With ‘Reputation’ Comes ‘Responsibility’
Written by Gayathri Venkatesh
What really is Reputational Risk? Assuming a company is doing really well and due to negligence or inability of the top management to incorporate its values strongly across teams, and also some sheer bad luck, there happens to be a data leak and the company faces loss in terms of brand value among its customers.
Reputational damage doesn’t have to occur from data leaks (for e.g., how Equifax is currently trying to build its image due to the massive data breach), it could also root from poor governance, non-compliance, or inadequacy in following values, policies, and regulations. For example: the recent ride that KPMG SA went through for misrepresenting financial statements for a wealthy family.
So, it is a priority for companies to equip themselves, before the damage happens or have a plan of action once the damage occurs.
A few key areas that companies should focus on are:
- Strong Executive Board:
Strategic alignment amongst all members of the board, effective communication, and integrating the element of risk into every process is extremely essential on part of a strong board of members. A strong board oversight in terms of strategy, policy, execution, and transparent reporting is vital to effective corporate governance, an important contributor to sustain reputation. The executive management must also be equipped to identify blind spots and loss drivers that could impact business plan and performance. It also becomes equally important for the top management to effectively communicate with their stakeholders for building a brand image.
- Cultural Alignment:
Incorporation of strong corporate values and maintaining a compliant culture in the organization comes as the second most important point in planning or taking care of company’s reputational risk. The tone at the top management may not be reflected with employees at the middle and lower level. So the executive management has to ensure that the ideologies, escalatory processes and periodic assessments are set clear for employees at all levels. Senior executives should also ascertain that effective internal controls over compliance matters are implemented. Conducting periodic risk assessments, implementing compliance training and certification, refreshing compliance programs to educate employees of potential risks and escalate a foreseeable threat in the environment, are some of the processes that have to be in place to sustain a compliant culture.
- Making that commitment:
Commitment to interacting with key stakeholders on a day-to-day basis ensures that there is a passionate focus on improving experiences. If such processes are internalised and acted upon as a team, it is a powerful driving force for improving and sustaining reputation. For established public companies, vigilance in maintaining internal control over financial reporting, proper disclosure controls and procedures suggests that strong audit committee is in place.
- Operational environment and organization resiliency:
Maintaining a strong control environment is the foundation for achieving organization’s operational, compliance and reporting objectives. Ceteris paribus, a company’s reputation will suffer if its business model is not competitive. Significant performance gaps amongst competitors can diminish reputation if not addressed in a timely manner. Also, at some point every company is tested and a risk assessment team should be in place to anticipate and mitigate the risks that can arise. The team should provide a robust communication plan through transparency and open talks in public domain in the event of crisis.
Comparing the reputational crisis between Equifax (September 2017) and KPMG SA (September 2017), the latter at the least had a response plan. A public apology was immediately sent out, the top management in KPMG SA was replaced with a set of new team members and the company was willing to go through the gruelling process to build its reputation again despite facing a number of trials and losing many clients. However, Equifax restrained itself from going public about the data breach for about a month and when they did go public, it did not have an action plan in place. Nevertheless the company is now taking multiple steps to ensure that the existing data is protected and also tweaking its current costs to manage the huge loss suffered.
To sum up, all companies go through some crisis at some point of time during their existence and it is essential for them to have a response team/plan in place to test several situations to find glitches in the existing model or to have an action plan in place to respond to crisis. There is no one approach that fits all situations, reputation risk management is linked with the company’s risk management and crisis management controls and will have to repeatedly test its environment.
For more insights on recent alerts on reputational risk management, subscribe to Supply WisdomSM Alerts. Request a free trial to see how we can help you stay up-to-date on latest trends and be more proactive about monitoring and managing risks across your global locations and suppliers.