Garry Honey & David Hensley report on the findings of a joint Crawford/StrategicRISK survey.

An organisation's reputation is among its most valuable assets. For many leading companies - as the recent 2006 Interbrand/Business Week Global Brand survey showed - intangible brand value can account for as much as 70% of market capitalisation. Self-inflicted blows to the reputations of Arthur Andersen and Enron proved fatal to their business.

The new Crawford/StrategicRISK survey, however, shows that while reputation risk is seen as an important strategic risk, there is no uniform approach to measuring or managing it. Until companies do more to manage this major threat to shareholder value, Britain's shareholders and pension funds are at risk.

The survey set out to ask senior executives and risk professionals three important things:

- How does your organisation perceive and rank risks to reputation?
- How do you currently manage the risk?
- What major challenges do you face in the immediate future?


The conclusions confirmed our feeling that reputation risk is a major concern to senior executives, but, as a category of risk management, it is still only emerging. Corporate reputations are still often managed piecemeal across the organisation. Key findings were as follows.

Reputation risk is a real concern

Ninety-seven per cent of respondents said that reputation risk is an important or very great concern. One respondent - a CEO - commented: "Corporate reputation has never been as important as it is today. We - and our clients - are under scrutiny from increasingly savvy customers, employees, regulators, investors and media. To reassure the world that you are safe to talk to, deal with or rely on; there can be no complacency ... Sustaining a positive reputation among stakeholders requires a robust and visible management. But what is vital is that there is a risk management strategy that is fully integrated in communications, both internally and externally."

Boards are certainly giving reputation risk some attention. But only 30% of respondents said that their board discussed it regularly. And, while 46% said that their board discussed it occasionally, the remaining 24% said that it was discussed rarely or simply did not know.

The most commonly perceived potential threat to reputation was product or service quality (76%), although more than 50% of respondents also cited ethical issues and management weaknesses. Association with external parties whose reputations fall (44%) and environmental or sustainability issues (42%) were also seen as important.

In nature and predictability, these are very different sorts of perils, and managing and mitigating them requires different systems and strategies. Product or service quality falling below customer expectations will certainly harm reputation. But this is very much an operational matter, and good quality control procedures should already be in place to handle it - though the recent problems faced by Cadbury over the salmonella contamination show that unexpected risks can occur, and that contingency plans are essential.

Ethical issues, however, are harder to manage. Ethics are not just a matter of company policy, but also of corporate culture. Zealous pursuit of maximum shareholder value can taint a company's reputation by being perceived to transgress social and ethical values, even if no laws are broken. Nike's outsourcing of manufacturing to countries with lower employment standards would be one example. For global companies operating in diverse countries with very different value systems, this can be challenging terrain.

Management weakness is another catch-all. Perceptions of the strength or weakness of management can greatly affect the City's regard for, and valuation of, a company. The shifts in BP's share price on rumours of chief executive Lord Browne leaving - or staying - are a case in point.

The need to manage reputation risk better

Only 48% of respondents specifically monitor, measure and manage their reputational risk. That seems surprising, given that 97% of the same sample say it is an 'important' or 'very great' concern and that 91% think formal risk management systems or insurance have a role to play in protecting their organisation's corporate reputation.

Of the organisations monitoring risk to reputation, most did so via a risk committee. Only 37% said it was dealt with directly by the board or a board sub-committee. Three-quarters of respondents said their chief executive took an active role in identifying risks to reputation. Only 60% said the same of their chief risk officer or risk manager.

One issue that inhibits explicit management of reputation risk is the difficulty of quantifying the value at risk. Only one in 10 private sector respondents claim to put a monetary value on their reputation - and, of them, only a quarter report it to analysts and shareholders. Several respondents explicitly raised the link between value and risk management, with comments such as the need for "monetarising value so that appropriate protection measures can be assessed and implemented."

The cultural challenge

The question 'What is your company's biggest challenge in managing reputational risk?' brought a curious mix of responses. These included the need to improve internal communications and develop a more reputation-conscious culture, as well as to develop better governance systems for reputation risk - and more effective external communications.

Forty-five per cent of responses - the largest group - focused on the need for better governance systems to manage reputational risk. Risk professionals tended to see the challenge more in terms of governance than in operational improvements. Many believe that current methods for monitoring reputation risk are inadequate and see a need for systems to improve identification, anticipation, responsibility and ownership of reputational risks, as well as responsiveness and speed of reaction to problems. Yet none of the CEOs, MDs and chairmen answering the survey thought that reputation risk governance needed improvement and 70% saw the challenge in purely operational terms. The typical comment was that better operational management was the key to avoiding reputational problems: "Get the basics right and your reputation will be fine".

Are they right? Senior executives ought to have a broader perspective over the organisation's reputation and the risks it faces. Yet this philosophy could also serve as a way to avoid addressing what many see as a difficult issue.

Twenty-eight per cent of respondents saw improving external communications - both to build a robust reputation and to react to unforeseen events - as their biggest challenge. The need to improve internal communications and develop a culture more sensitive to the importance and value of reputation also came out strongly. Typical challenges were staff complacency - particularly in the public sector - and the need for internal communication and education to increase awareness and 'buy-in and ownership of responsibility for managing risks'.

Conclusion

Reputation risk is clearly an under-managed strategic risk. But as more sophisticated means of analysing and managing this risk become available, it will become a routine part of the governance process. Today, organisations need to:

- review the major risks that could affect corporate reputation, trust and brand value
- review the processes that are in place to monitor and manage these risks
- ensure that the results of the review are considered by the risk committee or the board - or both.


Often, companies address contingency planning processes only after a crisis. But reputations take years to build and can be lost within days. There is too much at stake here to depend on a second chance.

Garry Honey is a Fellow of the University of Southampton Centre for Risk Research. David Hensley is a consultant specialising in branding, communications and reputation management. The survey was designed by Chiron reputation risk consultants.

About the Survey

The survey was conducted online and is based on 110 responses received during the first week of August 2006. Not surprisingly, 50% of respondents had a dedicated risk role, being CROs, risk managers or simply 'risk champions'; 17% of respondents were chairmen, CEOs, MDs or similar and an equal number were from the finance function, finance directors, heads of audit, accountants and insurance managers. In terms of industry sector, the private: public split was 75:25, with local authorities, and health and education well represented. A total of 12% of all respondents represented organisations outside the UK.