Historically, corporate risk management was purely a financial planning exercise that was reactive in nature.
It involved an equation that plotted two indices on a graph: risk and cost. The more likely the risk was to materialize, the greater the financial resources that were allocated to mitigate the impact, including both cash and insurance.
With the high-profile corporate fraud cases of the past five years and the resulting advent of high-stakes governance regulation, however, risk management has begun to move, albeit slowly, from a financial proposition to a strategic one. Corporate boards and management have come to realize that the mere maintenance of cash reserves is inadequate when the existence of the company itself may be at stake and that they must act to anticipate and mitigate specific risks in an affirmative manner.
The moniker of this new approach to risk planning, which takes a holistic approach to identifying and mitigating a broad range of corporate risks, is enterprise risk management (ERM). Central to ERM is the creation of both quantitative and qualitative tools to identify strategic risk and measure its unmitigated consequences.
Much of the literature suggests that ERM, done right, creates early detection systems that enable companies to address risk far more pre-emptively.
As ERM begins to secure greater traction across a wider spectrum of commercial sectors, it is manifest that reputational risk management - that is, management of risk to a company's reputation - must be considered a critical component of a comprehensive ERM program.
In fact, all of the tangible risks that should be identified in an ERM program have a reputational component, including, for example, litigation, technology infirmities, natural disaster, market changes, new regulation, increased competition, human resources, and globalization. A failure to anticipate, scope, and protect against reputational risk can have consequences at least as severe as those of an earthquake or failure of a key product launch.
To protect the intangible, but real asset of corporate reputation, reputational risk needs to be addressed as part of the ERM process. Some basic tools that can be used to get a better handle on reputational risk include:
- Reputation audits and benchmarking to provide an analysis of the current state and trend-line of an organization's reputation
- Reputation alignment to ensure that positioning plans are consistent with overall business objectives and risk trends in the market
- Reputation mapping to identify how the trajectory of corporate reputation can be influenced by future conditions
- Reputation contingency strategy to establish clear, formalized plans to address internal and external variables that can shape reputation
- Reputation action plans that proactively manage reputation as a living and dynamic asset
As corporations continue to develop and implement more integrated and holistic approaches to risk management, reputational risk must be a fixture in the ERM process. Far too many companies that no longer exist can attest to the truth of this axiom.
Harlan Loeb is an MD at FD and an adjunct law professor at Northwestern University Law School.