It is always interesting to me when I read yet another risk survey which identifies “Reputation Risk” as the number one or at least one of the top risks of concern for leading executives. Reputation is not a risk. It is an intangible asset and its value to you is enhanced or damaged by something that you or your organisation does or does not do. Any failure to adequately manage finances, personnel, IT security (and the list is infinite) may result in damage to reputation.
Therefore, what is an executive implying when they indicate “reputation” as one of their top risks? Are they saying they are concerned their reputation may be damaged because they have trouble managing their reputation or are they saying they are concerned that risk events may occur that will damage their reputation? In reality the answers are one and the same. One needs to manage risk to manage one’s reputation and one needs to be thinking about reputation when making decisions.
The bigger question that comes from a discussion about reputation and risk is how to obtain an effective measure of the potential or actual impact of a risk on reputation and therefore on your overall ability to achieve your goals. In my experience a highly effective method is to first develop different descriptions of impact on reputation and equate them with various financial and other risk criteria in a risk consequence table. Next develop clear metrics that can be used to track changes in reputation. Ongoing monitoring will provide improved insight as to how risk events affect reputation and whether your descriptors in your consequence table adequately reflect the consequences of a risk event from a reputation viewpoint.