Michael D. Moberly   February 4, 2010

Without argument, there are countless events and circumstances that can present ‘risk’ to a company’s stability, or perhaps more appropriately stated, its equilibrium.  A particular risk which various studies, reports, and professional association papers of late portray as receiving more (elevated) attention from company management-leadership teams is ‘reputational risk’, and for good reason. 

A relevant and very timely adage about a company’s reputation is ‘it takes years to build a reputation, but today, a company’s reputation can literally be severely damaged, if not irrevocably lost, in a single day’!  It’s certainly conceivable to assume then, in light of the current Toyota debacle, company reputational risk will be ratcheted up even further on the priorities of c-suites and boards across the globe, as well it should.

What is reputation?  In a 2006 report produced by the Opinion Research Corporation and authored by Jeffrey T. Resnick, reputation was described (defined), and appropriately I might add, in the following manner, i.e., ‘reputation is as much about perception and the perception of behaviors as it is about fact’.  The ORC report goes on to say ‘reputation is about ethics, trust, relationships, confidence, and integrity, and is built on the fundamental belief that management knows how to run its business and will win in the long run’.

What is reputational risk management?   Again, as cited in the ORC report, reputational risk management was rather broadly and unceremoniously defined as ‘a process, effected by an entity’s Board of Directors, management, and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity and manage risk to be within its risk appetite, to provide reasonable assurances regarding the achievement of entity objectives’.

How is company reputation built?  Few would argue with the perspective that a key (principle) tenent of a company’s reputation is that it ‘cannot be manufactured’.   In other words, a company’s reputation will not likely evolve from an advertising agency or public relations firm.  Rather, a company’s reputation is generally characterized as being built as a result of consistent (on-going) interactions between a company and its primary (key) stakeholders.  More specifically, the experiences of the company’s various stakeholder groups, i.e., customers, consumers, clients, etc., are perceived (by them) as being consistent with the values conveyed and claimed (to be upheld by) the company itself, as well as the perceived promises it (the company) makes through advertising and other forms of marketing and communication directed to its consumers, customers, and clients.

Economic value of company reputation!  Most practitioners engaged in reputational risk management would find consensus in the notion that (company) ‘reputation is about walking the talk’!  However, those management-leadership teams that still assume reputational risks are merely public relations problems which are temporary, or can be pre-empted, mitigated, and/or quickly remediated through PR campaigns, would be considered out-of-step with what I refer to as ‘the 24×7 realities’! 

My so-called ’24×7 realities’ point to company reputation challenges as being substantive ’wake-up calls’ for management/leadership teams to immediately, closely, and objectively examine how or whether their internal (company) culture is genuinely aligned with - reflective of its public behavior and the previous and expected experiences of its customers, consumers, and clients?  If there is no alignment, or perhaps, more likely, the one time alignment is now ‘out of sync’, then, of course, the economic value of the company’s reputation will likely fall short, and again, using my ‘24×7 reality’ metaphor, company reputation that’s taken years to build, can go to zero very rapidly!

A good approach for management/leadership teams to perceive-conceive their company’s reputation is by understanding that it (reputation) is an intangible asset, and, as an intangible asset it (reputation) lacks conventional properties of physicality, unlike, for example, tangible (brick and mortar) assets which can be readily replaced, rebuilt, and re-sold.  To be sure, its not that easy for a company’s intangible assets, ala reputation!

Michael D. Moberly     January 13, 2010

It used to take years of dedicated bad management to destroy a company, now it can be done almost overnight, and it’s not just due to the range of hazards, e.g., fraud, financial calamities, terrorism, and/or failures in supply chains, etc., that can threaten a company, it is the speed which such risks can strike and how they can rapidly escalate and cascade throughout an enterprise internally and externally! (Adapted by Michael D. Moberly from remarks of Sir John Bond, Chairman of UK based HSBC)

Risks to business continuity and intangible assets such as intellectual property, brand, reputation, image, goodwill, supply chains, and competitive advantages are rising and asymmetric.  In many respects, they represent outgrowths and/or consequences of a hyper-competitive, predatorial, winner-take-all, go fast, go hard, go global business transaction environment functioning in knowledge-based economies. 

At least one favorable consequence though, in my view, is more attention is being drawn (normatively speaking) to the precise role and (fiduciary) responsibilities of corporate boards relative to including (addressing) business enterprise (business) risk as routine action items on their agendas, sometimes through ‘risk committees’.

An initial step toward achieving this essential addition, again, in my view, lies in ensuring boards receive professional, objective, and relevant briefings and awareness training absent any ‘agenda’ other than providing strategic and/or tactical insight, perspective, and guidance to benefit the company.

In 2005, Lloyds and The Economist Intelligence Unit collaborated to create a briefing paper (study) titled ‘Taking Risk On Board: How Business Leaders View Risk’.  The report (a.) explored the extent to which risk is now a board-level responsibility, (b.) described what boards see as their risk-related priorities, and (c.) identified what they do and don’t do to implement effective risk management strategies in their organizations.

The Lloyds - The Economist Intelligence Unit report concluded that yes, most boards are taking risk more seriously.  However, in most instances, a board’s rationale for doing so had been prompted more by the imposition of governance and regulatory mandates and not necessarily by a genuine recognition that their company’s business strategy would benefit from fully integrating (top down) risk management initiatives directly and consistently into board decision-making.

Somewhat more disconcerting however, was the finding that board’s frequently characterized the act of addressing risk in their boardrooms as constituting (a.) constraints, (b.) diversion of resources, and/or (c.) obstacles (impediments) to necessary - normal business risk-taking.

(Perspective and insight for this post was gleaned from - adapted by Mr. Moberly from a 2005 report produced by Lloyds and The Economist Intelligent Unit titled ‘Taking Risk On Board’.)

Michael D. Moberly   January 2, 2010

The increasingly essential (fiduciary) responsibility for managing a company’s reputation risk should not emulate the conventional Hollywood-style publicist or public relations model.  Company reputation risk management is now about conceptualizing-framing enterprise-wide practices to objectively and proactively address reputational risks that are, in every sense, ‘internet asymetric’!

Respectfully then, any company reputation risk management initiative which integrates that ‘hollywood’ model’ will quickly find itself well behind the curve when it comes to trying to monitor and/or address the realities of the nanosecond, unfiltered, predatorial, and sometimes revengeful and conspiratorial (manufactured) communications that are, unfortunately, increasingly routine in the (global) online social media and networking communities. 

With more frequency, company reputational risks are sparked, initiated by, and/or evolve from social (online) media sources, e.g., blogs, message boards, competing/underming web content, and other social (viral) networking communities that literally transgress, circumvent, and/or bypass traditional forms of communication and information dispersal.  The problem - challenge this poses to company’s is fairly straight forward, that is, adverse social media communications can expose - render organizations vulnerable to ever expanding reputational risks and threats 24/7.

There are three questions relevant to reputation risk management best practices that warrant management team reflection.  One question lies in the warp speed in which unfiltered and sometimes ‘manufactured’ social media - networking community communications can materialize to have their initial (measurable) adverse affect - impact on company. 

A second question lies in identifying appropriate and forward looking best practices to assess the ‘realness’ and duration of such adverse communications.  In other words, how will (not if) such communications impact the company, its customers, its suppliers, and its stakeholders-shareholders?

And, of course, a third question lies in assembling a decision making team with the inclination and capability to objectively, effectively, and consistently identify, monitor, and assess any/all (company) adverse communications.  An important key is that these assessments should not be conceived-framed in conventional risk - threat models.  Rather, the assessments should be executed in contexts of (a.) how such communications can exacerbate additional vulnerabilities (portals) that may/can create cascading affects to the company’s reputation, and (b.) the probability, speed, and potentially global elements that those vulnerabilities may materialize. 

And finally, a fourth question is, are most reputation risks really subject to being controlled in the necessary timely fashion/manner so as to prevent, or, at minimum, mitigate the risks/threats to permit a company to effectively and rapidly (fully) recover (e.g., economically, competitive advantages, sales, etc.,) from the adverse communications?

Michael D. Moberly   October 1, 2009

The ability of management teams to sustain (enhance) the long term (strategic) value of their company’s reputation lies, in part, with the manner in which the firm’s reputational risk management (oversight, monitoring) function is initially conceived, organized, executed, and ultimately comes to meld with existing enterprise risk management (ERM) platforms.

In today’s extraordinarily competitive and intertwined business environment, reputational risk, i.e., stakeholder expectations and perceptions are increasingly global, fragile, and vulnerable to a range of (spontaneous, inadvertent, and/or purposefully malicious) acts - events.

What makes reputational risk management even more necessary today is the hyper-competitive, nanosecond and assymetric information dissemination technology platforms that exacerbate events and/or acts to elevate exposure - vulnerability to reputational risk.  These must be consistently monitored and integrated with highly proactive (reputation risk) identification and assessment processes coupled with a repertoire of effective and targeted responses/reactions that carry a measurable probability of mitigating the adversity.  A company’s reputational risk response repertoire should be articulated in a manner that strengthens, if not enhances, relations with those stakeholders whose (continued) support is essential to the company’s long term - strategic (business) objectives.

Why should reputational risks be addressed and articulated responsibly and rapidly?,  it’s because a company’s reputation affects stakeholders’ in many different ways, e.g., their inclination to be engaged - associated with a particular company through supply relationships, customer relationships, employment relationships, or even decisions to reside in communities where that company has operations.

Again, an effective starting point for conceiving an ERM reputational risk initiative is to ensure its management and oversight function(s) are synchronized (aligned) with (a.) the company’s core business, and (b.) the dominant stakeholders’ perceptions and expectations.  That’s because, those stakeholders continued support is essential to achieving the company’s strategic (financial) objectives.  

Reputational risk management does not have to be an extraordinarily time consuming or resource intensive undertaking.  When management teams and c-suites execute it correctly, it will deliver returns, especially when its conceived in the context of this economic fact - business reality…

65+% of most company’s value, sources of revenue, sustainability, and foundations for future wealth     creation, irrespective of (company) size or industry sector, lie in - are directly linked to intangible assets in which the bulk, most experts agree, is reputation!

Michael D. Moberly   September 29, 2009

Company reputation is defined as the perception of the company by the public and it’s various stakeholders, i.e., suppliers, customers, employees, local communities, etc.  Company reputational risk then, is a function of a range of triggering events or precipitators (inadvertent or intentional) but, usually adverse, that occur in which particular corporate identity features are targeted or becomes exposed, vulnerable or is revealed that were previously not known i.e., a business practice, behavioral incident, or a characteristic (content) of a product or service manufactured and/or sold to the public.

Company reputation and its attendant risks however, are not the sole province/domain of Fortune 500 types of firms.  Rather company reputation and reputational risk is relevant to most all company’s including small, medium enterprises (SME’s) as well as small, medium multinationals (SMM’s) regardless of industry sector or location.  

For many companies their reputation literally constitutes the primary source (origin) of their intangible assets which can account for as much as 65+% of a company’s value, sources of revenue, sustainability, and foundations for future growth, expansion, and wealth creation. 

Management teams routinely admit however, as respondents did to a Conference Board study, that ownership and responsibility for addressing reputational risks are often fragmented and seldom coordinated within a company and sometimes they’re assumed across a wide range of management teams and/or business unit managers. 

And, as is typical in such circustances, a debate has emerged over the most effective way for companies to characterize and ultimately address their reputational risks, i.e., as (a.) a separate and distinct category of risk, or (b.) additional (individual) effects of operational incidents in which certain risks or threats can materialize.  

With respect to company reputation risk however, there remain two areas in which relatively little practical (applied) research has evolved, i.e., (1.) who is responsible, and (2.) who should take ownership for a company’s reputational risk which includes its monitoring, stewardship, oversight and executing best practices to address it and mitigate its criticality if/when a risk materializes.  

It seems clear that company reputational risk is a genuinely integral element to overall ‘company governance’.  For starters this means the board and c-suite must reach consensus about (a.) its definition, (b.) its application and relevance to the company, and (c.) recognizing it as a dynamic, relative, and very valuable intangible asset for a company. 

This can be fully achieved though only if a company’s reputational risks are consistently monitored and best practices are in place that, among other things, identify (1.) who owns it, and (2.) who’s responsible for doing something about it.  (Adapted by Michael D. Moberly from a report produced by The Conference Boards titled ’Reputation Risk: A Corporate Governance Perspective’)

Michael D. Moberly   September 8, 2009

The precursor to contemporary ’business continuity-contingency planning’ (BCCP) was ‘disaster recovery planning’ that typically focused on (1.) protecting tangible-physical assets, i.e., plants, equipment, inventory, etc., (2.) containing the extent/criticality of the damage/loss, and (3.) building in redundancies (back-up systems) intended to continue all/part of a company’s operation during a disaster.  Today, BCCP needs to broaden its scope to include a company’s intangible assets, e.g., intellectual capital, image, goodwill, brand, reputation, and intellectual property.  Why?, because 65+% of most company’s value, revenue, sustainability, and foundations for future growth now lie in - are directly related to intangible assets.  In other words, a major and permanent shift has occurred from tangible/physical asset-based companies to intangible asset-based companies!

Now, well conceived/designed BCCP must include processes/procedures to (1.) ensure the control, use, ownership, and value of those assets are sustained during and following a disaster, and (2.) mitigate a company’s risk to the irreversible loss and/or de-valuation of those assets that would impair operating capability, revenue streams, competitive advantages, market share, reputation, and intellectual capital, etc.

Quite correctly then, BCCP has become a responsibility/task carrying a much higher profile, largely because it falls directly within the purview of - impacts all c-suite functions.  BCCP’s that do not effectively address a company’s intangible assets will, with increasing frequency, render company officers, management teams, and their companies vulnerable to legal action and reputational risk in which image, credibility, relationships with suppliers, vendors, and investors, etc., can be irreversibly strained and/or impaired which further inhibits recovery.  

Absent an effective BCCP in place, trying to prove assets’ existance, their contributory value, and recover them after the fact, is costly, time consuming, and will inevitably delay recovery.  Why?, because once a significant threat/risk (disaster) materializes, and key assets are out of a company’s control and protection, regardless of IP and/or IT protections/redundancies that may be in place, the probability that a company will fail, or that its recover will become protracted and at a fraction of its original status is elevated.  Consequently, skills and experiences business continuity-contingency planners should now bring to the table are those relevant to identifying, unraveling, assessing, and monitoring a company’s inventory of ’mission critical’ intangible assets.

As the above objectives (recommendations) are integrated in business continuity and contingency planning they will enable/facilitate a more complete and speedier (economic, competitive advantage, market share, revenue) recovery, which, in today’s globally competitive, predatorial, and winner-take-all business environment is not an optional luxury, rather a fiduciary necessity!

Michael D. Moberly   September 1, 2009

Company reputation is an intangible asset that, so long as it remains unblemished and unchallenged, delivers value, sustainability, and competitive advantages to a company.  The stewardship, oversight, and management (guardianship) of a company’s reputation, as more company’s are recognizing, is an integral function/responsibility of the management team. 

What is (company) reputation?  Fundamentally, it’s the opinion of the public and a company’s stakeholders toward a company.   A tenent of company reputation, as noted by Jeffrey Resnick of Opinion Research Corporation, is that reputation cannot be (a.) manufactured by an advertising agency, or (b.) created by a public relations firm.  Company reputation, Resnick says, is built (enhanced) as a result of ongoing interactions between a company and its key stakeholder groups, where the experience of the latter is consistent with the (a.)  values the company claims to uphold, and (b.) promises it makes (through advertising and other forms of marketing communication).  Ultimately, company reputation is as much about perception of the behaviors (of the company as a whole and/or its management team) as it is about about fact(s). 

What are the fundamental responsibilities of those charged with the stewardship, oversight, and management of company reputational risks?  

- The first responsibility is recognizing that a company’s reputation (a.) is a valuable intangible asset, that (b.) warrants multiple strategies (plans) to mitigate and/or prevent reputational risks from materializing, which (c.) can deliver returns-on-investment commensurate to the value of the reputation.  

- The second responsibility is (a.) knowing and anticipating, (b.) prioritizing, (c.) consistently monitoring, and (d.) timely recognition and response to a full array of risks (sources, origins, motives, misteps, miscues, etc.) that can adversely affect a company’s reputation. 

When these fundamentals are left unchecked, real enterprise-wide distress can, and unfortunately, with increasing frequency and speed, materialize to adversely impact reputation.  Unlike many other business risks though, reputational risk can be prompted, influenced and instantaneously transmitted by an ever expanding array of stakeholders, interest groups, mediums, and channels, most all of which operate globally and on a 24/7 basis.

Unfortunately, some companies and management teams approach (perceive) reputational risk mitigation as merely as a public relations exercise.  A more prudent (business sustainability) strategy would be to recognize reputational risk mitigation is both an opportunity and a fiduciary reponsibility to (a.) sustain control and value of a company’s reputation, and (b.) align a company’s internal processes and culture with its public behavior and customer/stakeholder experience.   Otherwise, it’s increasingly unlikely a company’s reputation can be effectively leveraged to enhance company value, develop stronger competitive advantages, or achieve greater sustainability!

Michael D. Moberly      July 20, 2009

Company reputation, along with image and goodwill, are intangible assets!  An effective initial step toward reducing the probability that a company will be unduly exposed to or become a victim of ’reputation risks’ that occur with increasing frequency and adversely affect, not only image and goodwill, but value and revenue as well, is to conduct an intangible asset assessment.  A well designed and executed assessment will produce three relevant and beneficial outcomes for a company, (1.) identify its key intangible assets, (2.) assess reputational risks to those assets, and (3.) determine strategies to prevent and/or mitigate those risks. 

The following are the much abbreviated findings of an actual intangible asset assessment for a U.S. headquartered company.  This company is the market leader (developer, manufacturer, and supplier) of a particular automotive services product and has multiple U.S. and international manufacturing, sales, training, and distribution sites with annual sales exceeding $300 million.

The assessment revealed four key areas which, in the assessor’s view, warranted attention by the company’s management team and board:

1. A presumptive (over) reliance on patents as constituting the sole means for safeguarding the company’s rights to it’s reputational - proprietary know how…

2. An under-appreciation for the intertwined relationship between the company’s reputation (image, goodwill, brand/product integrity, etc.), relative to the (reputational) know how embedded in employees at various levels and global locations…

3.  Company practices (polices, procedures, etc.) were largely absent (a.) acknowledgement of intangible assets, and (b.) understanding of the assets relationship to sustaining/building company reputation…

4.  The absence of a protective company culture that contributes to ensuring key reputational drivers are sustained, in this instance, (a.) a web-based customer/client training and trouble-shooting programs, and (b.) rapid turn-around (response) times for customer inquires, services, trouble-shooting, product delivery, and repair…

The reason the assessor identified these four areas as warranting management team and board attention are the convergence of (a.) the assets’ vulnerability, stability, and fragility, and (2.) the rapid cascading affects that adversely affect reputation, image, goodwill, value, and revenue should certain risks (to  those assets) materialize.

Michael D. Moberly    July 14, 2009

Safeguarding a company’s reputation is an essential (integral) responsibility for management teams and boards alike whether they oversee Fortune 1000’s or small, medium-size companies.  An important first step to effectively, and perhaps permantly, address a company’s reputational risk is for management teams to recognize what precipitated - influenced their perception of such risks.  This is important for two reasons.  First, successfully and effectively responding to reputation risk events has essentially become a CEO driven act.  Second, the design and execution of a reputation risk management policy is seldom as effective or proactive as it could be if the  principal’s discount how their initial perceptions of reputation risk were framed and ultimately influence their actions ‘under fire’.   

Typically, management team’s perception of risk evolves from one or more of the following, (a.) anecdotal accountings from colleagues, (b.) media reports, or (c.) personal experiences.  Similarly, management teams are prone to framing reputation risks to their company as subjective, single events with little consideration given to the equally devastating after shocks that can cascade throughout a company and its external environment.  To more effectively mitigate and/or counter such oversights, principal’s would find it useful to reflect on precisely how they perceive (interpret) the various types/categories of reputational risk that can adversely affect their company, i.e., their assessment of… 

1. the source/origin of the risk

2. the company’s vulnerability/exposure to reputational risks

3.  probability and ease which particular reputational risks can/will actually materialize

4. how a reputation risk can adversely affect their company, i.e., costs and cascading affects

5. the time frame and costs the company will incur relative to reputation recovery initiatives

6.  the strength of the company’s existing reputation risk management plan to prevent or mitigate  

7. whether reputation risks constitute a security problem, communication problem, or management problem, etc.

In most circumstances, conducting an intangible asset assessment of a company, which includes not only assessing reputational risks, but identifying and assessing each assets’ status, fragility, stability, and sustainability.  Most management teams find such an assessment a useful prelude to designing a reputation risk policy.   For example, if a company policy to address reputation risks is found to have a ‘crisis management’ orientation rather than a ‘contingency-mitigation planning’ orientation would be an indicator that the company is not monitoring - scanning either their external environment or stakeholders for early warning signs that reputation risks are materializing.  Instead, a ‘crisis management’ orientation implies a company is essentially waiting for a reputation risk crisis to occur rather than engaging in a proactive and preventative approach!

Michael D. Moberly      July 13, 2009

Company reputation is defined by the Economists’ Intelligence Unit, Weber Shandwick, and others, as ‘how positively or negatively a business is perceived by the people or entities the company relies on for its success, i.e., customers, investors, regulators, the media, and the wider public’.  There’s virtually no argument that reputation is a prized and increasingly valuable intangible asset, but it’s exposure and fragility to a growing mass of asymmetric risks is real, especially if management teams are unfamiliar and/or inexperienced in its stewardship, oversight, management, and monitoring.

In its study, Reputation: Risk of Risks, Economist Intelligence Global Risk Briefing Unit, found that, of 269 senior risk managers interviewed, risk to company reputation represented their chief concern, ahead of other risks such as regulatory, human capital, IT network, market, credit, financing, political, and terrorism risks, etc. 

Company reputation has become a dominant and driving source of company value and competitive advantage, which numerous respected sources estimate, among them being Weber Shandwick, 63% of a company’s market value now lies in - evolves from reputation.  When that level of company value is directly linked to bundles of intangible assets that collectively comprise ’reputation’ it clearly suggests that the stewardship, oversight, management, and monitoring of company reputation should not be relegated to I’ll do it when (a.) I have time, (b.) I see my competitors doing it, (c.) my company experiences a reputational crisis, or (d.) regulatory mandates require its valuation and reporting.  Rather, ’reputation management’ should commence immediately and focus on an array of stakeholders which can, and frequently do demand - create attention.

For example, company reputation can decline radidly when a customers’ interaction and/or experience with a company falls short of their expectations.  In this regard, those charged with managing, monitoring, and responding to a company’s reputational risks must first bring clarity to three things, (1.) whose interaction/experience, (2.) what experience, and (3.) which expectations.  Clarity on these matters, will lead to more timely, effective, and responsive strategies to address company reputational risks particularly in terms of resolving and mitigating!

While protecting/safeguarding a company’s reputation is an increasingly critical fiduciary function, it is also one of the more challenging insofar as, (a.) designing effective practices for constant (reputation) monitoring and measurement, and (2.) proactively, rapidly, and correctly responding to reputation hemorrhaging events.  In large part, those challenges are products of the asymmetric nature of risks today which collectively exacerbate reputational risk, i.e., (a.) the 24/7 global media, social networking and communication channels and blogging, (b.) increased scrutiny from global regulatory bodies, and (c.) increasingly transferrable customer loyalty.