Can a Good Reputation be a Business Risk?

Reputation management has been put on the agenda of nearly every company board over the past few years, and its importance is unanimously acknowledged. A company’s reputation is often thought to be its public image or positive brand.

The public image of a company is often just a result of the effect of marketing actions, whereas a good reputation also requires that attention be paid to fundamentals, such as comprehensive engagement of upper management, the inclusion of reputation risks in an extensive risk management strategy, transparency, uniform behavioural models and a self-critical attitude.

All that Glitters is not Gold

Despite reputation issues having been front and centre for a while now, many companies have failed in their reputation risk management efforts. The common element in many cases where a company has sailed onto the rocks is often the gap between a company’s reality and it public image. This phenomenon can be fed by short-term profit seeking, off-kilter incentive schemes, management silos, poor internal communications and a simple lack of understanding. The wider the gap between reality and public perceptions, the greater the reputation risk.

Recent textbook examples of companies that have developed a large gap between image and reality are certain European auto industry companies. They have traditionally had a spotless public image, which has been reinforced over time through marketing and communications. At the same time, however, the commitment of the upper management has been weak, incentive schemes have guided internal goals in other directions, internal communication has been insufficient and cost-cutting measures have been targeted at functions that have little direct financial impact but are critical in a wider picture, such as limiting the investigation of reports coming in through whistle-blower channels to only certain areas. Finnish business culture has no shortage of these kinds of cases either.

Risks Require Boardroom-Level Attention

Forbes Insights carried out a study in 2014 that interviewed the upper management of nearly three hundred global companies. The study found reputation risk to be the most significant strategic risk.

Despite this, investments in reputation risk management remain small, and the actions that are taken often focus on irrelevant issues. Companies may even give reputation risk little more than a passing mention in their ERM systems. It is impossible to overstate the importance of the board’s role in addressing this. Responsibility for the matter cannot be delegated to the operative levels of the organisation. Reputation risk is something that should be the subject of continual scrutiny on the board’s agenda.

Nearly all of the companies that have seen negative press recently have previously had a good public image. This means that the gap between image and reality can come as a complete surprise to the board, and there may be no contingency plans in place for the possible repercussions. Negative publicity can take up a disproportionate amount of management’s time and resources, when dealing with the fallout becomes a new core function for an indeterminate period of time.

Beyond Compliance

An increasing number of companies have launched their own compliance programmes and functions as part of their risk management efforts. While this is a step in the right direction, rolling out a compliance programme in the organisation is not a comprehensive solution to the problem.

Many companies simply rely on behavioural instructions, policies and e-learning available online. However, once compliance systems have been built, the search for and investigation of other vulnerabilities is often forgotten. When done right, compliance is a good tool, but it is not enough to content oneself with unless other risk elements are also identified.

Challenging and renewing entrenched routines is something that no company can do too much of. A long-standing good reputation, if left unquestioned, can easily become an unforeseen business risk.