Many organizations today are stuck in reactive mode because leaders don’t have time to think and act. More importantly, they’re not adept at predicting which potential risk, trending conversation, or emerging incident will have a significant impact on their organizations’ reputation. By under-investing in this strategic risk area, leaders face the risk of sinking stock prices, shareholder value, and brand stability. Mike Kearney and James Cascone, partners at Deloitte Risk and Financial Advisory, Deloitte & Touche LLP, provide their thoughts on the importance of reputation and how technology can enhance the management of this valuable asset.

How do boards and CEOs approach reputation risk?

Given the fact that reputation is so critical to an organization’s success, boards should be well informed on reputation risks, what management is doing to address these risks, and what mechanisms are in place to predict and respond to brand-impacting events before they occur or as they happen. Considering this is one of the key areas over which leadership has significant control and responsibility, boards should be in lockstep with the chief executive officer and their leadership teams on the overall strategy, investments, and governance structure. Regular reporting should also be in place to assess current and future state.

As for CEOs, they are responsible for establishing the business priority to define processes that manage these risks. The CEO should treat risk management as an extension of the overall strategy, tapping into risk management leaders to ensure they have appropriate tools, processes, resources, and a governance model to predict, measure, and respond to reputation risks. For example, it’s a good idea for the chief risk officer to have a direct line of communication with the CEO.

How can leaders monitor risks to brand and reputation?

Many organizations lack mature ways of identifying, assessing, and analyzing reputation risk. They are using social media monitoring tools to gauge what customers and the public are saying about their brand, their products and services, and even their executives. Many organizations are responding to comments, often in real time. And they’re using tools to aggregate news to avoid being overwhelmed by all the information coming at them.

Q:A:

Q:A:

Leader’s cornerReputation Risk

Chuck Saia, CEO at Deloitte Risk and Financial Advisory, Deloitte & Touche LLP, discusses the importance of combining technology and people in managing reputation risk.

More than any other threat, reputation risk is interconnected with other business risks. A negative compliance event, for example, can turn into a reputation risk. The same goes for other risks, such as culture, cyber, financial, and extended enterprise. Given all the potential causes for a reputation-impacting event, an organization’s reputation is constantly vulnerable. That’s important because reputation is one of an organization’s most valuable assets.

To manage such critical threats, you first have to be able to identify them, and that’s not happening at many organizations, according to a recent report. In “Illuminating a path forward on strategic risk”—Deloitte’s survey of 400 CEOs and board members in organizations of more than $1 billion—half of the respondents lacked the ability to identify and analyze reputation-impacting events. But this acknowledgment isn’t necessarily starting conversations around reputation risk. Fewer than half of the respondents in our survey have discussed their organization’s reputation in the past 12 months.

Many organizations make the mistake of relying on social media engagement as their main method for monitoring and managing reputational risk. Organizations incur significant costs engaging with stakeholders on social media platforms. Their engagement is limited to reaching out to customers and addressing things that went wrong. The big miss here is that they are not investing in the right areas or directing risk management resources to manage reputation risk. While they may be utilizing some social listening capability, they should build a more robust brand and reputation program and bridge the silos across the enterprise.

View from the C-suite

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. In addition, this publication contains the results of a survey conducted by Deloitte. The information obtained during the survey was taken “as is” and was not validated or confirmed by Deloitte.

Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.

As used in this document, “Deloitte” and “Deloitte Risk and Financial Advisory” mean Deloitte & Touche LLP, which provides audit and risk advisory services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. These entities are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Copyright © 2018 Deloitte Development LLC. All rights reserved.

Connect with our leaders:

Chuck Saia

Mike Kearney

James Cascone

What’s the role of technology in reputation risk management?

Technology can help. But it requires a sophisticated risk sensing technology—combined with human intelligence—to not only identify, analyze, and predict the impact of potential events, but also to use the aggregated and synthesized data to create the insights that support smarter decision making. These risk insights are critical to informing an organization’s overall strategy and accelerating the performance and value of the organization’s brand and reputation.

Organizations can take an immediate step by determining what reputational issues matter most to the value of their business and their reputation. Next, it’s critical to have the right people, tools, and capabilities in place to identify reputation risks that matter to their organization. It’s more than just bolting on to an existing risk management program. Being proactive includes employing the right risk sensing tools combined with specialized teams that can translate the data into intelligent insights. Then having the right governance structure and processes to communicate the insights so that appropriate leaders and teams can take risk-mitigating actions. This is no easy task, but these are critical areas that require attention and investment.

Q:A:

Organizations’ exposures to reputational threats have never been greater and continue to grow with the proliferation of digital media. Threats to reputation can emanate from other risks, yet reputation itself stands among the organization’s most valuable assets and must be managed proactively. This is one of the few risk domains that CEOs and board members can directly control.

An organization’s ability to manage reputation risk can be the difference between being a disruptor and being disrupted. The more trust stakeholders have in the organization and its brands, the more resilient its reputation will be. And an organization with a resilient reputation can better manage and withstand reputation-impacting events.

Organizations that combine innovative technology with risk-aware employees are better positioned to avoid negative-impacting events and capitalize on opportunities that emerge from reputational resiliency.

But what’s missing is how organizations can tap into advanced risk sensing and predictive technologies with analytics to capture risk signals, synthesize risks, and transform data into intelligence for smarter decision making. More importantly, they are not connecting these capabilities (e.g., social monitoring, analytics) to the executives responsible for risk management.

Typically, organizations address complaints—and reports of good experiences—at the appropriate level, depending on how serious those incidents are. Comments, conversations, and trends on social media will be escalated to the executive level if they involve significant topics like inappropriate conduct, issues of health and safety, or defects in the organization’s products. Usually only a crisis or potential crisis gets escalated to the board level. This reactive measure can expose organizations to greater threats.