Social media’s insidious impact and the difficulty managing reputation risk.
Forget about major events that can impact a company’s reputation, accusations of corporate wrongdoing spread via social media don’t have to be correct or accurate, and they may never go away. But is reputation really a risk from an enterprise risk management (ERM) perspective?
A participant in the NeuGroup’s recent Corporate ERM Group meeting noted a blogger’s accusations about one of his company’s products, prompting five days of calls between the general counsel, three senior attorneys, and the head of communication. Those tiny “mosquito bites,” he said, where incorrect or misconstrued information spreads rapidly over the over the Internet, can burn up enormous resources and time.
Another participant noted that Google and Bing searches may resurface such accusations years later, often without the retraction that was also published.
Reputation’s place. Corporate reputations can be damaged, but participants debated whether reputation is actually a risk, since unlike product liability, intellectual property, cyber and other clearly defined risks, few mitigation measures can be taken in advance. The member leading the ERM Group session, called “Managing the Risk Register,” shared a graphic illustrating image and brand reputation stretching in a band across four columns of risk types: strategic, operational, legal and compliance and financial. The different risks his company faces, ranging from innovation and technology to internal control environment, were placed under their appropriate columns, several sharing two.
Another member said he “struggled” with how to think about the graphic because it suggested reputation was a risk, but “I’m not sure if we want to call something a risk if it’s not manageable as a risk.” Other members agreed, with one saying his company considers reputation and financial consequences to be impacts of a risk event, since they are the outcome of risks unfolding rather than risks themselves.
Decision-making. The session leader essentially concurred, suggesting the graphic, with “brand reputation” as a solid band across all four risk categories, was more a reminder that ERM’s goal is to enable executives to make better business decisions while considering their potential risks.
“Part of what we think ERM can drive is more proactiveness and readiness,” he said. “So when you have an event, it’s not the event that’s going to drive the reputation impact, but how you handle it—the decision making that goes on when the event happens.”
Another member asked whether any peers’ companies viewed reputation as an actual, stand-alone risk. One responded that his firm does not view it as stand-alone but instead part of a mixture of other risks. Nevertheless, given the company sells its product directly to consumers, its new CEO has invested heavily in understanding the impact of reputation, contracting with the Reputation Institute, which surveys consumers’ perceptions around organizations’ reputations.
Damaged reputations. “Does it ever boggle your mind” how companies caught making egregious mistakes, such Wells Fargo and Volkswagen, do not appear to have experienced long-term reputation damage?” asked one participant.
Fellow members begged to differ, one noting he and his wife severed ties with Wells Fargo as a result of its seemingly avoidable troubles. “Wells has taken a huge hit reputation-wise,” he said.
Another noted that “part of the benefit of having a great reputation is that the company gets the benefit of the doubt. If Volkswagen were to say, ‘There’s no software problem and our cars do what they say,’ would anybody believe them?”