In traditional risk management, analysts identify risks associated with a given business or product and use forecasting and evaluation to try to mitigate the impact of these risks, should they come to be.
In enterprise risk management (ERM), companies take the work of traditional risk management and extend it, integrating these crucial calculations into the overall outlook of the business, rather than limiting it to one department. ERM requires continuous oversight of key business objectives and the regular collection and analysis of key data.
In ERM, leaders are able to see both the forest and the trees, to understand how obstacles and hazards in one area may impact performance in another, and to understand how a business can maximize growth and minimize losses even in the most challenging of financial or regulatory environments.
While companies understand that enterprise risk management is increasingly necessary in our uber-competitive and connected world, they often don’t take it far enough. According to Kasper Nielsen, co-founder and chief strategy officer of the Reputation Institute, reputation risk must always be factored into any risk management strategy.
Often, the greatest harm to a company, according to Nielsen, isn’t in sales lost or fines levied, but in the damage to their long-term reputation.
“The problem with some ERM frameworks," he says, "is that they are two dimensional, focusing only on cost and likelihood. As a result they don't take into account the reputational risk multiplier."
For example, he says, a product recall or failure isn’t necessarily all that damaging in and of itself, at least in terms of cost. But the damage to reputation may bring untold losses, ones that aren’t being calculated into the risk models.
The Reputation Multiplier
As an example, Nielsen points to the Costa Concordia, the Italian cruise ship that ran aground in 2012. While the company undoubtedly had planned for the possibility of such an event, it seems less likely that they were prepared for the long-term consequences of such a highly publicized failure.
“The possibility of a crash will have been identified as a risk, but I'm pretty sure the ultimate financial cost to the company - i.e. loss of sales from damaged reputation - was not factored in,” Nielsen says. “That's the reputation multiplier."
The “reputation multiplier” is a powerful force. Nielsen notes that more CEOs were fired in 2018 than ever before. And most were fired because the companies they led experienced serious reputational shocks.
Think of Wells Fargo. Equifax. Capital One. All these companies experienced costly failures, and they likely had planned for some of them. But had they planned for the long-term impact these failures would have on their reputation?
You can't manage what you don't measure
Despite the serious risk to their careers and the companies they lead, many CEOs still don’t have a handle on reputation management and its place in enterprise risk management.
According to Nielsen, that’s often because they don’t have the data they need.
"In the financial side of a business, they have numbers for everything. That's how they manage it. There's a rhythm to it,” Nielsen says. “The most successful companies are those that create a rhythm to how they measure and manage their reputation."
But data isn’t enough to truly integrate reputation risk into your ERM strategy. You have to understand how this data ties into your business objectives.
"Many companies are drowning in data but that data doesn't make sense to them because it's not linked to the business,” he says. “The best companies have reputation integrated into their business strategy."
Getting the right data can help you create a reputation strategy
In order for companies to integrate reputation into enterprise risk management, they need to collect and analyze the right type of data. That’s why Reputation Institute created RepTrak, an analytics platform that provides companies with crucial intelligence on their industry, their competitors, and their own organization.
"It adds the third dimension [that’s been missing] and will move the dots on your risk analysis,” Nielsen says. “Some of the areas you would not prioritise before, you will after this analysis."
Reputation management and reputation intelligence isn’t just about adding another data point. Instead, it provides a new perspective on existing data, helping companies to see the true costs of product failures, data breaches, and other risks they have planned for, but perhaps haven’t completely integrated into their larger ERM strategy.
Imagining a future where companies can insure themselves against reputation shocks
This lack of data has also impaired the development of insurance policies for reputational failures. While the creation of such a product is seen as the “holy grail” by risk management and insurance professionals, there simply isn’t enough data to create products that would satisfy both companies and insurers.
"It's a very complex question. For example, the financial impact of a reputational event can be huge,” Nielsen says. “The average share price impact of a reputation event is 8%. But no insurer is going to insure Apple for an 8% fall in share price."
Nonetheless, Nielsen believes that with the right data, insurers and corporations will be able to create insurance products that protect against reputational risk as part of an overall enterprise risk management strategy. He even believes RepTrak may be able to fill the gap.
“We are reputation experts, not risk or insurance experts,”he says. “But working together, I think we can really overcome the challenges."
Senior Director of Global Marketing