Contents

Foreword

Preface

Part One Rethinking

01 Introduction

Learning from crises

Anthony’s story

Derek’s story

Combining our insights to reveal hidden truths

Why study crises?

Outsiders can see more clearly than insiders

What is in it for whom?

02 Reputation basics

What is a reputation?

How is a good reputation valuable?

The unrecognized role of heuristics

Systems One and Two

The value of a good reputation

Whose reputation is it anyway?

03 How reputations are lost

Stakeholders in crises

Confidentiality evaporates in a crisis

Crises as a public stress-test of leaders

Crisis dynamics

The trigger

Stakeholders and media engage

The back story

Leaders are not necessarily trusted

As stories develop, reputations evolve

04 What is reputational risk?

Cognitive biases and their consequences

How cognitive biases and heuristics lead us astray

A better definition of reputational risk

Follow those root causes

Latent weaknesses incubate slowly

Turner’s innovative equation

Lessons from Three Mile Island

Complex systems fail in complex ways

‘Normal’ accidents

Overconfidence and optimism

The role of human error

The problem of systemic weakness

Enter the Swiss cheese model

05 The hole in classical risk management

Where ‘three lines of defence’ fails

Normal human behaviour

The hole in classical risk management

The ‘Swiss cheese’ model has a hole!

Boards in the dark: unknown knowns and the risk glass ceiling

Unwanted incentives affect risk managers

Protecting chief risk officers

06 Stakeholder behaviour

How does this work in practice?

Reputational capital and reputational equity

Unduly good reputations

Stakeholders in peacetime

Stakeholders in a crisis

Insiders are stakeholders too

Licence to operate

Stakeholder expectations

If stakeholders overestimate you

Stakeholders’ unreasonable expectations

Owners and their proxies

Regulators: stakeholders with multiple agendas

07 Risks from failing to communicate and learn

Upward communication failures

Downward communications failures

Communication across the organization

Risk blindness

Failure to learn

08 Character, culture and ethos

Character

Culture

Cultural leadership

Failure to embed the desired culture throughout the organization

09 Incentives

Financial incentives: bonuses

Do large bonuses work?

Penalties

Non-financial incentives

Notes

10 Complexity

11 Board composition, skill, knowledge, experience and behaviour

Insufficient understanding

Blindness from cultural maps, rules, taxonomies and social norms

Diversity and skewed boards

Biases, heuristics, board dynamics and challenge

12 Risks from strategy and change

Strategy development

Risks from large projects and change: the planning fallacy

Risks from inadequate crisis strategy, planning, practice and management

13 Incubation and complacency

Incubation can be surprisingly long

Complacency

Hubris

14 The special role – and risks – of leaders

Risks from leaders

Leadership charisma and dominance

Who can risk-manage leaders?

Part Two Case studies

15 BP: Texas City explosion

Main risk event

Company involved

Brief note on company

Date of event

Background to event

Description of event

Post-event response

Findings of investigations

Consequences of event

Risk management lessons

16 BP: Deepwater Horizon

Main risk event

Company involved

Brief note on company

Date of event

Background to event

Description of event

Post-event response

Findings of investigations

Consequences of event

Risk management lessons

17 Tesco PLC

Main risk event

Company involved

Brief note on company

Date of event

Background to event

Description of event

Post-event response

Findings of investigations

Consequences of event

Risk management lessons

18 American International Group (AIG)

Main risk event

Brief note on company

Date of event

Background to event

Description of event

Post-event response

Findings of investigations

Consequences of event

Risk management lessons

19 EADS Airbus A380

Main risk event

Company involved

Brief note on company

Date of event

Background to event

Description of event

Post-event response

Consequences of event

Risk management lessons

20 Libor: Barclays Bank PLC

Main risk event

Company involved

Brief note on the company

Date of event

Background to event

Description of event

Post-event response

Findings of investigations

Consequences of event

Risk management lessons

21 Volkswagen

Main risk event

Company involved

Brief note on company

Date of event

Background to event

Description of event

Post-event response

Consequences of event

Risk management lessons

22 Mid Staffordshire NHS Foundation Trust (Stafford Hospital)

Main risk event

Brief note on the organization

Date of event

Background to event

Description of event

Post-event response

Findings of investigations

Consequences of event

Risk management lessons

Part Three Practicalities

23 The way forward

Introduction

Implementing a reputational risk management process

24 System basics – getting to ‘go’

Process overview

Understanding the nature of reputation and reputational risk

Valuing your reputation

Assigning ownership of reputation

25 Setting up the reputational risk management system

Leadership in risk management

Risk team skills

A reputation committee?

Giving the team sufficient authority

Dealing with risks from board level

26 Operating the reputational risk management system

Setting risk appetite and tolerance

Identifying, analysing and evaluating reputational risks and their roots

Analysing risks and impacts

Evaluating risks and impacts

Mitigating vulnerabilities

Reporting and monitoring

Coda

Glossary

References

Acknowledgements

The authors

Index