5 Key Components of Reputation Risk Assessments


Most companies today appreciate the importance of having a crisis communications plan in place. However, the quality and effectiveness of these plans varies widely, with many organizations relying on overly generic, “off-the-shelf” plans that fail to recognize their unique vulnerabilities. As a result, Reputation Partners recommends that the crisis planning process begin with thorough reputation risk assessments. These assessments, which look at all forms of reputation risk across a company, serve as an essential foundation for building crisis plans that are relevant, usable and effective in addressing real-world issues and crises.

At a high level, reputation risk assessments look at the range of reputation issues facing an organization and its readiness (or lack thereof) to address them. More specifically, they help to understand:

  1. What issues present reputation risk – and which of these risks are most likely to occur or should otherwise be prioritized in crisis planning
  2. Who is likely to be critical of the company
  3. What business practices are adding to potential reputation risk (or might help mitigate certain risks)
  4. What protocols exist to monitor for and mitigate reputation risks before they escalate

Here are five key components every reputation risk assessment should include:

Five Key Components of Reputation Risk Assessments

Consider Internal vs. Third-party Risk Assessment

It’s important to weigh the benefits of tapping an internal team vs. a third-party consultant to conduct a reputation risk assessment. Internal assessments benefit from being run by the people who know the organization best.  However, they might not be able to probe as deeply to uncover certain risks.  Third-party experts not only bring insights from working with other organizations, but also can look more objectively at a company’s vulnerabilities and strengths.

Conduct Landscape Analysis

Looking outside your organization is a key component of effective risk assessments. Much can be learned by examining issues facing your industry (or related industries), as well as your competitors. This includes examining current or potential critics (e.g., activist groups, labor unions, legislators, regulators, advocacy organizations) that may be active on issues relating to your business.  Internal and/or external research can also be helpful in assessing risk.  An “outside-in” view is critical to identifying the full range of an organization’s reputation risks.

Interview Leadership and Beyond

One-on-one interviews with senior-most leadership (including the CEO and board members) and PR/marketing leaders around “what keeps them up at night” are a basic component of risk assessments. However, one of the most essential aspects of risk assessment is to go deeper by interviewing a diverse cross section of people at varying levels (such as corporate-level, branch or local level, etc.) and functions (such as legal, HR, customer relations, regulatory affairs, operations). Unfortunately, many companies fall short on identifying the full range of risks by exclusively relying on the C-suite and/or the communications and marketing teams for insight.

Evaluate Current Risk Monitoring and Management Protocol

One common finding of risk assessments is a lack of clarity within an organization around how issues are monitored and who plays what roles in responding to issues before and when they escalate. Clients (often incorrectly) presume that warning signs are being heeded by someone, somewhere within the company, and that issues are escalated to the right people when needed. For this reason, risk assessments should take an honest look at existing guidelines and protocols for monitoring reputation risks – at the corporate, branch, plant or local levels – and elevate or address them before they snowball.

Ensure Crisis Communications Plan Complements Enterprise Risk Plan

It’s important to remember that a reputation risk assessment and crisis communications plan are not the same as an Enterprise Risk Plan (ERP). An ERP examines how an organization will function during a crisis.  A reputation risk assessment and crisis communications plan can help the organization communicate and weather such crises.  Though these two types of assessments/plans are complementary and should be aligned, they are not interchangeable. To be effectively prepared for a reputation crisis, organizations should have a distinct plan that addresses reputation risks, which tend not to be examined fully in ERPs.

Reputation risk assessments are an essential part of the crisis planning mix. At a time when issues can so quickly escalate into costly, full-blown reputation crises, it is more important than ever that crisis communications plans be customized, specific and targeted toward an organization’s unique structure and range of vulnerabilities.