Reputational Risk

Framing Reputation for Risk Managers

Focusing on the day-to-day implementation of controls, policies and processes help reduce reputational risk.
By: | December 1, 2014 • 4 min read
Topics: Cyber Risks | ERM | Reputation

Home Depot. Target. General Motors. The Veterans Administration. The entire U.S. government. News headlines today come peppered with organizations and what they have done wrong. Cyber security breaches. Product recalls. Corruption and scandal.

Reputations and brands — and in case of public companies, market caps — may be wrecked in wave of tweets.


In this context, the risk management community has turned its attention to reputational risk like never before.

Indeed, for the first time in its 11-year history, the RIMS/Marsh Excellence in Risk Management Survey this year revealed that both risk professionals and other executives put reputational risk in their top-10 exposures list.

So now that reputational risk is on their radar, what should risk managers do about it?

The Risk and Insurance Management Society (RIMS) offered an answer in an executive report titled “Managing Reputational Risk to Drive Strategic Performance.” The report’s ultimate point is that a traditional risk management approach may not be sufficient by itself to tackle such exposures; instead, the report advocated the use of a strategic risk management framework.

It viewed the complicated exposure through the lens of five questions:

• What is the organization’s risk appetite and tolerance?

• What is the time plan?

• What would cause an exposure leading to negative (or positive) impact?

• What can be done to proactively control it?

• What might be the impact to the organization’s overall risk portfolio and strategy?

Perhaps the word to focus on in those five questions is “positive.”

The key benefit of using a strategic risk framework is that it can allow organizations to leverage their reputation to both protect and create value, said report author Andrew Bent, a senior risk adviser with Suncor Energy Inc. and a member of RIMS Strategic Risk Management Development Council.


Take the example of a company whose competitor suffers a product recall. That recall could tarnish the entire industry, unless companies use the opportunity to proclaim and demonstrate its better controls and strengthen its reputation as trustworthy members of that industry.

In particular for risk managers, the strategic risk management approach has two selling points.

One is that it doesn’t involve a drastic change in what they are already doing. For sophisticated, larger organizations with an enterprise risk management program, strategic management of reputational risk can be viewed as an extension of that, Bent said.

For organizations that may not have yet implemented ERM, the use of a strategic risk management framework allows them to lean on their key relationship that probably already exist throughout their organization.

That brings us to selling point two: Risk managers can place themselves in the center of reputational risk efforts.

“As risk managers, we often use a framework for managing our risks … but we also need to take into account a range of other topics such as governance, regulation, public and investor relations as we’re managing the risk,” Bent said.

“As risk managers, we may not have the expertise or insight to fully understand these risks … so we need to make sure that we bring the right people to the table for those conversations.”

The trend is already manifesting itself in Fortune 1,000 organizations in the form of uber risk management leaders called chief risk and compliance officers (CRCOs).

CRCOs have an eye on virtually everything that a company does and can be tightly aligned with operations, said Tracy Knippenburg Gillis, global leader of Marsh Risk Consulting’s Reputational Risk & Crisis Management Group.

In other words, they have their focus on the day-to-day goings-on at a company — and the controls, policies and processes that ensure they go off well — that ultimately drive reputational “safety,” so to speak.

Such tools “can position you to be resilient in the face of things in your control or out of your control,” Gillies. “It’s that way of mitigating or avoiding reputation threat in the first place by doing the right thing.”

What’s more, she said, CRCOs are responsible for corporate preparedness functions like business continuity, crisis management, and cyber and product recall.

That’s a lot of responsibility for one person, and internal governance and oversight are only as good as the people conducting them.


The greatest cause of reputation risk, said Robert F. Hurley, professor and director of the Consortium for Trustworthy Organizations at Fordham University, is the “drift” of individuals, then whole organizations, toward the darker side of human nature, the subversion of everyday rules and practices.

“The real reputational risks are cases of deviance that have been rationalized and normalized,” he said. “Seeing these and taking action requires leaders who can step out onto the balcony and see and feel what others do not see because they are trapped in their thinking.”

Matthew Brodsky is editor of Wharton Magazine. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

4 Companies That Rocked It by Treating Injured Workers as Equals; Not Adversaries

The 2018 Teddy Award winners built their programs around people, not claims, and offer proof that a worker-centric approach is a smarter way to operate.
By: | October 30, 2018 • 3 min read

Across the workers’ compensation industry, the concept of a worker advocacy model has been around for a while, but has only seen notable adoption in recent years.

Even among those not adopting a formal advocacy approach, mindsets are shifting. Formerly claims-centric programs are becoming worker-centric and it’s a win all around: better outcomes; greater productivity; safer, healthier employees and a stronger bottom line.


That’s what you’ll see in this month’s issue of Risk & Insurance® when you read the profiles of the four recipients of the 2018 Theodore Roosevelt Workers’ Compensation and Disability Management Award, sponsored by PMA Companies. These four programs put workers front and center in everything they do.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top,” said Steve Legg, director of risk management for Starbucks.

Starbucks put claims reporting in the hands of its partners, an exemplary act of trust. The coffee company also put itself in workers’ shoes to identify and remove points of friction.

That led to a call center run by Starbucks’ TPA and a dedicated telephonic case management team so that partners can speak to a live person without the frustration of ‘phone tag’ and unanswered questions.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top.” — Steve Legg, director of risk management, Starbucks

Starbucks also implemented direct deposit for lost-time pay, eliminating stressful wait times for injured partners, and allowing them to focus on healing.

For Starbucks, as for all of the 2018 Teddy Award winners, the approach is netting measurable results. With higher partner satisfaction, it has seen a 50 percent decrease in litigation.

Teddy winner Main Line Health (MLH) adopted worker advocacy in a way that goes far beyond claims.

Employees who identify and report safety hazards can take credit for their actions by sending out a formal “Employee Safety Message” to nearly 11,000 mailboxes across the organization.

“The recognition is pretty cool,” said Steve Besack, system director, claims management and workers’ compensation for the health system.

MLH also takes a non-adversarial approach to workers with repeat injuries, seeing them as a resource for identifying areas of improvement.

“When you look at ‘repeat offenders’ in an unconventional way, they’re a great asset to the program, not a liability,” said Mike Miller, manager, workers’ compensation and employee safety for MLH.

Teddy winner Monmouth County, N.J. utilizes high-tech motion capture technology to reduce the chance of placing new hires in jobs that are likely to hurt them.

Monmouth County also adopted numerous wellness initiatives that help workers manage their weight and improve their wellbeing overall.

“You should see the looks on their faces when their cholesterol is down, they’ve lost weight and their blood sugar is better. We’ve had people lose 30 and 40 pounds,” said William McGuane, the county’s manager of benefits and workers’ compensation.


Do these sound like minor program elements? The math says otherwise: Claims severity has plunged from $5.5 million in 2009 to $1.3 million in 2017.

At the University of Pennsylvania, putting workers first means getting out from behind the desk and finding out what each one of them is tasked with, day in, day out — and looking for ways to make each of those tasks safer.

Regular observations across the sprawling campus have resulted in a phenomenal number of process and equipment changes that seem simple on their own, but in combination have created a substantially safer, healthier campus and improved employee morale.

UPenn’s workers’ comp costs, in the seven-digit figures in 2009, have been virtually cut in half.

Risk & Insurance® is proud to honor the work of these four organizations. We hope their stories inspire other organizations to be true partners with the employees they depend on. &

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]