Reputation Risk: A Long Way To Go
Among the many fascinating discussions that took place at IACCM Americas this week, one was on the topic of ‘Reputational Risk – our role in protecting the company’. It revealed that we have a long way to go in developing high quality and meaningful programs. And in the meantime, we are generating massive workload with limited results.
Moderator Daniel Bravard from Loomis asked participants to describe their role in protecting their company brand. For many this related to tasks such as ‘ensuring continuity of supply’ or ‘selecting reputable suppliers or customers’. Others highlighted their role in educating internal staff – and increasingly external suppliers or channel partners – in ethics and governance principles. For example, one delegate said: “We have to manage the behavior of about 60,000 internal staff, but an external (supply and partner) population of more than 180,000”.
External relationships represent the primary source of reputation risk – either because of our connection with a company that does soemthing wrong, or because of actions taken by our own staff. With increasing regulatory oversight in many industries, coupled with growing public expectations regarding ethical standards, it is not surprising that companies are pushing for more training of sales, project teams and any other groups with signifcant external interfaces. The roundtable participants discussed the methods by which this is achieved, because of course they go beyond training. Contract terms have been impacted – not just through the addition of new clauses, but also the tightening of others (for instance, business continuity, data protection, regulatory compliance). Codes of Conduct, suppplier questionnaires and anti-corruption surveys were cited as examples of the growing array of methods by which companies seek to implement their reputation coverage.
But in the end, all this discussion raised a fundamental question. Are we really concerned about doing the right thing, or about diverting blame when we do the wrong thing? It became very clear that all the contract terms, codes of conduct, 150+ page questionnaires are potentially just camouflage for real action. They certainly create a lot of extra work for everyone in the supply chain; they are applied regardless of need (for example, does any right-minded buyer really believe that companies like IBM, GE, Procter & Gamble, Rolls-Royce etc are so careless of their reputation that they will be driven in their behavior by a supplier questionnaire?).
It became evident that much of today’s action is driven by a wish to be able to point at the steps taken when things go wrong. We want to be able to say ‘But look at my code of conduct, look at this massive questionnaire, look at all this training I undertook – of course I did all I possibly could’.
In truth, we are not doing all we could. A meaningful program to manage reputation risk would be exploring and understanding the risk impact of different stakeholder perspectives and measurement systems. We would be rating suppliers, customers and channel partners based on the likelihood of them breaching our code. For example, do their measurement and motivation systems encourage unethical or dishonest behavior? What are the business practices in their market or their home country? What are their cultural attitudes to topics such as bribery or intellectual property rights?
Contracts, commercial and procurement staff should be bringing a new sophistication to this important area. The answers we really need will never be extracted on 150 page, one size fits all, questionnaires; they will be gathered by exploring and understanding markets and ensuring common understanding of what it is we consider important and why. Reputation is managed through proper research and communication; it is built around understanding and trust. As one attorney observed: “Today’s programs are all about being able to show the rgulators that we have a robust and consistently applied program. Whether it really addresses the issues is much less important”.
We have a long way to go in our management of reputation risk.
Commitment Matters 
Hi Tim, Thanks for this article. It’s so interesting to see how the issue of Reputational risk is permeating through so many risk and management disciplines. I’ve just spend a couple of years working with Crisis Management as a Business Continuity issue. In BC terms, crisis management is essentially about brand, reputation and stakeholder interests and confidence, not about recovering operations from an earthquake. It has become one of the most disturbing risk items not only for corporations such as Toyota, but also public figures, politicians and even countries. Two weeks ago, the CEO of one my major clients mentioned at 3.00pm one day that he “had just dealt with no less than three Crisis Management issues since 1 o’clock”!
That’s how insidious reputational risks and damage can be and in today’s world of real-time communications, real or imaginary “governance skeletons in the corporation’s closet become exposed to the whole world in a millisecond.