Risk strategy

ISO 31000:2018 22 Minutes
https://preteshbiswas.com/wp-content/uploads/2024/11/Risk-Strategy-and-Enterprise-Risk-Management.wav

Risk strategy in Enterprise Risk Management (ERM) refers to a long-term plan that aligns an organization’s approach to managing risks with its broader goals and objectives. It establishes the organization’s risk appetite—the level of risk it is willing to take—and defines risk tolerance, which is the acceptable variation in outcomes. By focusing on creating a systematic framework, a risk strategy ensures that risks are identified, assessed, and addressed in ways that support business objectives, enabling value creation and resilience in the face of uncertainty. Risk strategy differs from risk tactics in scope and focus. While risk strategy outlines the overarching principles and framework for managing risks, risk tactics deal with the specific actions and methods used to implement the strategy on a daily basis. For example, a risk strategy may define the organization’s approach to mitigating operational risks broadly, while risk tactics involve the specific steps taken, such as implementing new controls or conducting targeted risk assessments. This distinction highlights the complementary nature of strategy and tactics, with the former offering direction and the latter providing execution. To establish an effective risk strategy, an organization must begin by understanding its goals and aligning risk management with its mission and objectives. The strategy must articulate the organization’s risk appetite and tolerance, providing clear boundaries for acceptable risks. A comprehensive assessment of the current risk environment is essential to identify internal and external threats, as well as opportunities. The organization should also build a governance framework that assigns clear roles and responsibilities for risk oversight and management, ensuring accountability at all levels. Promoting a risk-aware culture is critical to the success of the risk strategy. Employees and management alike need to understand the importance of effective risk management and their roles in achieving it. Training, communication, and leadership commitment are vital in fostering this culture. Objectives and metrics must be set to evaluate the success of risk management efforts, and processes should be integrated with strategic planning and daily operations. Finally, the strategy must be continuously monitored and reviewed to adapt to evolving risks and changes in the organization’s goals or environment. By taking these steps, an organization can establish a robust risk strategy that not only protects its assets but also positions it to seize opportunities and achieve sustainable growth.

Dynamic business models

Organizations often create separate documents for their business and strategic objectives. To ensure risk management fully supports the organization, it’s important to examine both sets of objectives and how they relate to each other. Business objectives typically align with the organization’s annual budget, detailing expected income from sales and costs of operations. These objectives are built on the organization’s business model, which outlines how it delivers value. For instance, a membership organization may rely on sponsorships from service providers and membership fees as key income sources. In return, it provides specific services to members and benefits to sponsors. The risks tied to business objectives often stem from the stability and efficiency of the business model. When assessing risks related to the annual budget, it’s crucial to consider events that could reduce sponsorship and membership income or hinder the delivery of promised services and benefits. Essentially, business objectives focus on the organization’s current operations and how it generates and delivers value. Risk management should therefore evaluate any factors that could disrupt this balance to help ensure the organization’s short-term goals are met effectively.

When a business is created, it either clearly or indirectly adopts a business delivery model, which outlines how it creates, delivers, and captures value. This model explains how the business provides value to customers, encourages them to pay for it, and turns those payments into profit. Essentially, it reflects the organization’s understanding of what customers want, how they prefer to receive it, and how the business can organize itself to meet those needs while remaining profitable. The business delivery model helps describe and categorize different types of businesses. Within a company, management uses this model to explore opportunities for growth and improvement. Enhancing the business delivery model involves implementing a business development plan. A solid model serves as a foundation for innovative organizations to build and refine their future strategies.

The business model is built on the organization’s objectives and annual business plan. Organizations also create plans to improve and evolve their business model in line with their long-term strategy. The current business model reflects the organization’s existing operations, or “where it is now,” and is shaped by the tactics used to achieve its strategic goals. However, most organizations understand that their current business model won’t remain effective indefinitely. To consistently meet their objectives year after year, they must adapt and grow. This could involve finding more sponsorship opportunities, offering new products or services to generate additional income, or improving efficiency in delivering their current offerings. The process of evolving the business model to achieve strategic goals is often referred to as the business development model.

Business development model

To integrate risk management into business operations, it’s helpful to use a simple business development model. This model breaks down key steps in achieving business goals. The first step is for the organization to define its strategy, which is guided by its mission, corporate goals, and what stakeholders expect. The strategy should align with the mission and be designed to achieve objectives effectively and efficiently. After setting the overall strategy, the organization must identify the tactics to implement it. If the strategy involves changing existing processes or adding new ones, specific projects or programs will need to be carried out. These tactics should ensure that core processes are in place to achieve the desired outcomes in a cost-effective way. Operationally, the goal is to maintain efficient, uninterrupted daily operations without unexpected disruptions. Strategy outlines “where the organization wants to be,” while reviewing current operations shows “where the organization is now.” Tactics, in turn, describe “how the organization will get there.” This three-step model focuses on events, many of which represent potential risks. Another crucial aspect of this model is the reporting of operational results. These actions and events—whether positive, negative, or routine—help the organization track progress in relation to its strategy, tactics, operations, and compliance. They influence the organization’s ability to maintain effective, efficient, and compliant operations. Although compliance processes aren’t always explicitly mentioned, they are essential for ensuring that the organization meets its legal and contractual obligations. These processes are as fundamental as the operational ones and should support all organizational activities. Setting a strategy involves managing opportunities, while delivering tactics, often through projects, requires managing uncertainties and control risks. Ensuring effective and efficient operations also demands careful handling of hazard risks to maintain stability and performance.

Business processes

Every organization has existing processes that help it achieve its business goals by generating income and managing costs. These processes might work well, but for risk management to play a meaningful role in reaching those goals, the objectives must align with day-to-day operations. Unfortunately, organizations often fail to set clear, ongoing objectives. Instead, they focus on short-term goals tied to their strategic plans.

To fully benefit from risk management, an organization needs to establish goals at three levels: strategy, tactics, and operations. Core processes are crucial to the organization’s success, helping it meet its mission and satisfy stakeholders. These processes deliver value and address specific stakeholder needs. There are four main types of core processes:

  1. Strategy development and execution
  2. Managing tactics, projects, and improvements
  3. Continuing and overseeing daily operations
  4. Ensuring compliance with rules and regulations

Activities are individual tasks that make up these processes. While the processes aim to add value, extra tasks can increase costs. The challenge is to create processes that are both effective and efficient. Once stakeholder expectations are clear, the organization can design core processes to meet those expectations at an acceptable level. However, no organization can fully satisfy all stakeholders, as their needs may conflict. Weaknesses or gaps in core processes often fall into four categories:

  1. Leadership gap: Issues in developing and delivering strategy, leading to a loss of market leadership.
  2. Competition gap: Problems with managing projects or improvements, causing the organization to fall behind competitors.
  3. Efficiency gap: Failures in maintaining smooth daily operations, leading to inefficiencies.
  4. Compliance gap: Weaknesses in meeting legal or regulatory requirements, which can harm the organization’s reputation.

Strategy and tactics

A business strategy outlines what an organization wants to achieve and how it plans to do so. It is based on key decisions about the organization’s future. Having a clear strategy helps the organization meet its mission, objectives, and plans. Risk management plays an important role in strategy by ensuring decisions are effective and efficient, leading to the desired outcomes. The main way risk management supports strategy is through risk assessment. This involves evaluating the current strategy and any new strategies being considered. If there are different strategic options, each should be assessed individually for risks. In competitive industries with rapid technological change, businesses face significant risks and must make major strategic decisions. These often involve adopting new technologies, which may require large, uncertain investments. These investments can be risky because the technology might be untested or because multiple technology options exist.

Risk assessment for strategic decisions should include:

  • Stakeholder expectations
  • Customer needs
  • Staff skills
  • A SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis

Possible strategies might involve forming partnerships, outsourcing work, subcontracting, or investing in new technologies. Thorough risk assessments give the board the information it needs to make well-informed decisions. During risk assessment, the organization should also identify events or factors that could disrupt the strategy’s success. Based on this, it can decide what controls to implement to minimize potential negative impacts. Strategic objectives often focus on growing the organization’s presence in its industry and building its reputation. Enhancing reputation and developing individual brands are seen as opportunities, but they also come with risks. Tactics are the actions taken to achieve the business strategy. To ensure smooth and efficient operations, tactics must be carefully chosen, implemented, and managed. They should also ensure accurate financial reporting and compliance with laws and regulations. The goal is to create effective, efficient, and compliant core business processes. Projects drive changes to core processes. When managing projects, it’s important to address risks that could delay completion, exceed the budget, or fail to meet specifications. However, completing a project on time and within budget isn’t enough if it doesn’t lead to better core processes. For example, installing a new software system might be successful as a project, but if the system doesn’t deliver the expected improvements, the core processes won’t improve as intended. Risk management supports tactics and projects through risk assessments, improving risk responses, and ongoing reviews. The goal of risk assessment is to identify necessary controls. Once controls are in place, they need to be reviewed to ensure they are working effectively and efficiently. Effective tactics ensure the right core processes are in place to meet business needs. Even if core processes are efficient, they may not always be the best ones for achieving the organization’s goals. Projects aimed at improving core processes are essential for delivering the strategy. By developing more effective processes, the organization can continue to meet the needs of customers, investors, and other stakeholders. To maintain effective core processes, the organization may need to adjust its business model and objectives.

Strategy Statement:
To establish a comprehensive Enterprise Risk Management (ERM) framework that enhances operational resilience, ensures regulatory compliance, and protects the company’s reputation, while supporting long-term growth and sustainability.

This strategy focuses on embedding risk management into every level of the organization to identify, assess, and mitigate risks that could impact the company’s ability to meet its strategic objectives, including those related to health, safety, environmental impact, and financial stability.

Tactics Statement:
To implement risk assessment tools, strengthen incident response protocols, and enhance real-time monitoring systems across all operational sites to proactively manage risks associated with health, safety, and environmental hazards.

These tactics aim to ensure that day-to-day operations align with the broader ERM strategy. They involve specific actions like deploying advanced monitoring technology, conducting regular risk audits, and providing staff training on emergency response and compliance.

Effective and efficient operations

The main goal of risk management in operations is to ensure processes run efficiently without unexpected disruptions. Such disruptions often result from hazard risks. Well-designed, disruption-free core processes not only help the organization operate smoothly but also provide a competitive edge or improve cost-effectiveness. Risk management plays a crucial role in keeping operations running smoothly. This includes identifying and assessing risks, responding to significant ones, allocating resources for controls, planning responses, reporting risks, and ongoing monitoring. A comprehensive risk management approach is essential for uninterrupted and efficient operations. Internal audit also contributes by evaluating how well controls work within operations. This ensures both the operations and their controls are effective and efficient. Internal audits provide valuable risk assurance and help confirm compliance where necessary. All organizations need their operations to be both effective and efficient, especially in tough financial conditions. Efficient operations are key to meeting annual budgets and achieving business goals. Improving operational efficiency often involves using fewer resources, which may include cutting costs. However, efficiency alone isn’t enough if the organization is using the wrong processes. For example, you could make traveling by car very efficient, but if taking a train is faster and cheaper, the train is the more effective choice. Similarly, in a busy city, taking a taxi might seem efficient, but the metro could be a quicker and more cost-effective option. An organization’s business model reflects its current operations and core processes. These processes define the value it delivers to customers, supported by its financial stability and reputation. Strategy and tactics aim to improve the business model by enhancing the effectiveness and efficiency of core processes. The business model represents the organization’s current operational state, which strategy seeks to improve.

Ensuring compliance

Risk management activities serve four key purposes: Mandatory requirements, Assurance, Decision-making, and Effective and Efficient core processes (MADE²). Core processes fall into four categories: Strategic, Tactical, Operational, and Compliance (STOC). There is a strong connection between the reasons for risk management and the efficiency and effectiveness of these processes. Mandatory requirements come from stakeholders like regulators, customers, or financiers. These requirements must be met, and organizations do so by maintaining effective and efficient compliance processes. Failure to comply can have serious consequences, such as losing a license, which could threaten the organization’s survival. While there are usually several ways to meet mandatory requirements, risk management plays a key role in designing compliance processes that are both effective and efficient. This can even turn compliance into a competitive advantage by minimizing costs and improving operations. Many organizations prioritize compliance and see it as part of their culture, which helps them meet mandatory obligations. However, if compliance processes are not efficient, it can lead to wasted resources and a loss of competitive edge. Risk management professionals help develop compliance processes that are both cost-effective and efficient. For example, health and safety regulations are mandatory for most organizations, enforced by law. Some businesses may try to avoid compliance, thinking there won’t be consequences. But a more risk-aware organization will recognize that complying with health and safety rules not only improves operational efficiency but also enhances its reputation. A strong safety record can attract new clients and secure contracts.

Reporting performance

Operational reports show how well the organization’s strategy is being carried out. Management needs regular access to this data to adjust core business processes when needed. These reports also help prepare performance updates for stakeholders. The organization must decide what information to share, how much to disclose, and the format for these reports. To ensure accuracy, proper controls need to be in place. In the U.S., the Sarbanes-Oxley Act (SOX) outlines requirements for ensuring accurate financial reporting to shareholders. Risk management supports performance reporting by assessing risks in reporting lines and data-handling processes. SOX has increased focus on controlling reporting procedures. Under Section 404, external auditors must verify that financial reports and reporting processes are accurate.

Components of the business model

Every organization has a business model that outlines how it delivers value to its customers. Even non-commercial organizations, such as public sector or third sector entities, have a system for fulfilling their mission or vision. The business model explains how the organization uses its resources to provide its customer offering while ensuring long-term sustainability and resilience. The business model consists of four key components, summarized as

CORR:

  1. Customer: Identifying customer groups, attracting and retaining them, and deciding how to deliver products or services.
  2. Offering: The value and benefits provided to customers.
  3. Resources: The organization’s assets, data, capabilities, and partnerships.
  4. Resilience: The organization’s ability to maintain operations, including financial stability and reputation.

The business model shows how operational and compliance processes work together to create a good customer experience. Organizations need to analyze their business model to identify strengths, weaknesses, opportunities, and threats (SWOT). Conducting a risk assessment helps pinpoint areas where the current system could fail or be improved, ensuring efficient delivery and finding new opportunities for growth. The business model reflects how things currently work and helps identify ways to enhance the customer offering or improve processes. Once improvements are identified, the updated business model sets the organization’s strategic direction, and specific tactics are developed to achieve that strategy. Business models can be complex, with multiple dependencies, such as suppliers and outsourced services. It’s crucial to identify any weaknesses or inefficiencies. Analyzing the business model also serves as a risk assessment tool, highlighting potential risks in areas like supply chains or ethical practices, which could harm the organization’s reputation. Corporate social responsibility, particularly in supply chains, is a growing concern for many organizations, as ethical risks can significantly impact their reputation.

Risk management and the business model

Every part of a business model can be analyzed for risks. The business model shows how an organization achieves its mission, vision, goals, and objectives. While the core focus is the offering (product or service), the process often begins with understanding the target customer segment. There are risks involved in identifying and retaining customers, as well as in providing customer service and support. Distribution channels also play a critical role in delivering the offering. The offering itself relies on the organization’s resources and capabilities to provide value and benefits to the customer. Evaluating how resources are structured and used helps identify risks that could impact performance. A key aspect of the business model is the organization’s resilience, which includes its reputation. While some business models overlook reputation, it is crucial since reputation often defines an organization’s success, particularly in its industry. Reputation also ties into sustainability—organizations aim to maintain and improve their reputation over time. Sustainability is essential in all business models, typically represented by financial health—balancing expenses and income. However, sustainability can also include environmental responsibilities. The organization’s sustainability goals must be part of the risk assessment, which will focus on operational hazards and compliance risks. To ensure the business model operates efficiently, operational risks must be mitigated, and compliance risks minimized. After assessing risks, the organization must decide if its current business model is sustainable. If improvements are needed, a new or modified business model will be developed, which becomes the organization’s strategy. Implementing this strategy involves specific tactics, executed through projects or programs to bring about the necessary changes. Strategic risks (improving the business model), tactical risks (implementing tactics), operational risks, and compliance risks must all be managed. This comprehensive approach is known as EM3. A strong business model not only attracts new customers but also deepens relationships with existing ones, ensuring long-term loyalty and higher satisfaction. Therefore, improving the business model should aim to both increase customer acquisition and retain existing customers while enhancing their experience.

Reputation and corporate governance

Corporate Social Responsibility (CSR) is a key part of an organization’s corporate governance. It applies to all types of organizations and involves acting responsibly toward society and the environment. Good CSR practices can boost an organization’s reputation and increase stakeholder value. On the other hand, poor CSR standards can lead to negative publicity and harm stakeholder value. Good CSR practices benefit organizations by:

  • Protecting and improving their reputation, brand, and trust.
  • Attracting, motivating, and keeping talented employees.
  • Managing and reducing risks.
  • Increasing efficiency and reducing costs.
  • Securing their ability to operate.
  • Opening up new business opportunities.
  • Creating a safer and more stable business environment.

CSR covers a wide range of activities, including efforts to improve social, environmental, and local economic impacts. It also involves promoting human rights, ensuring fair trade, and combating corruption. Before CSR became common, similar concerns were grouped under Social, Ethical, and Environmental (SEE) issues. Today, CSR encompasses all those areas. CSR is relevant not only for large multinational corporations but also for small businesses, public sector organizations, and charities. According to the European Commission, CSR means that businesses are accountable for their impact on all stakeholders. It reflects a commitment to operate fairly and responsibly, contributing to economic development while enhancing the quality of life for employees, their families, and the wider community.

CSR and risk management

CSR covers a wide range of issues, from health and safety to broader topics involving employees, customers, suppliers, the community, the environment, and the organization’s products or services. Both CSR and risk management deal with a wide variety of concerns, and there is significant overlap between the two areas. Scope of issues covered by CS:

  • Health and safety: Commitment to a programme of activities to achieve continuous improvement in health and safety performance
  • Employees: Aim to deliver a competitive and fair employment environment and the opportunity to develop and advance – subject to personal performance
  • Customers: Strive to provide high-quality service and products and good value for money in all dealings with customers
  • Environment: Reduce impact on the environment, including factors contributing to climate change, through a commitment of continual improvement
  • Suppliers: Working with suppliers to ensure that worker welfare/labour conditions and environmental practices meet recognized standards
  • Community: Aim to be a responsible corporate citizen through support for appropriate non-political and non-sectarian projects, organizations and charities
  • Products/services: Designed not to unintentionally or by design cause death, injury, ill-health or social disruption, hardship or detriment

Many CSR topics, like workplace safety and environmental impact, are risk-related. However, addressing these solely as risks doesn’t fully cover the CSR agenda, though it’s a good starting point. Risk assessment workshops often include CSR topics like social, ethical, and environmental issues. Risk managers can use their tools, such as risk assessments, control measures, and compliance audits, to tackle CSR and broader corporate governance. Most organizations view CSR as a reputational matter, treating its components as hazard risks. They often start by updating processes to meet CSR requirements. While this compliance approach is a good first step, what begins as a hazard risk can evolve into a control risk and eventually present opportunities. Organizations should aim to improve their CSR practices. Once compliance is achieved, they can explore opportunities, such as offering fair-trade products, which can boost sales and improve their public image. Public opinion often drives CSR issues faster than organizations can respond, making CSR a chance to gain reputational benefits. Treating CSR as an evolving and proactive effort helps organizations align with public expectations and gain a competitive edge. Some organizations, like energy companies, have stakeholders they might prefer to avoid, such as environmental groups. Despite this, these groups are legitimate stakeholders and can significantly influence the company’s activities. Environmental concerns fall squarely within the CSR agenda. Key CSR stakeholders include employees, customers, suppliers, and the broader community. When it comes to environmental issues, everyone becomes a stakeholder, as organizational behavior affects the environment globally.

Supply chain and ethical trading

Failing to ensure ethical behavior is now widely seen as a significant business risk. Stories about fraud or corruption can damage a company’s reputation and hurt future profits. With easy access to online information, companies engaging in unethical practices, such as exploiting workers or mistreating suppliers, can quickly be exposed. If unethical actions cross into illegal activity, the impact can be even more severe. Breaking the law or ignoring internal governance rules can threaten the company’s survival. For instance, offering bribes to officials, even in regions where it may be common, is both unethical and illegal. Unethical behavior can lead to damaged reputations, lost profits, and customers or suppliers refusing to do business with the company. Examples of such risks include:

  • Violating regulations.
  • Partnering with questionable foreign governments.
  • Excessive political donations.
  • Tax evasion or shady tax practices.
  • Making false claims or accusations about competitors.
  • Forming unethical alliances with competitors.

Another concern is sourcing products from factories with poor working conditions. Selling low-quality or unsafe products can also harm a company’s reputation and raise questions about its ethics. For instance, if a clothing retailer wants to ensure its products are made under ethical conditions, it could set strict requirements for its suppliers. The retailer might demand that suppliers provide regular reports detailing:

  • Their policies on ethical labor practices.
  • The working conditions and pay of their employees.
  • Any subcontracting arrangements.
  • Results of audits and inspections of production facilities.

The retailer could then promote its commitment to ethical sourcing, gaining public trust and encouraging competitors to follow suit. This proactive approach can boost the retailer’s reputation and highlight its leadership in corporate social responsibility (CSR). Positive CSR efforts, especially in industries with a negative public image, can greatly benefit a company. For example, a fast-food chain operating in a sector often criticized for health and environmental concerns could improve its reputation by adopting higher nutritional standards and sustainable sourcing practices. By exceeding industry standards, the company demonstrates a strong commitment to ethical practices. Many organizations now include CSR achievements in their annual reports or issue separate CSR updates. These reports help them show progress, moving from compliance with ethical norms to leveraging CSR for competitive advantage. Ultimately, demonstrating strong CSR practices can help companies meet stakeholder expectations and improve overall performance.A company’s annual report on Corporate Social Responsibility (CSR) should include the following:

  • Key Risks and Opportunities: Explain the social, ethical, and environmental risks and opportunities that could significantly affect the company’s value in the short or long term, and how these might impact the business.
  • Policies and Procedures: Outline the company’s policies and processes for managing risks related to social, ethical, and environmental issues.
  • Compliance: Provide information on how well the company has followed its own policies and procedures for managing these risks.
  • Verification Processes: Describe how the company ensures the accuracy and reliability of its social, ethical, and environmental disclosures, aiming for a high level of trustworthiness.

Reputation

Reputation is crucial for organizations and is often considered their most valuable asset. Since reputation is both vital and easy to lose, organizations need to understand what it’s built on. While reputation depends on the size, nature, and complexity of the organization, it helps to break it down into key components. The main elements of a good reputation can be summarized as CASE:

  • Capabilities: The organization’s purpose and resources.
  • Activities: Its processes and financial management.
  • Standards: The quality of its products, services, and customer support.
  • Ethics: Its values and commitment to integrity.

Reputation is also part of the FIRM risk scorecard and is often seen as a result of other events. A strong reputation encourages customers and clients to do business with the organization. Components of reputation are:

  • Capabilities: Does the organization have a clear purpose or resolve, together with the commitment, vision, capabilities and resources to deliver that purpose?
  • Activities: Which sector and what activities does the organization undertake and does it have the financial resources and stability to support those activities?
  • Standards: What range of services or products does the organization offer and what are the standards of quality, delivery, support, execution, innovation and investment?
  • Ethics: Does the organization adhere to appropriate CSR, integrity, values and governance, and continuously monitor performance to learn and achieve improvements?

Organizations should carefully assess both the reputation of their industry and their own standing within it. Many companies take intentional steps to improve their reputation, which can lead to greater success. To do this, an organization needs the right capabilities to plan strategies, implement tactics, maintain operations, and ensure compliance. These capabilities should be reflected in a clear statement of purpose or commitment. The organization’s activities will depend on its industry, and financial resources and stability are crucial to support those activities. Together, capabilities and activities shape the organization from the inside. Reputation also depends heavily on the quality of the products or services offered, along with the standards of service delivery. Additionally, business ethics play a key role in showcasing the organization’s integrity. This integrity can be demonstrated through regular performance monitoring and continuous improvement efforts. By using a chart to evaluate its reputation within its sector, an organization can assess its performance in four key areas (capabilities, activities, standards, and ethics). Each area can be scored on a scale from 1 to 4, ranging from poor to excellent. This helps identify which areas pose the biggest risks to its reputation.

Threats to reputation

  • Capabilities: Failure to provide a clear indication to stakeholders that the organization recognizes its purpose. Failure to have adequate resources within the organization to ensure satisfactory governance and/or deliver quality services and products.
  • Activities: Business sector in which the organization operates suffers adverse publicity. Finances are weakened, reducing the desire of customers to trade with the organization.
  • Standards: Insufficient innovation in services and products so that customers go elsewhere. Reduction in quality of products and/or services or failure to deliver customer support.
  • Ethics: Unethical behaviour by the organization (CSR) indicating unacceptable values. Failure to deal with customer complaints appropriately and with integrity.

Corporate social responsibility (CSR) is just one key factor in building a strong reputation, but reputation goes beyond ethics alone. In fact, customers may still choose to do business with a company even if they view its business practices as less ethical. Although this book provides only a brief overview of reputation, its critical role—especially in risk management—is well understood. The value of brand and reputation is recognized by all organizations. Many companies that interact directly with the public work hard to build trust and promote ethical behavior. For some, this isn’t a new approach but a core principle that shapes their entire customer experience.

Example of Monitoring Reputation:

  1. Uniliver: A global business like Unilever faces many challenges in its daily operations across different countries. That’s why it’s important for the corporate responsibility committee to regularly review the systems and processes in place to handle these issues. The committee also requests an annual summary of key issues the company is addressing. In 2015, these included climate change, food and beverage taxes, responsible use of technology, and human and labor rights. To ensure Unilever’s reputation is well-managed, the committee may also seek independent feedback on how the company is viewed by society. One major survey, conducted annually by a research agency, gathers input from over 800 sustainability experts in more than 80 countries. The survey shows that more experts believe companies lead in sustainable development when they make sustainability a core part of their business. About 38% of respondents said Unilever is “integrating sustainability into its business strategy,” placing it well ahead of its competitors.
  2. Starbucks: Starbucks regularly reviews its ethical sourcing practices for coffee, tea, and cocoa to ensure fair treatment of farmers and sustainable farming practices. The company tracks and reports on these initiatives through its Global Social Impact Report, which includes metrics like farmer support programs and community investments. Starbucks also engages with external auditors and sustainability experts to assess its impact.
  3. Patagonia: Patagonia is known for its strong stance on environmental issues. The company monitors its reputation by openly sharing its progress and challenges in reducing its environmental footprint. Through its Footprint Chronicles and annual reports, Patagonia details its supply chain practices, including the use of recycled materials and efforts to reduce carbon emissions. It also invites independent reviews and feedback from environmental groups to stay accountable.
  4. Johnson & Johnson: Johnson & Johnson monitors its reputation through customer feedback, surveys, and regulatory compliance reviews. The company’s Credo Values Survey gathers input from employees and stakeholders to ensure it is meeting its ethical and operational standards. Additionally, J&J collaborates with healthcare professionals and public health organizations to maintain trust in its products, especially during product recalls or safety concerns.
  5. Microsoft: Microsoft closely monitors its reputation regarding data privacy and responsible AI. The company releases transparency reports detailing government requests for user data and compliance with privacy laws. Microsoft also engages with independent organizations to audit its AI ethics practices and ensures its tools align with privacy and human rights standards.
  6. Coca-Cola: Coca-Cola tracks its reputation by focusing on water usage and conservation. The company has a Water Replenishment Program, where it reports on efforts to return more water to communities and the environment than it uses in its operations. Coca-Cola works with NGOs and local governments to verify its impact and builds its reputation as a socially responsible brand.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply