03 9948 2100info@dewintern.com

The case for corporate reputational risk management

Home / The case for corporate reputational risk management
Back to News

Reputational risk needs to be managed systematically with as much rigour as financial, governance, operational or any other risk.

Over past decades organisations have recognised the need for and the benefit of sophisticated risk management systems.  They have seen that professional risk management not only protects the business but helps support strategic decision making.

One risk that has been ignored in formal corporate governance is reputational risk – a portion of the risk spectrum unfamiliar to most boards and managers.  Reputational risk shares few characteristics with traditional risks and this makes reputational risk difficult to identify and mitigate using traditional methods.

While reputational risk may seem unmanageably subjective, “soft” or complex there is no excuse not to manage it. On the contrary, when a risk is less familiar there is a need for greater governance, not less.

Reputational risk arises both externally and internally. It is often intangible.  Its assessment cannot always be based on known data and its existence may need to be inferred.  Damage to corporate reputation however, is only too tangible.  Better to infer and mitigate rather than ignore and miss reputational risks.

Reputational risk exists as a risk in and of itself but it may also arise as a consequence of other risks not being managed. Therefore, as you cannot manage away 100% of risk, damage to reputation is an ever present risk.  Either way, it is a risk to be identified and managed.

The lack of systematic reputational risk management in most organisations is itself a significant risk.  In our experience only 10-20% of reputational risk is identified.  Risk familiarity leaves internal teams less objective and vulnerable to not identifying key risks thereby losing the opportunity to mitigate.

This uncertainty leaves organisations vulnerable.  Known risks can be managed within an existing framework, whereas, unknown risks lead to poor strategic decision making.

Traditional risk auditors are not trained to identify reputational risk, so external assurance from reputation risk professionals is prudent.  Greater reputation building opportunities are available if the risks are understood and mitigated.

Crisis management alone is not sufficient reputation protection as approximately 70% of ‘crises’ are preventable using a professional reputational risk management system. Further, crisis management plans do not constitute reputational risk management as once a crisis is occurring then reputational damage is already being suffered.

Reputation risk management is therefore essential for reputation management, good strategic decision making and the value of the company.