Reputational risk mapping, assessment and mitigation process
The reputational risk management process may be set within the well-established stage risk management framework with a circular mechanism that is completed through a feedback system over time. However, the phases are marked by the distinctive element of the twin “Inside-Out” / “Outside-In” views, which is introduced in order to overcome the limitations of a self-referential approach and adapt the reputational risk mitigation and management model to its peculiarity, which is that of being a risk associated with the external stakeholders’ perceptions.
Reputational Risk Management Process
Once the risk management strategy has been established by setting the assessment metrics and risk appetite threshold, a detailed mapping of specific reputational risk scenarios for the Group was carried out based on the analysis of internal drivers (interviews with senior management, issues emerging from the Monitoring Center of Reputation & Emerging Risks, operational risk and business continuity database, materiality matrix, claims report, financial reporting) and external drivers (negative events with an impact on reputation in the industry across the world over the past ten years, engagement activities with key stakeholders and external opinion leaders). The basic risk scenarios, derived from past experience (“Learn from the Past”) or plans in place (“Capture actual scenario”) were enriched with “what if” scenarios, i.e. risk / opportunity scenarios useful from a strategic vantage point (“Foresee the future”).
The identified risk events were then submitted to evaluation by integrating the views of senior management with the direct involvement of “Public Opinion” stakeholders, marking the impact on each of the seven reputation dimensions of the Group’s scorecard.
The cycle was completed with the definition of the governance and management structures and preparation of mitigation and/or crisis management plans, if any.