Last week, we covered the fundamentals of how reputational risk can impact a company. More companies are crafting strategies to handle this level of brand management by incorporating a more public focus on ethics and compliance.
Keep in mind that customer experience is a direct reflection of any company’s reputation, especially in the world of social media. One bad brand experience could turn your company into an oversized Internet joke and quickly erode the hard work of your ethics and compliance team. Your customers aren’t looking to see if you’re following all the rules and regulations – in fact, the majority of your customers won’t even know what it means to be FCPA-compliant. What they do know –and care about – is that you’re acting ethically, and that their brand experience matches your brand promise.
But how do you prepare yourself for a future of, essentially, eternal brand insurance against reputational mismanagement? We all understand the negative outcomes of a brand scandal, but, let’s take a moment to assess your current plan to build your brand resilience.
The Levels of Reputational Risk Management
We had the opportunity during a recent webinar with Forrester Research to ask ethics and compliance professionals how their companies treat reputational risk. You can see the poll questions and results below:
These results are pretty encouraging! The options are ranked in descending order of progress, with the goal being the last answer, “We associate reputational damage with various risk events and document the potential impacts (e.g. in a risk register).”
Christopher McClean, Vice President, Research Director serving security and risk professionals at Forrester Research, pointed out the importance of considering reputational risk regularly, such as during risk assessments. As you’re moving through these levels, you want to have a defined way to discuss reputational risk. The difficulty is in putting some measurement behind it, which is what the final level represents. A financial benchmark may not always depict the success of reputational risk management, but even documenting various reputation factors, placing them on a scale of 1-5 and having mitigation strategies for those risks, will significantly decrease the impact of such an event, should it occur.
Christopher recommends thinking in terms of reputational damage, since, it’s a category of risk impact (along with financial, strategic, operational, etc.) that affects the loyalty of customers, employees, investors, partners and other stakeholders. If you think about a risk event, whether it is a product recall, executive scandal of some sort or a privacy breach – all of those risk events have multiple types of impact. Each of them has a financial, operational and strategic impact, perhaps even a regulatory impact or enforcement action. Often overlooked for lack of direct connection, most people fail to realize that reputation is a category of impact based on a type of risk event that impacts loyalty of stakeholders, and therefore needs to be included as part of a risk assessment.
As mentioned earlier, you can start to measure the impacts of reputation risk, and as your program matures, you will be able to put a financial measurement on those impacts. Investor loyalty and customer loyalty are relatively easy to measure, and there is a dollar value associated with retaining them. Your marketing department likely has these numbers, or could assemble them for you fairly quickly.
5 Elements of Determining Reputational Impact
So what determines the level of reputational damage? We’d like to share a five-piece framework for measuring the impact of a reputational risk event. Today, we’re going to share the first three pieces. Check back next week for the last two!
Ability to Take Business Elsewhere
Think about any of the big retailers or fast food chains that have had big data breaches recently. You could immediately see customers leaving and going elsewhere. The results of the reputational damage was immediate and at a very high impact. An example demonstrating the opposite reaction would be Pacific Gas & Electric, which had a massive pipeline explosion in San Francisco. While the reputational damage was significant in the sense that the company now faces a quality-perception issue, it was limited in the sense that, as a utility, consumers didn’t have much choice in choosing to move their business to competing one. Think about how many competitors you have and how easy is it to switch, not just for your customers, but for investors and employees as well.
Level of Trust Breached
Does the risk event really impact the way that customers feel about the core elements of why they do business with you? For example, Arthur Andersen, an auditing firm, had a reputation built on trust. People wanted to invest their money in companies Arthur said were reputable. Once that element of their brand was gone, they essentially went under.
Effectiveness of Response
There are many people involved with the perceived effectiveness of the response to the risk event. Marketing and PR departments certainly play a role, but so do the involved law enforcement and media. The key is that the public need to see the mitigation strategies implemented to ensure that risk events don’t happen again. For example, The Walt Disney Company did a phenomenal job of making their efforts known. Last July, CNN reported that more than 35 employees had been associated with sexual harassment or abuse of youths over a ten-year period. This would have been a HUGE trust breach, the implications of which could have been ENORMOUS. However, Disney’s rapid response, assistance with the investigation, turning over of any relevant data and just generally being very open and communicative throughout the whole process, limited their reputational impact.
Think about this as opposed to companies that spend a lot of time pointing fingers, trying to blame others and avoid taking ownership. This only increases the level of damage and the length of time the scandal stays in the spotlight, turning a one-off issue into an ongoing situation. Do you have a good crisis plan? Are your PR, marketing, legal and ethics and compliance groups going to be involved, and if so, what are their roles in case of a crisis? The first few days are critical in containing the damage, so it’s important that everyone is ready to go.
Share Your Thoughts with Us
We’d love to hear from you! What advice would you add? How does your company manage reputational risk? You can share your thoughts with us by commenting on the blog, messaging us on JDSupra or messaging me directly on LinkedIn. We look forward to hearing from you – and don’t forget to check back next week for Part 3 of this series!
PS: Want to watch Christopher McClean, Vice President and Research Director for Forrester Research’s Security and Risk division, and Jimmy Lin, The Network’s Vice President of Product Development and Corporate Strategy, discuss all this and more? Download our on-demand webcast, Managing Reputation Risk Through Ethics and Compliance.
For More Information About Mitigating Reputation Risk with Ethics and Compliance Training, Check Out These Resources:
- Webinar: Empowering Middle Management to Elevate Your Ethics and Compliance Program
- Whitepaper: The Comprehensive Guide To Ethics and Compliance Hotline Reporting Programs
- Blog Post: The State of the Compliance and Ethics Function: Insights to Improve Your Compliance Program
ON-DEMAND WEBCAST | Managing Reputation Risk Through Ethics and Compliance Processes
In this webcast, Chris McClean of Forrester Research will dissect real-world examples to demonstrate how strong compliance and ethics training programs support robust corporate brands, and even protect the brand’s value in the event there’s a lapse.