Table of Contents
Chapter 1
Introduction &Problem Formulation .................................................................4
Chapter 2
Research Methodology ............................................................................................... 11
2.1. PARADIGM .................................................................................................................................. 12
2.2. METHODOLOGICAL APPROACH .......................................................................................... 13
2.3. CRITICISM AND CHOICE OF METHODOLOGICAL APPROACH .................................... 14
2.4. METHODOLOGICAL APPROACH USED IN THE THESIS ................................................. 15
2.5 OPERATIVE PARADIGM AND RESEARCH DESIGN ........................................................... 18
Chapter 3 Theoretical Part .................................................................................................................. 22
3.1 REPUTATION AND REPUTATION MANAGEMENT ........................................................... 22
3.1.1 REPUTATION AND ITS COMPOSITION ......................................................................................................... 22
3.1.2 BUILDING CORPORATE REPUTATION .......................................................................................................... 25
3.1.3 MAINTAINING CORPORATE REPUTATION ................................................................................................. 28
3.1.4 STAKEHOLDER THEORY ................................................................................................................................... 33
3.2. RISK AND REPUTATION RISK ................................................................................................ 37
3.2.1 RISK CONCEPT ..................................................................................................................................................... 37
3.2.2 REPUTATION RISK AND ITS MATTER ........................................................................................................... 38
3.3. RISK MANAGEMENT ................................................................................................................ 41
3.3.1 RISK MANAGEMENT DEFINITION .................................................................................................................. 41
3.3.2 RISK MANAGEMENT PURPOSE ....................................................................................................................... 43
1
3.3.3 RISK MANAGEMENTAND RISK LIFECYCLE.................................................................................................. 43
3.3.4 RISK MANAGEMENT PROCESS ....................................................................................................................... 45
3.3.5 RISK MANAGEMENT TECHNIQUES ............................................................................................................... 50
3.4 PROACTIVE REPUTATION RISK MANAGEMENT .............................................................. 51
3.4.1 PROACTIVE AND REACTIVE REPUTATION RISK MANAGEMENT ......................................................... 52
3.4.2 PROACTIVE REPUTATION RISK MANAGEMENT AND REPUTATION RISK LIFECYCLE ................... 53
3.4.3 PROACTIVE REPUTATION RISK MANAGEMENT MODEL ........................................................................ 55
3.4.4 FURTHER THINKING ON PROACTIVE REPUTATION RISK MANAGEMENT ........................................ 65
3.5 CONCLUSION OF THE THEORETICAL PART ....................................................................... 67
Chapter 4 Practical Part: Reputation risk management at the Vestas A/S ......... 67
4.1INTRODUCTION .......................................................................................................................... 68
4.2 VESTAS A/S---COMPANY PROFILE ........................................................................................ 68
4.3 RISK MANAGEMENT IN VESTAS A/S .................................................................................... 70
4.3.1HISTORY OF VESTAS RISK ................................................................................................................................. 70
4.3.2 RISK MANAGEMENT PRINCIPLES AND DRIVING FORCE WITHIN VESTAS ........................................ 71
4.3.3 VESTAS RISK MANAGEMENT AND BCM FRAMEWORK ........................................................................... 73
3.3.4 STRENGTH AND WEAKNESS ANALYSIS OF SUCH SYSTEM .................................................................... 79
4.4 REPUTATION RISK MANAGEMENT IN VESTAS ................................................................. 80
4.4.1 REPUTATION RISK MANAGEMENT IN RISK MANAGEMENT DEPARTMENT ..................................... 81
4.4.2 REPUTATION RISK MANAGEMENT IN COMMUNICATION DEPARTMENT ........................................ 82
4.4.3 CONCLUSION ON REPUTATION RISK MANAGEMENT IN VESTAS ....................................................... 84
4.5 TESTING PROACTIVE REPUTATION RISK MANAGEMENT MODEL IN VESTAS ....... 84
2
4.5.1 TESTING PROACTIVE REPUATION RISK MANAGEMENT MODEL IN RISK MANAGEMENT
ACTIVITIES..................................................................................................................................................................... 85
4.5.2 TESTIFYING PROACTIVE REPUTATION RISK MANAGEMENT MODEL IN COMMUNICATION
ACTIVITIES..................................................................................................................................................................... 86
4.5.3 CONCLUSION ON MODEL CERTIFICATION ................................................................................................. 87
4.6 FURTHER THINKNG: PROACTIVE REPUTATION RISK MANAGEMENT IN VESTAS 89
4.6.1 PROBLEMS IN REPUTATION RISK MANAGEMENT IN VESTAS .............................................................. 89
4.6.2 HOW TO PROACTIVELY MANAGE REPUATION RISK IN VESTAS .......................................................... 90
Chapter 5 Conclusion and Reflection ......................................................................................... 93
References........................................................................................................................................................ 97
Appendices ................................................................................................................................................... 100
3
Chapter 1
Introduction &Problem Formulation
TNCs and The changing world
It is a changing world with massive challenges. Globalization and economic integration have
been the key words repeatedly heard from media, economic forums and literatures. Intensified
trade relation, opening market for foreign direct investment both in production sector and
financial sector plus the industrial structure reform have pushed each nation to be a member
of global family and strengthened their correlation in various spheres no matter in economy or
politics. Technology innovation which derives from the new requirement due to such
integration has in return speeded up such integration and reform. It also changes our economy,
our politics, our ideology and our way of life, which brings up more opportunities and
challenges for business. Behind all the reforms and changes we meet around us, we cannot
avoid seeing a group of figures in the shadow which direct the trend of such changes in our
earth. They are international/transnational companies, a group of business organizations even
to some extent shaking the status of national government. 45 out of the world top 100
economies are corporations, representing annual revenues of $29 trillion. 1 The annual
revenues of Royal Dutch/Shell are greater than the GDP of Morocco; those of Wal-Mart
greater than the GDP of Poland and those of General Motors greater than the GDP of Denmark.
By using FDI, financial flow, etc, TNCs integrate world economy in a strictly correlated
manner. TNCs and global growth are of interdependence.
TNCs and Risks
Although TNCs are of vital role in the global economy and has their power in influencing
nations, governments and society, they are actually very vulnerable to the external
uncertainties, which in some sense originate from the TNCs and their activities. In
1
World Bank and Fortune magazine, 2002
4
manufacture industry, the uncertainties in market requirement and industrial development
trend would bring down market share and lose competitive position. Export and import
enterprise fear about the uncertainty in currency exchange rate and standard of product
quality. Companies conducting FDI are cautious about the changes in regulation and political
turmoil. Enterprises in Banking industry could frequently be trapped by the defraud actions as
well as investment failure due to unsuccessful management and unexpected changes in the
financial market. As the correlation in business amongst different companies as well as
integration of global economy are increasingly intensified, the repercussion of uncertainty in
one company or industry would soon be transmitted to massive groups of linked companies
or industries with magnified effect. A case ahead is the global economic recession in 2008 due
to the crisis of subprime credit in American real estate industry. Normally these uncertainties
are named as risk, although this definition is not strictly accurate. According to the report of
risk management edited by the economist intelligence unit, there are 13 kinds of risks
threatening corporate global business operation ranging from regulation risk to terrorism risk,
each one of which would lead to hash end for companies. Up to now there is no exact statistics
on how large the annual loss is due to risk exposures in various kinds. However, if we only
observe the general loss in US subprime mortgage crisis deriving from the credit risk, we
might not be hard to imagine how large this amount it could be. (It is estimated that the total
loss can reach $170bilion, which takes up 1.3% of the annual GDP 2006 in the USA. 2 The major
stock index in Europe has declined on average 3%.3)
Reputation risk and TNCs
The threats from risks are indeed dreadful for any company. However, amongst those risks,
reputation risk could be the largest threat facing the TNC. It is undeniable that reputation with
its symbols like brand is becoming one of the largest assets obsessed by the TNC. Some 53% of
the value of the Fortune 500 corporations is accounted for through intangible asset – an
estimated $24.27 trillion. Research conducted by Interbrand with Citybank in 1998, found that
2
3
http://news.xinhuanet.com/fortune/2008-02/22/content_7645527.htm
Conclude from Financial Times and other Magazines
5
the total value of the FTSE 100 companies was £842billion, with goodwill accounting for 71%
of total market capitalization 4 . However such asset’s value is volatile and easy to be
depreciated, depending on the perception from internal and external stakeholders, which is a
risk for TNCs. Especially when new technology and new social powers such as media, internet
and Nongovernmental organizations are increasingly reshaped our lives, any default action
referring to reputation can easily be disclosed with magnified effects transmitted in an
uncontrollable manner. The cost for reputation risk is massive with profound repercussion. It
is not only a problem of fines from authority or compensation fees used for victims and
worsened current performance in a while, but a loss of long term trust within your fatal
stakeholders like investors, partners and customers, a loss of expected future performance, a
drainage of core competence like talent employees and what is more a chance to lower down
other perceived risks such as credit risk, financing risks, etc. A survey recently conducted by
Economist Intelligence Unit shows that most of TNCs companies rank reputation risk as the
No.1 risk and regard reputation loss as predominant loss within organizations.
4
Strategic reputation management, Judy Larkin, 2003
6
Table1.1 Reputation survey by Economist Intelligence Unit, 2005 5
Reputation Risk Management and further thought
Although reputation risk is a No.1 threat and companies do indeed attempt to manage it, the
current situation on reputation risk management is far to be satisfying both in practice and
theoretical research. In theoretical research, reputation risk management is on its infant stage
of research. Currently there is no consensus about how to define it in that one academic group
believe it is a risk category in its own right, the other stresses it is a consequence of poorly
managing other risks.6 It is also lack of research on how to assess, control such risk by using
what methods. Different authors interpret reputation risk management from different
perspective such as knowledge management, public relations, etc without consensus ideas.
What is more, the research on such issue is lagging behind the practical requirement of
corporations. In practice, most companies deal with reputation risk issues from crisis
management and Public relation perspective, which the author of this thesis defines as reactive
actions/strategy. Holding such strategy means giving up the chance to proactive discover the
source of risks, manage and respond them from their origin through process, but passively
5
Working paper: Reputation-- Risk of risk. The economist intelligence unit, 2005
6
Reputation and its risk: the necessity of managing reputation risk, Dr Robert G. Eccles 2006
7
waiting for risk exposing. Most of TNCs employ talent PR staff with strong crisis management
capability. However it is from those TNCs that scandals are frequently exposed such as the
case of Enron, etc. In addition, companies have seldom enough tools and techniques or well
defined process for managing reputation risk. Considering this, the author of this paper cannot
help thinking: Could we manage reputation risk in a proactive way? If so, how could this
proactive strategy manage reputation risk?
These two questions would be a red line through this paper and be the questions the author
wish to deal with.
However, dealing with reputation risk in general terms would only lead to theoretical debate
without any assistance to solve concrete problems. Furthermore, answering the questions
above could be a failure if we could not link them with practical cases. Thus this paper will
take a company case for study, which is Vestas A/S case. Thus the two questions will be
streamlined to be: “Could this proactive strategy link to Vestas Case？ To what extent can
this strategy be applied to Vestas case?”
Since there is no solid theoretical framework or practical model in solving these two problems,
the author of this paper will take an explosive step and methods. According to the author’s
understanding, solving this problem requires two steps: Theoretical construction and practical
application. During theoretical construction process, theories in reputation management and
risk management will be reviewed so that intervention spanning those two areas can be
possible perceived. This intervention might be a key to the solution. Apart from that，other
relevant materials derived from various sources would be scanned so that inspirable thoughts
can be concluded and be integrated. In this part, the following sub questions are worthwhile to
be considered:
1. What is reputation? What is it composed of?
2. How reputation is built up? / What is the process for building up reputation?
3. How reputation can be maintained after successful construction?
8
4. What is risk? What is reputation risk?
5. How to manage risk? What is risk management process, methods and strategy?
6. What are the sources of reputation risks
7. What is life cycle of such risk? How is it formed and evolving?
8. Can reputation risks be managed in a proactive way? If so, how can they be managed?
9. Can we conclude a model for proactive reputation risk management? If so, what is it?
10. What is the further thinking for proactive strategy?
The theoretical construction gives us an inspiration and a rough mind-frame. In the practical
part, such mind frame would be adapted or probably reshaped in the light of concrete case. In
this part, detail analysis on case company’s risk management and reputation risk management
would be made. Based on this, Models formed in the previous part would be applied or
testified so as to answer the questions formulated above. Several sub-questions should be
answered as well:
1. What is the risk management system in Vestas?
2. What is the reputation risk management system in Vestas?
3. Can the proactive reputation risk management model be applicable or testified in the Vestas case?
4. If it is not able to be testified, what are the reasons behind? If it can be testified, to what extent can
the model be applied or testified in the Vestas case?
5. Problems in reputation risk management in Vestas?
6. Ideas about What Vestas should do to proactively manage its reputation risk from author’s
perspective?
Theoretical and practical parts construct the general structure of this paper. Sub-questions
under each part can be viewed as subsections in each part. The detailed paper structure would
be following:

Introduction: In this part, relevant background about reputation risk and TNC is
introduced so as to lead to the necessity of research on the problems issued in the problem
9
formulation in this part plus the thought on how such research could be conducted.

Methodology: In this part, methodology concerning project research would be
presented. Research approaches will be given as well so that by criticism on each approach,
suitable approaches to this paper can be chosen and research design can be implemented
throughout the paper.

Theoretical Part: In this part, theoretical framework leading the whole paper is
attempted to constructed by systematically integrating the parts answering the listed questions
pinpointed in the introduction part

Practical Part: In this part, analysis on Vestas risk management system is made with
focus on reputation risk management, based on which model formed in the theoretical part is
testified and further thinking on proactive reputation risk management in the case company is
made.

Conclusion Part: In this part, conclusion of the whole paper with refection of limitation
and further issues is made.
10
Chapter 2
Research Methodology
Before commencing a project, a methodology has to be worked out on how the structure of the
project should be built up. As a result, it should be necessary to make some considerations on
how the analysis in the project should be understood, discussed and of course what the target
of the project is. It is important that the project, in its working process, should have a clear and
conscious guiding principle of methodological approach. Methodology may be viewed from
different perspectives according to different philosophers. In this project the author
emphasizes that the research is working under the framework of Arbnor and Bjerke’s
perception of methodology. Arbnor and Bjerke’s perception of methodology is shown in the
Fundamental
Presumptions
Paradigm
- Conception of
reality
- Conception of
Scienes
- Scientific
ideals
- Ethics/
Aesthetics
Methodology
Theory of Scienes
figure below.
Methodological
Approach
Operative
paradigme
Study Area
- Methodical
procedures
- Methodics
Figure 2.1- Methodology7
As can be seen, research starts from researcher’s ultimate assumptions which construct the
paradigm and determine the choice of methodological approach. Operation paradigm applies
7
Methodology for creating business knowledge, Arbnor & Bjerke, Sage Publications, UK, 1997
11
the methodological approach to the study area by constructing exact means to conduct
research. Theory of science spans the assumption and methodological approach, while
methodology relates to methodological approach, operative paradigm and relevant study area.
2.1. PARADIGM
The concrete definition of paradigm in general terms is given as: “A set of assumptions, concepts,
values, and practices that constitutes a way of viewing reality for the community that shares them,
especially in an intellectual discipline.” 8 Arbnor and Bjerke developed such definition by
involving content and constitution of it consisting of “a conception of reality, a conception of
science, scientific ideal and ethical/aesthetical Aspects”. 9 Different view point of these paradigms,
either subjective or objective, would lead to different methodological methods and influence
the operative paradigm which is the practical research method and procedure in a target
research area. Related to the paradigm, there are three methodological approaches guiding
business research: analytical approach, system approach and actors approach.
In the following part, the author would introduce these methodological approaches in terms of
its conception of reality, perception of knowledge, human nature and ambition of knowledge
creation under the paradigm each approach chooses. By criticizing them, the author would
come up the research methodological approach adopted in this thesis and furthermore the
concrete research methods and procedure in the reputation risk management research which is
within the framework of operative paradigm depicted by methodical procedure and
methodics.
8
9
www.dictionary.com
Methodology for creating business knowledge, Arbnor & Bjerke, Sage Publications, UK, 1997
12
2.2. METHODOLOGICAL APPROACH
According to Arbnor and Bjerke, there are three methodological approaches for business
research, namely analytical approach, system approach and actor’s approach, based on
researcher’s different view point on paradigm.
The analytical approach is commonly used in scientific study as well as business research. The
reality according to the analytical assumption is objective and independent of its
observers10with structure of stability. The reality is the sum of independent parts, which are
also objective and with casual relations among each other. The human is assumed to be stimuli
receivers. The knowledge from analytical approach is regarded as objective and universal,
independent of human observation as well. The knowledge can be obtained by reproducing
the reality via mathematic model, statistics, etc, through induction, deduction and verification,
which is cyclical process. The ambition of knowledge creation in analytical approach is to
attempt to reproduce the exact picture of reality with validity, reliability, objectivity, and
representatives as their research criteria.
The system approach shares certain extent of similar view point of analytical approach, but has
rooted differences. System approach regards reality as a system composed of subsystems
which are objective or objective assessable. The relations between subsystems or system
components are more complex compared to that of analytical approach simplified into causal
relations. Because of this, the whole is not the sum of different parts but the synergy from the
relation of subsystems. The knowledge according system approach is dependent on system,
which means knowledge is not universal but sometimes unique to certain system. The human
behaviour is also shaped by the system. The knowledge creation follows the producer-product
connections through methodical procedure and methodics with the ambition not only to
illustrate the reality, but reach better explanations and understandings of how various types of
systems behave under different internal and external circumstance 11, doing of which requires
the system analysis and construction.
10
11
Methodology for creating business knowledge, Arbnor & Bjerke, Sage Publications, UK, 1997
Methodology for creating business knowledge, Arbnor & Bjerke, Sage Publications, UK, 1997
13
The actors approach holds the opinion that reality is subjective and depends on the interaction
of the human or actors. The whole is in individual’s mind and it is by intercommunication and
interaction between different actors, clearer vision of reality could be reached. The human
being is playing important role of knowledge creation in actor’s approach as knowledge is
subjective and unique dependent on each actor. The ambition for knowledge creation is to
understand the subjective reality within actors.
2.3. CRITICISM AND CHOICE OF METHODOLOGICAL APPROACH
Analytical approach is often criticized to be over objective and over simplicity which means it
simplifies the relation among elements within reality into casual relations, the consequence of
which is simplified perception of the reality and adoption of the research methods such as
mathematical models, statistic data, etc. If we apply analytical approach in how to proactive
manage reputation risk, the first question is to assume that the reputation is purely objective
and independent of human perception and subjective judgment, which is obviously contrary
to the reality of reputation which is defined as perception and value judgment of stakeholders
over the company. Due to the rooted disagreement of reality paradigm, analytical approach
would not be implemented into the research of this project.
As for the Actor approach, it has been criticized to be too subjective and also to be over
emphasized on individual perception on reality. The knowledge from actors approach could
be over subjective as well without possible link to objective reality, though by dialogue and
communication objective is believed to be reached. Given proactive reputation risk
management case, some assumptions from actors approach seem to be linked to the research
object such as reputation, value judgment, etc. However reputation risk is not purely
subjective as it refers to the economic loss to the company, which is concrete and objective.
This means that the reality of reputation risk is objective accessible. In addition, the solution to
14
reputation risk problem should not be solely dependent on experience or subjective discussion,
but have to link to how to mitigate economic effects or loss. Furthermore, actors approach does
emphasize the infinite discussion and impossibility of reaching real truth, which means that in
our project the problem of how to manage reputation risk should always be left unsolved as
more dialogue and discussion are required.
Compared with other approaches, system approach is more acceptable in business studies.
The main criticism on it is the abstract characteristic of system viewing and understanding
relations, which from author’s perspective is more referring to application rather than
argument on key paradigms of approach. The author believes system approach is aligning
with his systematical view on reality and perception of science and able to integrate theories of
two systems namely reputation management system and risk management system to update
his picture of reputation risk management. In the following part, the author would state how
he organizes research based on system approach.
2.4. METHODOLOGICAL APPROACH USED IN THE THESIS
As stated above, the author here would use system approach as guiding method for research.
The author agrees with the conception of reality within system approach that reality is
objective or objective accessible and systematically organised. In this thesis, the author does his
research on reputation risk management, which from his perspective is a system. Such system
is under the super system of corporate management system and composed of many
components namely reputation risk identification, reputation risk analysis, reputation risk
control/mitigation, monitor and report. All these components are organised as sub system in
that within each of them other components regarded as sub-sub-system can be viewed. Take
the subsystem of reputation risk identification for example, it involves stakeholder
identification, profiling and stakeholder scanning, each of which has its own system structure.
15
Corporate Management Syatem
(Super System)
Reputation risk management system
(Sub System)
Reputation
risk
analysis
Reputation risk
identification
Stakeholder
identifying
Reputation
risk
control
Stakeholder
profiling
Stakeholde
r scanning
Reputation
risk Monitor
and report
Figure 2.2 systems in this paper 12
The components under the reputation risk management system are closely related by relation
in a cyclical form, which in return creates synergy of either appreciated or depreciated
corporate reputation value, or economic ads or loss which represents the objective accessibility
of reputation risk management. The reputation risk management system is not closed but an
open system which means it should be studied under system context and influenced by
several factors in the context while in the meantime the system has no power to change these
external factors. In this thesis, reputation risk management system would be put in a corporate
case, Vestas case and studied under the Vestas corporate context. Such system could probably
be affected by factors from its environment such as corporate resource, corporate governance,
IT and knowledge management system, etc. All these factors would possibly influence the
components of system and come up a new system related to the context. For example, if the
company assigns the task of managing reputation risk to other department rather than risk
12
Made by author
16
management department, the system form of reputation risk management might be different.
As for the knowledge perception and knowledge creation, the author follows the ideology of
conception of science under the system approach. In system approach, knowledge relies on
system and allows the active role of knowledge creators to understand the system or explain
the system. The former knowledge creator is deemed as hermeneuticists and later one the
explanaticists. The author does not take the willing to be explanaticist like analytical
knowledge creator or purely hermeneuticist who would interpret the reality without
delimitation, but to create knowledge within system by following the path of hermeneuticists.
As writing this thesis is a process of knowledge creation, the author attempts to organise it in a
system form, which takes the route of system analysis and system construction. The system
analysis here is to analyse two interlinked systems that is reputation management system and
risk management by depicting the concepts, theories and describing them in a logic structure.
As previous reactive reputation risk management system is proved to be of dysfunction in the
business reality, the author here attempts to construct a new proactive reputation risk
management system represented as proactive reputation risk management model based on the
result from system analysis, via integrating some analogous elements. For example in
reputation risk identification section, stakeholder identification is linked to risk identification;
in reputation risk analysis section, risk prioritisation is linked to stakeholder prioritization, etc.
Realizing the possible conflicts between system and its environment, the author would testify
this model when it is applied in Vestas case and give his understanding on the conflicts, which
help to create further knowledge. To put it into more clear vision, the whole process of
knowledge creation in this thesis would follow a hermeneutical learning process, which means
a theoretical framework on proactive reputation risk management is built first and afterwards
testified in the Vestas case so that a reflection on model’s adaptability would be generated. In
other words, the author would take three stage study process. In the first stage, a formulated
problem with supplemented sub-questions would be given to clarify what the research is for.
Then the author would analyze reputation and the reputation management system from
viewpoints of its components, building process, relevant theory, etc. The system of risk
17
management would be analyzed too. When finishing the system analysis, the author will
attempt to construct a new system by linking risk management system to reputation
management system in order to reach a new system model namely proactive reputation risk
management model. These system analyzing and constructing stages construct the theoretical
part of this paper. Finally, the new system model would be implemented into the Vestas case
to explore its adaptability for reputation risk management in practice, the outcome of which
would lead to the further reflection on the problems we desire to solve
SYSTEM ANALYSIS:
SYSTEM CONSTRUCTION:
Reputation risk & Risk
Proactive reputation risk model
management
THEORY
PRACTICE
PROBLEM:
IMPLEMENTATION:
How to manage Reputation
risk in proactive manner?
Vestas A/S reputation risk
management
Figure 2.3 Three stage study for knowledge generation 13
2.5 OPERATIVE PARADIGM AND RESEARCH DESIGN
Three methodological approaches provide a framework or guideline for proceeding to the
project. However, it is by operation paradigm that solid research design and procedure would
be implemented. An operative paradigm relates a methodological approach to the area of
study. Operative paradigm consists of two important parts: methodical procedure and
methodics 14 . Methodical procedure refers how the knowledge creator selects, adopts and
modifies theories, techniques, tools, etc during the research, while methodics concerns how
13
14
Made by author
Methodology for creating business knowledge, Arbnor & Bjerke, Sage Publications, UK, 1997
18
research is actually conducted. The methodics and methodical procedure construct the whole
picture of research design illustrating the logics and process of research.
The methodical procedure in this thesis is to adopt and modify proper theories and techniques
for methodics. The theories adopted are mainly within the sphere of reputation management
and risk management including concepts (such as concept of reputation, concept of risk,
reputation risk, proactive reputation risk management, etc) and theories (such as stakeholder
theory, risk lifecycle theory, risk management process, etc). Such theories are mainly
concluded from different literatures. As such theories are within different assumptions and
concepts held by different authors and some of them are even contradicted with each other,
the author thereby redefines many concepts and assumptions in terms of the research
intention of this paper and organises them into one theoretical system serving for constructing
system model. In the practical part, the author takes the technique of case study. The materials
for case analysis compose of primary data from face to face interview, but also secondary
information from varied sources such as Vestas webpage, Vestas annual reports, Vastas
corporate slices, Industrial report, etc. The author ranks the information obtained in terms of
criteria like credibility, accuracy and relevance. For example the corporate internal slices (if
any at all) would be ranked to the highest as it has the best accuracy, relevance and credibility
to the research target though they are normally hard to be available. Following that, data from
face to face interview, corporate annual report could be positioned to the lower rank and
industrial report would be at lowest rank due to its low relevant information to this paper.
The methodics in this paper follows the system logics of analogizing theories, constructing
models, case studies, model certification and conclusion. The author starts his interested
problem area by viewing the dysfunction of current system in managing corporate reputation
risk. Inspired by the system thinking, the author holds the ambition to construct a new system
to compensate the gap due to the dysfunction of old system and requirement of reality. The
author takes the step to make paper review and make system analysis over different system
theories to understand their concepts, components and structure. After that the author selects
two major theories system, namely reputation management system and risk management
19
system as elements source for methodical procedure. By further analyzing the two systems,
the author explains the correlations of the two system elements and builds up model of new
system (namely proactive strategy system) as an alternative product for replacing the old one
(reactive strategy system). To understand the fit between new system and its environment, the
author takes the case study and put the system in Vestas environment. By analyzing the fitness
and possible contradicts, the author would realize the applicability of such system under the
case corporate context and conclude the reflection over its limitation and further issues. Tools
like Interview, paper review on secondary materials about Vestas risk management system
would be put to use. The project design below illustrates the details of methodics throughout
the project.
20
Chapter One
Problem Formulation
Chapter Two
Research Methodology
Chapter Three
Theoretical Framework
Reputation and Reputation
Management
Risk and Reputation Risk
Risk Management
Proactive Reputation Risk Management
Concept:
Reputation, risk,
reputation risk, risk
management, etc
Models For proactive Reputation Risk Management
Theories:
Reputation theories,
Stakeholder approach,
Risk life cycle, Risk
management strategy,
Risk management
process, Risk modeling,
Knowledge Management,
etc
Chapter Four
Reputation risk management
in Vestas A/S
Risk management in Vestas A/S
Reputation risk management in Vestas
Reputation risk management in Risk
management department
Reputation risk management in
communication department
Testing proactive reputation risk management model
Testing model in risk management activities
in Vestas
Testing model in communication activities in
Vestas
Conclusion on model certification
Proactive reputation risk management in Vestas
Data:
primary data
Secondary data
Technique:
Interview, Desk
research, Paper Review
Chapter Five
Conclusion Part
Conclusion on the whole thesis
Limitation and reflection
Figure 2.4 project design15
15
Made by author
21
Chapter 3 Theoretical Part
3.1 REPUTATION AND REPUTATION MANAGEMENT
We have mentioned a lot in the previous part about reputation risks in which is the research
sphere of this paper. However, before we make discussion on such risk, we might have to be
aware of what reputation is; how reputation can be settled in practice and maintained in the
operations. In this section, we would make a discussion about them by reflecting to the
literature and our general logics and understanding over such issues.
3.1.1 REPUTATION AND ITS COMPOSITION
What reputation really is can be one of the easiest and most sophisticated questions in our
mind. The definition in our daily life could be visible but segmental. Reputation can be a
vision that others hold about the object they are concerning; Reputation can be a sort of feeling
or emotion when we use a product, enjoying service or even staying with and talking about
somebody or something; Sometimes it also can be a judgment or an impression about someone
and something. Different people can define reputation in different ways. If we link reputation
to the company, we would from our first intuition come up many terminologies such as
corporate image, corporate brand, etc. In most literatures, such terminologies like corporate
image are indeed interchangeably used with the term-reputation. However, this way of
definition can be blurring and illogical in that these two concepts might not strictly match each
other. (Or else why we do not conclude them into one concept) Finally we are still left to
explain the concrete definition and the relations amongst those terms.
Actually many authors have tried to give distinctive definition to reputation in the corporate
context. Judy Larkin(2003) defines reputation as a reflection of how well or how badly
different groups of interested people view a commercial name. It implies a value judgment
22
about the attributes to the company and is established over time, which is based on trust and
belief.16 Grahame Dowling (1994) argues that reputation is the evaluation (respect, esteem,
estimation) in which an organization’s image is held by people.17 Croft Susan (2003) makes a
deeper consideration about the essence of reputation. In his opinion, reputation is the sum of
the values that stakeholders attribute to a corporation, based on their perception and
interpretation of the image the company communicates and its behavior over time 18 . His
definition gives us an inspiration that value interchange between companies and stakeholders,
which is a group of entities and peoples having interest attachment to the company’s behavior,
is a core of reputation and its building. The author of this paper prefers to adopt Grahame’s
thought over reputation definition and give his own definition on reputation in the following:
Reputation is the value judgment hold by various stakeholders attributed to the corporation, which is
generalized from stakeholders’ knowledge, obtained information and value exchange with corporation
over time. The Reputation is end up with value commitment, which leads to trust and belief in a
sustainable manner.
From this we might feel a little bit clear about reputation essence which is value judgment.
Reputation could not be a uniformed concept unless special stakeholder group is defined.
Value judgment can be different from one group of stakeholder to another which in return
results in different reputation. Thus when mentioning reputation, we have to consider
stakeholder. When discussing reputation risk, risk in stakeholder value judgment should also
be considered.
Reputation is not a concept that could be mixed with other concepts such as corporate identity,
corporate image and brand. Actually, those concepts compose of the reputation concept and
are interrelated in a mechanical way. When discussing the composition of reputation, we have
to define its components, namely corporate identity, image and brand.
16
Strategic Reputation Risk Management, Judy Larkin 2003, Palgrave Macmillan Press
Corporate Reputations-strategies for developing the corporate brand, Grahame R. Dowling1994, Kogan Page Limited
18 Managing Corporate Reputation: The New Currency, Croft Susan 2003, Thorogood London
17
23
Corporate identity is the vision the company attempt to preach to the stakeholders about itself.
It takes normally in physical forms such as logos, advertisement, color schemes, uniforms, etc,
but not limits to them. Corporate identity also includes the unphysical forms such as service,
corporate culture, experience of corporate product, etc. Corporate identity is transferred
through advertisement, internet and even appearance of daily operation, etc, which is
information transmission at single direction.
Corporate image is the vision, the belief, the knowledge or attributes in the stakeholders about
the company at one time point. In other word, corporate image is what stakeholders think of
company at any moment. Corporate image has two dimensions: one is cognitive dimension
and the other is emotional dimension. Cognitive dimension refers to the vision, the knowledge
and the general perception on corporation. For example, when we mention TNC, we could
come up the impression of skyscrapers in business district. When we mention Vestas, We
would firstly get the image of wind turbines. The emotional dimension is more about feelings
and belief the stakeholders hold about company. For example, when we mention Mercedes
Benz, we might get the feelings of high quality, stability, safety and honor. Such feelings and
belief are relatively subjective to stakeholders’ own experience and current information about
company, its integrity and its behaviors19 based on their own value judgment.
Corporate Brand derives from corporate image and identity. Corporate brand is also
composed of cognitive and emotional elements and is concerned from stakeholders’
perspective. However the stakeholders we mention here is limited to customers. Corporate
Brand from cognitive perspective is any tangible symbols identifying company itself as well as
distinguishing it from others, such as logo, trademark, etc while from emotional perspective is
the intangible attribute such as trust, belief, satisfaction symbolized into name, logos,
trademarks to the current or potential in the market. Corporate brand is formed from
consistently consolidated identity, image construction over time based on value exchange and
19
Managing Corporate Reputation: The new currency, Croft Susan 2003, Thorogood London
24
distribution carried by products and service to customers. Corporate brand is commitment
given to the customers who hold trust for such commitment. Corporate reputation is the
brand in all stakeholder group rather than only customers. Corporate brand helps to develop
reputation over time as customers are the largest or dominant stakeholder group in almost any
company and would be empowered to influence other stakeholder group directly or indirectly.
Corporate reputation comprises corporate identity, corporate image and also corporate brand.
Corporate reputation shares the same component and essence of corporate brand but only
extend its focus group from limited stakeholders, namely customers to lager categories. In
addition, it is also important to mention that corporate brand is not the same as product brand
although they are closely related. Figure 3.1 illustrates the relation of reputation, brand, image
and identity.
Now that we are clear about the components of reputation, then it is natural that further
discussions about how reputation is build and how it can be maintained should be made,
which leads to our next subsections of this part
3.1.2 BUILDING CORPORATE REPUTATION
Building reputation is not a difficult task; however building a good reputation is not easy. It is
in this process of building reputation, risk might occur. However, before we step into such
sphere, we have to know how reputation is built from theoretical perspective, which would be
presented in this part.
As has been stated in the last section, corporate reputation has its components, respectively
corporate identity, corporate image and brand. It is the mechanism existing amongst them that
comes up the formulation of reputation. The following graph illustrates the general picture
about how reputation is formed.
25
Corporate Reputation
Corporate Brand
Corporat
e Image
Corporat
e Identity
Figure 3.1 Corporate Reputation composition and building
When corporation is founded and operating, a certain identity would be transmitted to the
stakeholders through information channel like advertisement, media, cooperation and
business partnership, etc. For most of the TNCs, they would lay sufficient energy on certain
vision and identity projection that are in favor of the corporate requirement. Logos and other
symbols of company like annual report, packages, etc, must be unique, attractive and
correlated to the company business and mission in a persistent way. The information channel
must be clear and effective so that the information sustaining corporate identity can reach the
target stakeholders in intact manner. What has to be noticed is that some other channels like
daily operation, cooperation with business partners, employees and managers can all be
channels for such identity consolidation. Besides projecting identity also refers to the wider
issues of how employees and internal market interpret this identity compared with the
projected, external identity, which alongside positioning helps create the desired image.20
Stakeholder is the receiver of such information and the image creator of corporation. After
receiving the transmitted information, stakeholders would first portrait a vision of company
and later a cognitive image as more information comes and more knowledge is acquired.
20
Managing Corporate Reputation: The new currency, Croft Susan 2003, Thorogood London
26
Stakeholders at this point would turn their role from passive information receiver to active
obtainer. What they would do is to experience corporate core business or other behaviors and
make intuitive and initial value judgment to decide its psychological attribute (eg, Is this
company doing something good? Can we accept this company?) Afterwards they would
compare corporate activities with other peers or even competitors and finally reach their own
conclusion and judgment on company status in their mind (Is this company more acceptable to
us? From our psychology, which company is closer to us?). This two-stage process is called
image positioning with the first stage defined as image acceptance positioning and the second
stage termed as image status positioning. Such positioning is important for company as after
such positioning emotional image is formed which might be stable and allergic and image
construction process is over. Positioning is the only way to turn corporate identity into
corporate image. Image positioning might lead to image gap between the preached image the
company wishes to be formed (corporate identity) and the actual image in stakeholders’ mind.
Image gap also refers the issues of distance between stakeholders’ understanding and
expectation from corporate promise, and the actual fulfillment of such commitment done by
the company. Image gap is a major reputation risk existing in most of industries and trapping
lots of companies. There is something more the author wishes to concern over the emotion
dimension of the image. From brand management and marketing perspective, such emotion
attachment constructs the core advantage of our company distinguishing ourselves from our
peers and competitors. Especially the image status determines the priority of trust and belief in
stakeholders’ mind against our competitors. This explains why many companies surviving
from crisis issues could not go too far in business success because your image status is
replaced and you are less close to the stakeholders, mainly customers any more.
Furthermore, we must be aware that image should be referred from stakeholders’ perspectives,
which means the possibility of different images coming up from various stakeholders that
corporate business and behavior concern. Therefore when mentioning image, we have to
ascertain from which stakeholder group it is defined, the principle of which can be also
applicable in reputation issues stated later in this chapter.
27
As have been identified before, image is a time-point concept while reputation is an accrued
concept based on value interchanging and judgment between stakeholders and company itself.
After consistent image building and reflection in stakeholders’ mind over time via image
positing, the emotional aspect of image has been repeatedly consolidated which in
consequence generates trust attachment from stakeholders to the company. Such trust
outcome originates from the long term value judgment from stakeholders over the company.
When the value commitment followed by the company has in a relatively long time
continuously matched that of the judgment held by the stakeholders not only in presentation
but in real conduct, a sense of trust is emerging and thus sound reputation is preached and
formed. From this angle, reputation is trust and belief recognized and stocked by stakeholders
about company over time, which is often regarded as reputation capital and might sometimes
help to absorb the shock from business loss to the company. This can therefore explain why
the reputation is so important to the company and even market economy whose foundation is
trust and credit. However, as has been mentioned in image consolidation, stakeholders are not
in a unanimous group but should be divided into distinctive sections. Even some of the
stakeholder groups are contradictive in group interest. Thus the value judgment from different
stakeholder group can be distinctive and reputation which is defined from stakeholders’
aspect could be different as well. Hence managing reputation must take stakeholder
management into consideration and corporation willing to construct and maintain good
reputation should lay special emphasis on stakeholder issues. In reputation risk management,
one of important theories is stakeholder approach. In the latter part, stakeholder approach
would be presented in details later on.
3.1.3 MAINTAINING CORPORATE REPUTATION
After successfully building up a good reputation, then it is the process for reputation
maintenance. For reputation maintenance, there are no common theories adopted but actually
arguable amongst academic fields. Most of theories are approach focus which presses the
28
methods for reputation maintenance and management. One approach follows Public relation
perspective. Public relation in most of circumstance emphasizes continuous image building
and identification through tactics like advertisement, campaign, sponsorship and charity to
maintain good reputation. In public relation, the accountability, transparency and
responsibility are frequently articulated, but they often only stay on the paper. Recent
corporate scandals and crisis cases prove the failure of isolated public relation in reputation
maintenance, which actually worsens the trust on corporate behavior. Now that Public relation
is out of function in crisis, then crisis management could be an attempt to maintain reputation.
Thus crisis management methods come to the platform. Crisis management deals with crisis
defined as “the critical moment and turning point of difficulty and danger”.21 It is the process
of preparing for and responding to an unpredictable negative event to prevent it from
escalating into an even bigger problem, or worse, exploding into a full-blown, widespread,
life-threatening disaster. Crisis management involves the execution of well-coordinated
actions to control the damage and preserve or restore public confidence in the system under
crisis. 22 Crisis management is the last fence of reputation protection for company. Its
effectiveness depends on the severity of issues, flexibility of company in issue dealing and
capability of crisis staff. Crisis management is a compensatory action after damage has been
done. In addition crisis management planning and conducting itself is costly. Having realized
the shortfall of the approaches mentioned above, other authors state their understanding over
reputation maintenance in their literatures. Croft Susan(2003) addresses that maintaining good
reputation requires integrating communication matrix with marketing matrix the outcome of
which is the term Integrated marketing communication. In Judy Larkin’s book, corporate
social responsibility has been leveraged on a high level for sustainable reputation maintenance.
In Forstmoster and Herger’s paper, triple bottom line supervision, namely streamlining
corporate governance by reaching the synergy of business success, social responsibility and
environmental protection has been mentioned and regarded as philosophy for successful
reputation maintenance. All these ideas held by different academic groups and authors
21
22
Oxford advanced learner’s dictionary of current English, fourth edition. 2004
http://www.siliconfareast.com/crisis-management.htm
29
contribute to the thought on reputation maintenance piece-mealy.
In the author’s opinion of this paper, reputation maintenance despite of its different
presentation could not be more than successfully maintaining clear, unique corporate identity;
keeping image vision to stakeholders be positive and respond to the changes of value
expectation as well as promoting or stabilizing the image status in stakeholders mind;
ascertaining consistently value exchange with stakeholders so as to reinforce trust between
stakeholders and the company. On company side, what they can fully control is the identity
sides while image can be harsh to control over stakeholders. In maintaining corporate identity,
the author stresses several points worthwhile to be noticed. One is the uniqueness of identity,
which means the logo, corporate/product name, trademark can distinguish our identity from
other peers, demonstrate our value orientation directly and be welcomed by the target
stakeholders. It also refers to the legal issues such as trademark, logo registration and
propriety right so that our hospitable identity can be kept and protected. The other is the
consistency of our identity. One consistency requirement is the unanimous vision provision in
geographic scales, which means the company should prevent the inconsistence of vision
provision in different territories. For example the discriminative service or products provision
in less developed countries where less strict litigation or depowered NGOs is. Another
consistency is in vision provision in time scale. It is sometimes the case that companies change
their long-used logos and other identity symbols where the vision of companies changes too,
which leads to the confusion of vision in the consumers’ mind. In addition there is also one
consistency requirement on vision preaching sources. For example, in advertisement, a house
keeping company show themselves up by exhibiting clean machines and neat dressed staff in
uniform while in real service untidy machine and staffs without uniform would ruin the vision
formed in the advertisement. Managing image does not depart from its component
management. As image is composed of image vision, image cognition and image emotion
comprising image acceptance and status, image maintenance should be the task of integrating
the maintenance of whole components. Image maintenance from cognitive perspective can be
controlled or monitored via corporate identification methods such as advertisement, logo,
30
media propaganda, etc. However, maintaining from emotional stage can be uneasy as
supervision over stakeholders’ subjective emotion could be uncontrollable. The author at this
paper suggests the following arguments for consideration:
1. The largest expectation from stakeholders to the company is not charity, sponsorship, or
other so called social responsibilities, but whether this company can do good business in its
selected industry, which explains the most valuable corporate commitment to the
stakeholders and society. For customers, the value for company to exist is to provide
valuable product, service and consistently doing this. By doing this, company can keep its
financial achievements so that other stakeholders such as investors, governmental
organization can be satisfied. Therefore, the fundamental strategy for image maintenance is
doing good business.
2. Doing good business is the integration of comprehensive corporate operation and
behaviors including production, process management, financing, marketing, R&D,
innovation, etc. Therefore, maintaining sound image is not responsibility of certain sectors
but duty of whole departments. CEO and management boards should be the coordinators
of image maintenance and also one of the most significant image ambassadors for the
company.
3. Doing good business also states two meanings: one is to do something correct and to do
something better. To do something correct does mean to compliance to the common value
of the stakeholders such as regulation, production standard, codes of conduct, etc and also
provide expected value to the stakeholders through business operations. To do something
better requires company to exceed itself against competitors in its core business and
achievements so as to raise competitive image status within stakeholders’ mind.
4. Maintaining image is also referring to fulfilling the expectation of stakeholders. We have to
ascertain the expectation is within our capability and effectively reached by our business
31
operation, service, product provision, etc. Discrepancy or gap between stakeholders’
expectation and reality should be eliminated, no matter expectation is higher or lower than
reality.
5. Effective communication is also important for maintaining sounding image. Effective
communication does not only mean one-way message transmission via efficient channel or
selection of stakeholder group, but an attitude to listen to the voice of internal and external
stakeholders and quick actions to make improvement. Message transmission is not only at
the duty of one or two departments but integration and aligning of all corporate sectors to
articulate in one voice. Communication also has to take cultural and language elements
into concern so as to prevent any misunderstandings.
Successful image maintenance over time helps to settle up good reputation capital and also
key stages of reputation maintenance. Image maintenance is implemented on operational level.
However, apart from daily image maintenance, maintaining reputation from strategic level
calls for its notice. On strategic level, reputation maintenance entails the forecasting and
anticipating the trend of stakeholders’ value changes as well as the strategy planning to
encounter such changes. On strategic level, reputation maintenance demands a reputation
management principles and processes affiliated by technology adoption and innovation in
managerial ideology.
What mention above is some general arguments rather than listing the techniques like other
authors. Based on such arguments, the author can develop his own measures for reputation
management, namely integrating and adopting risk management thinking and ideology for
reputation management.
32
3.1.4 STAKEHOLDER THEORY
In reputation management research, there is an important research area noticed by reputation
managers or academics: stakeholders. The term stakeholder was first recorded in 1708 as ‘a
person who holds the stake or stakes in a bet’. Today’s standard dictionary definition is ‘a
person with an interest or concern in something’. The definition in this paper is the social
entities either person or organization who has interest in the company. Stakeholder theory
refers to the assumption that company is an entity of the society. It is internal or external
environment is formed by social entities or individuals who have correlated interest within the
company. This social group can be influenced and also impact on company, either in macrodimension such as corporate strategy, achievement, policy, etc or in micro-dimension such as
specific project or program . Stakeholders can be resource holders. It is the exchange of
benefits or function requirement between company and stakeholders that reaches the balance
in company operation and its environment. As we stated in the previous parts, reputation is
formed by stakeholders and defined depending on which stakeholder group is mentioned.
Thus the role of managers in charge of reputation should recognize stakeholders’ need, deal
with the relation with them and also find out the network structure among the stakeholders
themselves. The stakeholder theory gives a fresh view over such issues.
Stakeholder or shareholder, who is more important for company, is a hot topic within the
corporate governance discussion. The paper here has no intention to make more argument
over such issue from corporate governance perspective, but wish to pinpoint their relation in
reputation area. Shareholder obviously is a member of stakeholders as it is the owner of
company with closest interest correlation. Because of this, company should represent
shareholder interest. The biggest interest of shareholders is profits earning and corporate
growth in sustainable and long term manner. Reputation is the most valuable asset and often
regarded as a key competitive advantage for any company willing to be successful. Reputation
is valuable in that it stands for trust and belief from other stakeholder group. It is such trust
and belief that keeps the resource exchanges vital for corporate survival and profits earning
33
currently and in the future. Therefore, shareholders should put reputation value into their key
interest and have to sacrifice their certain interest for reputation protection. This also means
that when conflicting with other stakeholders, the shareholder might sometimes be prioritized
to be lower rank. Thus under certain circumstance, the corporate management should consider
other stakeholders’ interest first so as to maximize shareholders’ long term interest.
Apart from shareholder, company is surrounded by other stakeholders within or without
corporate entity. In Gramhame Dowling’s book, “corporate reputations”, 15 typical
stakeholders are introduced. Croft Susan in her book “Managing corporate reputation” also
listed 14 stakeholders. The author concludes the common part of them and lists them below:

Customers: current and potential

Labors: current and potential employees

Government and communities

Pressure groups and watchdog bodies: NGOs, audit agents, media and press, unions,
opinion leaders, etc

Investors or shareholders

Suppliers, distributors, service providers, business partners, alliance

Industry bodies and other social entities: trade associations, professional societies,
competitors both current peers and new enters.
Stakeholders listed above is in just general scale and the identification of stakeholders depends
on corporate situations including its policy, strategy, projects and the industry the company is
working in. Stakeholder identification is meaningless if it is not classified and prioritized.
Stakeholder classification bases on the assumption that stakeholders are different, but share
certain similarities in certain characteristics. Such classification helps to understand their
relationship, which would assist our reputation management from dealing with stakeholder
relations. Grahame(1994) classifies stakeholders into 4 groups: normative group, functional
group, diffused group and customer group. Normative group is that have authority to in
influencing regulation compliance and rules fulfillment, such as government, regulation
34
agency. Functional group can impact your business operation in functional manner, such as
supplier, employees, business partners, etc. Diffused group is those stakeholders who take
interest in your organization concerning the interest protection for others. NGOs are a typical
example. Susan(2003)classifies stakeholders only into two groups: key or primary stakeholders
and secondary stakeholders, respectively those directly affected or expect to benefit from an
organization and those with intermediary role 23 . Even from literatures outside reputation
management, relevant classification can still be perceived. For example in relationship
marketing, six market framework, namely internal market, referral market, influence market,
supplier and alliance market, and recruitment market, can also be used for stakeholder
classification though concept expansion is required. From the author’s perspective,
stakeholder classification depends on research purpose and criteria settlement. There is no
unique method. Actually classification process is often mixed with prioritization and analysis
process by deciding the power and influence stakeholders have on companies.
Stakeholder prioritization is due to the fact that stakeholders are not of the same importance
to company who has limited resource to do overall research or tracing all stakeholders’
behavior. Shareholder prioritization aids company to concentrate its limited resource and
capability on key stakeholders group, namely those with significant power and importance to
company. In the marketing theory, opinion leaders are the group of customers capable of
influencing other customers. Therefore, such person is normally becoming focus person in the
eyes’ of sales person. In stakeholders, there are still the same groups of person powerful
enough to influence other stakeholders or directly react to the corporate action. These people
are powerful and company cannot omit their role in reputation management. There are other
people though powerless from the face, but their ideas, feelings, and needs are directly linked
to corporate survival and successful, which means they are important enough to be prioritized
to the leading place. These two stakeholders are just two extremes and each member in the
whole stakeholders group can rank their status in power and significance, which determines
their priority position in the corporate reputation management. It is also noticeable that the
23
Croft Susan 2003, Managing Corporate Reputation: the new currency, Thorogood press, London
35
rank for each stakeholder group can be changed, depending on concrete situation.
Normally such prioritization requires deep perception and understanding about stakeholders
and is conjunct with stakeholder analysis. Stakeholder analysis is a process of profiling
stakeholder, figuring out their opinion and expectation over issues and problem you wish to
clarify, analyzing their mutual relation, predicting the actions and behavior of them over your
target issues, assessing the capability of different stakeholders and groups to participate and
support and assessing the appropriate type of participation by different stakeholders at
successive stages in your project24. Stakeholder analysis provides important information about
stakeholders for priority and relevant strategy company can use for issue dealing. It is also
important for reputation building, maintenance and protection. Stakeholder analysis should
run through the whole stakeholder and reputation management process so as to maximizing
corporate value.
Stakeholder theory also merits the activities on stakeholder relation management. As might be
inspired from statements above, stakeholders might be different groups from groups but still
be integrated by certain network. A good reputation manager has to understand the network
amongst stakeholders so as to design proper strategies and methods to maximize reputation
value amongst them. Stakeholder relation management entails effective communication with
stakeholders: gaining their attention; knowing their need, requirement, and expectation over
company; tracing their demands changes; eliminating their misunderstanding about us; and
under circumstance inviting them to participate our strategy design, decision making and
those actions affecting them. In general, stakeholder theory provides us a new view on
reputation management and reputation risk management. In the later chapters, the author
would use such theory in reputation risk managing model design.
24
Managing Corporate Reputation: the new currency, Croft Susan 2003, Thorogood press, London
36
3.2. RISK AND REPUTATION RISK
Risk is one of the most commonly used concepts in business operation as well as daily life.
Although it is frequently mentioned, the definition of such term is ambiguous from our
intuition. As this paper is dealing reputation risk management issues, the first step is to clarify
the definition of our research target: risk and reputation risk. In this section risk definition and
reputation risk definition would be given as basis for further research.
3.2.1 RISK CONCEPT
Risk always accompanies uncertainty. Uncertainty and risk is twin concept in any risk
management literature with distinction. Uncertainty is anything out of possible prediction and
its impact is not able to be forecasted. Risk is a sort of uncertainty. The definition of it is
various depending on which risk categories and research aspect they conduct. As most current
risk management literatures focus on financial risk, risk definition from this angle is referred
as various predicted outcome distributed in range possibilities, which means the possible
outcomes of uncertainties are identified while the exact outcome incurred is unknown but
followed a range of occurrence possibilities. However, this definition does not work for most
of business risk such as brand risk since the possibility prediction of such risk occurrence is
harsh. Other definition is more loosely given. Allen (1995) refers risk to fulfill four parameters:
susceptibility to changes or external influence, probability of occurrence, severity of impact
and degree of independency with other factors of risk. 25 The author prefers to adopt the
corporate risk definition stressed by Karsten Andersen and Anette Terp, which is expressed as
Internal and external uncertainties, events, or circumstance that the company must understand and
managed as it executes its strategies to achieve business objectives and shareholder value26.
This definition explains the sources of risks and the importance of managing such risk for
company, which is to achieve business objective and shareholder value. Although this
definition omits the technique element in risk which is probability and its distribution, it
25
26
Risk management in Business. Allen, D.1995. Cambridge University Press, Cambridge
Perspectives on strategic risk management, Torben Juul Andersen 2006, Copenhagen Business School Press,
37
expands the scale of risk on research.
Apart from uncertainty, there are other concepts in risk meriting clarifying. Risk has cause and
effects. The cause of risk is called risk factor. Risk of one type can generate other risk events in
a chain, for example the risk in food contamination can lead to ruins in corporate reputation.
The result of risk is normally regarded as loss, which is a cost for company. However, some
risks are not of negative outcome, but alternatives in both loss and gain. The example of such
risk is investment risk, business risk, gambling, etc. The risk comes up only loss is referred as
pure risk, while that ends in either loss or gain is speculative risk. Pure risk is also called as
downside risk as it depreciates corporate value while speculative risk can create opportunity
and be called as upside risk. Therefore, the perception on risk should not be on the possible
loss but the opportunity for value creation, which means that sometimes company should dare
to take risk, though special risk threshold(or risk appetite) have to be identified. Risk threshold
is determined by how much loss the company can bare and its attitude to risk. The occurrence
possibilities and severity of risk can be increased by certain risk factors. Such risk factors is
named hazard. Hazard is distinctive from hazard risk, which belongs to risk classification and
is defined as risk from physical environment such as flood, fire, typhoon, etc.
3.2.2 REPUTATION RISK AND ITS MATTER
In the statement above we know the meaning of risk and its relevant concepts. In this part we
would set foot into the reputation risk and its matters. Defined as uncertainties or events
influencing corporate value, risk has its categories given which areas it has impact on. One of
risk categories is business risks where reputation takes part. Reputation risk has been defined
in many manners from different authors. David Abrahams(2008) gives his understandings on
reputation risk: reputation risk groups together those issues that arise from failure to meet
expectations of performance that apply to any comparable organization operating in the same
filed27. In the new draft Integrated prudential Source Book the Financial Service Authority( FSA)
27
Brand Risk –Adding risk literacy to brand management, David Abrahams 2008, Gower Publishing
38
defines it as: “the risk that the firm may be exposed to negative publicity about its business
practice or internal controls, which could have an impact on the liquidity or capital of the firm,
or cause a change in its credit rating.” 28 In Reputation Risk consultants Ltd, reputation risk is
conclude to be failure in stakeholders’ perception and loss of trust for the public. Concluded
from all these definitions, we might find an anonymous aspect over reputation risk, namely
failure in meeting stakeholder expectation, which mainly is presented by image gap. However,
the author of this paper might question such definition. For one thing, the assumption under
such definition is that currently company has wide-spread identity awareness. If the
awareness depth or width is lower than corporate target, it is also an uncertainty and loss for
company, which in effect is a risk. For another, such risk definition only emphasizes negative
image gap, namely reality is lower than expectation, neglecting positive image gap, which is
the circumstance that reality is higher than expectation. Finally under such risk definition, the
company would lose passion to change its image status as 0compared with competitors, our
image status is low and consequently our expectation is low and our reputation risk is low.
However as stated in the previous parts，image gap, especially negative gap is the main risk
factors leading to damage in reputation. Combining the definitions to risk and reputation, the
author in this paper gives his own definition over reputation, though far from perfection:
Reputation risk is uncertainties, events or circumstances that undermine the favored value judgment
hold by stakeholder over companies via impact on corporate identity, corporate image and long term
trust formulation, which results in reputation value depreciation and economic loss for the company
either in short term or long term.
Reputation risk is unlike other risk as it has its own features which lead to the management of
it to be unique and distinctive. The characteristic of reputation risk is following:
1．Reputation risk is regarded as the No. 1 risk within corporation, but without proper
28
Managing business risk, Adam Jolly 2003, Kogan Page and contributors
39
management. Such saying is due to the fact that the value of reputation now takes
predominant portion in corporate capital and reputation (and brand) has become key
competitive advantage of organization. However, the high vulnerability of such asset
increases the risk and its effect on corporate survival. Up to now there is no much research
on reputation risk management, which means the insufficient theoretical bases for practice.
What is worse, reputation risk is not a part of existing risk management frameworks
without defined process, tools and techniques as well as body of responsibility for
managing such risk in the organization29.
2．Category of reputation risk is unclear. Reputation risk is hard to quantify. There is
argument about whether reputation risk should be a class for its own right or due to the 54
other risks. The risk is of cause and effect. One risk factor can lead to a chain of risk
exposures, which is route cause effect. Therefore, other risk can be route cause leading to
reputation risk. Or sometimes other risks might have reputational impact. In addition,
reputation risk is about the risk in stakeholder’s perception, expectation, value exchanges,
which is subjective. Therefore, quantifying reputation risk is harsh and quality method is
entailed.
3．Reputation risk is speculative risk, which means it has the potential to create corporate
value under certain situations. Some reputation risk such as rumor might affect corporate
image in a short time and depreciate corporate value. However, rumor itself can act as twoside swords: It brings out misunderstandings and trust loss within existing stakeholders,
but expands the corporate image awareness too. If it is managed in place, company can not
only consolidate its image and trust within stakeholders who might immune to similar
rumors next time, but earn benefits from broadening reputation awareness and status.
4. The ubiquity of reputation risk. This stems from the second characteristic listed above. Now
that reputation risk correlates to or is rooted in other risks, it is understandable that the
damage to reputation can be indirectly consequence of almost any badly managed
incident30. Therefore, reputation risk does common exist. Risk managers have to consider
29
30
Conference paper: Reputation and its risk-the necessity of managing reputation risk, Robert G.Eccles 2006, Bonn/Petersberg
Brand Risk: Adding risk literacy to brand management, David Abrahams 2008, Gower Publishing Limited, England.
40
the possibility of risk reversion to reputation risk.
5. Reputation risk can be magnified, which leads to higher uncertainty over its impact.
Reputation risk deriving from other risks often exceeds its actual hazard damages under
scientific calculation. It refers to stakeholders’ psychological fear over certain events. Such
fear would be highly noticed and magnified by media broadcasting, which leads to higher
psychological burden in stakeholders and coverage cost for company.
Introduction to risk and reputation risk issues brings us a vision on what risk and reputation
risk is. Understanding risk is only a first step. It is by risk management that value can be
created and problem can be solved.
3.3. RISK MANAGEMENT
As has been stated, risk is uncertainty generating cost or gains. Loss means cost and gain
means opportunity. It is risk management task to avoid and mitigate the loss and maximize
the gains. Especially nowadays, in addition to the traditional value creation methods like
marketing, logistics, etc, risk management can be a new way for corporate value creation when
companies are under changing environment at current time. Thus Company should take risks,
but the success of such risk taking is determined by how risk is identified, valuated, controlled
and financed, which is within the content of risk management.
3.3.1 RISK MANAGEMENT DEFINITION
Risk management, as is manifested from its name, targets at dealing risk issues. Concerning
risk categories, different authors define risk management in various manners. Dorfman(1998)
defines risk management as “the logical development and execution of a plan to deal with
potential loss.”
31 Such
definition specifies the capability of loss prevention and planning
process in risk management, although obviously neglecting managing upside risk. Michel
(2005) defines risk management as a continual process of corporate risk reduction. “Risk
31
Introduction to risk management and insurance, Mark S. Dorfman 1998, Prentice Hall,
41
management is really about how firms actively select the type and level of risks that is
appropriate for them assume.”32 Dissatisfying the definitions from other sources in that they
are segregated and under different framework, the author gives his thought on risk
management definition as following:
Risk management is a planned, continual and rigorous process to identify, analyze the risks from
various sources threatening corporate value; control and optimize their occurrence and impact on
corporate operation and strategic object achievement.
Such definition reflects author’s ideas that risk management is value creation process via risk
identification, consequence and occurrence evaluation and method/ strategy design and
implementation to response, control, and finally to monitor them. From such definition we
also can depict that what can be managed is the risk factors and hazards. Risk management in
other words is to find out such risk factors, analyze their features, occurrence possibilities and
exposure severities, based on which strategy and methods are designed and implemented to
optimize them. Optimization is based on the reality that some risks are speculative risk and
some of them are correlated. It is by risk integration and proper methods/ strategy design that
general synergy can be reached. Such optimization requires breaking the silo of different risk
categories as well as corporate functional sectors to form an integrated risk management
framework. Such framework either takes the form of comprehensive managing risk from all
sources or managing one certain risk throughout the whole corporate governance structure
and business unit ranging from strategy design to single project processing so as to
complement the strategy completion and corporate achievement both in short term and long
term. Such ideas originate from the most advanced thinking on risk management, namely
enterprise risk management. In addition to such integrated and holistic perspective, enterprise
risk management also emphases proactively managing business risk such as reputation and
brand risk apart from traditional financial risk.
32
Essentials of risk management, Crouhy, Micheal 2005, McGraw-Hill Companies,
42
3.3.2 RISK MANAGEMENT PURPOSE
The purpose of risk management can be regulated in terms of corporate object and intention.
The general purposes concluded from literacy and the author’s opinion is:
1. Value creation and competitive advantage. Nowadays Companies, especially TNCs are
facing complex challenges from global competitions. Seeking new way for value creation is
on the urgent agenda of managements. Risk management in place can create value by
eliminating the uncertain loss encountered by companies as well as promoting
opportunities stemming from speculative risk. Risk management can be deemed as an
innovative sector within corporate primary activities of the whole value chain. Strong
capabilities of risk managing for a company can outstand itself from peers in decision
making and strategy implementation, which creates competitive advantages for sustainable
development.
2. Financial security and stability. Risk management is a trade-off between opportunity cost
from risk retain and from risk methods adoption. Normally risk management can eliminate
the decrease of corporate value from risks at low cost, which helps to secure financial
security and stability.
2. Information transparency and shareholder protection. New regulation over corporate
governance and finance urges the common adoption of risk management system in
company so as to disclose information concerning shareholder value protection and
investors benefits.
3. Risk awareness and risk culture cultivation. Risk management has to cultivate and enhance
the risk awareness and culture from board, top management to individual staff in conduct
risky business operations and decisions.
3.3.3 RISK MANAGEMENTAND RISK LIFECYCLE
Risk within companies typically develops under certain lifecycle and undergoes several stages,
which can be depicted from the graph below;
43
Figure 3.2: Risk lifecycle 33
At the potential stage, risk factors would appear and embed in the daily operations. Such risk
factors have not matured to expose, which generates no loss and little pressure to the company.
However, such risk factors would continue to grow and mature until limited cases of
exposures occur, which is the threshold to the emerging stage. At emerging stage, exposures
would occur in an increasing number with burgeoning cost and pressure to the company. In
effect, the risk at this stage can be identified from the beginning as initial amount of exposures
serve as signal for identification. It can also within the control of corporate capability as the
damage is not massive. However, if response to risk and its signal is misconduct, the exposure
and loss would accumulate to the extent when situation is out of control and pressure reaches
its peak, which is called crisis stage. Another explanation for risk lifecycle is the casual
relations with one risk to another. As the exposure of one risk event would lead to the
exposure of another risk, the result of which is the chain exposures deriving from the
proximate cause, and relevant cost accumulation. The example of this can be simplified into
one famous saying: ‘‘a rot nail would infect a horse, a infected horse will kill a general, the loss
of general would ruin a battle, a loss of battle will overthrow a empire’’. The pace of
movement through risk curve varies from risk to risk. Some risk like reputation risk might
move quickly through its lifecycle from emerging stage to crisis stage due to the fact that the
source of pressure is not only from risk itself but from external environment, which includes
33
Inspired and adopted from, Risk Issue and Crisis Management, Regester Michael 2005, Kogan Page Limited
44
media, the public and other stakeholders with power. As can be viewed from the curve, the
possible influence area on risk covers ends of potential stage and emerging stage while at crisis
stage, exposure does definitely happen or has occurred with great damage, which means
influences and control on risk is useless and the only way to do is to mitigate the severity of
existing damage using crisis management strategy. Therefore, risk lifecycle explains the
necessity of early risk identification, risk assessment and responses proactively to the risk
factors and exposures, which pinpoints the value of risk management for the company willing
to control risk.
3.3.4 RISK MANAGEMENT PROCESS
The fundamental element in risk management is to conduct risk management process. It
dispatches risk management into three sectors: risk context sector, risk managing sector and
risk report/ monitor sector. Risk context sector is an environment analysis of corporation
where risks lie. Such analysis helps to construct the frame work on the company operation,
culture and structure both in external and internal context so that risk management system
and process can be applied and integrated. The risk managing sector is the core process stage
in managing risk including risk identification, risk analysis, risk control and strategy design,
and finally risk finance. After this sector, risk factors can be identified, its possible exposure is
controlled and possible damage can be eliminated. Company itself can also choose right
financial preparation. Risk monitor and report conclude and evaluate the effectiveness of risk
management and pinpoint the place needing improvement. In the following pages, the author
would introduce such process and relevant methods in detail.
45
Figure 3.3 Risk management process 34
Risk context refers to the environment analysis of the company facing risk, both internally and
externally so that risk framework adopted can be integrated into the whole corporate system.
External risk context analysis includes the industrial analysis, market position analysis, etc,
while internal analysis needs to investigate corporate business model, current corporate
structure, mission, strategy, etc. The internal analysis also merits analyzing risk system used
currently within company and risk management potentials such as information source, human
resources, etc.
Risk identification is the beginning of risk management process aiming at finding and
profiling the risk factors and hazards from various sources affecting corporate value
throughout the whole corporate business unites. Risk identification requires the risk sources
analysis which entails the scanning the possible threat using risk depicting techniques. General
risk sources from most of literatures can be concluded into four: Financial risk, operation risk,
hazard risk and strategic risk. Financial risk is represented by any volatility against
expectation in finance such as interest rate risk, exchange rate risk, credits risk, etc. Operation
risk stems from any failure in operations of corporate daily activities, such as IT risk, risk in
supply chain, risk in accounting controls, etc. Hazard risks are from sources such as nature
catastrophe, liability claims, property loss and damages, etc. Strategic risks come mainly from
reputation loss, failure in business plan and market strategy, commodity price turbulence, etc.
Indentifying risk often claims for the review of previous risk documents and statistics. When
such information resources are unavailable, external consultant might be required. Sometimes
risk at its potential stage could shed weak signals in trivial events. This requests risk staff to
depict, trace and cluster such signals so as to extract possible trend and identify discontinuities
and risk35. Workshop group comprising different experts at various areas in the company has
to be organized so as to break the silo of specific sector and identify risk in a wider aspect.
34
35
Made by author
Risk management-An implementation guide, Julian Cummings 2004, Cardiff Caerdydd.
46
Risk analysis is the next step after risk identification. After risks have been depicted, it is
normally action to analyze their features, occurrence possibility, expose impact and relation to
other risks. In risk feature analysis, risks factors would be categorized. For those factors from
external areas, PESTLE analysis can be useful, which groups risk factors into political,
economical, sociological, technological, legal and environmental. For the factors from internal
areas, specific sub-categories such as asset, employees, corporate structure, etc might be used.
Occurrence possibility and severity evaluation is conducted on the foundation of scenario
analysis and information, resource access. When lacking of objective data base, subjective
evaluation on possibility and severity might be adopted from various participants, which
according to recent research can still present high accuracy. Scenario analysis can also
illustrate the relations between one risk class to another supported by sufficient information,
which can assist decision making. After clarification of risk possibility and severity, a clear risk
map can be drown. Risk mapping is often in conjunction with risk rating and prioritization.
Risk rating is ranking the possibility and severity of risk factors with sequential figures, which
formulates the horizontal and vertical axis and divide risk situation into four dimensions. Risk
mapping is to denote the position of risk factors identified and rated on those four dimensions
so that the significance of each risk factor can be illustrated. Normally those factors with high
possibility and severity could be specially noticed. Other risk either high in occurrence
possibility or severity can be treated as lower priority. Prioritizing risk is due to the reality that
not all risks are equally important to be managed under the situation of limited corporate
resources and risk managing capabilities. Risk management has to balance the cost-benefit
from risk exposure and managing process itself. Prioritization provides the cautious view on
risk managing sequence and timing based on cost balance. Risk mapping here not only serves
for risk analysis, but grants possibility for choosing risk strategy and control methods in place.
Such content would be stated next.
The next significant stage at core risk managing process is risk control and strategy design.
The methods for risk control can be three: modifying the company’s operation, adjusting its
47
capital structure and employing targeted financial instruments 36. Capital structure adjustment
such as leveraging the equity and decreasing debt can be deemed as risk transfer and
financing explaining to whom risks should be shared and afforded. Using target financial
instrument such as insurance and derivatives deals with financial risk as well as risk coverage
preparation. From the author’s understanding, risk control has to decrease either the
occurrence possibility or severity of risk when risk factors expose. If we compare with the risk
mapping, we could be clearer over such issue that risk control helps changes risk factors
dimension to degrade their priority. Based on these assumptions, risk control has 4 strategies
for risk dealings: risk avoidance, risk prevention, risk reduction, risk diversification and
integration.
Figure 3.4 Risk Strategies37
Risk avoidance is to avoid taking action so that chance of risk exposure is completely
eliminated. The example of risk avoidance is ceasing or rejecting some risky projects or actions
with high severity. Such strategy can be effective for pure risk managing, while for speculative
risk it cannot avoid opportunity missing. Successful Risk prevention can lower the possibility
36
37
Mastering Risk, James Pickford 2001, Financial Times/ Prentice Hall
Adopted from, Perspective on Strategic Risk Management, Torben Juul Andersen 2006, Copenhagen Business School Press
48
or frequency of risk exposures. Such strategy does not completely eliminate risk, but accept
risk and minimize its occurrence possibility to an acceptable level. The example of risk
prevention is using the training and alarming signal to prevent operation risk. Risk prevention
also can be seemed as hazard avoidance as hazard increase the frequency of risk exposure.
However, when the frequency of risk exposure cannot be lowered, the risk reduction has to be
applied. Risk reduction lowers down the severity of risk exposures. Risk reduction deals with
issues that severity of loss is high and loss cannot be avoided38. Risk diversification means
segregate risky unites into many parts so that loss in any individual part would not influence
the whole in a dramatic manner. The general principle of diversification is “Do not put all eggs
in one basket”. Risk integration is to collect and integrate various risks with correlation so that
the loss in one risk exposure would be compensated by gains from others. Risk control
strategy provides a first fence on risk exposure. However, in case of the possible damage from
risk exposure to corporate financial stability, company normally has to make financial
arrangement. Risk finance gives the inspirations on by whom and when should the loss from
risk exposure. Before choosing risk finance strategy in place, proper risk threshold must be set.
Risk threshold is to what extent risk can be accepted by the company and corporate attitude to
such risk. After that, company determines strategies options for risk finance which includes
risk assumption, self-insurance, risk transfer other than insurance and insurance 39 . Risk
assumption and retention mean company has to afford the cost risk exposure by itself. The
difference between assumption and retention is whether company positive makes financial
arrangement for unexpected loss. Risk assumption does not demand the arrangement but
compensate the loss as operation expenditure in balance sheet, while retention would retain
certain funds in case of unexpected loss from risk. Self-insurance is a typical action in risk
retention. Actually in many conglomerates, self-insurance companies such as capital insurance
companies are built, driven by the motivation of overheads saving, tax shielding and premium
cost sparing as well as the strong risk managing competence within the organization. For those
without strong competence but under strong threats from risks, they have to outsource risk
38
39
Introduction to risk management and insurance, Mark S.Dorfman 1998, Prentice Hall
Introduction to risk management and insurance, Mark S.Dorfman 1998, Prentice Hall
49
managing task at certain premium to insurers, which is insurance. Insurance is a common
action of risk transfer, but other methods such as hedge can also serve as good transferring
tool mainly in dealing with financial risk. For business risk management, risk transfer can be
done by using outsourcing, joint ventures or alliance, but such options might generate other
risks such as reputation risk.
Risk control and finance aid companies to defense risk threatening corporate value and defuse
the impact on corporate financial when integrating the risk mappings and prioritizations. The
risk management process at core at this stage is over. However, it does not mean that risk
management is ended. Evaluating the effect of risk management measures adopted should
also be made in order to come up feedback for improvement. Guarantees on risk treatment
and strategy implementation should also be within the task of risk managers. After monitoring,
risk manager has to register and profile the risks and treatment to them so that it can serves as
historical data and experience for future utilization. Relevant report on risk management
should be delivered to the board and further published in the annual report to fulfill the
accountability and transparency requirement from investors.
3.3.5 RISK MANAGEMENT TECHNIQUES
The risk management technique is the tools, knowledge and thought utilized in risk
management process. The adoption of each individual technique would be based on which
style of risk is mentioned. Given the distinctions between quantifiable risk and unquantifiable
risk, the technique for managing such risk could also be categorized into two main types:
qualitative methods and quantitative methods. Qualitative methods seek to compare the
relative significance of risk in terms of the effect of their occurrence on the final outcomes by
using no-statistic tools40. Quantitative methods use statistic and mathematic tools to specify
the exact value range distributed over the possible outcomes in terms of possibility.
Qualitative methods can be used in most of unquantifiable risk, but also in quantifiable risk.
40
Corporate Risk Management: An organizational Perspective, Tony Merna and Faisal F. Al-Thani 2005, John Wiley & Sons Ltd
50
This is because they provide more useful information than that from quantitative risk analysis
which sometimes is not necessary or easy to put on certain risk management cases. The typical
qualitative methods include brainstorming, Delphi, Interviews, checklist, risk registering, etc.
The quantitative methods cover decision trees, portfolio analysis, sensitivity analysis, etc. With
the development of IT technology, various types of software has been designed for specific
risk managing. For most of risk managing at initial stage, qualitative techniques tend to be put
forward as information is not sufficient to sustain quantitative methods adoption. As analysis
continues and more information supported by possible mathematic models or simulation
software comes, a quantitative method tends to be used.
Risk management promotes the capability of company and mankind facing uncertainties.
However, current literacy is mainly on managing limited sorts of risks, the predominance of
which is financial risk or operational risk. As for some risks fatal to corporate survival and
success such as reputation risk, there are no or few systematic thoughts. The consequence of
such situation ends in limited research on reputation risk as well as creativeness on reputation
management philosophy. Traditional reputation management philosophy is reactive either by
public relation or recovering strategy to compensate loss when crisis occurs and loss is in
reality. As has been stated in the above parts, risk management is a value creation method for
corporate asset management. Reputation as the most valuable asset should be managed in an
innovative way or proactive strategy, which the author here assumes should and can be done
by integrating risk management and reputation management. Aspired by this thinking, the
author would prefer to make stress his ideas on how these two academic areas can be
integrated and what the process for reputation risk management to be over such issue in the
later parts.
3.4 PROACTIVE REPUTATION RISK MANAGEMENT
As has been stated on the chapters above, reputation risk managing from author’s view can be
grouped into reactive and proactive strategy. It is proactive strategy that should be more
51
suitable. To testify such assumption, it is necessary to understand what the reactive and
proactive reputation risk management is; from theoretical perspective why reactive strategy
does dysfunction; how proactive reputation risk management does serve for risk dealing. In
this part, the author would answer such questions and stresses his understanding on
reputation risk management issue.
3.4.1 PROACTIVE AND REACTIVE REPUTATION RISK MANAGEMENT
Reactive reputation risk management can be defined by concluding from the currently
adopted methods for reputation management such as Public relation and Crisis management.
The author defines reactive reputation risk management as:
The strategies, methods and process that reactively respond to the development of reputation risk issues
and their effect with more emphasis on exposure loss compensation and post-exposure recovering.
The proactive reputation risk management does the opposite. It tends to proactively managing
reputation risk through the whole lifecycle of risk by emphasizing early identification, assessment and
response in place. The proactive reputation risk management integrates reputation and risk
management theories and methods and serves for dealing with reputation risk.
From such definition it might not be difficult to see that reactive and proactive management
represents an attitude to the reputation risk issue. Reactive management characterizes itself as
late identification and assessment or omitting such process but being driven by the damage
reality and post-damage coverage, while proactive risk management entails early risk factor
identification, possibility and severity assessment and actively controlling the development of
reputation risk issues.
The necessity of using proactive reputation management cannot only be testified by current
reality of failure in reputation management via reactive methods and strategies, but also be
explained by reputation risk lifecycle theory from theoretical perspective.
52
3.4.2 PROACTIVE REPUTATION RISK MANAGEMENT AND REPUTATION RISK
LIFECYCLE
As has been illustrated by the risk lifecycle part mentioned in the previous chapters, risk
undergoes three stages, namely potential stage, emerging stage and crisis stage. Reputation
risk has the same lifecycle as other risks however with higher pressure increase margin and
shorter period from emerging stage to crisis stage, which can be shown by the graph below.
Crisis Management Threshold
Crisis Management Threshold
Pressure
Pressure
External Influences
Hard to
influence
Possible to Influence and Control
Possible to Influence and Control
Potential Stage
Early identification/ Risk
management Threshold
Emerging Stage
Crisis Stage
Potential Stage
Time / Risk Development
Early identification/ Risk
management Threshold
Hard to influence
Emerging Stage
Crisis Stage
Time / Risk Development
Figure 3.5 Normal risk lifecycle (left) and reputation risk lifecycle (right)41
Before the explanation of risk life cycle, it would be much better to understand the causal effect
to the company from reputation risk, which can be regarded as risk evolution. The general
logic behind evolution is shown below:
Corporate
Behavior
Influence to
stakeholder
Reputation
Risk
Stakeholder
reaction
Influence to
corporation
Figure 3.6 Evolution of reputation risk 42
41
42
Inspired and adopted from Risk Issue and Crisis Management, Regester Michael 2005,Kogan Page Limited
Made by the author
53
From the last part of the chain, it might be obvious that reputation risk can be materialized
into concrete impact to companies by stakeholder action. The impact of reputation risk is
directly determined by stakeholders’ reaction to the company. The impact of stakeholder’s
reaction is also determined by three factors: one is the stakeholders’ risk attitude; the others
are stakeholders’ power and significance to the company. Stakeholders risk attitude decides
how quickly and possibly the stakeholder would take actions. Their power and significance
decide how large impact the stakeholder’s actions would be on the company. Compared with
other risks, reputation risks involve the subjective decision on reaction taking by the
stakeholders, which means the occurrence of damage or risk impact is hard to be quantified.
Some of the reputation risk, like unethical behaviors, would generate high concern from the
stakeholders, which means they would probably intent to make quick action. If they are key
stakeholders for the company with great power and significance rank, the action would be
immediate and damage would occur. If not, they would influence other stakeholders by wordof-mouth. During the process, influential stakeholders would amplify such concern and
broaden influence scale until more and more stakeholders with power and significance get
involved and dramatic damage to the company occurs. Stakeholder’s quick actions and
amplified impact would push risk quickly through potential stage to crisis stage leaving the
company limited time to control and influence. If we adopt reactive management, the
company would only focus on crisis stage in which control is harsh. However, if we use
proactive management, the company would overview the whole lifecycle with attention to
potential and emerging stage where the risk is not exposed so as to catch the opportunity to
control the risk. By integrating reputation management and risk management theories,
strategies, techniques, etc, the company would early identify, assess and quick respond to the
risk so that loss due to the risk exposure can be avoided and mitigated. Reputation risk
lifecycle explains the necessity of using proactive management. However, it does not give the
answer to how reputation risk can be managed by proactive management, which requires the
construction of model. In the later part, the author would stress the model of proactive
reputation management with integration of reputation theory and risk management theory.
54
3.4.3 PROACTIVE REPUTATION RISK MANAGEMENT MODEL
From author’s perspective, proactive model should integrate reputation theory and risk
management theory. As reputation is defined by stakeholder, stakeholder theory would be
taken into consideration. Furthermore, proactive management emphasizes catching risk
control opportunities within potential and emerging stage which is of limited time span via
early identification, assessment, control, monitor and report. Thus risk management process,
techniques and strategies can suitably be matched to the proactive philosophy. Reputation
theory and risk management literacy construct a foundation of model with risk management
literacy being the main framework.
Before commencing risk identification, the reputation risk context analysis might be
conducted. In addition to profiling corporate internal and external environment plus the
overview of the current corporate risk management system, the stakeholder identification
should be done first in the context analysis. Stakeholder identification can be made either by
conclusion from business experience, reviewing to literatures such as those 14 typical
stakeholders listed, or surveying the corporate staffs from board to the bottom, from one
department to another, from one country market to others. Following the logic of stakeholder
theory, the stakeholders also have to be categorized into groups in terms of their features and
influence. Reputation risk context analysis reveals the background information for the
following risk management process. It also supports the formation of corporate risk threshold
when facing the risk.
Reputation risk identification starts with identifying the risk factors affecting the corporate
reputation value. The risk factors are those corporate behaviors or changes or events both from
internal and external sources, etc that can undermine corporate favored identity, image, trust
and value exchange with stakeholders. Since reputation is formed from stakeholders, identify
risk factors should start from scanning stakeholders. Stakeholder scanning is an information
collection process on stakeholder’s value judgment and perception of the company from
corporate identity, corporate image and value commitment, etc. Stakeholder scanning is also
55
to know stakeholder’s expectation, interest concern within the company, the trend descriptions,
etc. In other word, scanning is not only about judgment of the corporate current performance,
but the expectation for the future. The detail information from scanning might include, but not
limited to:
1) The image held by stakeholders on our company including image awareness (do they know
our company), image value judgment (does our image positive or negative?) and image status
position (does our company closer to stakeholders than our competitors?),
2) Focal interest held by them within the company, which might incur their highly concern.
3) Expectations they hold over corporate behaviors, operations, policies, strategies, etc.
4) Perception or comment over the corporate behaviors, actions, policies, strategies, etc after
such behavior, actions, policy, etc have been issued and conducted.
5) Stakeholders’ perception on trend of changes and requirements.
6) Stakeholders relation with other groups. Stakeholder survey and other relevant information
collection methods help to understand stakeholders’ requirement, the percerion of the
company and even competitors as well as trend of expectation changes.
Continuously stakeholders’ scanning helps the company not only to construct a full vision on
stakeholders’ demand, expectation, trend development and other information, but a chance to
disclose the source of threats that might undermine corporate reputation within the corporate
operation behaviors and performance, which in effect is an useful way for reputation risk
identification and settlement of early warning mechanism. The general sources of reputational
risk concluded from both corporate cases and literatures cover:
1.
Identity risk. Identity risk refers those events and uncertainties that affect corporate
identification. It concerns two issues: one is pirate action to use corporate logo, trademark,
and name which fail to be registered due to corporate negligence. The second is the
inconsistent, inappropriate and incomplete presenting identity which might lead to the
confusion, low awareness, and even misunderstanding over corporate identity.
2.
Awareness risk. Awareness risks concerns the issues that influence the scale of awareness
56
of corporate reputation within stakeholders. Such risk concerns the cognitive dimension of
corporate reputation
3.
Risk in image. The risk in image can be categorized into two groups: image gap and image
status failure. Image gap concerns the mismatch between: gaps in value acceptance, gaps
in expectation fulfillment. Gaps in value acceptance means the value and behavior of the
company cannot be ethically accepted by stakeholders. Gaps in expectation fulfillment
mean the performance of the corporate behavior does not match the standard of
stakeholders. The detail image gap might include the mismatch between 1) the expected
image preached from the corporate identity and the real image embedded in the
stakeholders’ mind. 2) The value orientation or commitment preached by the company
and that accepted by the stakeholders. 3) The expectation of corporate behavior or action
stemmed from corporate value commitment and the reality of action to fulfill such
commitment. The mismatch on this subsection refers to two issues: negative gap, namely
the stakeholders’ expectation is higher than reality, which means that the company has not
satisfied the stakeholders or bubbles of over identification do exist. Since reputation risk
can be linked to other risks, negative gap can be hidden into other risk sources and failure
actions. From recent outcome of survey conducted by the Economist Intelligence Unit
about reputation risk, 11 types of threats are ranked as sources of reputation risk with
regulation compliance risk to be the top one.
Risk in
Image
Image
Gap
Gaps in Value
Acceptance
Positive
Gap
Gap in Expectation
Image
Status
Failure
Fulfillment
Negative
Gap
Figure 3.7, Structure of risk in image43
43
Made by the author
57
Figure 3.8, Survey on reputation risk source44
The other is the positive gap; meaning expectation is lower than reality which depicts that
the current effort on corporate identification and image construction is not enough, as the
stakeholders do not get enough information about the company so as to fully appreciate
corporate value orientation, behavior, competitive advantages and policies, etc. Status
failure also threatens reputation. Status failure stresses the failure in leveraging corporate
image to the same level of peers and competitors, which means the company is less
welcomed by the stakeholders than competitors. Status failure can be illustrated via market
share, media reaction and coverage, transaction efficiency (with business partners), etc.
Status failure directly influences position of the company under fierce competition in
stakeholders mind and sometimes determines the future of corporate development as well.
Status failure should lay more attention since it not only signals the corporate competitive
advantage degrading, but it is often neglected by the reputation manager with more
cautious view over image gap.
4.
Risk from changing stakeholders’ expectation, values judgment and trends of changes.
With the updating techniques, fierce competition from corporate competitors, the
stakeholders’ expectation and value commitment would frequently change, which means
44
Series Report: Reputation: Risk of risk, Economist Intelligence Unit 2005, The Economist.
58
the company willing to maintain its reputation has to keep tracing such changes while
failure in doing that would end up with image gap and image risk whose long term
deterioration would result in losing trust.
Such risk sources are just common and major samples, but not limited to that. Stakeholders
scanning might come up with other risk factors unanticipated by the company. Stakeholder
scanning is a continuous and coordinated process. It can be organized by a workshop group
responsible for survey organizing. The technique used in scanning might be stakeholder
survey containing market survey, customer survey, etc.
Each department in different
functional or regional silos would get such scanning in their daily task. From author’s
perspective, such scanning might be better conducted if stakeholders have been prioritized
and ranked first in terms of their power and influence based on corporate long term strategy
and benefit maximization, which means this scanning should be started from key stakeholders
and rippled to other stakeholders with lower rank
Low Rank
Stakeholder
Sub-Key
Stakeholder
Key
Stakeholder
Stakeholders
Groups
The Company
Scanning
The Company
Scanning
Figure 3.9 Stakeholder Scanning: normal Form (Left) and modified Form (right)45
After the risk source is identified and risk factors are early warned, the next step is to analyze
the occurrence possibility of such risk. Reputation risk analysis is to analyze the feature of
reputation risk factors, disclosing their root courses and linkage to other risks, analyzing the
45
Created by author.
59
possibility of occurrence of risk exposure and their impact on the company, and finally
mapping and prioritizing them for managing sequence. As some of the risk sources are rooted
from other risks such as default risk, financial risk, market risks, etc, the current system for
managing such risks can be directly used so that reputation risks might be indirectly under the
control. Therefore the methods in current system for such sorts of risk assessment can be
adopted and integrated into the reputation risk assessment. From author’s perspective,
reputation assessment could not be departed from stakeholder analysis. At this stage,
stakeholder analysis is mainly about knowing stakeholders’ attitude towards the risk factors
identified at identification stage,( for example child labor would generate high outrage level of
government and NGOs; Default action from internal corporate operation would generate fear
of investors), making scenarios analysis about the possible actions the stakeholder would be
spurred by such attitude, and the impact on the company from such actions, which can be
regarded as severity data about risk. The outcome information from this stakeholder analysis
would be used for risk mapping and prioritization.
Stakeholder
Attitude
Analysis
Stakeholder
Reaction
Analysis
(Scanning and
Hexagon Model )
(Scenario Analysis
and Impact
analysis)
Risk
Mapping/
Priortization
Reputation Risk Analysis
Figure 3.10 Reputation Risk Analyses46
In the attitude analysis process, the stakeholder scanning and survey would continue with
main purpose to disclose the risk attitude towards certain risk factors. Such scanning should
also start from key stakeholders and then ripple to the low rank group. Marsh Ltd has created
a hexagon model for reputation risk which the author adopts and revises for attitude scanning:
46
Made by author
60
Figure3.11 attitude analysis from Marsh Ltd47
As can be seen from the picture, the stakeholders within each rank would be grouped into one
hexagon. Each sub-con within the hexagon represents one stakeholder such as customer,
employees, community, government, etc. The hexagon can further be divided into more subcons for more stakeholders identified. The attitude can be colored from white to black
illustrating the severity of attitude changes in terms of each risk factor. After scanning, the
attitude to each risk factor from both individual stakeholder and group stakeholders would
vividly be visualized by color. Such visual model can help manager quickly perceive the
severity of one risk factor or issue so as to make right scenario analysis of stakeholder reaction.
Based on the data from the attitude analysis, the scenario analysis would be commenced.
Scenario analysis here takes the task of anticipating the possible actions that stakeholders,
especially key stakeholders would do and relevantly the impact of such actions to the
company. The scenario analysis should also follow the timing dimension of risk development
to illustrate not only the possible stakeholder’s actions at the moment, but the future
47
Brand Risk: Adding risk literacy to brand management, David Abrahams 2008, Gower Publishing Limited, England
61
development of each action. Worst scenario analysis should be made so that the maximum
damage to the company could be recognized. After scenario analysis, the company would
assess the reputation risk by mapping the risk based on impact severity from stakeholder
reaction and possibility of such reaction. The rating of possibility can be based on previous
data or simulation technology if available. However, subjective judgment could also represent
certain level of accuracy. Mapping risk gives the direction to the company about the sequence
of risk handling so as to balance the cost and efficiency of management procedure
Proactive reputation management does emphasize the necessity of early identification,
assessment of reputation risk via risk management and reputation management methods.
However, without risk response and control in place, the work done previously would be
meaningless. From author’s perspective, the final purpose of proactive reputation risk is to
identify risk and more importantly take action to control risk. The strategy for reputation risk
control stands for the same principle of risk strategy selection, namely lower down the
possibility of threats occurrence and mitigate the loss from exposure of such threat. As
reputation risks links closely to other risks, they can be handled in part by current risk
management systems or controlled by proper business strategies. The discussion for proper
reputation risk control/ response method is fierce and without unanimous conclusion. Some
authors utilize the general risk strategy into controlling reputation risk such as reforming
corporate operation, adjusting corporate capital structure (leverage the equity and curtail the
debt) and using financial instrument such as risk alternative market. These ideas help control
overall corporate risk including reputation risk, but do not prove how effective it is to the
reputation risk. Other groups of academics discard the overall strategy but attempt to design
strategies exclusively for reputation risk control. Many of the academics as such introduce the
stakeholder concept, but vary their methods selection for niche risk source control. Reflecting
to the risk strategies mentioned in the risk management part as well as the effect chain of
reputation risk stated in the reputation lifecycle part, the author believe there are also four
strategies for managing reputation risk, respectively risk avoidance strategy, risk prevention
strategy ,risk reduction strategy and risk transfer strategy. Before the explanation of the each
62
strategy, it would be better to review the evolution of reputation risk again and to know the
managing philosophy under the each strategy.
Corporate
Behavior
Influence to
stakeholder
Reputation
Risk
Stakeholder
reaction
AVOIDANCE
PREVENTION
Control the Risk Source
Control Risk Frequency
Influence to
corporation
REDUCTION
&TRANSFER
Control Risk
Severity
Impact/
Figure 3.12 Reputation Risk Evolutions and Risk Control Strategy 48
As has been defined earlier, reputation risk refers to those factors or events undermining trust
between stakeholders and the company, which would lead to economic influences to the
company either in long term or in short term. Such factors are hidden within the corporation.
As stakeholders have interest correlation to the company, corporate behaviors would impact
stakeholders and the risk factors would expose. Spurred by their attitude to such risk factors,
stakeholders would take action which would respond back to company and generate
economic influence. Therefore, the stakeholder’s reaction impact is the actual impact of
reputation risk, and their attitude to the risk determines the possibility of impact occurrence to
the company. Risk control is either to lower the frequency or severity or both. Inspired by such
direction, the philosophy of controlling reputation risk can be done through 1) controlling the
risk source within the company; if not 2) Influence stakeholder’s reaction possibility; if not 3)
influence the impact of reaction. Comparatively, four risk control strategies match such
philosophy. Risk avoidance can be used firstly when risk factors are still embedded within the
company by taking operational adaptations to mitigate the risk factors from the source. If such
strategy does not be effective, the risk prevention strategy can be chosen to influence
48
Made by Author
63
stakeholders to neutralize their attitude before they take reaction so as to lower risk frequency.
The typical sample of such strategy is customer communication, dialogues, after sales service,
etc. If the stakeholders have already taken action and the damage does definite occur, risk
reduction strategy could be used to mitigate the severity of risk issue to the company, such as
media communication, government lobby, etc. Crisis management could be regarded as way
of risk reduction, though the effective of such methods is often unsatisfying. Another strategy
that can be integrated within risk reduction is risk transfer via purchasing insurance product
from Insurer. However, there are very limited insurance products for reputation risk currently.
The only underwriter found by author in the insurance market is Kiln Group at Lloyd’s
issuing “First Party Adverse Reputation Insurance Policy” with strict risk retention ratio for
the Insured. Risk avoidance, risk prevention, risk reduction and risk transfer can help
reputation risk manager deal with reputation risk through its evolution stage. The best
strategy, from author’s perspective, is to avoid the reputation risk from the roots and mitigate
risks within the company before they influence the stakeholders, especially key stakeholders.
The reputation risk strategy listed above is a general principle of how to control reputation risk
in terms of its evolution. The detail strategic actions can be flexible given the real situation. For
example, to avoid negative image gap from the source, most of the international companies
adopt CSR (Corporate Social Responsibility) to leverage the standard within the company so
as to meet stakeholders’ requirement. As for avoiding risk in image, one proper method from
the author’s perspective is to use ‘‘take the lead, doing the best strategy’’, which means the
company has not only to adopt high standard but to be standard leader in the industry or in
other word keep expectation from stakeholders always a little bit lower than the corporate
performance. However as has been stated above, concrete action for the company could be
more flexible with principle strategies as risk avoidance, risk reduction, risk prevention and
transfer. It is also noticeable that the effectiveness of risk control is partially depended on
previous corporate reputation and trust status within the stakeholders.
Reputation risk monitor and reporting is also an important step to be done. The effect of
reputation risk managing can be manifested through continually scanning and communication
64
to the stakeholders. Or it can also be shown from corporate performance repot such as
financial report. The outcome of certain stage of reputation risk management should be
reported to senior managers who are at best members of the board
3.4.4 FURTHER THINKING ON PROACTIVE REPUTATION RISK MANAGEMENT
In the last sections, the author attempts to construct a model for proactive reputation risk
management by integrating reputation theory and risk literacy. However, there are other
thought that might inspire us to further discuss about reputation risk management.
1. Knowledge management, communication and reputation risk management.
Knowledge management is a new concept in the management literacy. It is a term that
describes the process by which a company organizes, collects, shares, distributes and learns
collectively from employees, stakeholders, and the outside world. It is a broad framework for
actively managing the information and knowledge that is available to it 49 . Knowledge
management is often supported by IT technology and integrated with the learning culture of
the company. Knowledge management as an information collecting process can be used
through the whole process of reputation risk management especially in the stakeholder
scanning and risk analysis stage. Assisted by IT technology such as internet, intra net,
knowledge management can serve as a platform to streamline the communication network
spanning the company and stakeholders, the board and frontline staff, the silo department
within one territory and another. The byproduct of such is also the integration of information
from different function sectors and country department so as to assist the company quickly to
recognize, hold and drive the trend of changes and development so as to keep “the best doing
strategy”. Especially knowledge management can help to break up the silos amongst corporate
functional department to construct aggregate risk management or enterprise risk management
framework which is also within the reputation risk management merit.
49
Managing Corporate Reputation and Risk—A strategic approach, Dale Neef 2003, Elsevier Science
65
2. Corporate governance and reputation risk management
Corporate governance linked to the reputation risk management is mainly about who should
take the responsibility of reputation risk management task and their role in the whole
corporate governance structure. Traditionally the role of risk managers is shown as the
insurance agent within a company. Nowadays risk managers have been afforded more tasks in
systematically managing certain risk such as operation risk, financial risk, etc. The task of
reputation risk management is sometimes with ambiguous responsible person. It is either
partially done through communication sectors or in the charge of individual function
department, which are off departmental capability and in most of the cases lack of the
coordination. Under such situation, the reputation risk management is a hollow propaganda
or without synergy. Therefore the current corporate governance structure might have
adaptation. The author here recommends the assignment of CEO or at least a member of the
board to be in charge of such task. Under the direct supervision of board, senior risk manager
as operator and coordinator should implement the concrete organization and coordination of
reputation risk management process. Although the different departments might afford the
daily management of such risk, they should report to the senior risk officer who would
consider the comprehensive risk strategy and corporate strategy to monitor, assess and direct
each department’s performance. The coordinator has the right to deploy experts within or
without the organization such as consultant to form workshop team when special risk
management action is taken. Knowledge management system can help reputation officials
operations.
3. Enterprise risk management and reputation risk management
Enterprise risk management is an emerging trend for the risk management development. With
the emphasis on integrated management for whole risk sources, enterprise risk management
can effectively manage the general risks within the company. Reputation risk as an element
within the corporate whole risk system should be also under the consideration of enterprise
risk management system. As has been analyzed in the model part, many rooted reputation risk
66
source can be handled directly via current enterprise risk management system, which provides
a window for integration. Actually many TNCs like Novo Nordisk A/S has made successful
step in such integration by considering reputational damage when managing normal risks.
3.5 CONCLUSION OF THE THEORETICAL PART
The thesis at this moment has passed a step stone of the discussion. As is pinpointed in the
problem formulation part, this thesis represents the author’s willing to answer the question:
“Can reputation risk be managed in a proactive way? How can reputation risk be managed in
a proactive way?” This theoretical part would dedicate to give explanation to those two
questions by constructing logical theory basis. Noticing the subtitle of this thesis, namely
“Returning to literatures”, the author here consults and mostly concludes different theories
within reputation management and risk management and attempts to integrate them into one
model to proof the positive answer to the first question and concrete solution to the second
question. Starting from understanding basic concept and ending in forming proactive
reputation risk management model, the author follows the systematical research methods to
recognize separate subsystems, perceive their linkage and construct a new system for problem
dealing. However, research at this stage is not enough. Over superficiality can be a main
criticism against the achievement from this stage of work. Having been aware of such
drawback, the practical part should be introduced to compensate such drawback and to testify,
modify or verify the outcome from theoretical discussion. Thus in the following part, the
author would introduce a company case for further discussion so as to answer the problems
stated in the problem formulation from business reality.
Chapter 4 Practical Part: Reputation risk management
at the Vestas A/S
67
4.1INTRODUCTION
In the theoretical part, the author has stressed his theories on proactive reputation risk
management and answered the questions formulated in the beginning of this thesis.
Following the logic in the theoretical part, the author here would solve the problem of how the
proactive strategy could be applicable or certifiable to the company case. In this section, the
selected company case is Vestas, a global wind turbine producer with the leading market
position. Through the investigation of two departments in Vestas, the author formed the
system picture of how Vestas organizes its risk management and especially reputation risk
management activities, by doing which proactive reputation risk management model is
testified so as to answer to what extent could proactive reputation risk management can be
applied into Vestas case.
4.2 VESTAS A/S---COMPANY PROFILE
Vestas is a world leading company in wind turbine industry where the market expands fast.
Located in the industry with market capacity of over US$55billion and sellor’ dominant feature,
Vestas pioneers the modern energy solution with its industrial focus on providing wind power
energy which is branded as sustainable and green power supplementary to the oil and gas.
The products and service offered from Vestas cover Wind turbine with large megawatt
capability, Grid Capability, online business, Off-line wind power solution, etc with high
innovative wind turbine as its main product supported with technical edge. Following the
vision of being the best wind energy provider par with that of gas and oil, Vestas has its Wind
power solution brought to the World. Nowadays, Vestas has installed more than 35,000 wind
turbines in 63 countries on five continents with an average of one wind turbine installed every
four hours, 24 hours a day. The wind turbine installed by Vestas every year generates more
than 60 million MWh of energy per year enough to supply millions of household or to supply
68
every household in a country the size of Spain50, which fulfills Vestas the ambition to bring up
the wind energy contribution to 10% of the global electricity in 2020. In over 26 countries,
Vestas has settled its sales and service branches. Apart from Denmark manufacturing branches
have also been constructed in other continent to supplement the increasing global demand of
Vestas products. Fully aware of the core value of the company and wind turbine industry,
Vestas continuously lays emphasis on quality, standard and innovation in products,
environmental sustainability as well as safety. Vestas also implements career safety and
training program as investment for employee development. All these performance assists
Vestas to achieve its success in Wind turbine industry as well as fulfilling its mission of ‘‘will
to win’’. Right now Vestas is the No1. Supplier of modern energy solutions with 23% market
share in wind turbine industry. In 2007, Vestas revenue reached up to €4861milllion with EBIT
up to €443million with 15306 employees and MW distribution to Europe, America and Asianpacific.
50
http://www.vestas.com/
69
Figure 4, 1 Growth of wind turbine market (up) and Vestas performance51
4.3 RISK MANAGEMENT IN VESTAS A/S
Before we specify the reputation risk management in Vestas, it might be of nature logics to
overview the risk management system in Vestas first. In the following part, the author would
briefly introduce the risk management system currently adopted in Vestas so as to facilitate
the further research on reputation risk management in Vestas.
4.3.1HISTORY OF VESTAS RISK
The risk management in vestas does not have a long history. Initially, when Risk management
department was first constructed, it only served as a corporate insurance agent responsible for
insurance purchasing and policies arrangement. The main task of risk officer at that moment
was to select insurance policy in place to meet the increasing requirement of risk dealing in the
operation and corporate management. However, with the expansion of Global wind power
industry, the Vestas has it growth kept over 20% annually and expanded its business from
Denmark to other continents. Fast corporate growth both in profits and function scale in
Vestas has introduced various styles of risks with different impact scope to the company and
also challenged the function role of risk management department in that traditional methods
in dealing with risk were no longer able to handle diverse risks in place in Vestas. Considering
this, Vestas adopted a new risk management concept and system last year and has gradually
51
Vestas annual report 2004, 2006, 2007
70
changed its role from corporate insurance office to the real risk management department of the
international company. The risk assessment, reporting and diverse mitigation strategies have
been involved into the system. Furthermore, current system emphasizes the philosophy of
proactive risk management which means that the company should proactively manage risk
rather than reactively recover the loss after risk exposure or act as firefighters doing crisis
management. Although the current system is under continuous construction, it helps Vestas
create value by saving the overhead on insurance premium, leveraging the rating at bank and
stabilizing the operation performance of the Vestas group. Such system is expected to be
finally formed as enterprise risk management system supported by data base and knowledge
sharing.
4.3.2 RISK MANAGEMENT PRINCIPLES AND DRIVING FORCE WITHIN VESTAS
Vestas defines risk as events or uncertainties that might affect fulfillment of corporate
objectives. The construction and function of Vestas risk management system is following
several main principles and objectives which can be stated as below
1. Proactive risk management rather than reactive. This means that Vestas does not rely on
BCM too much as for one thing Vestas does not have so strong capability of doing this,
and for another such using strategy is always of limited effect and too late. Instead,
Vestas puts more resource to early identify risks and risk factors, analyze their impact
and actively use mitigation strategy to keep risks within Vestas financial affordance and
more importantly to fulfill the corporate objective via mitigating downside risk and
creating opportunity.
2. Continuous process. This means that the risk management process should not be static
but dynamic. The risk identification and managing should be continuous and routine
through all project lifecycle and also risk evolution process.
71
3. Risk ownership. In vestas, the risk management is not about identifying risk or ranking
them, but actively controlling risks. In other words, there must be responsible person in
charge of mitigating and reporting risk so that risk would not be ignored. Nowadays in
Vestas, for each critical risk there must be one risk staff in charge of each individual
critical risk so that risk can be mitigated and continuous traced before it reaches
exposure
4. Risk awareness and culture. In Vestas, risk control is not the task of only risk staffs, but
the responsibility of the whole group members. Every employee can be risk officer in
his/her daily work sphere. If everyone in the company can mitigate the potential risk
factors in their work, the whole risk frequency and scope in the group can be decreased.
Therefore, leveraging risk awareness is within Vestas risk management principle.
Vestas is now working on a structured approach to bring risks forward that have been
‘‘common language’’ but not identified as risks that need action52, which in some sense
requires the cultivation of risk culture within the company to prevent risk awareness
gap and actually expand the risk ownership for risk control.
5. Hit the target and objective. The purpose of Vestas risk management is to support the
operation of BU s in the company by mitigating the risks that affect the business success
and reaching the objectives of each BU s. Therefore risk management in Vestas must
incorporate in each level of BU operation so as to warrant the completion of mission
and vision of the Vestas in the whole.
The driving force behind these principles is either from the external legal compliance or from
the necessity of completing group mission and objective. The general driving forces can be
concluded as:
1. Maintaining Vestas operation and financial balance. This has importance to the Vestas
production. Since right now Vestas wind turbine sales good and even sometimes is
52
From Vestas internal slices
72
short of supply. Thus any risk in production and supply chain would directly lead to
revenue decrease. Managing such risks in production, supply chain benefits Vestas
operation and EBIT (Earnings before Interest and Tax).
2. Compliance to regulation and requirement from investors and bankers. Investors and
bankers would normally require the disclosure of Vestas risk situation and risk
management activities. The judgment of risk management system determines the rating
level of company at the bank. Constructing risk management system is also compliant
to the Danish enterprise law.
3. Cash flow benefit from curtailed insurance premium. As purchasing insurance is still a
common used tool for risk dealing in Vestas, accumulated insurance premium increases
Vestas financial expense. By primarily mitigating risk within the company, insurer
would offer Vestas discount to insurance premium which can bring up premium saving
and positive cash flow.
4.3.3 VESTAS RISK MANAGEMENT AND BCM FRAMEWORK
Vetas risk management system is within a comprehensive framework including risk policy,
governance structure, etc. It is heading towards the enterprise risk management so as to create
value and incorporate into corporate mission, vision and objective
The risk governance structure of Vestas risk management matches that of the general corporate
structure of Vestas group. As Vestas functional section has been reshaped into different
business units whose operation is independent, the Vestas risk governance structure also has
the same shape. The graph below illustrates the framework of such structure.
73
Board and Risk
Committee
Group Risk
Department
Risk Manager at
BU
(Production BU)
Risk Officer at Site
(Manufactory in
China)
Risk Officer at Site
(Manufactory in
Denmark)
Risk Officer at Site
(Manufactory in
Germany)
Figure 4.2 Corporate structure and Risk governance structure 53
As can be seen from the graph, Vestas risk governance also follows the hierarchical structure
of Enterprise risk management which includes board, risk committee, group risk department,
risk manager at BU and risk officer at site level. Board and Risk committee is the owner of
whole risk management policy. Group risk department is in charge of the overall risk policy
designing, monitoring and evaluating risk management performance, and providing
technique support and control measures. Risk manager at the BU is in charge of the risk
management actions at BU level by aggregating the risks registered and reported at various
sites under the BU. The risk management at BU has to serve for assisting BU operation to reach
its business objectives. Site risk officer is at the bottom of governance hierarchy, but granted
more significant responsibility to risk registering, primary risk mitigation and reporting.
Notwithstanding the hierarchy structure, the actual risk management process is decentralized.
As the Vestas operation has been separated into independent BU s, the separate activities in
risk management are located at BU s carrying out such activities. For example, risk related to
production is handled within factories. The insurable risks or critical risk that has impact to the
53
Adopted from Vestas annual report 2007 and internal slices
74
group or out of the ability of BU s would be identified and mitigated at group level. The
group is now trying to give BU s guideline and uniformed registration form so that risk
identification and control can be organized in a structural way and also facilitate knowledge
sharing and communication. Data base is on the construction so that risk owners would be
better supported and trained. Nowadays the group organizes improvement workshops to
design identification process to ERM as well as risk assessment and management tools for the
risk owner to carry out risk dealings within their area of business. Such tools would better risk
aggregation and reporting as data collection is in a homogeneous manner.
The framework structure is the combination of risk management and Business Continuity
Management (BCM). The graph below could illustrate the details of it.
Vestas Risk Management framework
Business Continuity Management
(BCM)





Key resource identification
Risk identification
Business impact analysis
Business revovery plan
BCM planning
Risk Structure




Risk identification
Risk analysis
Risk mitigation
Risk reporting
Figure 4.3 Risk management framework structure54
As is viewed from the structure, the Vestas risk management system integrates Risk structure
and BCM as a comprehensive risk control process through prevention of risk exposure and
post exposure coverage. It covers the whole lifecycle of risk from potential stage to crisis stage.
54
Created by the author
75
BCM stands on the crisis stage which is in some sense reactive. BCM aims at recovering the
loss of corporate operation stemmed from those risks such as failure to deliver or dysfunction
of corporate core resources or emergent catastrophe, etc. BCM follows the process of key
resource identification, risk identification, risk impact analysis, recovery strategy, BCM
planning and implementation (practice). In the risk analysis stage, the severity of risk is done
through business impact analysis by identifying business interruption time and its incurred
loss. Business continuity plan has been arranged in terms of urgency and impact severity
ranging from emergency response (most urgent) to Business recovery (least urgent). Key
guideline on what to do in the exercise of such plan has been pinpointed. Perceiving the
drawback of BCM as reactive risk management as well as lack of enough competence, Vestas
tends to not rely on BCM, but design a more proactive risk structure for risk dealing.
Risk structure stands on potential and emerging stage for proactive risk management which
Vestas is looking for. Risk structure intents to cover the whole process of risk management
including risk identification, risk assessment and documentation, risk mitigation and reporting.
The whole process is done and documented on the paper which is risk registration so as not
only to identify new risk but also put risk control activity into the real action and fix risk
responsibility. Register has the purpose to identify and assess risks 360 degrees around the
business site as well as state the risk mitigation strategy, place risk owner and facilitate the in
time reporting. Vestas risk structure follows the bottom-up model, which means risk
identification, assessment, risk mitigation start from the bottom site level, report and aggregate
in the BU and group level. The group risk department would give officer and manager at site
and BU s instructions and assist them in technique and methods usage. Such model helps
Vestas site staff to proactive manage risk by following standard regulations and filling steps
and for easily reporting. It might also fit the objective of cultivation risk culture and expand
risk awareness within the Vestas itself.
The risk management process and methodology in risk structure of Vestas is also rooted in
ERM philosophy that Vestas risk department is targeting at. The risk management process
76
includes normal standard steps like risk identification, risk assessment and analysis, risk
report and monitoring etc. The risk identification in Vestas holds the intention to disclose
uncertainties or risk factors that might threaten the fulfillment of BU and Vestas business
objective from the perspective of where, when and how. The methodology in the identification
is based on brainstorming and bottom-up investigation or reporting from Site level to group
level by asking site staff and expertise at BU to register possible risks within all significant
business operation via drawing an activity flowchart of their sites or units. Every person in the
organization should be involved in such identification process and sometimes external
assistance can be applied.
The risk assessment is done according to the three criteria: likelihood, impact and controls.
Likelihood and impact are measured on a simple ordinal scale, namely low, medium and high,
while control pinpoints the effectiveness of mitigation activities that have been adopted
previously. Because some of the risks could not be measured by financial criterion, or has
other impact apart from financial perspective, Vestas uses added weight function method to
measure the risk scope. The weight for both quantifiable scope (normally measured as
financial loss) and unquantifiable scope is randomly set as 50% to50%. The whole severity
scope is the combination of weighted quantifiable scope and weighted unquantifiable scope. It
is important to know that the severity analysis is not limited to the loss on BU or Sites level,
but how such risk might impact on the whole group. Risk assessment at this step can help
manager rank the risk in general. If the risk shares the high likelihood, high impact and low
control, such risk is positioned on high rank. If the risk has the low likelihood, low impact and
high control, it is ranked to low level. The result of assessment determines what existing
controls are in place to guard against that risk. Risk mapping is done after assessment by
using 5 scale matrixes. Some high rank risks would have to be reported to the higher risk
officers or authority for further assessment as some risks impact would refer the whole group.
Vestas tends to use cost effective mitigation strategies and applicable action plans to mitigate
risk. The risk mitigation strategy in Vestas includes risk termination, risk reduction, risk
acceptance and risk passing on. Risk termination is to terminate activities as risk factors to the
77
risk .Risk reduction is to take action to minimize the effect. Risk acceptance is to retain the risk
without action. Risk passing on is to purchase insurance or using hedge to mitigate financial
losses from interest rate, exchange rate, etc. The selection of risk strategy is based on the
principle of risk cost-efficiency, which means that risk management is to save huge cost with
uncertainty by a certain fixed cost. Under such principles, it is the risk owners such as site staff
and BU staff that would choose the detail risk mitigation actions because they have better
knowledge about the risk dealing from their operations. However, group risk department
would normally give them idea support and general principle guidelines for their selection
decision.
Risk reporting is playing an important role of risk management framework spanning both
BCM and risk structure. During the process to the ERM (enterprise risk management), setting
an efficient risk register and reporting system is a first initiative. Risk reporting is primarily
done through using standard risk register procedure and forms. Risk register form normally
contains the items of risk events or potential events, risk description, risk owner, mitigation
action adopted (risk treatment adopted) and further improvement on risk treatment, risk rank,
etc. Following the risk governance structure, risk register is conducted by starting from the
bottom which is site level and to the group level. Staffs at each level are in charge of the
assigned risk registering and mapping and further report to the higher level.
Such risk
reporting system based on risk register can help risk manager on both level have clear vision
of what risks are there, the root cause of each risk, responsible person and mitigation action so
that risks and their development can fully be traced and mitigated. Risk reporting is also
linked to risk review and monitoring. By disclosing the information on the register form, the
effectiveness of risk treatment can be seen and relevant responsible person could be found.
From risk identification to risk report, the whole risk management process is working in a
circle and repeated at regular intervals so that risk information can be updated and trend of
changes could also be anticipated to some extent.
78
3.3.4 STRENGTH AND WEAKNESS ANALYSIS OF SUCH SYSTEM
Although the risk management system in Vestas is on the construction, there is still some
strength within the system. The biggest strength of such system is the comprehensive risk
management integrating proactive risk control and reactive control, which can be illustrated
by BCM and risk structure. For each potential risk there would be BCM plans (to cover the
maximum damage in case of its exposure) and risk structure (to mitigate risk before its
exposures). Those strategies control the risk through its lifecycle and can to great extent
mitigate the risk impact to the corporate operation, especially the wind turbine production.
The second strength of such system is the possibility of breaking the silos of sites and help to
mitigate risk in an aggregated way. Uniformed registration forms and assignment of risk
officers on each sites and BU s could help risk information be shared by silo sites under the
common risk language. In the meantime, silo sites could use its expertise at its functional
sphere to make feasible risk strategies for risk dealing. The third strength derives from Vestas’
emphasis on risk ownership and close awareness gap. The failure of traditional risk
management is the lack of risk awareness and risk management culture within the
organization. Vestas risk system emphasizes the necessity of risk ownership so that every staff
in the Vestas would be alert to the potential risk factors and close the risk awareness gap
which is the biggest risk embedded within the company. In addition, the bottom up risk
managing can mitigate risks by integrating the knowledge from both professional risk manage
staff and operational staff so that risk can be mitigated in the root.
However, because of the system is on the construction and some philosophies are recently
introduced; the system is sometimes not effective as is expected. One of the drawbacks of such
system is that it has difficulties in implementation. Some of the difficulties come from the
corporate management culture itself. For example, the up bottom risk managing has its
efficiency in policy implementation while bottom up methods seem to be more democratic and
the policy implementation normally takes a long time. Another big drawback of this system is
its imperfect development. Although risk management is targeted to identify, measure and
mitigate risk from all sources within different BU s, currently the risk department is mainly
79
focusing on assist the production BU to meet its business objectives such as providing spare
parts, guaranteeing the production of blades, etc. Therefore, risk management system in Vestas
right now only exists in production BU. There is no correlation between risk department and
other BU s, such as sales and communication, which in other words there is silo effect in risk
management amongst BU s, which is proved by the statement of risk staff in Vestas that
currently Vestas risk management is at its initial stage. Some other disadvantages are also
noticeable such as lack of data base system and IT support.
In conclusion, the Vestas risk management is on its path to comprehensive Enterprise risk
management system covering the whole BU s and risk sources. Current system has already
roughly constructed framework for general risks dealing, but is at a very beginning age. Right
now it starts from production BU and is approaching to other department which have related
issues and gradually cover the whole Vestas value chain, such as sales, R&D, etc. It also limits
its capability of managing other risks such as reputation risk.
4.4 REPUTATION RISK MANAGEMENT IN VESTAS
Reputation risk management in Vestas is not reported in the annual report. When
investigating the staff in Vestas, the common response is that there is no exact department
responsible for managing such risk. However, some function of different departments has
included the task of reputation risk management. Concerning the functional features of risk
management department, the author starts his investigation at risk management department
first to review its activities and strategy used for mitigating reputation risk. Considering the
silo effect within the Vestas risk management, the author also investigated the communication
department due to its closeness to the stakeholders. The investigation in two departments
provides a vision over reputation risk management reality in Vestas, which provides a
platform for model testing and implementation.
80
4.4.1 REPUTATION RISK MANAGEMENT IN RISK MANAGEMENT DEPARTMENT
When investigating the risk staff in Vestas risk department, reputation risk seems to a new
concept that has been under debate. Reputation risk from their perspective is link to corporate
image, which is important for corporate growth but implicit in the mind. Their understanding
of reputation risk is more inclined to be outcome of corporate operational risks which is the
key risks they pay attention to. Therefore, good operational risk management is actually
mitigating reputation risk. Based on such assumption, reputation risk in Vestas is not
specifically defined into one category of risk. (Actually other risk categories such as financial
risk, hazard risks, etc are not made yet, though in practice the factors of such risk have been
noticed and tried to be mitigated) There is no method in practice to identify and measure them
in quantity and no strategy for such mitigation. Reputation risk now is not on the risk register
and there is no risk ownership for such risk.
When they were asked the consideration of using stakeholder scanning to identify reputation
risk, they denied the applicability of such action incorporated into the current daily risk
management work within the risk department. From their perspective, the stakeholders
behind the risk are implicit but clear in their mind. Currently the risk department has to serve
for operational target of production BU s, which is explicit objective while conducting
stakeholder scanning involves more paper work and is also out of the departmental capability.
Measuring reputation risk via attitude analysis is also hard for the department. Especially
nowadays; the Vestas is expanding quickly accompanied with the quick expansion of wind
turbine market. In order to reach the target EBIT margin stated each year, Vestas production
should be kept sustained and upgraded. Therefore the largest economic loss is deemed from
operation failures. Thus the Vestas risk management system should serve for operation. What
is more, Vestas current risk management system is still on the construction. Although the ERM
is the final target, the current mechanism is not as effective as possible. Therefore, Vestas risk
staff tends to dealing risks in one functional silo and dealing with less complicated risks such
as production risk, supplier risks, etc with possibility of measuring risk scope in quantity. As
what risk staff in Vestas said, Vestas risk staffs are more focusing on the risk factors. However,
81
Vestas risk staff admits that most risk events do not only have financial impact but some other
impact as well such as impact on employees, environment, media broadcastings, etc.
Considering this, Vestas analyzes and maps risk via combing financial impact and such nonfinancial impact which to some extent indirectly refers to the reputation facet of impact from
operational risk. In general, reputation risk management in risk department is behind
consideration, the same as other categories risks, which means that reputation risk is to some
extent over-looked with the representation of lack of identification, management and
ownership.
4.4.2 REPUTATION RISK MANAGEMENT IN COMMUNICATION DEPARTMENT
Reputation risk management in communication department is also a new concept. In
communication department, stakeholders have been grouped and categorized. Key
stakeholders have been recognized due to their significance and power to the company. The
list below states the key stakeholders and their meanings to the Vestas.
1. Customers: Basis on Vestas business
2. Employees: Crucial for company growth and goal achievement
3. Suppliers: Importance to secure quality and sustain the growth of Vestas
4. Investors: power to determine Vestas survival
5. Decision makers: shaping the Business environment
Stakeholder perception and expectation is also available to be known in Vestas as stakeholder
survey is frequently conducted. As has been stated by the staff in communication department,
they have periodical surveys with customers, employees and suppliers. The purpose of
organizing such survey is not only to receive the feedback, but also to understand
stakeholder’s perception, value orientation and even proactively discover the events that
might potentially undermine Vestas reputation as is stated by the Vestas communication
director. Frequent dialogue is also regarded as tool for understanding stakeholders’ perception
and expectation. As is said by communication staff in Vestas, their daily and one to one
dialogue with investor, analyst and decision makers, etc grant Vestas clear vision of
82
stakeholder’s perception and expectation in a dynamic way from which the core value focus
and interest focus from various key stakeholders could be depicted. The following is the
sample of key stakeholders’ core value focus:
1.
Customers: reliable wind power solutions and on-time delivery
2.
Employees: good working condition plus opportunities for training and selfdevelopment
3.
Investors: continual corporate growth potential and operation and financial
performance reported transparently and authentically
4.
Decision makers: growing industry that fits with a green climate agenda and balance
between economy growth, society and environment.
The communication staff also agrees that stakeholder survey and dialogue would also help to
identify certain events that might undermine Vestas reputation. Vestas also uses whistle blow
system to identify some potential risk factors embedded within operation but revealed by the
individual staff itself, such as default action, unethical behaviors. Currently Vestas enjoys
sounding reputation within its most of key stakeholders such as investors, employees,
suppliers, decision makers, etc, but might not enjoy the low customer loyalty due to some
problems in service and punctual delivery. But compared with competitors, Vestas has its
strong reputation status in wind turbine industry due to its differentiation focus competition
strategy and well developed value chain. Vestas communication department also views such
survey and dialogue as a information channel to anticipate the attitude of stakeholders to
certain events such child labour, shutting down local manufacture facilities, insufficient par
parts supplies, etc. Based on such information, the communication staff would decide which
action should take and how fast to take actions. The communication department might not
quantify the severity of events or measure them, but prefer to focus on controlling the impact
of such events. The communication staffs believe that good dialogue can help reach
understanding with each other and it is effective. However, such communication and dialogue
is not perfect to mitigate every outrage generated from various events and repercussion from
83
stakeholder’s reaction, such as protest, governmental interference, vendor switching, etc.
Quick reaction to some emergency events would also be regarded as a method to control the
severity of the events. Vestas also emphasizes tracing the changes of business environment
and changes of stakeholders’ expectation in the long run through dialogue and various
surveys. Actually Vestas does not wish to be environmental follower, but proactive to
influence its environment and stakeholder value orientation. This can be shown from the
Vestas’ ideology preaching about renewable energy and consistent concerns about global
warming.
4.4.3 CONCLUSION ON REPUTATION RISK MANAGEMENT IN VESTAS
Reputation risk management in Vestas is a new ideology. However there is no clear risk
ownership for dealing with such risks issues. In risk management department, reputation risk
management is not considered as an independent risk style but as a second round effect from
operation risk. Based on this assumption, reputation risk management is neither organized by
current risk department nor within current risk management system. As another possible risk
owner, communication department does take certain actions to improve corporate reputation,
the methods of which include survey and dialogue. Supported by such methods, the
communication department shows its strong capability in information collection and analysis
referring to stakeholders and events possibly threatening Vestas reputation. Its strategy of
dialogue and communication can also to some extent help to mitigate the impact scope of
reputation risk events, though not always effective. In general, reputation risk management in
Vestas is not a system, but an action segregated by silo department of Vestas.
4.5 TESTING PROACTIVE REPUTATION RISK MANAGEMENT MODEL
IN VESTAS
After construction of the picture of Vestas reputation risk management, the author here wish
to testify the proactive reputation risk management model so as to perceive the conflicts and
analogues between author’s assumptions and their applicability to the Vestas case. As the
84
current action for reputation risk management is done by two department, the model would
be testified based within the two department so that general conclusion can be reached to
answer the question: ‘‘To what extent can proactive reputation risk management model be
applied or testified to Vestas case’’.
4.5.1 TESTING PROACTIVE REPUATION RISK MANAGEMENT MODEL IN RISK
MANAGEMENT ACTIVITIES.
From the information obtained from the risk department, we might be clear that reputation
risk management is not a considerable element within the risk system. Thus the proactive
reputation risk management is at least right now hard to be testified in the current risk
management model. There are some reasons behind for explanation:
1. Lack of resources and capability. Right now risk management system in Vestas is at its
initial stage and the risk department is recently built with staffs of 4 people. Currently
department is capable of serving for production risk, but for other risks dealing it might be
not within their competence. As is admitted by the risk staff in Vestas, reputation risk
management might require more sophisticated methods to create value, but currently no
expertise at this sphere is found.
2. Nature feature of reputation risk itself and requirement of silo breaking. Reputation risk
involves the analysis of perception and value orientation of stakeholders, which is
subjective and hard to quantify. The risk department might be expert at mitigating the root
causes of the reputation risk events, but might not be good at disclosing reputation risk
events and measuring the potential impact in stakeholder trust losing. Such task might be
within the capability of communication department. However there is no condensed
correlation between department of risk management and communication and silo effect
blocks the management of reputation risk.
3. No explicit impact criterion for measuring the reputation facet of risk impact. Normally
risk from operation has two impacts, one is financial losses and the other is reputation
losses. Sometimes qualitative or narrative impact criterion should be used to rank the risks.
85
However in risk registration there is no explicit reputation impact criterion statement
which might lead to difficulty to exact measurement. Given the bottom up risk
management structure, risk registration from the site without clear explicit criterion would
result in over-controlling some risks while neglecting others.
4. The different philosophy on reputation risk management. There is different philosophy of
risk management in financial and non financial department. In most financial department,
the management philosophy is that ‘‘what can be measured, can be managed’’, while in
non financial department such ideas are criticized.
From author’s perspective, the main root reason is the underdeveloped risk management
system in Vestas and the derived awareness gap within the Vestas risk perception. The risk
management capability in Vestas does still need time to expand from managing risk in silo
department to the whole enterprise. Incapability in managing reputation risk might leads to
the underestimation of reputation risk, which is awareness gap. One of the awareness gaps is
ignorance which is shown as risk known but without management due to lack of resources
and methods. This can be linked to reputation risk management situation in Vestas: as it is
complex to quantify, it is not worthy to manage it due to resource shortage and doubt in cost
efficiency. It can be explained by the opinion held by the risk staff in Vestas that ‘‘managing
reputation risk is valuable if more complicated methods can be introduced, but dealing the
risk at hand is also a value creation’’. It is arguable that such thinking is reactive as it is risk
ignorance and gambling. As is stated by risk staff in Vestas, Vestas is lucky to escape from
crisis events and huge reputation loss. The good thing is that Vestas risk department is
gradually approaching to reputation risk management as is agreed by Vestas risk staff that
managing reputation risk would create value and be meaningful for the Vestas long term
growth. With the development of Vestas enterprise risk management system and upgraded
technology, managing such risk would be on the agenda.
4.5.2 TESTIFYING PROACTIVE REPUTATION RISK MANAGEMENT MODEL IN
COMMUNICATION ACTIVITIES
In reviewing the reputation management in communication department, we might find many
86
analogies to proactive reputation risk management model, or in other words it could be in
most part explained by the model. The risk identification is viewed from starting stakeholders
profiling and ranking, from which key stakeholders would be depicted. Following that, risk
identification is through stakeholder analysis supported by the techniques like stakeholder
survey, dialogue and communication to identify the risk factors leading to reputation damage,
such as child labor, insufficient after-sales services, etc. The sources of such risks are reviewed
which are mainly from operation and service behavior. Image gap does exist within Vestas
with the example of low customer loyalty. The gap in value orientation is under the control as
is illustrated by the fitness of Vestas mission, vision and policy to the value orientation of the
main stakeholders. By using the survey, vestas communication staff could to some extent
make fair judgment on the stakeholder’s attitude to and how they react to certain events,
which in some sense a sort of qualitative measurement of risk severity. It is also interesting
that most of critical events that might lead to high outrage are linked to the key stakeholders’
core value orientation. For instance industrial injury or accident always has huge reputation
losses in Vestas’ employees whose core value orientation is working in good working
environment with option for development. Closing local factories is another reputation risk
factor as it contradicts the core value orientation of local community who is highly concerning
the employment rate and foreign investment. The strategy used for mitigating reputation risk
is to influence the attitude of stakeholders affected by the risk events before stakeholders take
action via communication and dialogue plus quick response. It is also testified that solely
relying on such strategy is not as effective as is expected. However, the characteristic of such
risk management action is that it is not organized in systematic way as risk management, and
also the risk control strategy in the communication department is not referring to disclose the
root cause of events in the operation and mitigate risk factors within the company. In general,
some risk management process and technologies for proactive reputation risk management are
mostly embedded within department daily work and actions.
4.5.3 CONCLUSION ON MODEL CERTIFICATION
After testifying the model in actions of two departments, we might find different outcomes for
87
such certification. Such model is not acceptable in risk management actions conducted by risk
management department due to the objective reality that risk management is silo functioned
and system is underdevelopment. However, it does not mean that such model is useless and
unsuitable to the Vestas case. The department resource and capability also determine the
adaptability of assumed model, which is proved by the certification of the model in the
communication activities. To the most extent, the model finds its practical application in
communication activities, which is also an important element in managing reputation risk in
Vestas. Therefore this model is not only applicable to the Vestas case, but is actually being
conducted in the Vestas daily operations with obvious sample of Vestas communication
actions.
However, it does not mean that Proactive reputation model is a copy of communication
system or communication action model in Vestas. From author’s perspective, proactive
reputation risk management is a system integrating the philosophy of risk management and
techniques in reputation management and risk management or even the involvement of the
whole Vestas functional silos under the direction of the CEO and board. The individual
managing performance of reputation risk in silo department would not result in good control
effect. Such assumption is also testified by the current failure or drawbacks of reputation risk
management in both risk management department and communication department. Lack of
survey techniques and analysis capability, risk management department overlooks the
reputation risk, while lack of controlling the root factors of risk events in operation, mitigating
risk impact through dialogue is proved to be dysfunction. Although the proactive reputation
risk management model has found its application possibility in Vestas case, it also reflects
some problems in Vestas reputation risk management situation and furthermore inspires the
author’s thinking on how should Vestas manage its reputation risk in a proactive manner,
which would be the issue discussed in the next part of the paper .
88
4.6 FURTHER THINKNG: PROACTIVE REPUTATION RISK
MANAGEMENT IN VESTAS
In the previous part, the proactive reputation risk management model is testified to be
applicable in Vestas case. During the testifying process, the author reviews the reputation risk
management in Vestas and comes up some problems, from his perspective, existing in
reputation risk management in Vestas. The author would conclude his thinking on such
problems and make further discussion of how to proactively manage reputation risk in Vestas.
4.6.1 PROBLEMS IN REPUTATION RISK MANAGEMENT IN VESTAS
General speaking, Vestas enjoys its sounding reputation in most of the stakeholder group.
However, the current low customer loyalty rate and the new entrant into the wind turbine
market show the necessity of strengthening its reputation as well as noticing problems in
reputation risk management in Vestas .
The first problem lies in the lack of ownership of reputation risk management. Currently there
is no single department fully in charge of reputation risk management. Risk management
department mainly focuses on maintaining production, while communication is more
concerning customer relationship. Although some actions in different department can help
mitigate reputation risk, none of them takes the full ownership of reputation risk management.
Lack of risk ownership would create risk awareness gap within the company, which is a
potential threat embedded in the operation
The second problem lies in the fact that reputation risk management is not formed in a system
but silo behaviors. Communication department might have capability to identify the risk
sources, but cannot trace the root cause and take action to make improvement in other BU s
operations. Therefore the only capable way for mitigating risk is to influence the expectation of
stakeholders, which from author’s perspective is only one of the advised strategies for risk
controlling. Controlling the risk events from the root is advised as a good option for mitigating
risk, which requires the work of risk management staff. Actually the low level of customer
89
loyalty is mainly from service default while Vestas product appears to be of high satisfaction
rate, which proves the contribution of risk department work. Therefore cooperation with two
departments for managing reputation risk is necessary. Especially the knowledge sharing
between the two departments should be a starting step.
The third problem is how to create measurement tools for risk department to identify and
measure the reputation facet of risk events. Any risk event might include two facets of impact,
one is direct financial loss and the other is reputation loss. It is by calculating the impact of
those two and comparing the impact with the risk appetite that can determine the worth of
managing such risk. Recently Vestas risk staffs are discussing the possibility of introducing
qualitative impact analysis for risk registration by getting assistance from the external
consultant. However the concrete items within the consequence scale is still on debating. If
explicit items can be introduced, the reputation risk events might expect to be mitigated from
the roots.
4.6.2 HOW TO PROACTIVELY MANAGE REPUATION RISK IN VESTAS
Reviewing the problems in reputation risk management in Vestas inspires the author to
discuss about how to proactively manage reputation risk in Vestas. Such issue is also a topic
that is being debated in risk management department in Vestas. Based on the information
available from the interview as well as the author’s thinking on reputation risk management,
the author here wishes to stress several ideas and recommendation for successful reputation
risk management in a proactive manner.
The first idea for proactive reputation risk management is to assign risk ownership. As
reputation risk might come up from corporate behavior from varied departments, no single
department can simply afford the risk ownership. Therefore it might be suitable to assign such
ownership to a high level management or board level for coordination and governance. Such
risk ownership affordance can help to break the silo within the Vestas and organize the
managing activities in a system way.
90
The second idea for proactive reputation risk is to make cooperation of risk management
department and communication department or at best involve the communication department
into the risk register and reporting system. Risk identification and measurement can be done
within the communication department through the data base of stakeholder profile and
outcome of stakeholder survey. Primary mitigation strategy and actions can also be done by
communication department. The risk department can use the reported information to trace the
root source of key risk events threatening corporate reputation and use operational mitigation
strategy to control the risk factors deriving from the roots. It is also important for risk
management department to consider the reputation facet of operational risk identified. To
solve the problem of implicit items for qualitative impact analysis, the author suggests
considering primarily the core value orientation or key interest focus of the key stakeholders
(the information of which can be obtained from the communication department), and try to
make them explicit into concrete items. Take the core value orientation of employees for
example. They have core value orientation in safety and good working environment. Therefore
items referring to safety and health should be considered. Any risk events contradicting items
can be measured in terms of their severity in contradiction. By considering the reputation facet
of risk, the reputation risk event would not be ignored and be mitigated by adapting corporate
operation.
The third issue that should be considered is about the choice of risk control strategy advised in
the theoretical part. If we review the strategies advised before, we might be clear that strategy
for reputation risk management can be rooted into two alternatives: one is influencing the
stakeholder’s expectation and the other is to control the risk factors in the root. Currently
Vestas communication department takes the first alternative which is using dialogue and
communication to influence stakeholder attitude, but control the risk factors in the root is a
better choice. This means the Vestas operation should try to avoid the mistake in its daily
operations which might generate high negative attitude of the key stakeholders. Obviously
achieving such goal requires the application of high standard and business objectives, which in
91
Vestas case is illustrated as using CSR, high quality standard in production and other codes of
conduct in corporate ethics, human right, etc.
The fourth issue is to build up good knowledge management system. Risk management itself
is a decision process which requires huge information for analysis as well as knowledge
capability. Proactive reputation risk management demands the information and knowledge
sharing with different department and stakeholders. Especially in Vestas, different BU s are
independent from operation and sometimes lack of contact. Therefore, good knowledge
management is of necessity for reputation risk management.
92
Chapter 5 Conclusion and Reflection
Reputation is now the most valuable asset and capital for most of the TNCs. Reputation risk is
an underlying threat or opportunity influencing the success and survival of most of TNCs.
However, the research on such risk is at its infant stage and in practice such risk is often
overlooked or neglected due to insufficient theoretical basis and practical means. Traditionally
reputation risk management is mixed with public relation and crisis management,
characterized as simple image identification and risk exposure loss coverage, which is return
proved to be dysfunctional by recent corporate scandals and bankruptcies. Realizing the gap
between academic research and requirement of business reality, the author in this paper is
dedicated to contribute his thinking to reputation risk management, especially how to manage
reputation risk in a proactive way.
From author’s perspective, reputation risk has its lifecycle ranging from potential stage to
crisis stage. Compared with the reactive methods or strategy, proactive reputation risk
management should have its focus on controlling risk before crisis stage. This requires early
risk identification, risk analysis and, more importantly, early risk control. Before the discussion
on how to manage reputation risk proactively, the author returned to literatures as is shown
by the subtitle of this paper to find relevant theories and concepts assisting to deal with such
issue. During the paper review, the author selected stakeholder theory in reputation
management and risk management theories as source of methodics for theory construction,
which ends in building proactive reputation risk management model. In this model, the author
argued that reputation risk could be identified, analyzed through stakeholder scanning,
stakeholder attitude analysis. The final risk control strategy should include risk avoidance,
namely control the root cause within the company; risk prevention, namely influence the
stakeholders’ attitude and expectation before they take reaction; risk reduction, namely control
93
the impact of stakeholders’ reaction; and possibly risk transferring by purchasing reputation
risk insurance. In the model, the author also stresses that the key part of managing reputation
risk should be in control process. In other word, managing reputation risk has it significance in
risk control. The construction of model confirms the possibility of proactive reputation risk
management from theoretical perspective and provides general solution to how it functions. In
order to testifying the applicability of such model, the author returns to a case company,
Vestas A/S, as a platform for model certification. The author firstly investigated the risk
management activities in Vestas and later on the communication department so as to form a
clear vision of how Vestas manage its reputation risk in practice, based of which model is
testified. During the process, the author found model is not able to be tested from Vestas risk
management activities, while in the communication activities the author found applicable
basis of this model, which in some sense testifies the possible linkage of the theoretical
assumption to the business reality and possible applicability of such model, which means in
reality proactive reputation risk management could be done or to certain extent has been done
by some companies. Considering the conflicts between Vestas actions of reputation risk
management and that of mine, the author analyzed the reason behind with explanations and
also pinpointed the problems in Vestas reputation risk management and furthermore stressed
his ideas on how to proactive manage reputation risk in Vestas case.
The main research purpose of this paper at this stage is conducted. However, it does not mean
that the proactive reputation risk management model stated here is perfect and with good
empirical application. There are some issues and limitations that might need taking refection
over proactive reputation risk management and its model.
Firstly the application of proactive reputation risk model has its limitation from the influence
of corporate resources, techniques and governance structures. Managing reputation risk from
author’s perspective requires the information and analysis about stakeholders. Data base
referring to previous reputation risk events and stakeholders might be needed. Some
companies might not have the techniques and resources for building up such system. In
94
addition, proactive reputation risk management requires the frequent cooperation with
different departments, which means that company has to break the silos. However, for most of
transnational companies, the silo effect between different departments does exist, which to
certain degree limits the effectiveness of organizing reputation risk management proactively.
Secondly, this model might be over idealism, especially in the measure methods proposed in
the model. In this model, the measurement of reputation risk is determined by analyzing
stakeholders’ attitude to the risk factors. However, due to the ubiquity of reputation risk, it is
relatively hard to measure the stakeholders’ attitude to each risk factor deriving from other
risk sources. The possible solution to this is to identify key stakeholders and their core value
orientation. Normally the events contradicting the core value of stakeholders would generate
high outrages attitude. Especially for those key stakeholders, their reaction would lead to high
impact. If we conclude their core value orientation and specify it into concrete qualitative
measurement items, it would be easier to take measurement. However, risk measurement
from author’s understanding is only a decision process to decide whether identified risk
should be managed or not so as to prevent the problem of risk over controlling. Reputation
risk itself is with high damage possibility. It requires special notice and protection. Although
reputation risk is hard to be quantified and measured, it does not mean the negligence of
control is allowable. As is stated before, the purpose of risk management is to control risk
rather than solely measure it. Risk measurement is just a tool. It is the risk appetite or attitude
to the identified risks would decide control actions.
Thirdly the adoption reputation risk management is also influenced by the market or
industrial environment where the company is in. In the market where competition is fierce,
reputation risk management would attract more attention. This can be shown in the
Pharmaceutical industry that fierce competition pushes many transnational companies like
NOVO NORDISK to develop reputation risk management system under the supervision of
board. In the market where competition is not fierce, reputation risk management might not
be so systematically organized.
95
Finally it might also be noticeable that proactive reputation risk management model does not
consider the ownership of such risk and how different departments should make cooperation,
while in the reality such issues would directly influence the outcome of management.
Therefore, clarifying risk ownership as well as organizing cooperation between different
departments should be put on the thinking.
In conclusion, reputation risk management is a newly developed and sometimes debating
subject in both academics and business practice. How to manage reputation risk in a
transnational company would end in different academic debate and discussion on methods
selection. The author in this paper stated his standpoint on reputation risk management,
namely reputation risk can be and should be proactively managed via early identification,
analysis and control. Actually the author believes the proactive reputation risk management is
not only a solution, but more importantly an ideology or an attitude for companies to deal
with risk rather than unwillingly retain reputation risk without protection. Although it might
be arguable that the methods and the model in this paper are imperfect, the companies should
know they are not venerable to the reputation risk, but could control it and even create
opportunity if they proactive managing it in place.
96
References
Abnor Bjarke . Methodology for Creating Business Knowledge. Sage Publications, UK, 1997
Marks S, Dorfman. Introduction to risk management& Insurance, 6th edition. Prentice Hall
International Inc, 1998,
Dimitris N Chorafas. Risk management technology in financial services. Elsevier Ltd, 2007
Giampiero E.G. Beroggi/ William A. Wallace. Operational Risk Management –Integration of
decision, communication and media technologies. Kluwer Academic Publishers, 1998
James Pickford. Financial Times: Mastering Risk. Pearson Education Limited, 2001
Grahame R. Dowling. Corporate reputations—strategies for developing the corporate brand. Kogan
Page Limited, 1994
Dale Neef. Managing corporate reputation &risk -----Developing a strategic approach to corporate
integrity using knowledge management. Elsevier Ltd, 2003
Regester Michael. Risk Issue and Crisis Management. Kogan Page Limited, 2005
Tony Merna and Faisal F.Al-Thani. Corporate Risk Management ----An organizational perspective,
John Wiley & Sons Ltd, 2005
Torben Juul Andersen. Perspective on Strategic Risk Management. Copenhagen Business School
Press, 2006
Julian Cummings. Risk management-An implementation guide. Cardiff Caerdydd, 2004,
97
Crouhy, Micheal. Essentials of risk management. McGraw-Hill Companies, 2005
Economist Intelligence Unit. Series Report: Reputation: Risk of risk. The Economist, 2005
Robert G.Eccles. Conference paper: Reputation and its risk-the necessity of managing reputation risk.
Bonn/Petersberg, 2006
Adam Jolly. Managing business risk, Kogan Page and contributors, 2003
David Abrahams. Brand Risk –Adding risk literacy to brand management. Gower Publishing, 2008
Allen, D. Risk management in Business. Cambridge University Press, Cambridge, 1995
Croft Susan. Managing Corporate Reputation: the new currency. Thorogood press, London, 2003
Judy Larkin. Strategic Reputation Risk Management. Palgrave Macmillan Press, 2003
Dr Robert G. Eccles. Reputation and its risk: the necessity of managing reputation risk, 2006
COSOC. Enterprise Risk Management—Integrated Framework. Committee of Sponsoring
Organizations of Treadway Commission 2004
Stephen Gates. Incorporating strategic risk into enterprise risk management. Audenica Nantes Ecole
de Management.2006
Jason Perry and Patrick de Fontnouvelle. Measuring reputation risk: The market reaction to
operational loss announcements. Federal Reserve Bank of Boston, 2005
CIMA. Corporate reputation: perspectives of measuring and managing a principle risk. The chartered
institute of management accountant, UK, 2007
Henry H Goldman. Risk management: inproving competitiveness through a reputation risk
management approach. Risk management associates, International,LLC, 2006
Chonawee Supatgiat, Chris Kenyon and Lucas Heusler. Cause-to-effect operational risk
98
quantification and management. IBM Zurich Research Laboratory, 2006
Madeleine Hayenhjelm. Asymmetries in risk communication. Royal institute of technology,
Stockholm, Sweden, 2006
Micheal Zboron. Reputation risk in the context of A.M. Best rating analysis. A.M. Best Europe.
2006
Brian W.Nocco. Enterprise risk management: theories and practice. Ohio state university, 2006
Economist Intelligence Unit. Working paper: Reputation-- Risk of risk. The economist intelligence
unit, 2005
T. Vijay Kumar. The methodology behind risk and control self assessment. I-Flex Consulting, 2008
David Davies. Reputation risk management. DBRC, 2001
Peter Forstmoser and Nikodemus Herger. Managing reputation risk: a reinsurer’s view. The
Geneva papers, 2006
Kai-Uwe Schanz. Reputation and reputation risk management. Converium Ltd, 2006
Banks, Erik. Alternative risk transfer: integrated risk management through insurance, reinsurance and
the capital market. John Wiley & Sons, Incorporated. 2004
Vestas. Vestas annual report 2004, 2006, 2007. Vestas A/S, 2004, 2006, 2007.
Oxford advanced learner’s dictionary of current English, fourth edition. Oxford University Press.
2004
www.dictionary.com
http://www.vestas.com/
http://www.siliconfareast.com/crisis-management.htm
99
Appendices
Questionnaires for Vestas (1)
Interviewee:
Time:
Job Title
Intention of this interview is to understand the Possibility of using risk management process,
methods and strategy to manage reputation risk in the Vestas Case as well as investigation
how Vestas manages its reputation risk (abbreviated to Rep-risk in the context of this
questionnaire).
Section One: Risk and Rep-Risk
1. How do you define risk?
2. How do you define reputation to Vestas? Do you think it vital for Vestas?
3. What does Vestas think of the current situation of its reputation? (Good, bad, under
threats)
4. How do you define Rep-risk?
Section Two: Rep-Risk in Vestas
1. Do you think Vestas have Rep-risk?
Yes
No
(1) If yes, Could you list the key factors of such risk?
Factor 1.
100
Factor 2.
Factor 3.
Factor 4.
(2) If No, Could you explain WHY?
(3) Do you believe they are pure risks or speculative ones?
2. How would such risk factors be evolved to threaten or create opportunities to Vestas
Factor 1.
Factor 2.
Factor 3.
Factor 4.
3. How could Vestas discover or identify such risk factors?
4. How could Vestas analyse, measure their impact both in severity and possibility?
5. Facing these impacts, what are the actions of Vestas to respond them? What risk control
strategy is vestas used? ( risk avoidance, prevention, reduction and transfer)
Section Three: Risk Management in Vestas
1. The history of Risk management system in Vestas? ( when do you start and how is it
evolved? )
2. What are the driving forces for building current risk management system?
3. What are the characteristics of Vestas risk management system? (ERM or Silo system)
4. What are the main principles underlying the risk management system in Vestas?
101
5. What are the components of Vestas risk management system? How do you organize the
risk management system?
6. What are the risks faced by Vestas ? How do you identify them? How do you group
them after identification? How do you measure them? How do you rank them? How do
you control them?
7. What are the key risks within Vestas? What is the core solution to those risks in Vestas?
8. Do you think they might correlate to reputation risk?
9. What is the effectiveness of such system? What about the criteria for judging system
effectiveness? (How many risks could this system manage? Could it cover the majority of
risks in Vestas? Could it can create value and improve Vestas financial performance? The
strength and weakness of such system? )
10. How could this system be integrated into Vestas operation, strategy? How is it
implemented? What are the main challenges in implementation? How do you deal with
such challenges? What about the reporting and monitoring mechanism within the RM
system?
11. Has Vestas ever considered using such system to manage reputation risk?
(1).Yes
Please state to what extent could such system help to manage Re-risk?
(2). No
a. Please state the reason. What are the difficulties to implement such system in
Rep-risk management?
b. Is it possible to use Risk management rationale to manage reputation risk?
c. So far as you know, is there any special system for Re-risk management?
What are they?
d. Can reputation risk be measurable and controlled? What is the method of
doing that? The difficulties to manage reputation risk?
102
e. What is the ideal Rep-Risk management system from Vestas Perspective? s
(The content, problems needed doing with, etc)
Section Four, Other Information
1- Who are Vestas Key stakeholders? What are the criteria of judging who key stakeholder is?
2- Have you get any corporate reputation survey of the stakeholders?
3- What are the items within the survey? What does vestas wish to learn from such survey?
4- Could you identify the sources of reputation risk from the survey? If so, what are they? If
not, why?
5- To what extent do you believe by measuring the attitudes of stakeholders to the risk, the
possibility and severity of risk can be anticipated (with the involvement of scenario
analysis)?
6- To what extent do you believe rep-risk can be managed by risk avoiding (mitigate risk
factors within the company), risk prevention (lower the outrage level of stakeholder
attitude), risk reduction and risk transfer strategy (lower the severity of stakeholder’s
action impact)?
7- Can my thinking be logical and applicable to Vestas case? Any problems do exist? To what
extent can it be applicable? What needs to be improved?
103
Questionnaire to Vestas (2)
(Supplementary Questions)
1. How do you define reputation in Vestas? What is the value of reputation for Vestas?
2.
Do you think reputation is defined from stakeholder?
3. What are the stakeholders group in or around Vestas ? What are the key stakeholders
under Vestas concern? (Could you list 5 key stakeholder groups?) Why do you think they
are more important? (based on their importance or power)
4. What is their core value focus or interest concern in wind turbine industry and also in
Vestas ? (For example, in airline industry safety is the core value focus while punctuality is
the sub-core)
5. What is Vestas mission and business objective? Does Vestas mission or objective match
such value focus and concern?
6. What is their perception on Vestas ? What is their expectation to Vestas respectively?
7. How do you know their perception and expectation? (by which method)
8. By such methods, could you always update the information of their perception and
expectation about Vestas?
9. Do you think Vestas enjoy good reputation amongst these stakeholder groups? How do
you build up such good reputation? How do you maintain that?
10. What might undermine or threaten the good reputation of Vestas amongst these
stakeholders, especially key stakeholders? Could you list the main causes or threats?
11. How does Vestas discover these threats?
12. How does Vestas deal with these threats?
104
13. What are the methods and strategy used by Vestas for managing reputation?
14. Have you ever considered using risk management strategy and methods for managing
reputation?
ADDITIONAL QUESTIONS
15. Do you think the severity of such threat to trust is depended on stakeholders’ attitude to
such threat, stakeholder’s power and corporate previous behavior?
16. Do you think such attitude is determined by stakeholders core value focus?
17. Does Vestas have any gap between its performance and expectation from Key stakeholders?
18. Does Vestas have better reputation than its competitors? Why?
19. How would Vestas meet the challenges from corporate environment changes?
105