the risk management blog

Managing Reputational Risk within an ERM Framework

byLowers & Associates | August 13, 2013
avoidable risk

A comprehensive Enterprise Risk Management (ERM) strategy can help protect your reputation by preventing events that damage it.

Reputation is an intangible asset. Much research and many seasoned observers agree that a good reputation enhances customer loyalty and purchase behavior, market value of the business, hiring and retention success, and brand image. Many of these factors are reflected in the asset we call “goodwill.”

Managing Reputational Risk in ERM

Reputational risk (or ‘reputation risk’) is one of the costs of events such as adverse actions for negligent hiring or publicized high-level fraud. Events like these are precisely the types of risky outcomes that your systematic ERM strategy aims to identify, evaluate, and mitigate. We do not have space to provide an exhaustive list of reputational risks, but we can illustrate the point that preventing selected negative outcomes can help protect your reputation, not to mention your bottom line.

Negligent hiring or retention

This is a human capital risk that can be mitigated with a well-designed screening program. Failure to do so can easily lead to adverse legal action when an employee causes damage to another party. A sad example is the fact that the Catholic Church across the country is being pursued for negligent hiring and supervision of pedophile priests, and is diminishing in public esteem because of it. This reputational risk exists for all employers.

Occupational fraud

Companies large and small are exposed to fraud, and when it hits the news, it becomes a reputational risk.  In a recent case, we read that the much admired company, JPMorgan, has agreed to pay or forego $410 million dollars in cash to terminate a charge that it manipulated California’s energy grid illegally (without admitting guilt). No one should doubt that investors are alert to both the financial loss and the questions it raises about JPMorgan with respect to this case – was this truly a risk the company should have taken?

Vetting third parties

We have recommended doing background checks on vendors and business partners as part of the ERM process, and these would be focused on determining competence as well as formal legality. These third parties hold your reputation in their hands. In the news recently, the manufacturing arm of Kroger Company is being sued due to a failure of an additive the company purchased from a third party, which promoted mold growth in a yogurt product. The owners of the yogurt company are seeking compensation from Kroger because their company’s reputation has been damaged by a product recall due to the mold.  Allegedly, Kroger failed to identify and manage the risk introduced by the maker of the additive in its risk management planning.

Stories like these are literally in the news everyday. The long-term costs to companies are almost incalculable.

Crisis Management is Necessary but Not Sufficient

Some observers argue that organizations should emphasize crisis management in ERM plans to manage reputational risk, e.g., in a ‘crisis response plan’.  Rather than just this reactive stance, an effective risk management program proactively helps to avoid these crises.

That said,a crisis response program should be part of the plan. No risk management plan can eliminate 100% of risk, and would probably be cost prohibitive if it tried. Therefore, damage control processes should be anticipated and organized in advance. As the cited article notes, it is the low probability but high impact event that can be most damaging.

Social Media and Reputation

Social media have become the lightspeed amplifiers of reputational events, both good and bad. Adverse events will almost always either first emerge in social media or they will be magnified and re-broadcast in search and social media channels. In either case, organizations should be going beyond awareness of social media to actively monitoring and reporting of relevant Internet /social media activity at a managerial level.

On a positive level, organizations have an opportunity to build brand equity using social media effectively. Part of being prepared for reputational risk may involve managing messaging proactively so that when negative events cannot be prevented, the organization has reputational capital that helps it ride out the storm.

In both traditional and digital worlds, proactive planning and tactics will help you manage your reputational risks.

Let’s discuss your risk management plans.


Lowers & Associates provides comprehensive enterprise risk management solutions to organizations operating in high-risk, highly-regulated environments and organizations that value risk mitigation.
View all posts by Lowers & Associates >