Guest Post by James K. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
Reputational Risk and ERM
It is estimated that an organization’s reputation accounts for over a quarter of its market value. As such managing reputational risk has become an important issue for C-Suite members. This piece examines the issues surrounding reputational risk and how an Enterprise Risk Management (ERM) approach can help manage this risk.
Reputational risk is any event that can impact the reputation of an organization both positively or negatively. Reputational risk is often driven by ethics and integrity problems such as fraud, bribery and corruption.
The Wells Fargo banking scandal is a good example of the negative consequence to reputation. Wells Fargo has been fined $185 million by regulators for opening 1,534,280 customer accounts without their permission. Further account payments were often delayed so additional charges could be imposed. Around 5,300 employees have been fired and the CEO has resigned. The problem was caused by a demand that employees make unrealistic sales quotas.
According to a 2014 global survey of 300 executive from multiple sectors around the world, conducted for Deloitte, customers and stake holders are the most important elements for managing reputational risk. A positive reputation can help the organization weather adverse events. However, when that trust is broken, it is hard to regain it.
The five most common causes of reputational loss are:
- Ethical Lapses
- No Corporate Responsibility Policies
- Customer Service Failure
- Low Employee Satisfaction
- Data Breaches
In the Wells Fargo case, three out of the five were in play. There were ethical lapses, customer service failures – fraudulent accounts and overcharges and violations of any corporate responsibility policy – upper level management encouraged and put pressure on sales employee to make unrealistic quotas.
A 2014 survey of Fraud Management in Local Government by the Queensland Australia Audit Office indicates that fraud costs the Australian economy $8.5 billion a year. The report also notes that local governments are exposed to high risks of fraud and corruption due to the large volume of goods and services procured from third parties. Consequently, governments also need to be concerned about their reputations.
Further, both sectors have been adversely impacted by cyber-attacks. In May 2017 WannaCry ramsonware adversely impacted the British Public Health Service, Russian Banks and Ministries, Nissan Sunderland Park, Renault and FedEx.
Such data breaches raise customers concerns about the security of personal information. With the prospect of identify theft, such a breach destroys trust, and causes customers to go elsewhere.
Given the various means by which an organization’s reputation can be adversely impacted, managing reputational risk has become a major concern. Consequently, pro-active protective measures become important considerations.
Enterprises Risk Management
ERM is such a pro-active approach. It provides a methodology for identifying and managing risk. As such, can be an important tool for managing reputational risk. Since reputational risk is just one of numerous risks an organization faces, the standard ERM methodological is appropriate. The basic ERM steps are: Identify the risks; Determine possible impacts; Prioritize the risks; Determine how to deal with the risk; Assign responsibility for managing the risks; and Continually monitor and assess the risks. Since reputational risk cannot be transferred, action must be taken to mitigate it. Further, since not all risk events can be anticipated, a crisis management plan should be developed and practiced. The successful implementation of such a plan during a crisis can positively impact the organization’s reputation.
Such a plan paid off for U.S. Airways when flight 1549 made an emergency landing in the Hudson River in New York. The successful implementation of their emergency action plan garnered positive new reports for their swift and effective customer service. As a result their reputation was enhanced, as was, their stock value and market share.
The reputation of a company can account for over a quarter of its market value. As such it is important to manage any risks that may adversely impact it. Unfortunately, adverse risk events can come from many quarters. ERM provides a methodology to systematically examine the potential risks, prioritize them and then mitigate any adverse impact. As such it is proactive tool which can help protect a company’s reputation.
James J. Kline, PhD, CERM, is senior member of ASQ, a Six Sigma Green Belt, and a Manager of Quality/Organizational Excellence. With more than ten years of supervisory and managerial experience in both the public and private sector, he has consulted on economic, quality, and workforce development issues. Dr. Kline has also written numerous articles related to quality in government and risk analysis.