Management Of Reputational Risk

There had been a few high profile failures of large institutions around the turn of this century. And in the financial industry this has resulted in increased focus on ReputationalRisk.

Organizations whose Reputations have suffered can expect a sharp stock market reaction, and in some cases BusinessContinuity gets disrupted and their survival means having to rebrand, reorganise, rename, etc.

Typically a large portion of management rank gets surgically removed in these exercises. So in most companies, ImpressionManagement is a high priority item, and ManagementOfReputationalRisk has higher priority than attending to bottom line concerns.

InformationTechnologyGovernance - more than a "Beauty contest"

Some people view attention to Governance matters as a "Corporate Beauty Contest", where lots of efforts are spent on "beautification" of processes as an end to itself.

Others see things differently. Activities related to defining Governance are probably more of a matter of ManagementOfReputationalRisk and thus have a positive impact on "bottom lines", such as "Cost of Capital" for the organization concerned.

How does that translate to activities for an inhouse IT department?

In regards to InformationTechnology, many business sponsors view our industry as having a long history of hype unmatched by performance. We are seen as people living in our own "sheltered environment", insensitive to changing business needs, and communicating in a language foreign to outsiders.

IT budget is therefore seen as an expense, and budgets for essential maintenance have been cut drastically in recent years. A suitable response has to be developed, and these include:

StrategicAlignmentOfItProductsAndServices - making sure IT is serving the business and not for its own sake.
InformationTechnologyGovernance - development of processes to allow funding parties (typically mid to upper level management in end user areas) to better understand where and why IT activities are happening.
- InformationTechnologyServiceManagement is one of these tools

Influx of accountants into mid and several IT management positions has been a CultureShock to many of us who expect technical LeaderShip from above. But it is necessary that the IT dicipline implement effective ManagementOfReputationalRisk mechanisms, before we are allowed to govern ourselves again.

Management of reputational risk without regard to the strategic alignment of reputation or governance of management risk shifts focus from risk to reputation, without the tactical reputation governance safeguards of risk, management, reputation, strategy, alignment, governance, tactics, or even risk.

UserStories

InternationalOutsourcing suppliers is starting to take measures to safeguard their reputation, including management processes related to InformationSecurity. There were stories about successful SocialEngineering targeting US bank customers leading to breaches in IdentityManagement. See Jun05 article at http://www.crmbuyer.com/story/T6hl69CB3OiC14/Indian-Outsourcers-Look-To-Improve-Security.xhtml

There is a BusinessValue attached to policies of paying attention to reputational risk

"...(The socially responsible firms are) less likely to suffer the commercial consequences of customer animosity. They are also less likely than others to sufferregulatory or enforcement decisions. They are at least as likely and perhaps more likely to represent good investments, and those are considerations which trustees can certainly reasonably take account of." 567----

Resources

Financial institutions see reputational risk as the greatest threat They should take a lesson from Microsoft: embrace suckage and stop giving a sh8t :-)

Note: recent additions were made by one subject to a HardBan, and therefore removed.