with its reputation intact, over half of the stakeholders believe positive reputation information about an organization after hearing it on one occasion or maybe twice.

Reputational risk often happens during an incident, and reputation management is never discussed as a daily practice. Reputational risk suffers from an industry-wide lack of definition. This lack of definition of reputation risk means that organizations perceive it differently. Many view reputation as a risk of risk. Many do not even classify it as a risk category; instead, it is perceived as an organizational impact.

Most things with an Identified High level of risk severity that affect large organizations impact their reputation, and even more so with startups and small businesses that share the same high level of risk. In today’s reputational protections, organizations must consider reputation risk rather than financial risk.

• Reputational risk can include

• Product and its support

• Financial strength protecting share price

• Compliance, Regulatory, industry, ethics.

• Litigation

• Negative brand perception

• Loss of key employees/ ability to recruit employees.

Measuring the impact on an organization's reputation can be a challenge. However, it is possible to quantify reputational risk regarding the severity and likelihood of the risk and financial impact. 43% of organizations worry about the loss of earnings from reputational risk for any number of reasons that could bring about economic consequences, including loss of customer business to government or industry compliance regulators. These all affect an organization's future performance and competitive position. Many senior executives recognize the threat to an organization’s life span from damage to reputation; however, quantifying the reputational risk remains challenging for many organizations. The quantification of risk within the reputation remains subjective. Reputational risk increases with the size and complexity of the organization. Reputational risk events, like fraud or breach (Material or Cyber), can have a quantifiable contrast. Fraud can influence market value and lead investors to question the quality of management. Material and cyber breaches can immediately affect customer relations and sometimes end the relationships. These quantifiable impacts can have broader financial implications. Potential customers may be discouraged from doing business with the organization. Investors may be deterred from buying company shares in the future. Regulators may impose a heavier compliance burden, and suppliers may be more reluctant to extend favorable credit terms or do business with the company. When quantifying reputation risk, addressing the complexity becomes the biggest challenge. For example, does the damage come after a run of events that have affected the organization's reputation? Moreover, how quickly could it reassure stakeholders that the underlying problems had been addressed? These two questions that address the extent of loss show that there are subtleties in the quantification of reputational risk, which, in the end, rely on several assumptions, which will make the quantification of the risk to the reputation a subjective measurement. 

The most crucial step in managing reputational risk is identifying those factors that could impact reputation, either positively or negatively. There lies the rub of finding a starting point. Critical drivers of reputation include a seven-pillar reputation basis that supports an organization:

1.      Financial performance & long-term investment value    

2.      Governance and leadership  

3.      Social responsibility   

4.      Workplace talents and culture  

5.      Delivering customer promise  

6.      Legal and regulatory compliance

7.      Communication and crisis management

Identifying the reputation drivers helps build a heat map highlighting reputation risk that should be measured and tracked.

The seven reputation pillars must be examined more thoroughly to identify the components' interactions and determine potential conflicts.  

Regulatory compliance

Dealing with regulations today in the business world has become a critical part of any organization's reputation.  Compliance has become the new Important business process; from the reputational risk perspective, compliance failures send out a message that companies may fail to manage the organization's broader risks. When an organization fails to meet regulatory requirements, there will be a disproportionate impact on the organization's reputation if there is a breach or mismanagement of a core risk. Regulatory problems leave open allegations of wrongdoing and, in the current environment, the media and the public think the worst of an organization. For organizations that miss compliance or are not compliant, the general perception is mistrust. 

There are three identifiable steps for reputation risk management. Reputation risk differs from other organizational risk categories because external perceptions define it entirely. The main thing to remember is that an organization can take steps to enhance its reputation; however, at the end of the day, the organization does not control it. Organizational reputation perception consists of a combination of acuities held by external stockholders. Much of the time, this perception does not reflect reality.

There are some simple steps that any organization can take to measure things more systematically. Such as directly testing the opinions of the public and critical stakeholders through surveys, forums, and focus groups. Collect and analyze data on social media pages relating to brand perceptions. While the effectiveness of the organization's reputation can be measured by:

1. Installing a process of reputational risk management throughout the company  

2. Identifying threats to reputation  

3. Crisis management  

4. Putting in place governance structures to manage reputational risks   

5. Ensuring that reputational risks are managed across the entire supply chain

6. Restoring reputation following a risk event

7. Quantifying the financial impact of reputational risk

8. Measuring external perceptions of the company

Installing a process of reputational risk management throughout the organization is the core of managing reputation risk. By introducing the metrics to measure risk on essential organization decisions and products, deployment adds another layer of management to the reputation. The other component is tied to crisis management and business continuity. Many reputational risk events do not result from the first crisis but from how well the company responds to the crisis. If the organization has the right processes and approach to dealing with a crisis, it can protect its reputation and even enhance its reputation. However, failure to manage a crisis effectively will lead to reputational damage that will be difficult to repair.