"How could they have been so stupid?” If we’re honest with ourselves, we often think this when we hear about a crisis hitting an organisation. The next question is: “Who knew and for how long? Was it a team of renegade employees or did it go all the way to the top?” A big crisis can topple the CEO, finish the career of the head of corporate communications and ratchet up damages in the billions. As for the long term reputational damage, that is a moving figure.
From the outside looking in, it is easy to be judgemental. In today’s business world, the response to a crisis is that senior leadership should have seen it coming. But there’s one question that rarely gets asked and it is critical for corporate communicators to consider: could they have seen it coming? Is it within the power of organisations to look around corners and see in the dark, to spot and remove reputation risks before they cause massive destruction of shareholder value and damage to society? Perhaps we shouldn’t expect this type of future vision; these days we do.
"Is it within the power of organisations to look around corners and see in the dark, to spot and remove reputation risks before they cause massive destruction of shareholder value and damage to society?"
Increasingly, corporate communications professionals are being asked to help their organisations identify reputational risks before they strike. A recent Brunswick Insight survey of senior in-house communicators found that nearly nine in 10 (87 per cent) expected identifying and addressing reputation risks before they harm the business to be a major focus of their work. However, for the majority of these same communicators (55 per cent), identifying emerging issues remains a significant challenge for their organisation and four in 10 (42 per cent) are concerned that their organisation is not prepared for a crisis.
A typical annual report of a large multinational company suggests it is doing and saying all it needs to when it comes to risk management. Companies routinely identify risk management as very important and give detailed descriptions of their best practice for risk identification and management. They promote the value of their reputation and regard it as an asset. They are “continually” doing more to strengthen trust, tighten risk management procedures and demonstrate transparency. If, with all of these ideals and safeguards in place, catastrophic reputation crises can still break, what is the lesson for senior in-house communicators? The task is hopeless... so just give up? Clearly, that is not an option. Society will only expect business to try harder. So what tools and techniques are communications professionals using to proactively manage reputation and horizon scan for emerging risks?
Most large corporations have a risk committee or audit and compliance committee that is responsible for identifying and addressing risks of all types, including risks to reputation. But until recently, reputation was behind other types of risks considered. That must and will change. Brunswick Insight’s research found that most (84 per cent) senior in-house communicators say corporate reputation is of increasing importance to senior leadership. Other evidence from Deloitte surveys of senior executives around the world in 2013 and 2014 shows that reputation damage was considered the number one risk concern, and nine in 10 (88 per cent) were explicitly focused on reputation risk as a key business challenge.
Defining reputation risk
The first step in effective reputation risk management is to clearly define what we mean by “reputation risk”. General business risk tends to fall into one of three categories: operational risks that go with the day-to-day running of the business (including product quality/safety, supply chain, finance, and compliance) and which are supposed to be under the company’s control; strategic risks that a company assumes in order to try and beat the competition; and external risks that are due to events beyond the control of the organisation. Reputational risk can fall into any of these three categories.
One useful way to define reputation risk is as the risk of loss resulting from damages to a firm’s reputation. The loss could be lost revenue, increased operating, capital or regulatory costs, or destruction of shareholder value. Reputational risks tend to occur when: 1) there is a gap between a company’s reputation and the reality of the firm, 2) there are changes in social beliefs or expectations, or 3) the company exhibits poor control over its operational risks (read more here). Gaps between perception and reality occur when a company’s reputation with its stakeholders is very positive but the actual character or behaviour of the company doesn’t live up to those perceptions. These gaps create very real risks to reputation. Should this underperformance and failure to live up to expectations become known, reputational damage is the result. However, it is possible that the perception gap works in the other direction – when reputation is worse than actual character or behaviour deserve (e.g. the company may be meeting or exceeding expectations but stakeholders are not aware of it). Reputation gap risks in either direction can cause real value destruction for a company – and can and should be managed, either by changing behaviour, more effective communications, or both.
Also, societal beliefs and stakeholder expectations shift over time. Practices that were once acceptable may suddenly be reputational risks as social norms and behaviours change. Whether the issue is the use of palm oil in consumer products, the number of women on boards, or aggressive tax minimisation arrangements, stakeholders may condemn what was once considered acceptable. The best way to stay ahead of this type of risk is to closely monitor stakeholder expectations and factor them into company behaviour, engagement and communications.
Finally, poor organisational control and coordination can lead to situations where one part of the business is working to address stakeholder expectations (e.g. agreeing to stop certain marketing practices related to the sale of infant formula in developing markets) while other parts of the company continue the practices, either because they were not aware of the change or because they chose to ignore them. Individual employees can also go rogue and act in ways that are inconsistent with a company’s stated values (e.g. saying something inappropriate on Twitter) or illegal (e.g. conspiring to manipulate Libor rates). Either way, the result can be severe reputation damage for the company. The phenomenon of data permanence only compounds this risk. Because nearly every email, text message or social media post we create basically lives forever once we hit send, companies are at perpetual reputational risk from employees’ electronic communication. While reputation risk due to poor organisational control is preventable with clearer guidance, stronger culture and ready punishment for transgression, managing this type of risk is difficult for large, geographically diverse organisations.