An organisation’s public reputation is often critical to the accomplishment of its business goals. Whether measured by the stock performance of a listed company, the buying decisions of the business’s customers, or the trust levels of a government agency’s constituents, every type of organisation relies on its reputation to remain successful. The advent of social media and the 24 hour news cycle added to the complexity of reputational risk, due to the speed with which a negative perception can now be spread.

There are two primary components to the effective management of organisational reputation risk. The first is preventative – making sure that the risk management systems are in place to identify and manage risks to the organisation which may have a reputational consequence. The second is reactive – being ready to appropriately handle the organisation’s response in the event that an incident occurs with reputational repercussions.

One of the overlooked aspects in the preventative phase of reputational risk management is accurately determining which of the organisation’s identified potential risks may have an impact on reputation. This can be a complex assessment due to the fact that stakeholders’ perceptions are coloured by their expectations of the organisation. (For example, the corruption of a senior government official may be viewed with more alarm than that of a commercial business officer, due to the general public’s higher expectations of tax-payer funded government departments compared to private sector operations.) Carrying out an audit of the organisational risk register with reputational consequences in mind is a first step towards addressing this shortfall.

When it comes to the reactive phase of reputational risk management, many organisations find themselves stumbling into a public relations catastrophe without having prepared for it in any meaningful way. Given the speed with which news and rumour spreads, taking a day to agree on an appropriate reaction and message can cost an organisation dearly, as can the failure to manage the external communication of the organisation’s response via a single authorised channel. A well-developed and implemented business continuity program comes into its own in this context, specifically via the identification and training of emergency decision makers and spokesperson(s) for the organisation in the event of a crisis.

Some organisations are lucky enough never to experience a serious threat to their reputation during their organisational lifetimes. However, rather than blindly hoping for this outcome, all organisations are better served by developing and implementing best practice risk management and business continuity management programs.

Please contact QRMC for more information.