Get Instant Access
to This Blueprint

Vendor Management icon

Identify and Manage Reputational Risk Impacts on Your Organization

Brand reputation is the most valuable asset an organization can protect.

Access to information about companies is more available to consumers than ever. Organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.

A negative event could impact your organization's reputation at any given time. Make sure you understand where such events may come from and have a plan to manage the inevitable consequences.

Our Advice

Critical Insight

  • Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.
  • Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.

Impact and Result

  • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
  • Prioritize and classify your vendors with quantifiable, standardized rankings.
  • Prioritize focus on your high-risk vendors.
  • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

Identify and Manage Reputational Risk Impacts on Your Organization Research & Tools

1. Identify and Manage Reputational Risk Impacts on Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your brand reputation.

Use this research to identify and quantify the potential reputational impacts caused by vendors. Use Info-Tech's approach to look at the reputational impact from various perspectives to better prepare for issues that may arise.

2. Reputational Risk Impact Tool – Use this tool to help identify and quantify the reputational impacts of negative vendor actions.

By playing the “what if” game and asking probing questions to draw out – or eliminate - possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.


Identify and Manage Reputational Risk Impacts on Your Organization

Brand reputation is the most valuable asset an organization can protect.

Analyst Perspective

Organizations must diligently assess and protect their reputations, both in the market and internally.

Social media, unprecedented access to good and bad information, and consumer reliance on others’ online opinions force organizations to dedicate more resources to protecting their brand reputation than ever before. Perceptions matter, and you should monitor and protect the perception of your organization with as much rigor as possible to ensure your brand remains recognizable and trusted.

Photo of Frank Sewell, Research Director, Vendor Management, Info-Tech Research Group.

Frank Sewell
Research Director, Vendor Management
Info-Tech Research Group

Executive Summary

Your Challenge

Access to information about companies is more available to consumers than ever. A negative event could impact your organizational reputation at any time. As a result, organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.

Make sure you understand where negative events may come from and have a plan to manage the inevitable consequences.

Common Obstacles

Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.

Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.

Info-Tech’s Approach

Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.

Prioritize and classify your vendors with quantifiable, standardized rankings.

Prioritize focus on your high-risk vendors.

Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

Info-Tech Insight

Organizations must evolve their risk assessments to be more adaptive to respond to rapid changes in online media. Ongoing monitoring of social media and the vendors tied to their company is imperative to achieving success and avoiding reputational disasters.

Info-Tech’s multi-blueprint series on vendor risk assessment

There are many individual components of vendor risk beyond cybersecurity.

Cube with each multiple colors on each face, similar to a Rubix cube, and individual components of vendor risk branching off of it: 'Financial', 'Reputational', 'Operational', 'Strategic', 'Security', and 'Regulatory & Compliance'.

This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

Out of scope:
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

Reputational risk impacts

Potential losses to the organization due to risks to its reputation and brand

In this blueprint, we’ll explore reputational risks (risks to the brand reputation of the organization) and their impacts.

Identify potentially negative events to assess the overall impact on your organization and implement adaptive measures to respond and correct.

Cube with each multiple colors on each face, similar to a Rubix cube, and the vendor risk component 'Reputational' highlighted.

Protect your most valuable asset: your brand

25%

of a company’s market value is due to reputation (Transmission Private, 2021)

94%

of consumers say that a bad review has convinced them to avoid a business (ReviewTrackers, 2022)

14 hours

is the average time it takes for a false claim to be corrected on social media (Risk Analysis, 2018)
Image of an umbrella covering the word 'BRAND' and three arrows approaching from above.

What is brand recognition?

And the cost of rebranding

Brand recognition is the ability of consumers to recognize an identifying characteristic of one company versus a competitor.” (Investopedia)

Most trademark valuation is based directly on its projected future earning power, based on income history. For a new brand with no history, evaluators must apply experience and common sense to predict the brand's earning potential. They can also use feedback from industry experts, market surveys, and other studies.” (UpCounsel)

The cost of rebranding for small to medium businesses is about 10 to 20% of the recommended overall marketing budget and can take six to eight months (Ignyte).

Stock image of a house with a money sign chimney.

"All we are at our core is our reputation and our brand, and they are intertwined." (Phil Bode, Principal Research Director, Info-Tech Research Group)

What your vendor associations say about you

Arrows of multiple colors coalescing in an Earth labelled 'Your Brand', and then a red arrow that reads 'Reputation' points to the terms on the right.

Bad Customer Reviews

Breach of Data

Poor Security Posture

Negative News Articles

Public Lawsuits

Poor Performance

How a major vendor protects its brand

An ideal state
  • There is a dedicated brand protection department.
  • All employees are educated annually on brand protection policies and procedures.
  • Brand protection is tied to cybersecurity.
  • The organization actively monitors its brand and reputation through various media formats.
  • The organization has criteria for assessing x-party vendors and holds them accountable through ongoing monitoring and validation of their activities.

Brand Protection
Done Right

Sticker for a '5 Star Rating'.

Never underestimate the power of local media on your profits

Info-Tech Insight

Keep in mind that too much exposure to media can be a negative in that it heightens the awareness of your organization to outside actors. If you do go through a period of increased exposure, make sure to advance your monitoring practices and vigilance.

Story: Restaurant data breach

Losing customer faith

A popular local restaurant’s point of service (POS) machines were breached and the credit card data of their customers over a two-week period was stolen. The restaurant did the right thing: they privately notified the affected people, helped them set up credit monitoring services, and replaced their compromised POS system.

Unfortunately, the local newspaper got wind of the breach. It published the story, leaving out that the restaurant had already notified affected customers and had replaced their POS machines.

In response, the restaurant launched a campaign in the local paper and on social media to repair their reputation in the community and reassure people that they could safely transact at their business.

For at least a month, the restaurant experienced a drastic decrease in revenue as customers either refused to come in to eat or paid only in cash. During this same period the restaurant was spending outside their budget on the advertising.
Broken trust.

Story: Monitor your subcontractors

Trust but verify

A successful general contractor with a reputation for fairness in their dealings needed a specialist to perform some expert carpentry work for a few of their clients.

The contractor gave the specialist the clients’ contact information and trusted them to arrange the work.

Weeks later, the contractor checked in with the clients and received a ton of negative feedback:

  • The specialist called them once and never called back.
  • The specialist refused to do the work as described and wanted to charge extra.
  • The specialist performed work to “fix” the issue but cut corners to lessen their costs.

As a result, the contractor took extreme measures to regain the clients’ confidence and trust and lost other opportunities in the process.

Stock image of a sad construction site supervisor.

You work hard for your reputation. Don’t let others ruin it.

Don’t forget to look within as well as without

Stock image of a frustrated desk worker.

Story: Internal reputation is vital

Trust works both ways

An organization’s relatively new IT and InfoSec department leadership have been upgrading the organization's systems and policies as fast as resources allow when the organization encounters a major breach of security.

Trust in the developing IT and InfoSec departments' leadership wanes throughout the organization as people search for the root cause and blame the systems. This degradation of trust limits the effectiveness of the newly implemented process, procedures, and tools of the departments.

The new leaders' abilities are called into question, and they must now rigorously defend and justify their decisions and positions to the executives and board.

It will be some time before the two departments gain their prior trust and respect, and the new leaders face some tough times ahead regaining the organization's confidence.

How could the new leaders approach the situation to mend their reputations in the wake of this (perhaps unfair) reputational hit?

It is not enough to identify the potential risks; there must also be adequate controls in place to monitor and manage them

Stock image of a fingerprint on a computer chip under a blacklight.

Identify, manage, and monitor reputational risks

Global markets
  • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
  • Now more than ever, organizations need to be mindful of the larger global landscape and how their interactions within various regions can impact their reputation.
Social media
  • Understanding how to monitor social media activity and online content will give you an edge in the current environment.
  • Changes in social media generally happen faster than companies can recognize them. If you are not actively monitoring those risks, the damage could set in before you even have a chance to respond.
Global shortages
  • Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term plans.
  • Customers don’t always understand what is happening in the global supply chain and may blame you for poor service if you cannot meet demands as you have in the past.

Which way is your reputation heading?

  • Do you understand and track items that might affect your reputation?
  • Do you understand the impact they may have on your business?

Visualization of a Newton's Cradle perpetual motion device, aka clacky balls. The lifted ball is colored green with a smiley face and is labelled 'Your Brand Reputation'. The other four balls are red with a frowny face and are labelled 'Data Breach/ Lawsuit', 'Service Disruption', 'Customer Complaint', and 'Poor Delivery'.

Identifying and understanding potential risks is essential to adapting to the ever-changing online landscape

Info-Tech Insight

Few organizations are good at identifying risks. As a result, almost none realistically plan to monitor, manage, and adapt their plans to mitigate those risks.

Reputational risks

Not protecting your brand can have disastrous consequences to your organization

  • Data breaches & lawsuits
  • Poor vendor performance
  • Service disruptions
  • Negative reviews

Stock image of a smiling person on their phone rating something five stars.

What to look for in vendors

Identify potential reputational risk impacts
  • Check online reviews from both customers and employees.
  • Check news sites:
    • Has the vendor been affected by a breach?
    • Is the vendor frequently in the news – good or bad? Greater exposure can cause an uptick in hostile attacks, so make sure the vendor has adequate protections in line with its exposure.
  • Review its financials. Is it prime for an acquisition/bankruptcy or other significant change?
  • Review your contractual protections to ensure that you are made whole in the event something goes wrong. Has anything changed with the vendor that requires you to increase your protections?
  • Has anything changed in the vendor’s market? Is a competitor taking its business, or are its resources stretched on multiple projects due to increased demand?
Illustration of business people in a city above various icons.

Assessing Reputational Risk Impacts

Zigzagging icons and numbers one through 7 alternating sides downward. Review Organizational Strategy
Understand the organizational strategy to prepare for the “what if” game exercise.
Identify & Understand Potential Risks
Play the “what if” game with the right people at the table.
Create a Risk Profile Packet for Leadership
Pull all the information together in a presentation document.
Validate the Risks
Work with leadership to ensure that the proposed risks are in line with their thoughts.
Plan to Manage the Risks
Lower the overall risk potential by putting mitigations in place.
Communicate the Plan
It is important not only to have a plan but also to socialize it in the organization for awareness.
Enact the Plan
Once the plan is finalized and socialized put it in place with continued monitoring for success.
(Adapted from Harvard Law School Forum on Corporate Governance)

Insight Summary

Reputational risk impacts are often unanticipated, causing catastrophic downstream effects. Continuously monitoring your vendors’ actions in the market can help organizations head off brand disasters before they occur.

Insight 1

Understanding how to monitor social media activity and online content will give you an edge in the current environment.

Do you have dedicated individuals or teams to monitor your organization's online presence? Most organizations review and approve the online content, but many forget the need to have analysts reviewing what others are saying about them.

Insight 2

Organizations need to learn how to assess the likelihood of potential risks in the rapidly changing online environments and recognize how their partnerships and subcontractors’ actions can affect their brand.

For example, do you understand how a simple news article raises your profile for short-term and long-term adverse events?

Insight 3

Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.

Do you include a social media and brand protection policy in your annual education?

Identify reputational risk

Who should be included in the discussion?
  • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make INFORMED decisions.
  • Getting input from your organization's marketing experts will enhance your brand's long-term protection.
  • Involving those who directly manage vendors and understand the market will aid in determining the forward path for relationships with your current vendors and identifying new emerging potential partners.
  • Organizations have a wealth of experience in their marketing departments that can help identify real-world negative scenarios.
  • Include vendor relationship managers to help track what is happening in the media for those vendors.
Keep in mind: (R=L*I)
Risk = Likelihood x Impact

Impact tends to remain the same, while likelihood is a very flexible variable.

Stock image of a flowchart asking 'Risk?', 'Yes', 'No'.

Manage and monitor reputational risk impacts

What can we realistically do about the risks?
  • Re-evaluate corporate policies frequently.
  • Ensure proper protections in contracts:
    • Limit the use of your brand name in the publicity and trademark clauses.
    • Make sure to include security protections for your data in the event of a breach; understand that reputation can rarely be made whole again once trust is breached.
  • Introduce continual risk assessment to monitor the relevant vendor markets.
  • Be adaptable and allow for innovations that arise from the current needs.
    • Capture lessons learned from prior incidents to improve over time and adjust your strategy based on the lessons.
  • Monitor your company’s and associated vendors’ online presence.
  • Track similar companies’ brand reputations to see how yours compares in the market.

Social media is driving the need for perpetual diligence.

Organizations need to monitor their brand reputation considering the pace of incidents in the modern age.

Stock image of a person on a phone that is connected to other people.

The “what if” game

1-3 hours

Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk

Output: Comprehensive reputational risk profile on the specific vendor solution

Materials: Whiteboard/flip charts, Reputational Risk Impact Tool to help drive discussion

Participants: Vendor Management Coordinator, Organizational Leadership, Operations Experts (SMEs), Legal/Compliance/Risk Manager, Marketing

Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

  1. Break into smaller groups (or if too small, continue as a single group).
  2. Use the Reputational Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risk but manage the overall process to keep the discussion on track.
  3. Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

Download the Reputational Risk Impact Tool

Example: Low reputational risk

We can see clearly in this example that the contractor suffered minimal impact from the specialist's behavior. Though they did take a hit to their overall reputation with a few customers, they should be able to course-correct with a minimal outlay of effort and almost no loss of revenue.

Stock image of construction workers.

Sample table of 'Sample Questions to Ask to Identify Reputational Impacts'. Column headers are 'Score', 'Weight', 'Question', and 'Comments or Notes'. At the bottom the 'Reputational Score' row has a low average score of '1.3' and '%100' total weight in their respective columns.

Example: High reputational risk

Note in the example how the tool can represent different weights for each of the criteria depending on your needs.

Stock image of an older person looking out a window.

Sample table of 'Sample Questions to Ask to Identify Reputational Impacts'. Column headers are 'Score', 'Weight', 'Question', and 'Comments or Notes'. At the bottom the 'Reputational Score' row has a high average score of '3.1' and '%100' total weight in their respective columns.

Summary

Be vigilant and adaptable to change
  • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
  • Understanding how to monitor social media activity and online content will give you an edge in the current environment.
  • Bring the right people to the table to outline potential risks to your organization’s brand reputation.
  • Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.
  • Incorporate lessons learned from incidents into your risk management process to build better plans for future issues.
Stock image of a person's face overlaid with many different images.

Organizations must evolve their risk assessments to be more adaptive to respond to global factors in the market.

Ongoing monitoring of online media and the vendors tied to company visibility is imperative to avoiding disaster.

Bibliography

"The CEO Reputation Premium: Gaining Advantage in the Engagement Era." Weber Shandwick, March 2015. Accessed June 2022.

Glidden, Donna. "Don't Underestimate the Need to Protect Your Brand in Publicity Clauses." Info-Tech Research Group, June 2022.

Greenaway, Jordan. "Managing Reputation Risk: A start-to-finish guide." Transmission Private, July 2020. Accessed June 2022.

Jagiello, Robert D., and Thomas T. Hills. “Bad News Has Wings: Dread Risk Mediates Social Amplification in Risk Communication.” Risk Analysis, vol. 38, no. 10, 2018, pp. 2193-2207.

Kenton, Will. "Brand Recognition.” Investopedia, Aug. 2021. Accessed June 2022.

Lischer, Brian. "How Much Does it Cost to Rebrand Your Company?" Ignyte, October 2017. Accessed June 2022.

"Powerful Examples of How to Respond to Negative Reviews." ReviewTrackers, 16 Feb. 2022. Accessed June 2022.

Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012. Web.

"Valuation of Trademarks: Everything You Need to Know." UpCounsel, 2022. Accessed June 2022.

Related Info-Tech Research

Sample of 'Assessing Financial Risk Management'. Identify and Manage Financial Risk Impacts on Your Organization
  • Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.
  • Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.
Sample of 'How to Assess Strategic Risk'. Identify and Manage Strategic Risk Impacts on Your Organization
  • Identifying and managing a vendor’s potential strategic impact requires multiple people in the organization across several functions – and those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
  • Organizational leadership is often caught unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.
Research coming soon. Jump Start Your Vendor Management Initiative
  • Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. The key is to adapt vendor management principles to fit your needs…not the other way around.
  • All vendors are not of equal importance to an organization. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

Research Contributors and Experts

Frank Sewell

Research Director
Info-Tech Research Group

Donna Glidden

Research Director
Info-Tech Research Group

Steven Jeffery

Principal Research Director
Info-Tech Research Group

Mark Roman

Managing Partner
Info-Tech Research Group

Phil Bode

Principal Research Director
Info-Tech Research Group

Sarah Pletcher

Executive Advisor
Info-Tech Research Group

Scott Bickley

Practice Lead
Info-Tech Research Group

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research

Author

Frank Sewell

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019