• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

The board’s role in reputation risk management

November 29, 2022

A board’s fiduciary duty and responsibility is to protect the interest of shareholders through ongoing assessment of the company’s viability and sustainability.  Oversight of the firm’s risk management processes, which includes understanding the risk landscape – the types of risk (strategic, operational, financial, integrity etc), their scope and scale, is core to this responsibility.  The board must regularly satisfy itself that the risk management policies and procedures implemented by the company’s senior executives and risk managers are consistent with the company’s strategy and risk appetite, and the culture and behaviours across the firm support it.

So where does the company’s reputation fit in this structure?  Defined as how a company’s internal and external stakeholders – its customers, suppliers, employees, investors – perceive the company compared to its peers/competitors, reputation is relatively easily understood but problematic to measure in a manner that allows the board to provide robust oversight (as part of its risk remit).  Accordingly, it rarely appears on the board’s agenda.  

Executives, however, intuitively understand the value of the firm’s reputation across different functions, and the CEO should have a good grasp of the company’s overall or aggregate reputation.  Reputation can be positive or negative specifically for each stakeholder group and each may have different concerns and ways of interpreting the firm’s behaviour.  For instance, the firm could be highly profitable and viewed favourably by investors but have a reputation as a tough employer and be viewed less favourably in the labour market.  Significant changes in reputation across one or more stakeholder group can have a cascading effect on the company’s aggregate reputation.  And importantly, the aggregate reputation forms a large chunk of the company’s intangible assets which, in many cases, can be well over 50% of the company’s value. 

Consequently, reputation usually only comes to the board’s attention when the aggregate reputation is at risk.  That is, when the firm fails to meet stakeholder expectations because of an event, behaviour, action or inaction.  The problem is that, by this stage, it is usually too late and the company is in a crisis situation, with the board unable to provide the necessary strategic leadership to support the executive in managing the reputational risk aspect of the crisis.  In any number of cases (Boeing, BP, etc), this leads to a major loss of reputation, significant financial losses, and questions over the company’s viability.  Good organisational crisis management is inextricably linked with robust reputational risk management.

As reputation becomes more closely linked with company performance in an evolving risk landscape that includes social media exposure and intrusion, it is increasingly an issue to be dealt with by boards explicitly both as part of risk management oversight, and as part of the development and implementation of business strategy.  Boards need to be informed about and understand the constituent elements of the aggregate reputation (ideally measured relative to peers/competitors), so as to provide the necessary ongoing oversight and to be in a position to provide advice to the executive on the reputational risk before and during a crisis.

David Butler is a crisis management and strategic leadership advisor working with boards and senior leadership teams in SMEs and Corporates

Tags: David Butler
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson