Reputational Risk: With Ownership Comes Great Responsibility
By Chuck Saia

Like technology, reputation is an issue that’s rapidly evolving, connected to all parts of an enterprise.


It is difficult to believe in today’s digitally driven world that technology was not always a concern for boards and senior management teams. Not so long ago, technology would typically surface as an issue when a printer jammed or an email disappeared.

That changed in a big way with the advent of the internet and software applications. As the world became more digital, technology grew more important for boards and management. Senior leaders realized that someone needed to “own” this rising issue and provide insight on enterprise-wide decisions. Many organizations added chief information officers to the executive team and made sure a board member had relevant knowledge or experience.

I believe reputation is on a similar track. Like technology, reputation is an issue that’s rapidly evolving, connected to all parts of an enterprise, and requires a dedicated leader who has the ear of upper management and the board.

The Rise of Reputation

An organization’s reputation has always been important to business leaders. But as the world becomes more connected, issues go viral through social media, and reputational risks proliferate, many organizations are changing their approach to reputation—moving it from the realm of public relations or communications and into the purview of top leadership.

Today, reputation is a top tier risk for many organizations, and for good reason. In my view, it’s one of an organization’s most valuable assets. But who should “own” it? It’s a critical question to answer.

Get it right and you have a better chance at managing current or emerging strategic risks.

Get it wrong and you face the increased possibility of a major crisis and even a missed opportunity.

Leading Practices in Ownership

Based on a recent influential survey, there’s no doubt that reputational risk should reside at the highest levels of an organization. According to Deloitte’s Reputation@Risk1 report—which surveyed 300 executives from organizations representing every major industry and geographic region—36 percent said reputational risk responsibility resides with the CEO, followed by the chief risk officer at 21 percent, and the board of directors at 14 percent.

As is the case with Deloitte, I believe that the chief risk officer (CRO) is in the best position to accept responsibility for reputation. Just about every risk that an organization faces—cyber, third party relations, ethics and integrity, regulatory, etc.—are connected to its reputation. If, for example, employees try to take confidential information as they leave the organization, that’s an ethics and compliance risk, but it can also be a reputational risk if they’re successful.

The CRO understands the connections among reputational risk and other business risks and can articulate that impact to senior leaders. Organizations that understand reputational risk are able to adjust and mitigate enterprise-wide strategies and potentially turn risks and market disruptors into opportunities, hitting reputational risk head-on.

Addressing Risk Governance

Organizations should strongly consider establishing a risk committee of a board, rather than only having a finance and audit committee. The tendency and scope of a risk committee would be on strategic risks that impact reputation, not just matters impacting operational and financial risk. Furthermore, it forcers conversations on analytics and metrics that measure reputation rather than just financial materiality.

Board interaction and support can be significant for a CRO. Having a strong board risk committee with members who have diverse perspectives enables the CRO to address a wider range of strategic issues and to put in place world-class practices. Personally, I’ve found the discipline of having to prepare for a board risk committee meeting on a regular basis helps to ensure that the businesses are providing the information I need to manage risk. It has also led to better transparency between management and the board.

Well-established and frequent communications between the board and the CRO allow an organization to continuously improve its management of risk, by asking the right questions and establishing a collaborative environment, with clear expectations and no surprises.

Reputational risk ownership and structure can be different depending on industry, geography, and size. But it’s safe to say that—like technology—reputation will likely continue to be a top-of-mind topic for senior leaders at many organizations. From a business perspective, protecting, preserving, and enhancing your reputation can be a matter of survival or extinction.


Source: 1 Reputation@Risk, Deloitte’s 2014 global survey on reputational risk.

Other related articles

  • Driving a Focus on Risk
    Published February 19, 2020
    By Eve Tahmincioglu
    Risk mania has taken over the corporate governance discussion today but defining risk and figuring out how to deal with it can be dizzying for boardsDinesh Paliwal the chief executive officer of Harma ...
  • The Character of the Corporation: 10 ways to get started on your ESG journey
    Published February 19, 2020
    By Robert H. Rock
    America is experiencing record growth which has provided abundant jobs wage growth and wealth generation for a majority of Americans Yet income inequality and wealth disparity are alarmingly high brin ...
  • The Character of the Corporation: A deep dive into our forum’s biggest questions
    Published February 19, 2020
    By Eve Tahmincioglu and David Shaw
    As most board members know environmental social and governance issues ESG are all the rage with institutional investors putting pressure on public companies to think beyond maximizing value for shareh ...
  • Human Capital Governance: The beginning of a new era.
    Published February 19, 2020
    By Don Delves, Amy DeVyler Levanat and John Bremen
    The era of human capital has arrived in the boardroom and with it the need for more thorough board oversight and governance of this missioncritical investmentAs evidence consider three current paradig ...