Internal Audit’s Role in Managing Reputation Risk

Company executives are seeing that reputational risks and corporate missteps can have more significant impacts on bottom lines and stakeholder perceptions than ever before. This article, authored by Russell A. Jackson, notes that these impacts are being felt immediately due to the evolution of global communication allowing corporate decisions to be debated real-time. Furthermore, the nature of what is considered a misstep is continually changing, making a current awareness of reputation risks increasingly important.

Internal auditors have long been involved with reputational risks at companies, monitoring these risks in ongoing audit engagements and in ad hoc consulting activities. With the growing prominence of reputational risks to organizations, internal auditors should ensure their level of involvement is adequate to assist the organization in dealing with these risks appropriately. There are several ways in which internal auditors can accomplish this level of involvement:

• Identifying risk champions throughout the organization, whose roles include monitoring and reporting on reputational risks
• Having a place at the table when the committee in charge of risk management in the organization is discussing reputational risks
• Regularly discussing reputational risk as part of the risk universe at an organization
• Being aware of reputational risks and identifying areas that represent threats because they are not being managed correctly
• Ensuring organizations examine reputational risks at the inherent level as well as at the perceived residual level
• Increasing monitoring of social networking websites to track the public mood
• Maintaining awareness of changes to reputational risks; for example, environmental responsibility is a relatively new reputational risk impacting organizations

• Updating and adjusting risk assessments throughout the year as circumstances change

While new reputational risks are continually coming to light, other established reputational risks still exist and are often enhanced. Established reputational risks that may increase due to the economic downturn include fraud, theft, and quality corner-cutting. Furthermore, the economic downturn has increased many reputational risks because companies may not be able to recover as quickly from the financial impacts of a misstep.

Companies are recognizing the importance of reputational risk and placing a greater emphasis on reputational risk management. A survey by The Conference Board found that 82% of risk managers responding indicated their companies are making a “substantial” effort to manage reputational risk, and 81% stated their focus on reputational risk has increased during the past three years. Internal auditors can play a part in these efforts by helping companies target reputational risks and monitor their responses. In doing this, internal audit can add value to the organization and increase the prestige of the internal audit department at very little cost. However, it is important that internal auditors only assist by carrying out their advisory and monitoring roles, ensuring that it is clear that the business itself owns the reputational risks.

Original Article Source: “Keeping Your Reputation Clean,” Russell A. Jackson, June 2009