Return to site


By RL Expert Leesa Soulodre

· risk management,reputation risk,Asia Pacific

There is no doubt that this century will showcase Asia’s rise. The transformation of the Asian region into the economic powerhouse of the world is gathering momentum. In this century our region will become home to the world’s largest middle class population. It is already the world’s largest producer of goods and services and soon, we will also become their largest consumers. Our region will be dominated by youth – digital natives that have grown up in a multiscreen 24 x 7 environment.

Therefore, thriving in the Asian century, requires our companies leaders to have a clear plan to seize the economic opportunities that will flow - and to manage the strategic risks and challenges that will arise. This requires a fundamental need for Chief Risk Officers to focus on reputation risk management at the company, sector and country levels.

The Context

There are 3 global mega trends that are shaping our world.

Trend #1. The world is increasingly complex. 24 7 news, social media and consumer activism all setting the agenda and driving controversies. How do you make the right decisions to mitigate risks to your reputation or adapt to crises when you don’t have the available information and clarity? Stakeholders today are also overwhelmed by a tidal wave of information. We are all competing with the 1440 minutes of their day that is already committed to work, family and leisure. So when we do talk, what media, messaging and platforms should we use to cut through the clutter and make our voices heard?

Trend #2. The world has changed. It’s no longer only about marketing and communicating your brands or focusing on “what you do” – i.e. What product, or service your company has promised to its customers - it is about your stakeholders perception of how well you fulfil your promises to your stakeholders “based on who you are” and demonstrating this consistently across your entire organisation.

Trend #3 - : After the financial crisis, increased and rapidly changing stakeholder and regulatory expectations are forcing companies, industries and governments to focus more than ever before on acquiring, retaining and protecting not only their legal and regulatory license to operate but also their social license to operate.

Reputation as a Currency

Today we live in the age of personal liability – when a director has unlimited liability in a limited liability company. Reputation risk is a top concern for boards and the most significant threat to business. It is now regarded as a “meta risk,” (Deloitte, 2013) alongside a leader's key strategic and operational concerns. When managed poorly we know from experience that it can be just as deadly as new competition, technology failures, talent issues and changing regulations.

In 2012 the tangible book or net asset value of companies in the S&P500 accounted for only 49% of market capitalisation; 55% in the FTSE100 (Cole, 2012). The shortfall accounts for intangibles or the “reputation dividend". Intangible assets are key to achieving a competitive advantage because they are valuable, rare, difficult and costly to imitate, substitute and transfer. Because they are intangible assets, reputations are an important source of economic value for companies.

Reputation is how stakeholders perceive an organisation - it is the overall trust, appreciation and esteem that observers feel for a company (Fombrun, 2004). Reputations are socially constructed through interactions between companies, stakeholders and environments. They are driven by 7 drivers: Economic Performance, Leadership, Governance, Products/Services, Innovation, Workplace and Citizenship.

What makes managing reputation risks complex is that across your company's stakeholder and market groups, you will find that different stakeholders expect different performance on each of these drivers. To further exacerbate the challenge, these drivers that create trust, appreciation and esteem in one market – do not in another. Therefore, in order to understand what are the common stakeholder expectations, companies must examine both the inside out - and outside in perceptions of their stakeholders. By understanding the glue that binds our stakeholders together across our operating markets, CRO's can provide the reputation currency and investment roadmap for their organisation.

When you invest in building your company's reputation - the trust, esteem and appreciation in the minds of your stakeholders - you are forging an emotional bond that supports your company’s ability to charge premium prices, to gain government and regulators leniency, to garner media support, to attract financial capital and the ability to attract, hire and retain the best candidates. All of which ultimately drive and impact our company's ability to achieve profitability, book value and sales.

The difference between reputation management and reputation risk management.

Yet, there are two sides to this "dividend" coin - the Risks (Bad Reputation) and the Opportunity (Good Reputation).

As a Reputation Risk Management Practitioner, it is always frustrating to engage a CEO and hear "our PR/Marketing team looks after reputation risk management. Why? Because we know that trust can be built OR LOST in almost every part of the business – therefore, it is multidisciplinary and not only a marketing and communications activity. Every function of our value chain owns and influences specific stakeholder groups all who impact and influence the company's reputation.

The Marketing and Communications team focus on increasing our stakeholder's understanding of "who we are and how we operate as a company". The Group risk team and the functional business units work on ensuring we "live up to the promises of the company and brands" by mitigating risks and issues and identifying opportunities" across our operations. As a result the responsibility for reputation risk resides at the highest levels of the organization, owned by the Chairman of the Board and their Risk/Audit Committee, the Chief Executive Officer and their Chief Risk Officer. It is their Risk team who have the reporting lines, budget, risk know how and influence in order to execute and remediate these risks - not traditionally Marketing and Communications. This is also important because reputation risks are often driven by other business risks.

To be clear this post is not about how we "build or grow this dividend - our reputation" i.e. make our companies more "loved" or win "our license to operate/market access" - that role typically managed by Marketing and Communications. Rather it's about how we "retain and protect our license to operate - both our legal and regulatory and social license to operate" - i.e. to "mitigate hate/hazard" - the role traditionally managed by the Chief Risk Officer and the various functional heads that represent the critical cogs in the value chains of our organisation (acknowledging that Public/External Affairs will always play the key role in managing the relationships with these stakeholders).

So where is the disconnect?

The big disconnect is that traditional enterprise risk management approaches don’t work — they focus too much on risk avoidance or minimising asset losses – or the “inside-out” view of circumstances. Boards talk strategically about risk appetite and risk tolerance but rarely adapt it to the same speed of their risk registers or to the rapidly changing dynamics of the stakeholder, competitive and regulatory landscapes.

The other significant weakness to these "inside out" focused risk registers is that they are too often dominated by perceived values of risk. This means that the outputs are often subjected to group think and are based on what people can remember or by what people have read or heard. It's only human nature for people to downplay areas where they think they have control. Reputation literacy is also limited on the risk agenda.

However, to further exacerbate the disconnect - risk literacy is also limited on the reputation agenda. PR and Marketing typically talk about (what is usually reactive) crisis management, but rarely have the authority, budget or influence to adapt or change and mitigate the businesses process or operating based risks. That's the role of Risk. In fact Deloitte's Reputation survey in 2013 showed that 95 percent of companies were working on a risk-management program. In 2014, this "risk management" program is now recognised as crisis management only - "a band aid." (Deloitte, 2014)

How to build alignment?

1. Focus on benchmarking the gaps.

Through benchmarking the "inside out - outside in" perspective against the 7 drivers of reputation, the current reputation gaps and opportunities among the company's stakeholders can be identified against the key areas of the business.

The CRO must also remember that it’s a balancing act. When the reality of the "inside out" is bad and the "outside in" perception is good – they must instrument the necessary changes in order to alter both the operational and/or strategic reality - and collaborate with the communications and crisis management teams to limit stakeholder issues.

When the reality of the businesses operations are good and perception is bad "marketing and communications" is required to capitalise on the good reality and overcome poor stakeholder perceptions.

2. Factor hazard and outrage into the risk register.

A Chief Risk Officer's risk register is a summary of analysing risks for hazard and probability - they do not factor in "outrage". It was Dr Peter Sandman's Outrage theory (1986) that highlighted in his risk communications research "that the risks that kill people are not the same as those that upset them".

In addition risks today are often interconnected and can go viral in a digital context. So I'm going to add a spin on Dr. Sandman's theory that today the true measure of risk is:

Risk = Hazard + Outrage + Velocity x Probability

The CRO must understand the inherent differences in reality versus perception among each stakeholder group and its core reputation currency and factor this into their risk assessment. Outrage may be high or low with some or all stakeholders but it must be managed all along the issue lifecycle. There are enough case studies to illustrate that the costs are high if they get it wrong (Benchmarked 2010: BP: $26B, JP Morgan, $90B, Toyota, $25B). However, most importantly they must "activate" the operational and strategic changes to address the risks/opportunities identified.

3. Inform decision making through data driven insights.

Much of the data CRO's rely on is lagging. Most systems are also heavily reliant on manual inputs from internal staff. By transforming the company's institutional knowledge into real time and predictive analytics, leveraging both "inside out" and "outside in" data from credible sources, a CRO can inform decision making. Moreover these insights can help to transform trends into opportunities, drive proactive action and provide early warning to key stakeholder owners on prospective outrage and operational risks.

3 Business Intelligence Tools in our Toolkit

1. RepRisk - leading Environmental, Social and Governance Controversy business intelligence delivered in 14 languages across an unlimited universe of companies and projects. It currently includes coverage on more than 47,284 companies, 11,460 companies, 8,313 NGO's and 6,481 Government Bodies.

2. SocialBakers - leading social analytics tools for real time Facebook, Twitter, G+, LinkedIN and Instagram content performance and analysis.

3. RepTrak - the leading "inside out-outside in" benchmarking survey tool offered by the Reputation Institute and trusted by the world's leading

Reinventing Risk for an Asian Century

The CRO plays a critical role in reputation risk management, developing organisational resilience and delivering value protection and value creation to their organisations.

By factoring outrage into their risk registers and including leading and predictive intelligence for informed decision making, CRO's can move their organisations from reactive to proactive protecting both their legal and regulatory license to operate and social license to operate.

To build on our strengths and to shape our future CRO's supporting companies, sectors and countries must transform their ERM practices to include both an inside out and outside in approach.

CRO's have the opportunity to reinvent their approach to risk management and play a key role in their organisations "winning" in the Asian century, ensuring their organisations not only survive, but also thrive.

  • Dr Peter Sandman - Risk = Hazard + Outrage -
  • Deloitte Global Reputation Risk Report 2013 -
  • Deloitte Global Reputation Survey 2014 -


I appreciate that you are reading my post. Here, and at LinkedIn, I write about board related issues - reputation risk, technology, corporate governance and risk management and trends. If you would like to read my regular posts then please click 'Follow' (at the top of the page) and send me a LinkedIN invite. And, of course, feel free to also connect via Twitter and Facebook and check out our blog here:

Managing Partner and Founder of RL Expert Group. A Member of the Global Advisory Council of NY Investment Advisory Firm, Cornerstone Capital; an Innovation Advisor to the University of Illinois Urbana Champaign Advanced Digital Science Centre, Singapore and Board Advisor to Belgian PR Software firm, Prezly and US Sports Analytics firm, Autoscout.

An Adjunct in Corporate Communications at Singapore Management University, lecturing part time on "Risk Issues and Crisis Management "and "Content Strategy" at the Lee Kong Chian School of Business. Prior to moving to Asia, she spent 7 years part time in European Academia, lecturing on the Luxury MBA programs in Marketing, Communications and Reputation Management at two french business schools, Ecole Superieur de Gestion and Mod'Art International.

Connect: Leesa Soulodre, Managing Partner, RL Expert Group -

All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!