Over the past decade, reputation risk has grown in significance in corporate environments. It has become an essential issue in the financial stability and long-term sustainability of businesses. With mounting oversight and regulatory requirements, stakeholder influence, and the ability for social media to largely impact consumer opinion, it has become imperative to identify and mitigate risks that underscore reputational damage and impede the ability to achieve projected profitability. While reputation risk has grown in magnitude, organizations continue to ineptly manage reputation by failing to appropriately integrate this highly prized asset into their risk management programs. Organizations also fail to implement viable risk management programs that enable proactive responses that effectively address the challenges that they face. This costly oversight has caused organizational losses, including customers, industry standing, and revenue. The approach used was a content analysis review of the literature to create a use-able framework for reputation risk management.
TopIntroduction
Shinkman (2017) cited that in 2016, 77% of CFOs reported that risk aversion from executives increased from the prior year, indicating that CFOs are becoming much more to risk-taking. While the twenty-first century commenced with a succession of diverse crises, companies continued to find themselves negatively impacted by the realization of reputational risk. Heil (2018) refers to reputation risk as the “risk of all risks.” Snider and Davies (2017), Calagna (2017), and Deloitte (2014) suggested that organizations were challenged by not implementing the appropriate strategies to manage reputational risks effectively. Arniati, Puspita, Amin, & Pirzada (2019) provide that organizational leadership’s information on company status typically does not match the company’s actual situation. Corporate reputation is a vital component of shaping stakeholder perceptions and responses during the development of a crisis, which ultimately influences a company’s financial performance (Wei, Ouyang & Chen, 2017).
Risk is often considered an administrative function versus a strategic priority so long as an organization’s luck holds out or until a substantial opportunity is missed (Pritchard, 2014). Gartner Strategy Agenda Poll (2019) provided that 70% of poll respondents expressed low confidence in their ability to translate strategy into action. Additionally, 60% of corporate strategists responding to the poll offered that lagging strategy execution was their main challenge for 2019 (Gartner, 2019). Gartner (2019) acknowledges that strategic planning and implementation are challenging, which often means a change in the business model. Evidence of the void in a strategy to manage reputational risk is Equifax, Exxon, Wells Fargo & Co., Papa John’s Pizza, and Carolina Panthers. The successful 2017 NotPetya ransomware attack resulted in Merck losing $870 million, $300 million for Maersk, and $400 million for FedEx (Sanna, 2019). A fourth annual study performed by the Ponemon Institute produced responses from over 3,655 global information technology, and security professionals indicate that cybersecurity breaches have risen 11% since 2018 and 67% since 2014.
Breaches are becoming increasingly expensive, and they bring condemnation to organization. It is important to note that little is known about the connection between managing enterprise-level risk and the financial reporting process. The insurance industry is experiencing an increase in exposures to losses related to cybersecurity incidents, and overall insurance activity doubled during 2015-2016 timeframe (Sapona, 2017). Understanding this potential connection is critical because financial reporting is intended to represent the economic standing of a company (e.g., valuations, estimations) and its related risk exposure evidenced through its risk management program (Cohen, Krishnamoorthy, & Wright, 2017). When a business is affected by an adverse event, there is a potential its reputation could be damaged and discussed for years to come. In 1987, Chrysler suffered a reputation event where the company was indicted for altering odometers. Executives were using vehicles for personal use with disabled odometers. They would reconnect the odometer after driving the vehicles for thousands of miles and then sell them as new (Racine, Wilson & Wynes, 2020). Corporate missteps that provoke reputational damage, incite discussion of the significance of reputation and brand on their impact on business outcomes. Consider the attrition in corporations’ industry standings. According to Banerjee (2018), there is no company listed today that was present on the first Dow Jones Index (DJI) that was released in 1986. While the terms brand and reputation are used interchangeably, they are different and require specific a focus as the commonalities between the two lead to the same end game – protecting the sustainability and profitability of the company. Bill Coletti, author of The New Mindset of Reputation Management, makes the distinction that the company owns its brand and the public owns the company’s reputation. The alignment between the two drive the need to manage reputation risk.