Reputation Risk – It’s more
complicated than that
For starters, let me say that I agree with the premise that reputation risk is very real. And in the healthcare sector, it is
more important than in most other entities.
However, I think that when it comes to
managing risk in general, and compliance
risk in particular, reputation risk is often mis-
understood. Some organizations consider it a
category of risk. Some list it as a risk
event. Others list it as a consequence
of another risk event. None of these
treatments really accurately capture
what reputation risk is.
Reputational damage only hap-
pens if something else happens. So,
reputation risk is not an event, as
I’ve seen some organizations treat
it. A patient is harmed, a reporter criticizes
an organization, an employee disparages our
organization on social media, or some other
event occurs, and reputational damage results.
We may have a lot of control over the event
that gives rise to the reputational damage, or
very little. For example, our reputation may
suffer as a result of another organization’s
actions simply because we have something in
common with that organization.
But, who cares if our reputation suffers?
Here’s where the next issue comes into play.
Reputational damage, by itself, does not
hurt us. The real damage is the action taken
when people become aware of a tarnished
reputation. So, reputational damage is not a
consequence of a risk either. It is an intermedi-
ate step that occurs as a result of an event, and
that intermediate step can (but doesn’t always)
lead to the ultimate consequence(s). The final
consequence, which is what we are really
trying to focus on, can be a variety of things.
The first one that typically comes to mind in
connection with reputation is lost revenue. But
consequences can extend beyond the immediate financial effect, to things like employee
morale and productivity.
And here’s where it gets most interesting. Risks can have interactions with and
effects on other risks. For instance, a compliance investigation can result in reputational
damage that leads to a loss of support or
revenue. And I’ve seen reputational risk run
in the opposite direction. In one case, I witnessed reputational damage resulting from
an employee matter that triggered a compliance investigation by a government agency
in a completely different area. The logic was
that, even though the employee matter did not
have any direct impact, it could be indicative
of broader issues that the government agency
was concerned about.
Reputation risk is different from and more
complicated than most other commonly used
risk categories. It requires careful consideration of what causes reputational damage as
well as how different causes relate to different
LETTER FROM THE INCOMING CEO
Please don’t hesitate to call me about anything any time.
gerry.zack @ corporatecompliance.org
by Gerry Zack, CCEP