aalborg universitet - chapter 1 introduction … · web viewtable of contents chapter 1...

Table of Contents

Chapter 1 Introduction &Problem Formulation.......................................3

Chapter 2 Research Methodology.............................................................................3

2.1. PARADIGM.......................................................................................................3

2.2. METHODOLOGICAL APPROACH........................................................................3

2.3. CRITICISM AND CHOICE OF METHODOLOGICAL APPROACH............................3

2.4. METHODOLOGICAL APPROACH USED IN THE THESIS......................................3

2.5 OPERATIVE PARADIGM AND RESEARCH DESIGN..............................................3

Chapter 3 Theoretical Part...................................................................................................3

3.1 REPUTATION AND REPUTATION MANAGEMENT................................................3

3.1.1 REPUTATION AND ITS COMPOSITION..................................................................................3

3.1.2 BUILDING CORPORATE REPUTATION...................................................................................3

3.1.3 MAINTAINING CORPORATE REPUTATION.............................................................................3

3.1.4 STAKEHOLDER THEORY......................................................................................................3

3.2. RISK AND REPUTATION RISK...........................................................................3

3.2.1 RISK CONCEPT....................................................................................................................3

3.2.2 REPUTATION RISK AND ITS MATTER...................................................................................3

3.3. RISK MANAGEMENT.........................................................................................3

3.3.1 RISK MANAGEMENT DEFINITION.........................................................................................3

3.3.2 RISK MANAGEMENT PURPOSE.............................................................................................3

1

3.3.3 RISK MANAGEMENTAND RISK LIFECYCLE............................................................................3

3.3.4 RISK MANAGEMENT PROCESS.............................................................................................3

3.3.5 RISK MANAGEMENT TECHNIQUES.......................................................................................3

3.4 PROACTIVE REPUTATION RISK MANAGEMENT..................................................3

3.4.1 PROACTIVE AND REACTIVE REPUTATION RISK MANAGEMENT............................................3

3.4.2 PROACTIVE REPUTATION RISK MANAGEMENT AND REPUTATION RISK LIFECYCLE..............3

3.4.3 PROACTIVE REPUTATION RISK MANAGEMENT MODEL........................................................3

3.4.4 FURTHER THINKING ON PROACTIVE REPUTATION RISK MANAGEMENT...............................3

3.5 CONCLUSION OF THE THEORETICAL PART.......................................................3

Chapter 4 Practical Part: Reputation risk management at the Vestas A/S...................................................................................................................................................3

4.1INTRODUCTION..................................................................................................3

4.2 VESTAS A/S---COMPANY PROFILE.....................................................................3

4.3 RISK MANAGEMENT IN VESTAS A/S..................................................................3

4.3.1HISTORY OF VESTAS RISK....................................................................................................3

4.3.2 RISK MANAGEMENT PRINCIPLES AND DRIVING FORCE WITHIN VESTAS..............................3

4.3.3 VESTAS RISK MANAGEMENT AND BCM FRAMEWORK..........................................................3

3.3.4 STRENGTH AND WEAKNESS ANALYSIS OF SUCH SYSTEM...................................................3

4.4 REPUTATION RISK MANAGEMENT IN VESTAS...................................................3

4.4.1 REPUTATION RISK MANAGEMENT IN RISK MANAGEMENT DEPARTMENT.............................3

4.4.2 REPUTATION RISK MANAGEMENT IN COMMUNICATION DEPARTMENT................................3

4.4.3 CONCLUSION ON REPUTATION RISK MANAGEMENT IN VESTAS..........................................3

4.5 TESTING PROACTIVE REPUTATION RISK MANAGEMENT MODEL IN VESTAS.....3

2

4.5.1 TESTING PROACTIVE REPUATION RISK MANAGEMENT MODEL IN RISK MANAGEMENT ACTIVITIES...................................................................................................................................3

4.5.2 TESTIFYING PROACTIVE REPUTATION RISK MANAGEMENT MODEL IN COMMUNICATION ACTIVITIES................................................................................................................................... 3

4.5.3 CONCLUSION ON MODEL CERTIFICATION...........................................................................3

4.6 FURTHER THINKNG: PROACTIVE REPUTATION RISK MANAGEMENT IN VESTAS 3

4.6.1 PROBLEMS IN REPUTATION RISK MANAGEMENT IN VESTAS................................................3

4.6.2 HOW TO PROACTIVELY MANAGE REPUATION RISK IN VESTAS............................................3

Chapter 5 Conclusion and Reflection.......................................................................3

References..................................................................................................................................................3

Appendices.................................................................................................................................................3

3

Chapter 1 Introduction &Problem Formulation

TNCs and The changing world It is a changing world with massive challenges. Globalization and economic integration have been the key words repeatedly heard from media, economic forums and literatures. Intensified trade relation, opening market for foreign direct investment both in production sector and financial sector plus the industrial structure reform have pushed each nation to be a member of global family and strengthened their correlation in various spheres no matter in economy or politics. Technology innovation which derives from the new requirement due to such integration has in return speeded up such integration and reform. It also changes our economy, our politics, our ideology and our way of life, which brings up more opportunities and challenges for business. Behind all the reforms and changes we meet around us, we cannot avoid seeing a group of figures in the shadow which direct the trend of such changes in our earth. They are international/transnational companies, a group of business organizations even to some extent shaking the status of national government. 45 out of the world top 100 economies are corporations, representing annual revenues of $29 trillion.1 The annual revenues of Royal Dutch/Shell are greater than the GDP of Morocco; those of Wal-Mart greater than the GDP of Poland and those of General Motors greater than the GDP of Denmark. By using FDI, financial flow, etc, TNCs integrate world economy in a strictly correlated manner. TNCs and global growth are of interdependence.

TNCs and Risks Although TNCs are of vital role in the global economy and has their power in influencing nations, governments and society, they are actually very vulnerable to

1 World Bank and Fortune magazine, 2002

4

the external uncertainties, which in some sense originate from the TNCs and their activities. In manufacture industry, the uncertainties in market requirement and industrial development trend would bring down market share and lose competitive position. Export and import enterprise fear about the uncertainty in currency exchange rate and standard of product quality. Companies conducting FDI are cautious about the changes in regulation and political turmoil. Enterprises in Banking industry could frequently be trapped by the defraud actions as well as investment failure due to unsuccessful management and unexpected changes in the financial market. As the correlation in business amongst different companies as well as integration of global economy are increasingly intensified, the repercussion of uncertainty in one company or industry would soon be transmitted to massive groups of linked companies or industries with magnified effect. A case ahead is the global economic recession in 2008 due to the crisis of subprime credit in American real estate industry. Normally these uncertainties are named as risk, although this definition is not strictly accurate. According to the report of risk management edited by the economist intelligence unit, there are 13 kinds of risks threatening corporate global business operation ranging from regulation risk to terrorism risk, each one of which would lead to hash end for companies. Up to now there is no exact statistics on how large the annual loss is due to risk exposures in various kinds. However, if we only observe the general loss in US subprime mortgage crisis deriving from the credit risk, we might not be hard to imagine how large this amount it could be. (It is estimated that the total loss can reach $170bilion, which takes up 1.3% of the annual GDP 2006 in the USA.2 The major stock index in Europe has declined on average 3%.3)

Reputation risk and TNCs The threats from risks are indeed dreadful for any company. However, amongst those risks, reputation risk could be the largest threat facing the TNC. It is undeniable that reputation with its symbols like brand is becoming one of the

2 http://news.xinhuanet.com/fortune/2008-02/22/content_7645527.htm3 Conclude from Financial Times and other Magazines

5

largest assets obsessed by the TNC. Some 53% of the value of the Fortune 500 corporations is accounted for through intangible asset – an estimated $24.27 trillion. Research conducted by Interbrand with Citybank in 1998, found that the total value of the FTSE 100 companies was £842billion, with goodwill accounting for 71% of total market capitalization4. However such asset’s value is volatile and easy to be depreciated, depending on the perception from internal and external stakeholders, which is a risk for TNCs. Especially when new technology and new social powers such as media, internet and Nongovernmental organizations are increasingly reshaped our lives, any default action referring to reputation can easily be disclosed with magnified effects transmitted in an uncontrollable manner. The cost for reputation risk is massive with profound repercussion. It is not only a problem of fines from authority or compensation fees used for victims and worsened current performance in a while, but a loss of long term trust within your fatal stakeholders like investors, partners and customers, a loss of expected future performance, a drainage of core competence like talent employees and what is more a chance to lower down other perceived risks such as credit risk, financing risks, etc. A survey recently conducted by Economist Intelligence Unit shows that most of TNCs companies rank reputation risk as the No.1 risk and regard reputation loss as predominant loss within organizations.

4 Strategic reputation management, Judy Larkin, 2003

6

Table1.1 Reputation survey by Economist Intelligence Unit, 2005 5

Reputation Risk Management and further thoughtAlthough reputation risk is a No.1 threat and companies do indeed attempt to manage it, the current situation on reputation risk management is far to be satisfying both in practice and theoretical research. In theoretical research, reputation risk management is on its infant stage of research. Currently there is no consensus about how to define it in that one academic group believe it is a risk category in its own right, the other stresses it is a consequence of poorly managing other risks.6 It is also lack of research on how to assess, control such risk by using what methods. Different authors interpret reputation risk management from different perspective such as knowledge management, public relations, etc without consensus ideas. What is more, the research on such issue is lagging behind the practical requirement of corporations. In practice, most companies deal with reputation risk issues from crisis management and Public relation perspective, which the author of this thesis defines as reactive actions/strategy. Holding such strategy means giving up the chance to proactive discover the source of risks, manage and respond them from their origin through process, but passively waiting 5 Working paper: Reputation-- Risk of risk. The economist intelligence unit, 2005

6 Reputation and its risk: the necessity of managing reputation risk, Dr Robert G. Eccles 2006

7

for risk exposing. Most of TNCs employ talent PR staff with strong crisis management capability. However it is from those TNCs that scandals are frequently exposed such as the case of Enron, etc. In addition, companies have seldom enough tools and techniques or well defined process for managing reputation risk. Considering this, the author of this paper cannot help thinking: Could we manage reputation risk in a proactive way? If so, how could this proactive strategy manage reputation risk? These two questions would be a red line through this paper and be the questions the author wish to deal with.

However, dealing with reputation risk in general terms would only lead to theoretical debate without any assistance to solve concrete problems. Furthermore, answering the questions above could be a failure if we could not link them with practical cases. Thus this paper will take a company case for study, which is Vestas A/S case. Thus the two questions will be streamlined to be: “Could

this proactive strategy link to Vestas Case ？ To what extent can this strategy be applied to Vestas case?”

Since there is no solid theoretical framework or practical model in solving these two problems, the author of this paper will take an explosive step and methods. According to the author’s understanding, solving this problem requires two steps: Theoretical construction and practical application. During theoretical construction process, theories in reputation management and risk management will be reviewed so that intervention spanning those two areas can be possible perceived. This intervention might be a key to the solution. Apart from that，other relevant materials derived from various sources would be scanned so that inspirable thoughts can be concluded and be integrated. In this part, the following sub questions are worthwhile to be considered:

1. What is reputation? What is it composed of?

8

2. How reputation is built up? / What is the process for building up reputation?3. How reputation can be maintained after successful construction? 4. What is risk? What is reputation risk? 5. How to manage risk? What is risk management process, methods and strategy?6. What are the sources of reputation risks 7. What is life cycle of such risk? How is it formed and evolving? 8. Can reputation risks be managed in a proactive way? If so, how can they be

managed? 9. Can we conclude a model for proactive reputation risk management? If so, what

is it? 10. What is the further thinking for proactive strategy?

The theoretical construction gives us an inspiration and a rough mind-frame. In the practical part, such mind frame would be adapted or probably reshaped in the light of concrete case. In this part, detail analysis on case company’s risk management and reputation risk management would be made. Based on this, Models formed in the previous part would be applied or testified so as to answer the questions formulated above. Several sub-questions should be answered as well:

1. What is the risk management system in Vestas? 2. What is the reputation risk management system in Vestas? 3. Can the proactive reputation risk management model be applicable or testified

in the Vestas case? 4. If it is not able to be testified, what are the reasons behind? If it can be testified,

to what extent can the model be applied or testified in the Vestas case?5. Problems in reputation risk management in Vestas? 6. Ideas about What Vestas should do to proactively manage its reputation risk

from author’s perspective?

Theoretical and practical parts construct the general structure of this paper. Sub-questions under each part can be viewed as subsections in each part. The detailed

9

paper structure would be following: Introduction: In this part, relevant background about reputation risk and TNC is introduced so as to lead to the necessity of research on the problems issued in the problem formulation in this part plus the thought on how such research could be conducted. Methodology: In this part, methodology concerning project research would be presented. Research approaches will be given as well so that by criticism on each approach, suitable approaches to this paper can be chosen and research design can be implemented throughout the paper. Theoretical Part: In this part, theoretical framework leading the whole paper is attempted to constructed by systematically integrating the parts answering the listed questions pinpointed in the introduction part Practical Part: In this part, analysis on Vestas risk management system is made with focus on reputation risk management, based on which model formed in the theoretical part is testified and further thinking on proactive reputation risk management in the case company is made. Conclusion Part: In this part, conclusion of the whole paper with refection of limitation and further issues is made.

10

Chapter 2 Research Methodology

Before commencing a project, a methodology has to be worked out on how the structure of the project should be built up. As a result, it should be necessary to make some considerations on how the analysis in the project should be understood, discussed and of course what the target of the project is. It is important that the project, in its working process, should have a clear and conscious guiding principle of methodological approach. Methodology may be viewed from different perspectives according to different philosophers. In this project the author emphasizes that the research is working under the framework of Arbnor and Bjerke’s perception of methodology. Arbnor and Bjerke’s perception of methodology is shown in the figure below.

Figure 2.1- Methodology7

7 Methodology for creating business knowledge, Arbnor & Bjerke, Sage Publications, UK, 1997

11

As can be seen, research starts from researcher’s ultimate assumptions which construct the paradigm and determine the choice of methodological approach. Operation paradigm applies the methodological approach to the study area by constructing exact means to conduct research. Theory of science spans the assumption and methodological approach, while methodology relates to methodological approach, operative paradigm and relevant study area.

2.1. PARADIGM

The concrete definition of paradigm in general terms is given as: “A set of assumptions, concepts, values, and practices that constitutes a way of viewing reality for the community that shares them, especially in an intellectual discipline.”8Arbnor and Bjerke developed such definition by involving content and constitution of it consisting of “a conception of reality, a conception of science, scientific ideal and ethical/aesthetical Aspects”. 9 Different view point of these paradigms, either subjective or objective, would lead to different methodological methods and influence the operative paradigm which is the practical research method and procedure in a target research area. Related to the paradigm, there are three methodological approaches guiding business research: analytical approach, system approach and actors approach.

In the following part, the author would introduce these methodological approaches in terms of its conception of reality, perception of knowledge, human nature and ambition of knowledge creation under the paradigm each approach chooses. By criticizing them, the author would come up the research methodological approach adopted in this thesis and furthermore the concrete research methods and procedure in the reputation risk management research which is within the framework of operative paradigm depicted by methodical procedure and methodics. 8 www.dictionary.com9 Methodology for creating business knowledge, Arbnor & Bjerke, Sage Publications, UK, 1997

12

2.2. METHODOLOGICAL APPROACH

According to Arbnor and Bjerke, there are three methodological approaches for business research, namely analytical approach, system approach and actor’s approach, based on researcher’s different view point on paradigm.

The analytical approach is commonly used in scientific study as well as business research. The reality according to the analytical assumption is objective and independent of its observers10with structure of stability. The reality is the sum of independent parts, which are also objective and with casual relations among each other. The human is assumed to be stimuli receivers. The knowledge from analytical approach is regarded as objective and universal, independent of human observation as well. The knowledge can be obtained by reproducing the reality via mathematic model, statistics, etc, through induction, deduction and verification, which is cyclical process. The ambition of knowledge creation in analytical approach is to attempt to reproduce the exact picture of reality with validity, reliability, objectivity, and representatives as their research criteria.

The system approach shares certain extent of similar view point of analytical approach, but has rooted differences. System approach regards reality as a system composed of subsystems which are objective or objective assessable. The relations between subsystems or system components are more complex compared to that of analytical approach simplified into causal relations. Because of this, the whole is not the sum of different parts but the synergy from the relation of subsystems. The knowledge according system approach is dependent on system, which means knowledge is not universal but sometimes unique to certain system. The human behaviour is also shaped by the system. The knowledge creation follows the producer-product connections through methodical procedure and methodics with the ambition not only to illustrate the reality, but reach better explanations and


13

understandings of how various types of systems behave under different internal and external circumstance11, doing of which requires the system analysis and construction.

The actors approach holds the opinion that reality is subjective and depends on the interaction of the human or actors. The whole is in individual’s mind and it is by intercommunication and interaction between different actors, clearer vision of reality could be reached. The human being is playing important role of knowledge creation in actor’s approach as knowledge is subjective and unique dependent on each actor. The ambition for knowledge creation is to understand the subjective reality within actors.

2.3. CRITICISM AND CHOICE OF METHODOLOGICAL APPROACH

Analytical approach is often criticized to be over objective and over simplicity which means it simplifies the relation among elements within reality into casual relations, the consequence of which is simplified perception of the reality and adoption of the research methods such as mathematical models, statistic data, etc. If we apply analytical approach in how to proactive manage reputation risk, the first question is to assume that the reputation is purely objective and independent of human perception and subjective judgment, which is obviously contrary to the reality of reputation which is defined as perception and value judgment of stakeholders over the company. Due to the rooted disagreement of reality paradigm, analytical approach would not be implemented into the research of this project.

As for the Actor approach, it has been criticized to be too subjective and also to be over emphasized on individual perception on reality. The knowledge from actors approach could be over subjective as well without possible link to objective reality,


14

though by dialogue and communication objective is believed to be reached. Given proactive reputation risk management case, some assumptions from actors approach seem to be linked to the research object such as reputation, value judgment, etc. However reputation risk is not purely subjective as it refers to the economic loss to the company, which is concrete and objective. This means that the reality of reputation risk is objective accessible. In addition, the solution to reputation risk problem should not be solely dependent on experience or subjective discussion, but have to link to how to mitigate economic effects or loss. Furthermore, actors approach does emphasize the infinite discussion and impossibility of reaching real truth, which means that in our project the problem of how to manage reputation risk should always be left unsolved as more dialogue and discussion are required.

Compared with other approaches, system approach is more acceptable in business studies. The main criticism on it is the abstract characteristic of system viewing and understanding relations, which from author’s perspective is more referring to application rather than argument on key paradigms of approach. The author believes system approach is aligning with his systematical view on reality and perception of science and able to integrate theories of two systems namely reputation management system and risk management system to update his picture of reputation risk management. In the following part, the author would state how he organizes research based on system approach.

2.4. METHODOLOGICAL APPROACH USED IN THE THESIS

As stated above, the author here would use system approach as guiding method for research. The author agrees with the conception of reality within system approach that reality is objective or objective accessible and systematically organised. In this thesis, the author does his research on reputation risk management, which from his perspective is a system. Such system is under the super system of corporate management system and composed of many

15

Corporate Management Syatem (Super System)

Reputation risk management system (Sub System)

Reputation risk identification

Stakeholder profilingStakeholder identifying

Stakeholder scanning

Reputation risk analysis

Reputation risk control

Reputation risk Monitor and report

components namely reputation risk identification, reputation risk analysis, reputation risk control/mitigation, monitor and report. All these components are organised as sub system in that within each of them other components regarded as sub-sub-system can be viewed. Take the subsystem of reputation risk identification for example, it involves stakeholder identification, profiling and stakeholder scanning, each of which has its own system structure.

Figure 2.2 systems in this paper 12

The components under the reputation risk management system are closely related by relation in a cyclical form, which in return creates synergy of either appreciated or depreciated corporate reputation value, or economic ads or loss which represents the objective accessibility of reputation risk management. The reputation risk management system is not closed but an open system which

12 Made by author

16

means it should be studied under system context and influenced by several factors in the context while in the meantime the system has no power to change these external factors. In this thesis, reputation risk management system would be put in a corporate case, Vestas case and studied under the Vestas corporate context. Such system could probably be affected by factors from its environment such as corporate resource, corporate governance, IT and knowledge management system, etc. All these factors would possibly influence the components of system and come up a new system related to the context. For example, if the company assigns the task of managing reputation risk to other department rather than risk management department, the system form of reputation risk management might be different.

As for the knowledge perception and knowledge creation, the author follows the ideology of conception of science under the system approach. In system approach, knowledge relies on system and allows the active role of knowledge creators to understand the system or explain the system. The former knowledge creator is deemed as hermeneuticists and later one the explanaticists. The author does not take the willing to be explanaticist like analytical knowledge creator or purely hermeneuticist who would interpret the reality without delimitation, but to create knowledge within system by following the path of hermeneuticists. As writing this thesis is a process of knowledge creation, the author attempts to organise it in a system form, which takes the route of system analysis and system construction. The system analysis here is to analyse two interlinked systems that is reputation management system and risk management by depicting the concepts, theories and describing them in a logic structure. As previous reactive reputation risk management system is proved to be of dysfunction in the business reality, the author here attempts to construct a new proactive reputation risk management system represented as proactive reputation risk management model based on the result from system analysis, via integrating some analogous elements. For example in reputation risk identification section, stakeholder identification is linked to risk identification; in reputation risk analysis section, risk prioritisation is linked to stakeholder prioritization, etc. Realizing the possible

17

　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　THEORY PRACTICE

　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　

SYSTEM ANALYSIS:Reputation risk & Risk management

SYSTEM CONSTRUCTION:Proactive reputation risk model

PROBLEM:How to manage Reputation risk in proactive manner?

IMPLEMENTATION:Vestas A/S reputation risk management

conflicts between system and its environment, the author would testify this model when it is applied in Vestas case and give his understanding on the conflicts, which help to create further knowledge. To put it into more clear vision, the whole process of knowledge creation in this thesis would follow a hermeneutical learning process, which means a theoretical framework on proactive reputation risk management is built first and afterwards testified in the Vestas case so that a reflection on model’s adaptability would be generated. In other words, the author would take three stage study process. In the first stage, a formulated problem with supplemented sub-questions would be given to clarify what the research is for. Then the author would analyze reputation and the reputation management system from viewpoints of its components, building process, relevant theory, etc. The system of risk management would be analyzed too. When finishing the system analysis, the author will attempt to construct a new system by linking risk management system to reputation management system in order to reach a new system model namely proactive reputation risk management model. These system analyzing and constructing stages construct the theoretical part of this paper. Finally, the new system model would be implemented into the Vestas case to explore its adaptability for reputation risk management in practice, the outcome of which would lead to the further reflection on the problems we desire to solve

Figure 2.3 Three stage study for knowledge generation 13

13 Made by author

18

2.5 OPERATIVE PARADIGM AND RESEARCH DESIGN

Three methodological approaches provide a framework or guideline for proceeding to the project. However, it is by operation paradigm that solid research design and procedure would be implemented. An operative paradigm relates a methodological approach to the area of study. Operative paradigm consists of two important parts: methodical procedure and methodics14. Methodical procedure refers how the knowledge creator selects, adopts and modifies theories, techniques, tools, etc during the research, while methodics concerns how research is actually conducted. The methodics and methodical procedure construct the whole picture of research design illustrating the logics and process of research.

The methodical procedure in this thesis is to adopt and modify proper theories and techniques for methodics. The theories adopted are mainly within the sphere of reputation management and risk management including concepts (such as concept of reputation, concept of risk, reputation risk, proactive reputation risk management, etc) and theories (such as stakeholder theory, risk lifecycle theory, risk management process, etc). Such theories are mainly concluded from different literatures. As such theories are within different assumptions and concepts held by different authors and some of them are even contradicted with each other, the author thereby redefines many concepts and assumptions in terms of the research intention of this paper and organises them into one theoretical system serving for constructing system model. In the practical part, the author takes the technique of case study. The materials for case analysis compose of primary data from face to face interview, but also secondary information from varied sources such as Vestas webpage, Vestas annual reports, Vastas corporate slices, Industrial report, etc. The author ranks the information obtained in terms of criteria like credibility, accuracy and relevance. For example the corporate internal slices (if any at all) would be ranked to the highest as it has the best accuracy, relevance and credibility to the


19

research target though they are normally hard to be available. Following that, data from face to face interview, corporate annual report could be positioned to the lower rank and industrial report would be at lowest rank due to its low relevant information to this paper.

The methodics in this paper follows the system logics of analogizing theories, constructing models, case studies, model certification and conclusion. The author starts his interested problem area by viewing the dysfunction of current system in managing corporate reputation risk. Inspired by the system thinking, the author holds the ambition to construct a new system to compensate the gap due to the dysfunction of old system and requirement of reality. The author takes the step to make paper review and make system analysis over different system theories to understand their concepts, components and structure. After that the author selects two major theories system, namely reputation management system and risk management system as elements source for methodical procedure. By further analyzing the two systems, the author explains the correlations of the two system elements and builds up model of new system (namely proactive strategy system) as an alternative product for replacing the old one (reactive strategy system). To understand the fit between new system and its environment, the author takes the case study and put the system in Vestas environment. By analyzing the fitness and possible contradicts, the author would realize the applicability of such system under the case corporate context and conclude the reflection over its limitation and further issues. Tools like Interview, paper review on secondary materials about Vestas risk management system would be put to use. The project design below illustrates the details of methodics throughout the project.

20

Figure 2.4 project design15

15 Made by author

21

Chapter 3 Theoretical Part

3.1 REPUTATION AND REPUTATION MANAGEMENT

We have mentioned a lot in the previous part about reputation risks in which is the research sphere of this paper. However, before we make discussion on such risk, we might have to be aware of what reputation is; how reputation can be settled in practice and maintained in the operations. In this section, we would make a discussion about them by reflecting to the literature and our general logics and understanding over such issues.

3.1.1 REPUTATION AND ITS COMPOSITION

What reputation really is can be one of the easiest and most sophisticated questions in our mind. The definition in our daily life could be visible but segmental. Reputation can be a vision that others hold about the object they are concerning; Reputation can be a sort of feeling or emotion when we use a product, enjoying service or even staying with and talking about somebody or something; Sometimes it also can be a judgment or an impression about someone and something. Different people can define reputation in different ways. If we link reputation to the company, we would from our first intuition come up many terminologies such as corporate image, corporate brand, etc. In most literatures, such terminologies like corporate image are indeed interchangeably used with the term-reputation. However, this way of definition can be blurring and illogical in that these two concepts might not strictly match each other. (Or else why we do not conclude them into one concept) Finally we are still left to explain the concrete definition and the relations amongst those terms.

Actually many authors have tried to give distinctive definition to reputation in the corporate context. Judy Larkin(2003) defines reputation as a reflection of how well

22

or how badly different groups of interested people view a commercial name. It implies a value judgment about the attributes to the company and is established over time, which is based on trust and belief.16 Grahame Dowling (1994) argues that reputation is the evaluation (respect, esteem, estimation) in which an organization’s image is held by people.17 Croft Susan (2003) makes a deeper consideration about the essence of reputation. In his opinion, reputation is the sum of the values that stakeholders attribute to a corporation, based on their perception and interpretation of the image the company communicates and its behavior over time18. His definition gives us an inspiration that value interchange between companies and stakeholders, which is a group of entities and peoples having interest attachment to the company’s behavior, is a core of reputation and its building. The author of this paper prefers to adopt Grahame’s thought over reputation definition and give his own definition on reputation in the following:

Reputation is the value judgment hold by various stakeholders attributed to the corporation, which is generalized from stakeholders’ knowledge, obtained information and value exchange with corporation over time. The Reputation is end up with value commitment, which leads to trust and belief in a sustainable manner.

From this we might feel a little bit clear about reputation essence which is value judgment. Reputation could not be a uniformed concept unless special stakeholder group is defined. Value judgment can be different from one group of stakeholder to another which in return results in different reputation. Thus when mentioning reputation, we have to consider stakeholder. When discussing reputation risk, risk in stakeholder value judgment should also be considered.

Reputation is not a concept that could be mixed with other concepts such as corporate identity, corporate image and brand. Actually, those concepts compose of the reputation concept and are interrelated in a mechanical way. When

16 Strategic Reputation Risk Management, Judy Larkin 2003, Palgrave Macmillan Press 17 Corporate Reputations-strategies for developing the corporate brand, Grahame R. Dowling1994, Kogan Page Limited 18 Managing Corporate Reputation: The New Currency, Croft Susan 2003, Thorogood London

23

discussing the composition of reputation, we have to define its components, namely corporate identity, image and brand.

Corporate identity is the vision the company attempt to preach to the stakeholders about itself. It takes normally in physical forms such as logos, advertisement, color schemes, uniforms, etc, but not limits to them. Corporate identity also includes the unphysical forms such as service, corporate culture, experience of corporate product, etc. Corporate identity is transferred through advertisement, internet and even appearance of daily operation, etc, which is information transmission at single direction.

Corporate image is the vision, the belief, the knowledge or attributes in the stakeholders about the company at one time point. In other word, corporate image is what stakeholders think of company at any moment. Corporate image has two dimensions: one is cognitive dimension and the other is emotional dimension. Cognitive dimension refers to the vision, the knowledge and the general perception on corporation. For example, when we mention TNC, we could come up the impression of skyscrapers in business district. When we mention Vestas, We would firstly get the image of wind turbines. The emotional dimension is more about feelings and belief the stakeholders hold about company. For example, when we mention Mercedes Benz, we might get the feelings of high quality, stability, safety and honor. Such feelings and belief are relatively subjective to stakeholders’ own experience and current information about company, its integrity and its behaviors19 based on their own value judgment.

Corporate Brand derives from corporate image and identity. Corporate brand is also composed of cognitive and emotional elements and is concerned from stakeholders’ perspective. However the stakeholders we mention here is limited to customers. Corporate Brand from cognitive perspective is any tangible symbols identifying company itself as well as distinguishing it from others, such as logo, 19 Managing Corporate Reputation: The new currency, Croft Susan 2003, Thorogood London

24

trademark, etc while from emotional perspective is the intangible attribute such as trust, belief, satisfaction symbolized into name, logos, trademarks to the current or potential in the market. Corporate brand is formed from consistently consolidated identity, image construction over time based on value exchange and distribution carried by products and service to customers. Corporate brand is commitment given to the customers who hold trust for such commitment. Corporate reputation is the brand in all stakeholder group rather than only customers. Corporate brand helps to develop reputation over time as customers are the largest or dominant stakeholder group in almost any company and would be empowered to influence other stakeholder group directly or indirectly. Corporate reputation comprises corporate identity, corporate image and also corporate brand. Corporate reputation shares the same component and essence of corporate brand but only extend its focus group from limited stakeholders, namely customers to lager categories. In addition, it is also important to mention that corporate brand is not the same as product brand although they are closely related. Figure 3.1 illustrates the relation of reputation, brand, image and identity.

Now that we are clear about the components of reputation, then it is natural that further discussions about how reputation is build and how it can be maintained should be made, which leads to our next subsections of this part

3.1.2 BUILDING CORPORATE REPUTATION

Building reputation is not a difficult task; however building a good reputation is not easy. It is in this process of building reputation, risk might occur. However, before we step into such sphere, we have to know how reputation is built from theoretical perspective, which would be presented in this part.

As has been stated in the last section, corporate reputation has its components, respectively corporate identity, corporate image and brand. It is the mechanism existing amongst them that comes up the formulation of reputation. The following graph illustrates the general picture about how reputation is formed.

25

Figure 3.1 Corporate Reputation composition and building

When corporation is founded and operating, a certain identity would be transmitted to the stakeholders through information channel like advertisement, media, cooperation and business partnership, etc. For most of the TNCs, they would lay sufficient energy on certain vision and identity projection that are in favor of the corporate requirement. Logos and other symbols of company like annual report, packages, etc, must be unique, attractive and correlated to the company business and mission in a persistent way. The information channel must be clear and effective so that the information sustaining corporate identity can reach the target stakeholders in intact manner. What has to be noticed is that some other channels like daily operation, cooperation with business partners, employees and managers can all be channels for such identity consolidation. Besides projecting identity also refers to the wider issues of how employees and internal market interpret this identity compared with the projected, external identity, which alongside positioning helps create the desired image.20

Stakeholder is the receiver of such information and the image creator of corporation. After receiving the transmitted information, stakeholders would first portrait a vision of company and later a cognitive image as more information 20 Managing Corporate Reputation: The new currency, Croft Susan 2003, Thorogood London

26

comes and more knowledge is acquired. Stakeholders at this point would turn their role from passive information receiver to active obtainer. What they would do is to experience corporate core business or other behaviors and make intuitive and initial value judgment to decide its psychological attribute (eg, Is this company doing something good? Can we accept this company?) Afterwards they would compare corporate activities with other peers or even competitors and finally reach their own conclusion and judgment on company status in their mind (Is this company more acceptable to us? From our psychology, which company is closer to us?). This two-stage process is called image positioning with the first stage defined as image acceptance positioning and the second stage termed as image status positioning. Such positioning is important for company as after such positioning emotional image is formed which might be stable and allergic and image construction process is over. Positioning is the only way to turn corporate identity into corporate image. Image positioning might lead to image gap between the preached image the company wishes to be formed (corporate identity) and the actual image in stakeholders’ mind. Image gap also refers the issues of distance between stakeholders’ understanding and expectation from corporate promise, and the actual fulfillment of such commitment done by the company. Image gap is a major reputation risk existing in most of industries and trapping lots of companies. There is something more the author wishes to concern over the emotion dimension of the image. From brand management and marketing perspective, such emotion attachment constructs the core advantage of our company distinguishing ourselves from our peers and competitors. Especially the image status determines the priority of trust and belief in stakeholders’ mind against our competitors. This explains why many companies surviving from crisis issues could not go too far in business success because your image status is replaced and you are less close to the stakeholders, mainly customers any more.

Furthermore, we must be aware that image should be referred from stakeholders’ perspectives, which means the possibility of different images coming up from various stakeholders that corporate business and behavior concern. Therefore

27

when mentioning image, we have to ascertain from which stakeholder group it is defined, the principle of which can be also applicable in reputation issues stated later in this chapter.

As have been identified before, image is a time-point concept while reputation is an accrued concept based on value interchanging and judgment between stakeholders and company itself. After consistent image building and reflection in stakeholders’ mind over time via image positing, the emotional aspect of image has been repeatedly consolidated which in consequence generates trust attachment from stakeholders to the company. Such trust outcome originates from the long term value judgment from stakeholders over the company. When the value commitment followed by the company has in a relatively long time continuously matched that of the judgment held by the stakeholders not only in presentation but in real conduct, a sense of trust is emerging and thus sound reputation is preached and formed. From this angle, reputation is trust and belief recognized and stocked by stakeholders about company over time, which is often regarded as reputation capital and might sometimes help to absorb the shock from business loss to the company. This can therefore explain why the reputation is so important to the company and even market economy whose foundation is trust and credit. However, as has been mentioned in image consolidation, stakeholders are not in a unanimous group but should be divided into distinctive sections. Even some of the stakeholder groups are contradictive in group interest. Thus the value judgment from different stakeholder group can be distinctive and reputation which is defined from stakeholders’ aspect could be different as well. Hence managing reputation must take stakeholder management into consideration and corporation willing to construct and maintain good reputation should lay special emphasis on stakeholder issues. In reputation risk management, one of important theories is stakeholder approach. In the latter part, stakeholder approach would be presented in details later on.

28

3.1.3 MAINTAINING CORPORATE REPUTATION

After successfully building up a good reputation, then it is the process for reputation maintenance. For reputation maintenance, there are no common theories adopted but actually arguable amongst academic fields. Most of theories are approach focus which presses the methods for reputation maintenance and management. One approach follows Public relation perspective. Public relation in most of circumstance emphasizes continuous image building and identification through tactics like advertisement, campaign, sponsorship and charity to maintain good reputation. In public relation, the accountability, transparency and responsibility are frequently articulated, but they often only stay on the paper. Recent corporate scandals and crisis cases prove the failure of isolated public relation in reputation maintenance, which actually worsens the trust on corporate behavior. Now that Public relation is out of function in crisis, then crisis management could be an attempt to maintain reputation. Thus crisis management methods come to the platform. Crisis management deals with crisis defined as “the critical moment and turning point of difficulty and danger”.21 It is the process of preparing for and responding to an unpredictable negative event to prevent it from escalating into an even bigger problem, or worse, exploding into a full-blown, widespread, life-threatening disaster. Crisis management involves the execution of well-coordinated actions to control the damage and preserve or restore public confidence in the system under crisis.22 Crisis management is the last fence of reputation protection for company. Its effectiveness depends on the severity of issues, flexibility of company in issue dealing and capability of crisis staff. Crisis management is a compensatory action after damage has been done. In addition crisis management planning and conducting itself is costly. Having realized the shortfall of the approaches mentioned above, other authors state their understanding over reputation maintenance in their literatures. Croft Susan(2003) addresses that maintaining good reputation requires integrating communication matrix with marketing matrix the outcome of which is the term Integrated

21 Oxford advanced learner’s dictionary of current English, fourth edition. 200422 http://www.siliconfareast.com/crisis-management.htm

29

marketing communication. In Judy Larkin’s book, corporate social responsibility has been leveraged on a high level for sustainable reputation maintenance. In Forstmoster and Herger’s paper, triple bottom line supervision, namely streamlining corporate governance by reaching the synergy of business success, social responsibility and environmental protection has been mentioned and regarded as philosophy for successful reputation maintenance. All these ideas held by different academic groups and authors contribute to the thought on reputation maintenance piece-mealy.

In the author’s opinion of this paper, reputation maintenance despite of its different presentation could not be more than successfully maintaining clear, unique corporate identity; keeping image vision to stakeholders be positive and respond to the changes of value expectation as well as promoting or stabilizing the image status in stakeholders mind; ascertaining consistently value exchange with stakeholders so as to reinforce trust between stakeholders and the company. On company side, what they can fully control is the identity sides while image can be harsh to control over stakeholders. In maintaining corporate identity, the author stresses several points worthwhile to be noticed. One is the uniqueness of identity, which means the logo, corporate/product name, trademark can distinguish our identity from other peers, demonstrate our value orientation directly and be welcomed by the target stakeholders. It also refers to the legal issues such as trademark, logo registration and propriety right so that our hospitable identity can be kept and protected. The other is the consistency of our identity. One consistency requirement is the unanimous vision provision in geographic scales, which means the company should prevent the inconsistence of vision provision in different territories. For example the discriminative service or products provision in less developed countries where less strict litigation or depowered NGOs is. Another consistency is in vision provision in time scale. It is sometimes the case that companies change their long-used logos and other identity symbols where the vision of companies changes too, which leads to the confusion of vision in the consumers’ mind. In addition there is also one consistency requirement on vision

30

preaching sources. For example, in advertisement, a house keeping company show themselves up by exhibiting clean machines and neat dressed staff in uniform while in real service untidy machine and staffs without uniform would ruin the vision formed in the advertisement. Managing image does not depart from its component management. As image is composed of image vision, image cognition and image emotion comprising image acceptance and status, image maintenance should be the task of integrating the maintenance of whole components. Image maintenance from cognitive perspective can be controlled or monitored via corporate identification methods such as advertisement, logo, media propaganda, etc. However, maintaining from emotional stage can be uneasy as supervision over stakeholders’ subjective emotion could be uncontrollable. The author at this paper suggests the following arguments for consideration:

1. The largest expectation from stakeholders to the company is not charity, sponsorship, or other so called social responsibilities, but whether this company can do good business in its selected industry, which explains the most valuable corporate commitment to the stakeholders and society. For customers, the value for company to exist is to provide valuable product, service and consistently doing this. By doing this, company can keep its financial achievements so that other stakeholders such as investors, governmental organization can be satisfied. Therefore, the fundamental strategy for image maintenance is doing good business.

2. Doing good business is the integration of comprehensive corporate operation and behaviors including production, process management, financing, marketing, R&D, innovation, etc. Therefore, maintaining sound image is not responsibility of certain sectors but duty of whole departments. CEO and management boards should be the coordinators of image maintenance and also one of the most significant image ambassadors for the company.

3. Doing good business also states two meanings: one is to do something correct

31

and to do something better. To do something correct does mean to compliance to the common value of the stakeholders such as regulation, production standard, codes of conduct, etc and also provide expected value to the stakeholders through business operations. To do something better requires company to exceed itself against competitors in its core business and achievements so as to raise competitive image status within stakeholders’ mind.

4. Maintaining image is also referring to fulfilling the expectation of stakeholders. We have to ascertain the expectation is within our capability and effectively reached by our business operation, service, product provision, etc. Discrepancy or gap between stakeholders’ expectation and reality should be eliminated, no matter expectation is higher or lower than reality.

5. Effective communication is also important for maintaining sounding image. Effective communication does not only mean one-way message transmission via efficient channel or selection of stakeholder group, but an attitude to listen to the voice of internal and external stakeholders and quick actions to make improvement. Message transmission is not only at the duty of one or two departments but integration and aligning of all corporate sectors to articulate in one voice. Communication also has to take cultural and language elements into concern so as to prevent any misunderstandings.

Successful image maintenance over time helps to settle up good reputation capital and also key stages of reputation maintenance. Image maintenance is implemented on operational level. However, apart from daily image maintenance, maintaining reputation from strategic level calls for its notice. On strategic level, reputation maintenance entails the forecasting and anticipating the trend of stakeholders’ value changes as well as the strategy planning to encounter such changes. On strategic level, reputation maintenance demands a reputation management principles and processes affiliated by technology adoption and

32

innovation in managerial ideology. What mention above is some general arguments rather than listing the techniques like other authors. Based on such arguments, the author can develop his own measures for reputation management, namely integrating and adopting risk management thinking and ideology for reputation management.

3.1.4 STAKEHOLDER THEORY

In reputation management research, there is an important research area noticed by reputation managers or academics: stakeholders. The term stakeholder was first recorded in 1708 as ‘a person who holds the stake or stakes in a bet’. Today’s standard dictionary definition is ‘a person with an interest or concern in something’. The definition in this paper is the social entities either person or organization who has interest in the company. Stakeholder theory refers to the assumption that company is an entity of the society. It is internal or external environment is formed by social entities or individuals who have correlated interest within the company. This social group can be influenced and also impact on company, either in macro-dimension such as corporate strategy, achievement, policy, etc or in micro-dimension such as specific project or program . Stakeholders can be resource holders. It is the exchange of benefits or function requirement between company and stakeholders that reaches the balance in company operation and its environment. As we stated in the previous parts, reputation is formed by stakeholders and defined depending on which stakeholder group is mentioned. Thus the role of managers in charge of reputation should recognize stakeholders’ need, deal with the relation with them and also find out the network structure among the stakeholders themselves. The stakeholder theory gives a fresh view over such issues.

33

Stakeholder or shareholder, who is more important for company, is a hot topic within the corporate governance discussion. The paper here has no intention to make more argument over such issue from corporate governance perspective, but wish to pinpoint their relation in reputation area. Shareholder obviously is a member of stakeholders as it is the owner of company with closest interest correlation. Because of this, company should represent shareholder interest. The biggest interest of shareholders is profits earning and corporate growth in sustainable and long term manner. Reputation is the most valuable asset and often regarded as a key competitive advantage for any company willing to be successful. Reputation is valuable in that it stands for trust and belief from other stakeholder group. It is such trust and belief that keeps the resource exchanges vital for corporate survival and profits earning currently and in the future. Therefore, shareholders should put reputation value into their key interest and have to sacrifice their certain interest for reputation protection. This also means that when conflicting with other stakeholders, the shareholder might sometimes be prioritized to be lower rank. Thus under certain circumstance, the corporate management should consider other stakeholders’ interest first so as to maximize shareholders’ long term interest.

Apart from shareholder, company is surrounded by other stakeholders within or without corporate entity. In Gramhame Dowling’s book, “corporate reputations”, 15 typical stakeholders are introduced. Croft Susan in her book “Managing corporate reputation” also listed 14 stakeholders. The author concludes the common part of them and lists them below: Customers: current and potential Labors: current and potential employees Government and communities Pressure groups and watchdog bodies: NGOs, audit agents, media and press, unions, opinion leaders, etc Investors or shareholders Suppliers, distributors, service providers, business partners, alliance

34

Industry bodies and other social entities: trade associations, professional societies, competitors both current peers and new enters. Stakeholders listed above is in just general scale and the identification of stakeholders depends on corporate situations including its policy, strategy, projects and the industry the company is working in. Stakeholder identification is meaningless if it is not classified and prioritized. Stakeholder classification bases on the assumption that stakeholders are different, but share certain similarities in certain characteristics. Such classification helps to understand their relationship, which would assist our reputation management from dealing with stakeholder relations. Grahame(1994) classifies stakeholders into 4 groups: normative group, functional group, diffused group and customer group. Normative group is that have authority to in influencing regulation compliance and rules fulfillment, such as government, regulation agency. Functional group can impact your business operation in functional manner, such as supplier, employees, business partners, etc. Diffused group is those stakeholders who take interest in your organization concerning the interest protection for others. NGOs are a typical example. Susan(2003)classifies stakeholders only into two groups: key or primary stakeholders and secondary stakeholders, respectively those directly affected or expect to benefit from an organization and those with intermediary role23. Even from literatures outside reputation management, relevant classification can still be perceived. For example in relationship marketing, six market framework, namely internal market, referral market, influence market, supplier and alliance market, and recruitment market, can also be used for stakeholder classification though concept expansion is required. From the author’s perspective, stakeholder classification depends on research purpose and criteria settlement. There is no unique method. Actually classification process is often mixed with prioritization and analysis process by deciding the power and influence stakeholders have on companies.

23 Croft Susan 2003, Managing Corporate Reputation: the new currency, Thorogood press, London

35

Stakeholder prioritization is due to the fact that stakeholders are not of the same importance to company who has limited resource to do overall research or tracing all stakeholders’ behavior. Shareholder prioritization aids company to concentrate its limited resource and capability on key stakeholders group, namely those with significant power and importance to company. In the marketing theory, opinion leaders are the group of customers capable of influencing other customers. Therefore, such person is normally becoming focus person in the eyes’ of sales person. In stakeholders, there are still the same groups of person powerful enough to influence other stakeholders or directly react to the corporate action. These people are powerful and company cannot omit their role in reputation management. There are other people though powerless from the face, but their ideas, feelings, and needs are directly linked to corporate survival and successful, which means they are important enough to be prioritized to the leading place. These two stakeholders are just two extremes and each member in the whole stakeholders group can rank their status in power and significance, which determines their priority position in the corporate reputation management. It is also noticeable that the rank for each stakeholder group can be changed, depending on concrete situation.

Normally such prioritization requires deep perception and understanding about stakeholders and is conjunct with stakeholder analysis. Stakeholder analysis is a process of profiling stakeholder, figuring out their opinion and expectation over issues and problem you wish to clarify, analyzing their mutual relation, predicting the actions and behavior of them over your target issues, assessing the capability of different stakeholders and groups to participate and support and assessing the appropriate type of participation by different stakeholders at successive stages in your project24. Stakeholder analysis provides important information about stakeholders for priority and relevant strategy company can use for issue dealing. It is also important for reputation building, maintenance and protection. Stakeholder analysis should run through the whole stakeholder and reputation 24 Managing Corporate Reputation: the new currency, Croft Susan 2003, Thorogood press, London

36

management process so as to maximizing corporate value.

Stakeholder theory also merits the activities on stakeholder relation management. As might be inspired from statements above, stakeholders might be different groups from groups but still be integrated by certain network. A good reputation manager has to understand the network amongst stakeholders so as to design proper strategies and methods to maximize reputation value amongst them. Stakeholder relation management entails effective communication with stakeholders: gaining their attention; knowing their need, requirement, and expectation over company; tracing their demands changes; eliminating their misunderstanding about us; and under circumstance inviting them to participate our strategy design, decision making and those actions affecting them. In general, stakeholder theory provides us a new view on reputation management and reputation risk management. In the later chapters, the author would use such theory in reputation risk managing model design.

3.2. RISK AND REPUTATION RISK

Risk is one of the most commonly used concepts in business operation as well as daily life. Although it is frequently mentioned, the definition of such term is ambiguous from our intuition. As this paper is dealing reputation risk management issues, the first step is to clarify the definition of our research target: risk and reputation risk. In this section risk definition and reputation risk definition would be given as basis for further research.

3.2.1 RISK CONCEPT

Risk always accompanies uncertainty. Uncertainty and risk is twin concept in any risk management literature with distinction. Uncertainty is anything out of possible prediction and its impact is not able to be forecasted. Risk is a sort of uncertainty. The definition of it is various depending on which risk categories and research aspect they conduct. As most current risk management literatures focus on

37

financial risk, risk definition from this angle is referred as various predicted outcome distributed in range possibilities, which means the possible outcomes of uncertainties are identified while the exact outcome incurred is unknown but followed a range of occurrence possibilities. However, this definition does not work for most of business risk such as brand risk since the possibility prediction of such risk occurrence is harsh. Other definition is more loosely given. Allen (1995) refers risk to fulfill four parameters: susceptibility to changes or external influence, probability of occurrence, severity of impact and degree of independency with other factors of risk.25 The author prefers to adopt the corporate risk definition stressed by Karsten Andersen and Anette Terp, which is expressed as

Internal and external uncertainties, events, or circumstance that the company must understand and managed as it executes its strategies to achieve business objectives and shareholder value26.

This definition explains the sources of risks and the importance of managing such risk for company, which is to achieve business objective and shareholder value. Although this definition omits the technique element in risk which is probability and its distribution, it expands the scale of risk on research.

Apart from uncertainty, there are other concepts in risk meriting clarifying. Risk has cause and effects. The cause of risk is called risk factor. Risk of one type can generate other risk events in a chain, for example the risk in food contamination can lead to ruins in corporate reputation. The result of risk is normally regarded as loss, which is a cost for company. However, some risks are not of negative outcome, but alternatives in both loss and gain. The example of such risk is investment risk, business risk, gambling, etc. The risk comes up only loss is referred as pure risk, while that ends in either loss or gain is speculative risk. Pure risk is also called as downside risk as it depreciates corporate value while speculative risk can create opportunity and be called as upside risk. Therefore, the 25 Risk management in Business. Allen, D.1995. Cambridge University Press, Cambridge 26 Perspectives on strategic risk management, Torben Juul Andersen 2006, Copenhagen Business School Press,

38

perception on risk should not be on the possible loss but the opportunity for value creation, which means that sometimes company should dare to take risk, though special risk threshold(or risk appetite) have to be identified. Risk threshold is determined by how much loss the company can bare and its attitude to risk. The occurrence possibilities and severity of risk can be increased by certain risk factors. Such risk factors is named hazard. Hazard is distinctive from hazard risk, which belongs to risk classification and is defined as risk from physical environment such as flood, fire, typhoon, etc.

3.2.2 REPUTATION RISK AND ITS MATTER

In the statement above we know the meaning of risk and its relevant concepts. In this part we would set foot into the reputation risk and its matters. Defined as uncertainties or events influencing corporate value, risk has its categories given which areas it has impact on. One of risk categories is business risks where reputation takes part. Reputation risk has been defined in many manners from different authors. David Abrahams(2008) gives his understandings on reputation risk: reputation risk groups together those issues that arise from failure to meet expectations of performance that apply to any comparable organization operating in the same filed27. In the new draft Integrated prudential Source Book the Financial Service Authority( FSA) defines it as: “the risk that the firm may be exposed to negative publicity about its business practice or internal controls, which could have an impact on the liquidity or capital of the firm, or cause a change in its credit rating.” 28 In Reputation Risk consultants Ltd, reputation risk is conclude to be failure in stakeholders’ perception and loss of trust for the public. Concluded from all these definitions, we might find an anonymous aspect over reputation risk, namely failure in meeting stakeholder expectation, which mainly is presented by image gap. However, the author of this paper might question such definition. For one thing, the assumption under such definition is that currently company has wide-spread identity awareness. If the awareness depth or width is lower than 27 Brand Risk –Adding risk literacy to brand management, David Abrahams 2008, Gower Publishing28 Managing business risk, Adam Jolly 2003, Kogan Page and contributors

39

corporate target, it is also an uncertainty and loss for company, which in effect is a risk. For another, such risk definition only emphasizes negative image gap, namely reality is lower than expectation, neglecting positive image gap, which is the circumstance that reality is higher than expectation. Finally under such risk definition, the company would lose passion to change its image status as 0compared with competitors, our image status is low and consequently our expectation is low and our reputation risk is low. However as stated in the previous parts， image gap, especially negative gap is the main risk factors leading to damage in reputation. Combining the definitions to risk and reputation, the author in this paper gives his own definition over reputation, though far from perfection:

Reputation risk is uncertainties, events or circumstances that undermine the favored value judgment hold by stakeholder over companies via impact on corporate identity, corporate image and long term trust formulation, which results in reputation value depreciation and economic loss for the company either in short term or long term.

Reputation risk is unlike other risk as it has its own features which lead to the management of it to be unique and distinctive. The characteristic of reputation risk is following:

1． Reputation risk is regarded as the No. 1 risk within corporation, but without proper management. Such saying is due to the fact that the value of reputation now takes predominant portion in corporate capital and reputation (and brand) has become key competitive advantage of organization. However, the high vulnerability of such asset increases the risk and its effect on corporate survival. Up to now there is no much research on reputation risk management, which means the insufficient theoretical bases for practice. What is worse, reputation risk is not a part of existing risk management frameworks without defined

40

process, tools and techniques as well as body of responsibility for managing such risk in the organization29.

2． Category of reputation risk is unclear. Reputation risk is hard to quantify. There is argument about whether reputation risk should be a class for its own right or due to the 54 other risks. The risk is of cause and effect. One risk factor can lead to a chain of risk exposures, which is route cause effect. Therefore, other risk can be route cause leading to reputation risk. Or sometimes other risks might have reputational impact. In addition, reputation risk is about the risk in stakeholder’s perception, expectation, value exchanges, which is subjective. Therefore, quantifying reputation risk is harsh and quality method is entailed.

3． Reputation risk is speculative risk, which means it has the potential to create corporate value under certain situations. Some reputation risk such as rumor might affect corporate image in a short time and depreciate corporate value. However, rumor itself can act as two-side swords: It brings out misunderstandings and trust loss within existing stakeholders, but expands the corporate image awareness too. If it is managed in place, company can not only consolidate its image and trust within stakeholders who might immune to similar rumors next time, but earn benefits from broadening reputation awareness and status.

. The ubiquity of reputation risk. This stems from the second characteristic listed above. Now that reputation risk correlates to or is rooted in other risks, it is understandable that the damage to reputation can be indirectly consequence of almost any badly managed incidentthe possibility of risk reversion to reputation risk.

. Reputation risk can be magnified, which leads to higher uncertainty over its impact. Reputation risk deriving from other risks often exceeds its actual hazard damages under scientific calculation. It refers to stakeholders’ psychological fear over certain events. Such fear would be highly noticed and magnified by media broadcasting, which leads to higher psychological burden in stakeholders and coverage cost for company

29 Conference paper: Reputation and its risk-the necessity of managing reputation risk, Robert G.Eccles 2006, Bonn/Petersberg 30 Brand Risk: Adding risk literacy to brand management, David Abrahams 2008, Gower Publishing Limited, England.

41

Introduction to risk and reputation risk issues brings us a vision on what risk and reputation risk is. Understanding risk is only a first step. It is by risk management that value can be created and problem can be solved.

3.3. RISK MANAGEMENT

As has been stated, risk is uncertainty generating cost or gains. Loss means cost and gain means opportunity. It is risk management task to avoid and mitigate the loss and maximize the gains. Especially nowadays, in addition to the traditional value creation methods like marketing, logistics, etc, risk management can be a new way for corporate value creation when companies are under changing environment at current time. Thus Company should take risks, but the success of such risk taking is determined by how risk is identified, valuated, controlled and financed, which is within the content of risk management.

3.3.1 RISK MANAGEMENT DEFINITION

Risk management, as is manifested from its name, targets at dealing risk issues. Concerning risk categories, different authors define risk management in various manners. Dorfman(1998) defines risk management as “the logical development and execution of a plan to deal with potential loss.” 31Such definition specifies the capability of loss prevention and planning process in risk management, although obviously neglecting managing upside risk. Michel (2005) defines risk management as a continual process of corporate risk reduction. “Risk management is really about how firms actively select the type and level of risks that is appropriate for them assume.”32 Dissatisfying the definitions from other sources in that they are segregated and under different framework, the author gives his thought on risk management definition as following:

Risk management is a planned, continual and rigorous process to identify, analyze 31 Introduction to risk management and insurance, Mark S. Dorfman 1998, Prentice Hall, 32 Essentials of risk management, Crouhy, Micheal 2005, McGraw-Hill Companies,

42

the risks from various sources threatening corporate value; control and optimize their occurrence and impact on corporate operation and strategic object achievement.

Such definition reflects author’s ideas that risk management is value creation process via risk identification, consequence and occurrence evaluation and method/ strategy design and implementation to response, control, and finally to monitor them. From such definition we also can depict that what can be managed is the risk factors and hazards. Risk management in other words is to find out such risk factors, analyze their features, occurrence possibilities and exposure severities, based on which strategy and methods are designed and implemented to optimize them. Optimization is based on the reality that some risks are speculative risk and some of them are correlated. It is by risk integration and proper methods/ strategy design that general synergy can be reached. Such optimization requires breaking the silo of different risk categories as well as corporate functional sectors to form an integrated risk management framework. Such framework either takes the form of comprehensive managing risk from all sources or managing one certain risk throughout the whole corporate governance structure and business unit ranging from strategy design to single project processing so as to complement the strategy completion and corporate achievement both in short term and long term. Such ideas originate from the most advanced thinking on risk management, namely enterprise risk management. In addition to such integrated and holistic perspective, enterprise risk management also emphases proactively managing business risk such as reputation and brand risk apart from traditional financial risk. 3.3.2 RISK MANAGEMENT PURPOSE

The purpose of risk management can be regulated in terms of corporate object and intention. The general purposes concluded from literacy and the author’s opinion is:

1. Value creation and competitive advantage. Nowadays Companies, especially TNCs are facing complex challenges from global competitions. Seeking new way

43

for value creation is on the urgent agenda of managements. Risk management in place can create value by eliminating the uncertain loss encountered by companies as well as promoting opportunities stemming from speculative risk. Risk management can be deemed as an innovative sector within corporate primary activities of the whole value chain. Strong capabilities of risk managing for a company can outstand itself from peers in decision making and strategy implementation, which creates competitive advantages for sustainable development.

. Financial security and stability. Risk management is a trade-off between opportunity cost from risk retain and from risk methods adoption. Normally risk management can eliminate the decrease of corporate value from risks at low cost, which helps to secure financial security and stability.

2. Information transparency and shareholder protection. New regulation over corporate governance and finance urges the common adoption of risk management system in company so as to disclose information concerning shareholder value protection and investors benefits.

3. Risk awareness and risk culture cultivation. Risk management has to cultivate and enhance the risk awareness and culture from board, top management to individual staff in conduct risky business operations and decisions.

3.3.3 RISK MANAGEMENTAND RISK LIFECYCLE

Risk within companies typically develops under certain lifecycle and undergoes several stages, which can be depicted from the graph below;

44

Figure 3.2: Risk lifecycle 33

At the potential stage, risk factors would appear and embed in the daily operations. Such risk factors have not matured to expose, which generates no loss and little pressure to the company. However, such risk factors would continue to grow and mature until limited cases of exposures occur, which is the threshold to the emerging stage. At emerging stage, exposures would occur in an increasing number with burgeoning cost and pressure to the company. In effect, the risk at this stage can be identified from the beginning as initial amount of exposures serve as signal for identification. It can also within the control of corporate capability as the damage is not massive. However, if response to risk and its signal is misconduct, the exposure and loss would accumulate to the extent when situation is out of control and pressure reaches its peak, which is called crisis stage. Another explanation for risk lifecycle is the casual relations with one risk to another. As the exposure of one risk event would lead to the exposure of another risk, the result of which is the chain exposures deriving from the proximate cause, and relevant cost accumulation. The example of this can be simplified into one famous saying: ‘‘a rot nail would infect a horse, a infected horse will kill a general, the loss of general would ruin a battle, a loss of battle will overthrow a empire’’. The pace of movement through risk curve varies from risk to risk. Some risk like reputation risk might move quickly through its lifecycle from emerging stage to crisis stage due to the fact that the source of pressure is not only from risk itself but from external environment, which includes media, the public and other stakeholders with power. As can be viewed from the curve, the possible influence area on risk covers ends of potential stage and emerging stage while at crisis stage, exposure does definitely happen or has occurred with great damage, which means influences and control on risk is useless and the only way to do is to mitigate the severity of existing damage using crisis management strategy. Therefore, risk lifecycle explains the necessity of early risk identification, risk assessment and responses proactively to the risk factors and exposures, which

33 Inspired and adopted from, Risk Issue and Crisis Management, Regester Michael 2005, Kogan Page Limited

45

pinpoints the value of risk management for the company willing to control risk.

3.3.4 RISK MANAGEMENT PROCESS

The fundamental element in risk management is to conduct risk management process. It dispatches risk management into three sectors: risk context sector, risk managing sector and risk report/ monitor sector. Risk context sector is an environment analysis of corporation where risks lie. Such analysis helps to construct the frame work on the company operation, culture and structure both in external and internal context so that risk management system and process can be applied and integrated. The risk managing sector is the core process stage in managing risk including risk identification, risk analysis, risk control and strategy design, and finally risk finance. After this sector, risk factors can be identified, its possible exposure is controlled and possible damage can be eliminated. Company itself can also choose right financial preparation. Risk monitor and report conclude and evaluate the effectiveness of risk management and pinpoint the place needing improvement. In the following pages, the author would introduce such process and relevant methods in detail.

Figure 3.3 Risk management process 34

Risk context refers to the environment analysis of the company facing risk, both internally and externally so that risk framework adopted can be integrated into the whole corporate system. External risk context analysis includes the industrial analysis, market position analysis, etc, while internal analysis needs to investigate corporate business model, current corporate structure, mission, strategy, etc. The internal analysis also merits analyzing risk system used currently within company 34 Made by author

46

and risk management potentials such as information source, human resources, etc.

Risk identification is the beginning of risk management process aiming at finding and profiling the risk factors and hazards from various sources affecting corporate value throughout the whole corporate business unites. Risk identification requires the risk sources analysis which entails the scanning the possible threat using risk depicting techniques. General risk sources from most of literatures can be concluded into four: Financial risk, operation risk, hazard risk and strategic risk. Financial risk is represented by any volatility against expectation in finance such as interest rate risk, exchange rate risk, credits risk, etc. Operation risk stems from any failure in operations of corporate daily activities, such as IT risk, risk in supply chain, risk in accounting controls, etc. Hazard risks are from sources such as nature catastrophe, liability claims, property loss and damages, etc. Strategic risks come mainly from reputation loss, failure in business plan and market strategy, commodity price turbulence, etc. Indentifying risk often claims for the review of previous risk documents and statistics. When such information resources are unavailable, external consultant might be required. Sometimes risk at its potential stage could shed weak signals in trivial events. This requests risk staff to depict, trace and cluster such signals so as to extract possible trend and identify discontinuities and risk35. Workshop group comprising different experts at various areas in the company has to be organized so as to break the silo of specific sector and identify risk in a wider aspect. Risk analysis is the next step after risk identification. After risks have been depicted, it is normally action to analyze their features, occurrence possibility, expose impact and relation to other risks. In risk feature analysis, risks factors would be categorized. For those factors from external areas, PESTLE analysis can be useful, which groups risk factors into political, economical, sociological, technological, legal and environmental. For the factors from internal areas, specific sub-categories such as asset, employees, corporate structure, etc might be used.

35 Risk management-An implementation guide, Julian Cummings 2004, Cardiff Caerdydd.

47

Occurrence possibility and severity evaluation is conducted on the foundation of scenario analysis and information, resource access. When lacking of objective data base, subjective evaluation on possibility and severity might be adopted from various participants, which according to recent research can still present high accuracy. Scenario analysis can also illustrate the relations between one risk class to another supported by sufficient information, which can assist decision making. After clarification of risk possibility and severity, a clear risk map can be drown. Risk mapping is often in conjunction with risk rating and prioritization. Risk rating is ranking the possibility and severity of risk factors with sequential figures, which formulates the horizontal and vertical axis and divide risk situation into four dimensions. Risk mapping is to denote the position of risk factors identified and rated on those four dimensions so that the significance of each risk factor can be illustrated. Normally those factors with high possibility and severity could be specially noticed. Other risk either high in occurrence possibility or severity can be treated as lower priority. Prioritizing risk is due to the reality that not all risks are equally important to be managed under the situation of limited corporate resources and risk managing capabilities. Risk management has to balance the cost-benefit from risk exposure and managing process itself. Prioritization provides the cautious view on risk managing sequence and timing based on cost balance. Risk mapping here not only serves for risk analysis, but grants possibility for choosing risk strategy and control methods in place. Such content would be stated next.

The next significant stage at core risk managing process is risk control and strategy design. The methods for risk control can be three: modifying the company’s operation, adjusting its capital structure and employing targeted financial instruments36. Capital structure adjustment such as leveraging the equity and decreasing debt can be deemed as risk transfer and financing explaining to whom risks should be shared and afforded. Using target financial instrument such as insurance and derivatives deals with financial risk as well as risk coverage 36 Mastering Risk, James Pickford 2001, Financial Times/ Prentice Hall

48

preparation. From the author’s understanding, risk control has to decrease either the occurrence possibility or severity of risk when risk factors expose. If we compare with the risk mapping, we could be clearer over such issue that risk control helps changes risk factors dimension to degrade their priority. Based on these assumptions, risk control has 4 strategies for risk dealings: risk avoidance, risk prevention, risk reduction, risk diversification and integration.

Figure 3.4 Risk Strategies37

Risk avoidance is to avoid taking action so that chance of risk exposure is completely eliminated. The example of risk avoidance is ceasing or rejecting some risky projects or actions with high severity. Such strategy can be effective for pure risk managing, while for speculative risk it cannot avoid opportunity missing. Successful Risk prevention can lower the possibility or frequency of risk exposures. Such strategy does not completely eliminate risk, but accept risk and minimize its occurrence possibility to an acceptable level. The example of risk prevention is using the training and alarming signal to prevent operation risk. Risk prevention also can be seemed as hazard avoidance as hazard increase the frequency of risk exposure. However, when the frequency of risk exposure cannot 37 Adopted from, Perspective on Strategic Risk Management, Torben Juul Andersen 2006, Copenhagen Business School Press

49

be lowered, the risk reduction has to be applied. Risk reduction lowers down the severity of risk exposures. Risk reduction deals with issues that severity of loss is high and loss cannot be avoided38. Risk diversification means segregate risky unites into many parts so that loss in any individual part would not influence the whole in a dramatic manner. The general principle of diversification is “Do not put all eggs in one basket”. Risk integration is to collect and integrate various risks with correlation so that the loss in one risk exposure would be compensated by gains from others. Risk control strategy provides a first fence on risk exposure. However, in case of the possible damage from risk exposure to corporate financial stability, company normally has to make financial arrangement. Risk finance gives the inspirations on by whom and when should the loss from risk exposure. Before choosing risk finance strategy in place, proper risk threshold must be set. Risk threshold is to what extent risk can be accepted by the company and corporate attitude to such risk. After that, company determines strategies options for risk finance which includes risk assumption, self-insurance, risk transfer other than insurance and insurance39. Risk assumption and retention mean company has to afford the cost risk exposure by itself. The difference between assumption and retention is whether company positive makes financial arrangement for unexpected loss. Risk assumption does not demand the arrangement but compensate the loss as operation expenditure in balance sheet, while retention would retain certain funds in case of unexpected loss from risk. Self-insurance is a typical action in risk retention. Actually in many conglomerates, self-insurance companies such as capital insurance companies are built, driven by the motivation of overheads saving, tax shielding and premium cost sparing as well as the strong risk managing competence within the organization. For those without strong competence but under strong threats from risks, they have to outsource risk managing task at certain premium to insurers, which is insurance. Insurance is a common action of risk transfer, but other methods such as hedge can also serve as good transferring tool mainly in dealing with financial risk. For business risk

38 Introduction to risk management and insurance, Mark S.Dorfman 1998, Prentice Hall39 Introduction to risk management and insurance, Mark S.Dorfman 1998, Prentice Hall

50

management, risk transfer can be done by using outsourcing, joint ventures or alliance, but such options might generate other risks such as reputation risk.

Risk control and finance aid companies to defense risk threatening corporate value and defuse the impact on corporate financial when integrating the risk mappings and prioritizations. The risk management process at core at this stage is over. However, it does not mean that risk management is ended. Evaluating the effect of risk management measures adopted should also be made in order to come up feedback for improvement. Guarantees on risk treatment and strategy implementation should also be within the task of risk managers. After monitoring, risk manager has to register and profile the risks and treatment to them so that it can serves as historical data and experience for future utilization. Relevant report on risk management should be delivered to the board and further published in the annual report to fulfill the accountability and transparency requirement from investors.

3.3.5 RISK MANAGEMENT TECHNIQUES

The risk management technique is the tools, knowledge and thought utilized in risk management process. The adoption of each individual technique would be based on which style of risk is mentioned. Given the distinctions between quantifiable risk and unquantifiable risk, the technique for managing such risk could also be categorized into two main types: qualitative methods and quantitative methods. Qualitative methods seek to compare the relative significance of risk in terms of the effect of their occurrence on the final outcomes by using no-statistic tools40. Quantitative methods use statistic and mathematic tools to specify the exact value range distributed over the possible outcomes in terms of possibility. Qualitative methods can be used in most of unquantifiable risk, but also in quantifiable risk. This is because they provide more useful information than that from quantitative risk analysis which sometimes is not necessary or easy to put on certain risk

40 Corporate Risk Management: An organizational Perspective, Tony Merna and Faisal F. Al-Thani 2005, John Wiley & Sons Ltd

51

management cases. The typical qualitative methods include brainstorming, Delphi, Interviews, checklist, risk registering, etc. The quantitative methods cover decision trees, portfolio analysis, sensitivity analysis, etc. With the development of IT technology, various types of software has been designed for specific risk managing. For most of risk managing at initial stage, qualitative techniques tend to be put forward as information is not sufficient to sustain quantitative methods adoption. As analysis continues and more information supported by possible mathematic models or simulation software comes, a quantitative method tends to be used.

Risk management promotes the capability of company and mankind facing uncertainties. However, current literacy is mainly on managing limited sorts of risks, the predominance of which is financial risk or operational risk. As for some risks fatal to corporate survival and success such as reputation risk, there are no or few systematic thoughts. The consequence of such situation ends in limited research on reputation risk as well as creativeness on reputation management philosophy. Traditional reputation management philosophy is reactive either by public relation or recovering strategy to compensate loss when crisis occurs and loss is in reality. As has been stated in the above parts, risk management is a value creation method for corporate asset management. Reputation as the most valuable asset should be managed in an innovative way or proactive strategy, which the author here assumes should and can be done by integrating risk management and reputation management. Aspired by this thinking, the author would prefer to make stress his ideas on how these two academic areas can be integrated and what the process for reputation risk management to be over such issue in the later parts.

3.4 PROACTIVE REPUTATION RISK MANAGEMENT

As has been stated on the chapters above, reputation risk managing from author’s

52

view can be grouped into reactive and proactive strategy. It is proactive strategy that should be more suitable. To testify such assumption, it is necessary to understand what the reactive and proactive reputation risk management is; from theoretical perspective why reactive strategy does dysfunction; how proactive reputation risk management does serve for risk dealing. In this part, the author would answer such questions and stresses his understanding on reputation risk management issue.

3.4.1 PROACTIVE AND REACTIVE REPUTATION RISK MANAGEMENT

Reactive reputation risk management can be defined by concluding from the currently adopted methods for reputation management such as Public relation and Crisis management.

The author defines reactive reputation risk management as:

The strategies, methods and process that reactively respond to the development of reputation risk issues and their effect with more emphasis on exposure loss compensation and post-exposure recovering.

The proactive reputation risk management does the opposite. It tends to proactively managing reputation risk through the whole lifecycle of risk by emphasizing early identification, assessment and response in place. The proactive reputation risk management integrates reputation and risk management theories and methods and serves for dealing with reputation risk.

From such definition it might not be difficult to see that reactive and proactive management represents an attitude to the reputation risk issue. Reactive management characterizes itself as late identification and assessment or omitting such process but being driven by the damage reality and post-damage coverage, while proactive risk management entails early risk factor identification, possibility and severity assessment and actively controlling the development of reputation

53

risk issues.

The necessity of using proactive reputation management cannot only be testified by current reality of failure in reputation management via reactive methods and strategies, but also be explained by reputation risk lifecycle theory from theoretical perspective.

3.4.2 PROACTIVE REPUTATION RISK MANAGEMENT AND REPUTATION RISK LIFECYCLE

As has been illustrated by the risk lifecycle part mentioned in the previous chapters, risk undergoes three stages, namely potential stage, emerging stage and crisis stage. Reputation risk has the same lifecycle as other risks however with higher pressure increase margin and shorter period from emerging stage to crisis stage, which can be shown by the graph below.

Figure 3.5 Normal risk lifecycle (left) and reputation risk lifecycle (right)41

Before the explanation of risk life cycle, it would be much better to understand the causal effect to the company from reputation risk, which can be regarded as risk evolution. The general logic behind evolution is shown below:

41 Inspired and adopted from Risk Issue and Crisis Management, Regester Michael 2005,Kogan Page Limited

54

Figure 3.6 Evolution of reputation risk 42

From the last part of the chain, it might be obvious that reputation risk can be materialized into concrete impact to companies by stakeholder action. The impact of reputation risk is directly determined by stakeholders’ reaction to the company. The impact of stakeholder’s reaction is also determined by three factors: one is the stakeholders’ risk attitude; the others are stakeholders’ power and significance to the company. Stakeholders risk attitude decides how quickly and possibly the stakeholder would take actions. Their power and significance decide how large impact the stakeholder’s actions would be on the company. Compared with other risks, reputation risks involve the subjective decision on reaction taking by the stakeholders, which means the occurrence of damage or risk impact is hard to be quantified. Some of the reputation risk, like unethical behaviors, would generate high concern from the stakeholders, which means they would probably intent to make quick action. If they are key stakeholders for the company with great power and significance rank, the action would be immediate and damage would occur. If not, they would influence other stakeholders by word-of-mouth. During the process, influential stakeholders would amplify such concern and broaden influence scale until more and more stakeholders with power and significance get involved and dramatic damage to the company occurs. Stakeholder’s quick actions and amplified impact would push risk quickly through potential stage to crisis stage leaving the company limited time to control and influence. If we adopt reactive management, the company would only focus on crisis stage in which control is harsh. However, if we use proactive management, the company would overview the whole lifecycle with attention to potential and emerging stage where

42 Made by the author

55

Corporate Behavior

Influence to stakeholder

Stakeholder reaction

Influence to corporation

Reputation Risk

the risk is not exposed so as to catch the opportunity to control the risk. By integrating reputation management and risk management theories, strategies, techniques, etc, the company would early identify, assess and quick respond to the risk so that loss due to the risk exposure can be avoided and mitigated. Reputation risk lifecycle explains the necessity of using proactive management. However, it does not give the answer to how reputation risk can be managed by proactive management, which requires the construction of model. In the later part, the author would stress the model of proactive reputation management with integration of reputation theory and risk management theory.

3.4.3 PROACTIVE REPUTATION RISK MANAGEMENT MODEL

From author’s perspective, proactive model should integrate reputation theory and risk management theory. As reputation is defined by stakeholder, stakeholder theory would be taken into consideration. Furthermore, proactive management emphasizes catching risk control opportunities within potential and emerging stage which is of limited time span via early identification, assessment, control, monitor and report. Thus risk management process, techniques and strategies can suitably be matched to the proactive philosophy. Reputation theory and risk management literacy construct a foundation of model with risk management literacy being the main framework.

Before commencing risk identification, the reputation risk context analysis might be conducted. In addition to profiling corporate internal and external environment plus the overview of the current corporate risk management system, the stakeholder identification should be done first in the context analysis. Stakeholder identification can be made either by conclusion from business experience, reviewing to literatures such as those 14 typical stakeholders listed, or surveying the corporate staffs from board to the bottom, from one department to another, from one country market to others. Following the logic of stakeholder theory, the stakeholders also have to be categorized into groups in terms of their features and influence. Reputation risk context analysis reveals the background

56

information for the following risk management process. It also supports the formation of corporate risk threshold when facing the risk.

Reputation risk identification starts with identifying the risk factors affecting the corporate reputation value. The risk factors are those corporate behaviors or changes or events both from internal and external sources, etc that can undermine corporate favored identity, image, trust and value exchange with stakeholders. Since reputation is formed from stakeholders, identify risk factors should start from scanning stakeholders. Stakeholder scanning is an information collection process on stakeholder’s value judgment and perception of the company from corporate identity, corporate image and value commitment, etc. Stakeholder scanning is also to know stakeholder’s expectation, interest concern within the company, the trend descriptions, etc. In other word, scanning is not only about judgment of the corporate current performance, but the expectation for the future. The detail information from scanning might include, but not limited to:

1) The image held by stakeholders on our company including image awareness (do they know our company), image value judgment (does our image positive or negative?) and image status position (does our company closer to stakeholders than our competitors?), 2) Focal interest held by them within the company, which might incur their highly concern.3) Expectations they hold over corporate behaviors, operations, policies, strategies, etc. 4) Perception or comment over the corporate behaviors, actions, policies, strategies, etc after such behavior, actions, policy, etc have been issued and conducted.5) Stakeholders’ perception on trend of changes and requirements. 6) Stakeholders relation with other groups. Stakeholder survey and other relevant information collection methods help to understand stakeholders’ requirement, the percerion of the company and even competitors as well as trend of expectation

57

changes.

Continuously stakeholders’ scanning helps the company not only to construct a full vision on stakeholders’ demand, expectation, trend development and other information, but a chance to disclose the source of threats that might undermine corporate reputation within the corporate operation behaviors and performance, which in effect is an useful way for reputation risk identification and settlement of early warning mechanism. The general sources of reputational risk concluded from both corporate cases and literatures cover: 1. Identity risk. Identity risk refers those events and uncertainties that affect

corporate identification. It concerns two issues: one is pirate action to use corporate logo, trademark, and name which fail to be registered due to corporate negligence. The second is the inconsistent, inappropriate and incomplete presenting identity which might lead to the confusion, low awareness, and even misunderstanding over corporate identity.

2. Awareness risk. Awareness risks concerns the issues that influence the scale of awareness of corporate reputation within stakeholders. Such risk concerns the cognitive dimension of corporate reputation

3. Risk in image. The risk in image can be categorized into two groups: image gap and image status failure. Image gap concerns the mismatch between: gaps in value acceptance, gaps in expectation fulfillment. Gaps in value acceptance means the value and behavior of the company cannot be ethically accepted by stakeholders. Gaps in expectation fulfillment mean the performance of the corporate behavior does not match the standard of stakeholders. The detail image gap might include the mismatch between 1) the expected image preached from the corporate identity and the real image embedded in the stakeholders’ mind. 2) The value orientation or commitment preached by the company and that accepted by the stakeholders. 3) The expectation of corporate behavior or action stemmed from corporate value commitment and the reality of action to fulfill such commitment. The mismatch on this subsection refers to two issues: negative gap, namely the stakeholders’

58

Negative Gap

Positive Gap

Gaps in Value Acceptance

Gap in Expectation FulfillmentImage

Status Failure

Risk in Image Image Gap

expectation is higher than reality, which means that the company has not satisfied the stakeholders or bubbles of over identification do exist. Since reputation risk can be linked to other risks, negative gap can be hidden into other risk sources and failure actions. From recent outcome of survey conducted by the Economist Intelligence Unit about reputation risk, 11 types of threats are ranked as sources of reputation risk with regulation compliance risk to be the top one.

Figure 3.7, Structure of risk in image43

Figure 3.8, Survey on reputation risk source44

The other is the positive gap; meaning expectation is lower than reality which depicts that the current effort on corporate identification and image construction is not enough, as the stakeholders do not get enough information about the company so as to fully appreciate corporate value orientation, behavior, competitive advantages and policies, etc.

43 Made by the author 44 Series Report: Reputation: Risk of risk, Economist Intelligence Unit 2005, The Economist.

59

Status failure also threatens reputation. Status failure stresses the failure in leveraging corporate image to the same level of peers and competitors, which means the company is less welcomed by the stakeholders than competitors. Status failure can be illustrated via market share, media reaction and coverage, transaction efficiency (with business partners), etc. Status failure directly influences position of the company under fierce competition in stakeholders mind and sometimes determines the future of corporate development as well. Status failure should lay more attention since it not only signals the corporate competitive advantage degrading, but it is often neglected by the reputation manager with more cautious view over image gap.

4. Risk from changing stakeholders’ expectation, values judgment and trends of changes. With the updating techniques, fierce competition from corporate competitors, the stakeholders’ expectation and value commitment would frequently change, which means the company willing to maintain its reputation has to keep tracing such changes while failure in doing that would end up with image gap and image risk whose long term deterioration would result in losing trust.

Such risk sources are just common and major samples, but not limited to that. Stakeholders scanning might come up with other risk factors unanticipated by the company. Stakeholder scanning is a continuous and coordinated process. It can be organized by a workshop group responsible for survey organizing. The technique used in scanning might be stakeholder survey containing market survey, customer survey, etc. Each department in different functional or regional silos would get such scanning in their daily task. From author’s perspective, such scanning might be better conducted if stakeholders have been prioritized and ranked first in terms of their power and influence based on corporate long term strategy and benefit maximization, which means this scanning should be started from key stakeholders and rippled to other stakeholders with lower rank

60

Figure 3.9 Stakeholder Scanning: normal Form (Left) and modified Form (right)45

After the risk source is identified and risk factors are early warned, the next step is to analyze the occurrence possibility of such risk. Reputation risk analysis is to analyze the feature of reputation risk factors, disclosing their root courses and linkage to other risks, analyzing the possibility of occurrence of risk exposure and their impact on the company, and finally mapping and prioritizing them for managing sequence. As some of the risk sources are rooted from other risks such as default risk, financial risk, market risks, etc, the current system for managing such risks can be directly used so that reputation risks might be indirectly under the control. Therefore the methods in current system for such sorts of risk assessment can be adopted and integrated into the reputation risk assessment. From author’s perspective, reputation assessment could not be departed from stakeholder analysis. At this stage, stakeholder analysis is mainly about knowing stakeholders’ attitude towards the risk factors identified at identification stage,( for example child labor would generate high outrage level of government and NGOs; Default action from internal corporate operation would generate fear of investors), making scenarios analysis about the possible actions the stakeholder would be spurred by such attitude, and the impact on the company from such actions, which can be regarded as severity data about risk. The outcome information from this stakeholder analysis would be used for risk mapping and prioritization.

45 Created by author.

61

Reputation Risk Analysis

Figure 3.10 Reputation Risk Analyses46

In the attitude analysis process, the stakeholder scanning and survey would continue with main purpose to disclose the risk attitude towards certain risk factors. Such scanning should also start from key stakeholders and then ripple to the low rank group. Marsh Ltd has created a hexagon model for reputation risk which the author adopts and revises for attitude scanning:

Figure3.11 attitude analysis from Marsh Ltd47

46 Made by author 47 Brand Risk: Adding risk literacy to brand management, David Abrahams 2008, Gower Publishing Limited, England

62

Stakeholder Attitude Analysis

(Scanning and Hexagon Model )

Stakeholder Reaction Analysis

(Scenario Analysis and Impact

analysis)

Risk Mapping/

Priortization

As can be seen from the picture, the stakeholders within each rank would be grouped into one hexagon. Each sub-con within the hexagon represents one stakeholder such as customer, employees, community, government, etc. The hexagon can further be divided into more sub-cons for more stakeholders identified. The attitude can be colored from white to black illustrating the severity of attitude changes in terms of each risk factor. After scanning, the attitude to each risk factor from both individual stakeholder and group stakeholders would vividly be visualized by color. Such visual model can help manager quickly perceive the severity of one risk factor or issue so as to make right scenario analysis of stakeholder reaction.

Based on the data from the attitude analysis, the scenario analysis would be commenced. Scenario analysis here takes the task of anticipating the possible actions that stakeholders, especially key stakeholders would do and relevantly the impact of such actions to the company. The scenario analysis should also follow the timing dimension of risk development to illustrate not only the possible stakeholder’s actions at the moment, but the future development of each action. Worst scenario analysis should be made so that the maximum damage to the company could be recognized. After scenario analysis, the company would assess the reputation risk by mapping the risk based on impact severity from stakeholder reaction and possibility of such reaction. The rating of possibility can be based on previous data or simulation technology if available. However, subjective judgment could also represent certain level of accuracy. Mapping risk gives the direction to the company about the sequence of risk handling so as to balance the cost and efficiency of management procedure

Proactive reputation management does emphasize the necessity of early identification, assessment of reputation risk via risk management and reputation management methods. However, without risk response and control in place, the work done previously would be meaningless. From author’s perspective, the final purpose of proactive reputation risk is to identify risk and more importantly take

63

action to control risk. The strategy for reputation risk control stands for the same principle of risk strategy selection, namely lower down the possibility of threats occurrence and mitigate the loss from exposure of such threat. As reputation risks links closely to other risks, they can be handled in part by current risk management systems or controlled by proper business strategies. The discussion for proper reputation risk control/ response method is fierce and without unanimous conclusion. Some authors utilize the general risk strategy into controlling reputation risk such as reforming corporate operation, adjusting corporate capital structure (leverage the equity and curtail the debt) and using financial instrument such as risk alternative market. These ideas help control overall corporate risk including reputation risk, but do not prove how effective it is to the reputation risk. Other groups of academics discard the overall strategy but attempt to design strategies exclusively for reputation risk control. Many of the academics as such introduce the stakeholder concept, but vary their methods selection for niche risk source control. Reflecting to the risk strategies mentioned in the risk management part as well as the effect chain of reputation risk stated in the reputation lifecycle part, the author believe there are also four strategies for managing reputation risk, respectively risk avoidance strategy, risk prevention strategy ,risk reduction strategy and risk transfer strategy. Before the explanation of the each strategy, it would be better to review the evolution of reputation risk again and to know the managing philosophy under the each strategy.

64

Corporate Behavior

Influence to stakeholder

Reputation Risk

Stakeholder reaction

Influence to corporation

AVOIDANCE

Control the Risk Source

PREVENTION Control Risk Frequency

REDUCTION &TRANSFERControl Risk Impact/ Severity

Figure 3.12 Reputation Risk Evolutions and Risk Control Strategy 48

As has been defined earlier, reputation risk refers to those factors or events undermining trust between stakeholders and the company, which would lead to economic influences to the company either in long term or in short term. Such factors are hidden within the corporation. As stakeholders have interest correlation to the company, corporate behaviors would impact stakeholders and the risk factors would expose. Spurred by their attitude to such risk factors, stakeholders would take action which would respond back to company and generate economic influence. Therefore, the stakeholder’s reaction impact is the actual impact of reputation risk, and their attitude to the risk determines the possibility of impact occurrence to the company. Risk control is either to lower the frequency or severity or both. Inspired by such direction, the philosophy of controlling reputation risk can be done through 1) controlling the risk source within the company; if not 2) Influence stakeholder’s reaction possibility; if not 3) influence the impact of reaction. Comparatively, four risk control strategies match such philosophy. Risk avoidance can be used firstly when risk factors are still embedded within the company by taking operational adaptations to mitigate the risk factors from the source. If such strategy does not be effective, the risk prevention strategy can be chosen to influence stakeholders to neutralize their attitude before they take reaction so as to lower risk frequency. The typical sample of such strategy is customer communication, dialogues, after sales service, etc. If the stakeholders have already taken action and the damage does definite occur, risk reduction strategy could be used to mitigate the severity of risk issue to the company, such as media communication, government lobby, etc. Crisis management could be regarded as way of risk reduction, though the effective of such methods is often unsatisfying. Another strategy that can be integrated within risk reduction is risk transfer via purchasing insurance product from Insurer. However, there are very limited insurance products for reputation risk currently. The only underwriter found by author in the insurance market is Kiln Group at Lloyd’s issuing “First Party 48 Made by Author

65

Adverse Reputation Insurance Policy” with strict risk retention ratio for the Insured. Risk avoidance, risk prevention, risk reduction and risk transfer can help reputation risk manager deal with reputation risk through its evolution stage. The best strategy, from author’s perspective, is to avoid the reputation risk from the roots and mitigate risks within the company before they influence the stakeholders, especially key stakeholders. The reputation risk strategy listed above is a general principle of how to control reputation risk in terms of its evolution. The detail strategic actions can be flexible given the real situation. For example, to avoid negative image gap from the source, most of the international companies adopt CSR (Corporate Social Responsibility) to leverage the standard within the company so as to meet stakeholders’ requirement. As for avoiding risk in image, one proper method from the author’s perspective is to use ‘‘take the lead, doing the best strategy’’, which means the company has not only to adopt high standard but to be standard leader in the industry or in other word keep expectation from stakeholders always a little bit lower than the corporate performance. However as has been stated above, concrete action for the company could be more flexible with principle strategies as risk avoidance, risk reduction, risk prevention and transfer. It is also noticeable that the effectiveness of risk control is partially depended on previous corporate reputation and trust status within the stakeholders.

Reputation risk monitor and reporting is also an important step to be done. The effect of reputation risk managing can be manifested through continually scanning and communication to the stakeholders. Or it can also be shown from corporate performance repot such as financial report. The outcome of certain stage of reputation risk management should be reported to senior managers who are at best members of the board

3.4.4 FURTHER THINKING ON PROACTIVE REPUTATION RISK MANAGEMENT

In the last sections, the author attempts to construct a model for proactive

66

reputation risk management by integrating reputation theory and risk literacy. However, there are other thought that might inspire us to further discuss about reputation risk management.

1. Knowledge management, communication and reputation risk management.

Knowledge management is a new concept in the management literacy. It is a term that describes the process by which a company organizes, collects, shares, distributes and learns collectively from employees, stakeholders, and the outside world. It is a broad framework for actively managing the information and knowledge that is available to it49. Knowledge management is often supported by IT technology and integrated with the learning culture of the company. Knowledge management as an information collecting process can be used through the whole process of reputation risk management especially in the stakeholder scanning and risk analysis stage. Assisted by IT technology such as internet, intra net, knowledge management can serve as a platform to streamline the communication network spanning the company and stakeholders, the board and frontline staff, the silo department within one territory and another. The byproduct of such is also the integration of information from different function sectors and country department so as to assist the company quickly to recognize, hold and drive the trend of changes and development so as to keep “the best doing strategy”. Especially knowledge management can help to break up the silos amongst corporate functional department to construct aggregate risk management or enterprise risk management framework which is also within the reputation risk management merit.

2. Corporate governance and reputation risk management

Corporate governance linked to the reputation risk management is mainly about who should take the responsibility of reputation risk management task and their

49 Managing Corporate Reputation and Risk—A strategic approach, Dale Neef 2003, Elsevier Science

67

role in the whole corporate governance structure. Traditionally the role of risk managers is shown as the insurance agent within a company. Nowadays risk managers have been afforded more tasks in systematically managing certain risk such as operation risk, financial risk, etc. The task of reputation risk management is sometimes with ambiguous responsible person. It is either partially done through communication sectors or in the charge of individual function department, which are off departmental capability and in most of the cases lack of the coordination. Under such situation, the reputation risk management is a hollow propaganda or without synergy. Therefore the current corporate governance structure might have adaptation. The author here recommends the assignment of CEO or at least a member of the board to be in charge of such task. Under the direct supervision of board, senior risk manager as operator and coordinator should implement the concrete organization and coordination of reputation risk management process. Although the different departments might afford the daily management of such risk, they should report to the senior risk officer who would consider the comprehensive risk strategy and corporate strategy to monitor, assess and direct each department’s performance. The coordinator has the right to deploy experts within or without the organization such as consultant to form workshop team when special risk management action is taken. Knowledge management system can help reputation officials operations.

3. Enterprise risk management and reputation risk management

Enterprise risk management is an emerging trend for the risk management development. With the emphasis on integrated management for whole risk sources, enterprise risk management can effectively manage the general risks within the company. Reputation risk as an element within the corporate whole risk system should be also under the consideration of enterprise risk management system. As has been analyzed in the model part, many rooted reputation risk source can be handled directly via current enterprise risk management system, which provides a window for integration. Actually many TNCs like Novo Nordisk A/S

68

has made successful step in such integration by considering reputational damage when managing normal risks.

3.5 CONCLUSION OF THE THEORETICAL PART

The thesis at this moment has passed a step stone of the discussion. As is pinpointed in the problem formulation part, this thesis represents the author’s willing to answer the question: “Can reputation risk be managed in a proactive way? How can reputation risk be managed in a proactive way?” This theoretical part would dedicate to give explanation to those two questions by constructing logical theory basis. Noticing the subtitle of this thesis, namely “Returning to literatures”, the author here consults and mostly concludes different theories within reputation management and risk management and attempts to integrate them into one model to proof the positive answer to the first question and concrete solution to the second question. Starting from understanding basic concept and ending in forming proactive reputation risk management model, the author follows the systematical research methods to recognize separate subsystems, perceive their linkage and construct a new system for problem dealing. However, research at this stage is not enough. Over superficiality can be a main criticism against the achievement from this stage of work. Having been aware of such drawback, the practical part should be introduced to compensate such drawback and to testify, modify or verify the outcome from theoretical discussion. Thus in the following part, the author would introduce a company case for further discussion so as to answer the problems stated in the problem formulation from business reality.

Chapter 4 Practical Part: Reputation risk management at the Vestas A/S

69

4.1INTRODUCTION

In the theoretical part, the author has stressed his theories on proactive reputation risk management and answered the questions formulated in the beginning of this thesis. Following the logic in the theoretical part, the author here would solve the problem of how the proactive strategy could be applicable or certifiable to the company case. In this section, the selected company case is Vestas, a global wind turbine producer with the leading market position. Through the investigation of two departments in Vestas, the author formed the system picture of how Vestas organizes its risk management and especially reputation risk management activities, by doing which proactive reputation risk management model is testified so as to answer to what extent could proactive reputation risk management can be applied into Vestas case.

4.2 VESTAS A/S---COMPANY PROFILE

Vestas is a world leading company in wind turbine industry where the market expands fast. Located in the industry with market capacity of over US$55billion and sellor’ dominant feature, Vestas pioneers the modern energy solution with its industrial focus on providing wind power energy which is branded as sustainable and green power supplementary to the oil and gas. The products and service offered from Vestas cover Wind turbine with large megawatt capability, Grid Capability, online business, Off-line wind power solution, etc with high innovative wind turbine as its main product supported with technical edge. Following the vision of being the best wind energy provider par with that of gas and oil, Vestas has its Wind power solution brought to the World. Nowadays, Vestas has installed more than 35,000 wind turbines in 63 countries on five continents with an average of one wind turbine installed every four hours, 24 hours a day. The wind turbine installed by Vestas every year generates more than 60 million MWh of energy per

70

year enough to supply millions of household or to supply every household in a country the size of Spain50, which fulfills Vestas the ambition to bring up the wind energy contribution to 10% of the global electricity in 2020. In over 26 countries, Vestas has settled its sales and service branches. Apart from Denmark manufacturing branches have also been constructed in other continent to supplement the increasing global demand of Vestas products. Fully aware of the core value of the company and wind turbine industry, Vestas continuously lays emphasis on quality, standard and innovation in products, environmental sustainability as well as safety. Vestas also implements career safety and training program as investment for employee development. All these performance assists Vestas to achieve its success in Wind turbine industry as well as fulfilling its mission of ‘‘will to win’’. Right now Vestas is the No1. Supplier of modern energy solutions with 23% market share in wind turbine industry. In 2007, Vestas revenue reached up to €4861milllion with EBIT up to €443million with 15306 employees and MW distribution to Europe, America and Asian-pacific.

50 http://www.vestas.com/

71

Figure 4, 1 Growth of wind turbine market (up) and Vestas performance51

4.3 RISK MANAGEMENT IN VESTAS A/S

Before we specify the reputation risk management in Vestas, it might be of nature logics to overview the risk management system in Vestas first. In the following part, the author would briefly introduce the risk management system currently adopted in Vestas so as to facilitate the further research on reputation risk management in Vestas.

4.3.1HISTORY OF VESTAS RISK

The risk management in vestas does not have a long history. Initially, when Risk management department was first constructed, it only served as a corporate insurance agent responsible for insurance purchasing and policies arrangement. The main task of risk officer at that moment was to select insurance policy in place to meet the increasing requirement of risk dealing in the operation and corporate management. However, with the expansion of Global wind power industry, the Vestas has it growth kept over 20% annually and expanded its business from Denmark to other continents. Fast corporate growth both in profits and function scale in Vestas has introduced various styles of risks with different impact scope to the company and also challenged the function role of risk management department in that traditional methods in dealing with risk were no longer able to handle diverse risks in place in Vestas. Considering this, Vestas adopted a new risk 51 Vestas annual report 2004, 2006, 2007

72

management concept and system last year and has gradually changed its role from corporate insurance office to the real risk management department of the international company. The risk assessment, reporting and diverse mitigation strategies have been involved into the system. Furthermore, current system emphasizes the philosophy of proactive risk management which means that the company should proactively manage risk rather than reactively recover the loss after risk exposure or act as firefighters doing crisis management. Although the current system is under continuous construction, it helps Vestas create value by saving the overhead on insurance premium, leveraging the rating at bank and stabilizing the operation performance of the Vestas group. Such system is expected to be finally formed as enterprise risk management system supported by data base and knowledge sharing.

4.3.2 RISK MANAGEMENT PRINCIPLES AND DRIVING FORCE WITHIN VESTAS

Vestas defines risk as events or uncertainties that might affect fulfillment of corporate objectives. The construction and function of Vestas risk management system is following several main principles and objectives which can be stated as below

1. Proactive risk management rather than reactive. This means that Vestas does not rely on BCM too much as for one thing Vestas does not have so strong capability of doing this, and for another such using strategy is always of limited effect and too late. Instead, Vestas puts more resource to early identify risks and risk factors, analyze their impact and actively use mitigation strategy to keep risks within Vestas financial affordance and more importantly to fulfill the corporate objective via mitigating downside risk and creating opportunity.

2. Continuous process. This means that the risk management process should not be static but dynamic. The risk identification and managing should be

73

continuous and routine through all project lifecycle and also risk evolution process.

3. Risk ownership. In vestas, the risk management is not about identifying risk or ranking them, but actively controlling risks. In other words, there must be responsible person in charge of mitigating and reporting risk so that risk would not be ignored. Nowadays in Vestas, for each critical risk there must be one risk staff in charge of each individual critical risk so that risk can be mitigated and continuous traced before it reaches exposure

4. Risk awareness and culture. In Vestas, risk control is not the task of only risk staffs, but the responsibility of the whole group members. Every employee can be risk officer in his/her daily work sphere. If everyone in the company can mitigate the potential risk factors in their work, the whole risk frequency and scope in the group can be decreased. Therefore, leveraging risk awareness is within Vestas risk management principle. Vestas is now working on a structured approach to bring risks forward that have been ‘‘common language’’ but not identified as risks that need action52, which in some sense requires the cultivation of risk culture within the company to prevent risk awareness gap and actually expand the risk ownership for risk control.

5. Hit the target and objective. The purpose of Vestas risk management is to support the operation of BU s in the company by mitigating the risks that affect the business success and reaching the objectives of each BU s. Therefore risk management in Vestas must incorporate in each level of BU operation so as to warrant the completion of mission and vision of the Vestas in the whole.

The driving force behind these principles is either from the external legal compliance or from the necessity of completing group mission and objective. The

52 From Vestas internal slices

74

general driving forces can be concluded as:

1. Maintaining Vestas operation and financial balance. This has importance to the Vestas production. Since right now Vestas wind turbine sales good and even sometimes is short of supply. Thus any risk in production and supply chain would directly lead to revenue decrease. Managing such risks in production, supply chain benefits Vestas operation and EBIT (Earnings before Interest and Tax).

2. Compliance to regulation and requirement from investors and bankers. Investors and bankers would normally require the disclosure of Vestas risk situation and risk management activities. The judgment of risk management system determines the rating level of company at the bank. Constructing risk management system is also compliant to the Danish enterprise law.

3. Cash flow benefit from curtailed insurance premium. As purchasing insurance is still a common used tool for risk dealing in Vestas, accumulated insurance premium increases Vestas financial expense. By primarily mitigating risk within the company, insurer would offer Vestas discount to insurance premium which can bring up premium saving and positive cash flow.

4.3.3 VESTAS RISK MANAGEMENT AND BCM FRAMEWORK

Vetas risk management system is within a comprehensive framework including risk policy, governance structure, etc. It is heading towards the enterprise risk management so as to create value and incorporate into corporate mission, vision and objective

The risk governance structure of Vestas risk management matches that of the general corporate structure of Vestas group. As Vestas functional section has been

75

Board and Risk Committee

Group Risk Department

Risk Manager at BU

(Production BU)

Risk Officer at Site(Manufactory in

Denmark)

Risk Officer at Site

(Manufactory in Germany)

Risk Officer at Site

(Manufactory in China)

reshaped into different business units whose operation is independent, the Vestas risk governance structure also has the same shape. The graph below illustrates the framework of such structure.

Figure 4.2 Corporate structure and Risk governance structure 53

As can be seen from the graph, Vestas risk governance also follows the hierarchical structure of Enterprise risk management which includes board, risk committee, group risk department, risk manager at BU and risk officer at site level. Board and Risk committee is the owner of whole risk management policy. Group risk department is in charge of the overall risk policy designing, monitoring and evaluating risk management performance, and providing technique support and control measures. Risk manager at the BU is in charge of the risk management actions at BU level by aggregating the risks registered and reported at various sites under the BU. The risk management at BU has to serve for assisting BU operation to reach its business objectives. Site risk officer is at the bottom of governance hierarchy, but granted more significant responsibility to risk registering, primary risk mitigation and reporting. Notwithstanding the hierarchy 53 Adopted from Vestas annual report 2007 and internal slices

76

Vestas Risk Management framework

Business Continuity Management (BCM)

Key resource identification Risk identificationBusiness impact analysis Business revovery plan BCM planning

Risk Structure

Risk identification Risk analysisRisk mitigation Risk reporting

structure, the actual risk management process is decentralized. As the Vestas operation has been separated into independent BU s, the separate activities in risk management are located at BU s carrying out such activities. For example, risk related to production is handled within factories. The insurable risks or critical risk that has impact to the group or out of the ability of BU s would be identified and mitigated at group level. The group is now trying to give BU s guideline and uniformed registration form so that risk identification and control can be organized in a structural way and also facilitate knowledge sharing and communication. Data base is on the construction so that risk owners would be better supported and trained. Nowadays the group organizes improvement workshops to design identification process to ERM as well as risk assessment and management tools for the risk owner to carry out risk dealings within their area of business. Such tools would better risk aggregation and reporting as data collection is in a homogeneous manner.

The framework structure is the combination of risk management and Business Continuity Management (BCM). The graph below could illustrate the details of it.

Figure 4.3 Risk management framework structure54

54 Created by the author

77

As is viewed from the structure, the Vestas risk management system integrates Risk structure and BCM as a comprehensive risk control process through prevention of risk exposure and post exposure coverage. It covers the whole lifecycle of risk from potential stage to crisis stage.

BCM stands on the crisis stage which is in some sense reactive. BCM aims at recovering the loss of corporate operation stemmed from those risks such as failure to deliver or dysfunction of corporate core resources or emergent catastrophe, etc. BCM follows the process of key resource identification, risk identification, risk impact analysis, recovery strategy, BCM planning and implementation (practice). In the risk analysis stage, the severity of risk is done through business impact analysis by identifying business interruption time and its incurred loss. Business continuity plan has been arranged in terms of urgency and impact severity ranging from emergency response (most urgent) to Business recovery (least urgent). Key guideline on what to do in the exercise of such plan has been pinpointed. Perceiving the drawback of BCM as reactive risk management as well as lack of enough competence, Vestas tends to not rely on BCM, but design a more proactive risk structure for risk dealing.

Risk structure stands on potential and emerging stage for proactive risk management which Vestas is looking for. Risk structure intents to cover the whole process of risk management including risk identification, risk assessment and documentation, risk mitigation and reporting. The whole process is done and documented on the paper which is risk registration so as not only to identify new risk but also put risk control activity into the real action and fix risk responsibility. Register has the purpose to identify and assess risks 360 degrees around the business site as well as state the risk mitigation strategy, place risk owner and facilitate the in time reporting. Vestas risk structure follows the bottom-up model, which means risk identification, assessment, risk mitigation start from the bottom site level, report and aggregate in the BU and group level. The group risk department would give officer and manager at site and BU s instructions and assist

78

them in technique and methods usage. Such model helps Vestas site staff to proactive manage risk by following standard regulations and filling steps and for easily reporting. It might also fit the objective of cultivation risk culture and expand risk awareness within the Vestas itself.

The risk management process and methodology in risk structure of Vestas is also rooted in ERM philosophy that Vestas risk department is targeting at. The risk management process includes normal standard steps like risk identification, risk assessment and analysis, risk report and monitoring etc. The risk identification in Vestas holds the intention to disclose uncertainties or risk factors that might threaten the fulfillment of BU and Vestas business objective from the perspective of where, when and how. The methodology in the identification is based on brainstorming and bottom-up investigation or reporting from Site level to group level by asking site staff and expertise at BU to register possible risks within all significant business operation via drawing an activity flowchart of their sites or units. Every person in the organization should be involved in such identification process and sometimes external assistance can be applied.

The risk assessment is done according to the three criteria: likelihood, impact and controls. Likelihood and impact are measured on a simple ordinal scale, namely low, medium and high, while control pinpoints the effectiveness of mitigation activities that have been adopted previously. Because some of the risks could not be measured by financial criterion, or has other impact apart from financial perspective, Vestas uses added weight function method to measure the risk scope. The weight for both quantifiable scope (normally measured as financial loss) and unquantifiable scope is randomly set as 50% to50%. The whole severity scope is the combination of weighted quantifiable scope and weighted unquantifiable scope. It is important to know that the severity analysis is not limited to the loss on BU or Sites level, but how such risk might impact on the whole group. Risk assessment at this step can help manager rank the risk in general. If the risk shares the high likelihood, high impact and low control, such risk

79

is positioned on high rank. If the risk has the low likelihood, low impact and high control, it is ranked to low level. The result of assessment determines what existing controls are in place to guard against that risk. Risk mapping is done after assessment by using 5 scale matrixes. Some high rank risks would have to be reported to the higher risk officers or authority for further assessment as some risks impact would refer the whole group. Vestas tends to use cost effective mitigation strategies and applicable action plans to mitigate risk. The risk mitigation strategy in Vestas includes risk termination, risk reduction, risk acceptance and risk passing on. Risk termination is to terminate activities as risk factors to the risk .Risk reduction is to take action to minimize the effect. Risk acceptance is to retain the risk without action. Risk passing on is to purchase insurance or using hedge to mitigate financial losses from interest rate, exchange rate, etc. The selection of risk strategy is based on the principle of risk cost-efficiency, which means that risk management is to save huge cost with uncertainty by a certain fixed cost. Under such principles, it is the risk owners such as site staff and BU staff that would choose the detail risk mitigation actions because they have better knowledge about the risk dealing from their operations. However, group risk department would normally give them idea support and general principle guidelines for their selection decision.

Risk reporting is playing an important role of risk management framework spanning both BCM and risk structure. During the process to the ERM (enterprise risk management), setting an efficient risk register and reporting system is a first initiative. Risk reporting is primarily done through using standard risk register procedure and forms. Risk register form normally contains the items of risk events or potential events, risk description, risk owner, mitigation action adopted (risk treatment adopted) and further improvement on risk treatment, risk rank, etc. Following the risk governance structure, risk register is conducted by starting from the bottom which is site level and to the group level. Staffs at each level are in charge of the assigned risk registering and mapping and further report to the higher level. Such risk reporting system based on risk register can help risk

80

manager on both level have clear vision of what risks are there, the root cause of each risk, responsible person and mitigation action so that risks and their development can fully be traced and mitigated. Risk reporting is also linked to risk review and monitoring. By disclosing the information on the register form, the effectiveness of risk treatment can be seen and relevant responsible person could be found. From risk identification to risk report, the whole risk management process is working in a circle and repeated at regular intervals so that risk information can be updated and trend of changes could also be anticipated to some extent.

3.3.4 STRENGTH AND WEAKNESS ANALYSIS OF SUCH SYSTEM

Although the risk management system in Vestas is on the construction, there is still some strength within the system. The biggest strength of such system is the comprehensive risk management integrating proactive risk control and reactive control, which can be illustrated by BCM and risk structure. For each potential risk there would be BCM plans (to cover the maximum damage in case of its exposure) and risk structure (to mitigate risk before its exposures). Those strategies control the risk through its lifecycle and can to great extent mitigate the risk impact to the corporate operation, especially the wind turbine production. The second strength of such system is the possibility of breaking the silos of sites and help to mitigate risk in an aggregated way. Uniformed registration forms and assignment of risk officers on each sites and BU s could help risk information be shared by silo sites under the common risk language. In the meantime, silo sites could use its expertise at its functional sphere to make feasible risk strategies for risk dealing. The third strength derives from Vestas’ emphasis on risk ownership and close awareness gap. The failure of traditional risk management is the lack of risk awareness and risk management culture within the organization. Vestas risk system emphasizes the necessity of risk ownership so that every staff in the Vestas would be alert to the potential risk factors and close the risk awareness gap which is the biggest risk embedded within the company. In addition, the bottom up risk

81

managing can mitigate risks by integrating the knowledge from both professional risk manage staff and operational staff so that risk can be mitigated in the root.

However, because of the system is on the construction and some philosophies are recently introduced; the system is sometimes not effective as is expected. One of the drawbacks of such system is that it has difficulties in implementation. Some of the difficulties come from the corporate management culture itself. For example, the up bottom risk managing has its efficiency in policy implementation while bottom up methods seem to be more democratic and the policy implementation normally takes a long time. Another big drawback of this system is its imperfect development. Although risk management is targeted to identify, measure and mitigate risk from all sources within different BU s, currently the risk department is mainly focusing on assist the production BU to meet its business objectives such as providing spare parts, guaranteeing the production of blades, etc. Therefore, risk management system in Vestas right now only exists in production BU. There is no correlation between risk department and other BU s, such as sales and communication, which in other words there is silo effect in risk management amongst BU s, which is proved by the statement of risk staff in Vestas that currently Vestas risk management is at its initial stage. Some other disadvantages are also noticeable such as lack of data base system and IT support.

In conclusion, the Vestas risk management is on its path to comprehensive Enterprise risk management system covering the whole BU s and risk sources. Current system has already roughly constructed framework for general risks dealing, but is at a very beginning age. Right now it starts from production BU and is approaching to other department which have related issues and gradually cover the whole Vestas value chain, such as sales, R&D, etc. It also limits its capability of managing other risks such as reputation risk.

82

4.4 REPUTATION RISK MANAGEMENT IN VESTAS

Reputation risk management in Vestas is not reported in the annual report. When investigating the staff in Vestas, the common response is that there is no exact department responsible for managing such risk. However, some function of different departments has included the task of reputation risk management. Concerning the functional features of risk management department, the author starts his investigation at risk management department first to review its activities and strategy used for mitigating reputation risk. Considering the silo effect within the Vestas risk management, the author also investigated the communication department due to its closeness to the stakeholders. The investigation in two departments provides a vision over reputation risk management reality in Vestas, which provides a platform for model testing and implementation.

4.4.1 REPUTATION RISK MANAGEMENT IN RISK MANAGEMENT DEPARTMENT

When investigating the risk staff in Vestas risk department, reputation risk seems to a new concept that has been under debate. Reputation risk from their perspective is link to corporate image, which is important for corporate growth but implicit in the mind. Their understanding of reputation risk is more inclined to be outcome of corporate operational risks which is the key risks they pay attention to. Therefore, good operational risk management is actually mitigating reputation risk. Based on such assumption, reputation risk in Vestas is not specifically defined into one category of risk. (Actually other risk categories such as financial risk, hazard risks, etc are not made yet, though in practice the factors of such risk have been noticed and tried to be mitigated) There is no method in practice to identify and measure them in quantity and no strategy for such mitigation. Reputation risk now is not on the risk register and there is no risk ownership for such risk.

When they were asked the consideration of using stakeholder scanning to identify reputation risk, they denied the applicability of such action incorporated into the current daily risk management work within the risk department. From their

83

perspective, the stakeholders behind the risk are implicit but clear in their mind. Currently the risk department has to serve for operational target of production BU s, which is explicit objective while conducting stakeholder scanning involves more paper work and is also out of the departmental capability. Measuring reputation risk via attitude analysis is also hard for the department. Especially nowadays; the Vestas is expanding quickly accompanied with the quick expansion of wind turbine market. In order to reach the target EBIT margin stated each year, Vestas production should be kept sustained and upgraded. Therefore the largest economic loss is deemed from operation failures. Thus the Vestas risk management system should serve for operation. What is more, Vestas current risk management system is still on the construction. Although the ERM is the final target, the current mechanism is not as effective as possible. Therefore, Vestas risk staff tends to dealing risks in one functional silo and dealing with less complicated risks such as production risk, supplier risks, etc with possibility of measuring risk scope in quantity. As what risk staff in Vestas said, Vestas risk staffs are more focusing on the risk factors. However, Vestas risk staff admits that most risk events do not only have financial impact but some other impact as well such as impact on employees, environment, media broadcastings, etc. Considering this, Vestas analyzes and maps risk via combing financial impact and such non-financial impact which to some extent indirectly refers to the reputation facet of impact from operational risk. In general, reputation risk management in risk department is behind consideration, the same as other categories risks, which means that reputation risk is to some extent over-looked with the representation of lack of identification, management and ownership.

4.4.2 REPUTATION RISK MANAGEMENT IN COMMUNICATION DEPARTMENT

Reputation risk management in communication department is also a new concept. In communication department, stakeholders have been grouped and categorized. Key stakeholders have been recognized due to their significance and power to the company. The list below states the key stakeholders and their meanings to the Vestas.

84

1. Customers: Basis on Vestas business 2. Employees: Crucial for company growth and goal achievement3. Suppliers: Importance to secure quality and sustain the growth of Vestas 4. Investors: power to determine Vestas survival 5. Decision makers: shaping the Business environment

Stakeholder perception and expectation is also available to be known in Vestas as stakeholder survey is frequently conducted. As has been stated by the staff in communication department, they have periodical surveys with customers, employees and suppliers. The purpose of organizing such survey is not only to receive the feedback, but also to understand stakeholder’s perception, value orientation and even proactively discover the events that might potentially undermine Vestas reputation as is stated by the Vestas communication director. Frequent dialogue is also regarded as tool for understanding stakeholders’ perception and expectation. As is said by communication staff in Vestas, their daily and one to one dialogue with investor, analyst and decision makers, etc grant Vestas clear vision of stakeholder’s perception and expectation in a dynamic way from which the core value focus and interest focus from various key stakeholders could be depicted. The following is the sample of key stakeholders’ core value focus:

1. Customers: reliable wind power solutions and on-time delivery 2. Employees: good working condition plus opportunities for training and self-

development 3. Investors: continual corporate growth potential and operation and financial

performance reported transparently and authentically 4. Decision makers: growing industry that fits with a green climate agenda and

balance between economy growth, society and environment.

The communication staff also agrees that stakeholder survey and dialogue would also help to identify certain events that might undermine Vestas reputation. Vestas

85

also uses whistle blow system to identify some potential risk factors embedded within operation but revealed by the individual staff itself, such as default action, unethical behaviors. Currently Vestas enjoys sounding reputation within its most of key stakeholders such as investors, employees, suppliers, decision makers, etc, but might not enjoy the low customer loyalty due to some problems in service and punctual delivery. But compared with competitors, Vestas has its strong reputation status in wind turbine industry due to its differentiation focus competition strategy and well developed value chain. Vestas communication department also views such survey and dialogue as a information channel to anticipate the attitude of stakeholders to certain events such child labour, shutting down local manufacture facilities, insufficient par parts supplies, etc. Based on such information, the communication staff would decide which action should take and how fast to take actions. The communication department might not quantify the severity of events or measure them, but prefer to focus on controlling the impact of such events. The communication staffs believe that good dialogue can help reach understanding with each other and it is effective. However, such communication and dialogue is not perfect to mitigate every outrage generated from various events and repercussion from stakeholder’s reaction, such as protest, governmental interference, vendor switching, etc. Quick reaction to some emergency events would also be regarded as a method to control the severity of the events. Vestas also emphasizes tracing the changes of business environment and changes of stakeholders’ expectation in the long run through dialogue and various surveys. Actually Vestas does not wish to be environmental follower, but proactive to influence its environment and stakeholder value orientation. This can be shown from the Vestas’ ideology preaching about renewable energy and consistent concerns about global warming.

4.4.3 CONCLUSION ON REPUTATION RISK MANAGEMENT IN VESTAS

Reputation risk management in Vestas is a new ideology. However there is no clear risk ownership for dealing with such risks issues. In risk management department, reputation risk management is not considered as an independent risk style but as

86

a second round effect from operation risk. Based on this assumption, reputation risk management is neither organized by current risk department nor within current risk management system. As another possible risk owner, communication department does take certain actions to improve corporate reputation, the methods of which include survey and dialogue. Supported by such methods, the communication department shows its strong capability in information collection and analysis referring to stakeholders and events possibly threatening Vestas reputation. Its strategy of dialogue and communication can also to some extent help to mitigate the impact scope of reputation risk events, though not always effective. In general, reputation risk management in Vestas is not a system, but an action segregated by silo department of Vestas.

4.5 TESTING PROACTIVE REPUTATION RISK MANAGEMENT MODEL IN VESTAS

After construction of the picture of Vestas reputation risk management, the author here wish to testify the proactive reputation risk management model so as to perceive the conflicts and analogues between author’s assumptions and their applicability to the Vestas case. As the current action for reputation risk management is done by two department, the model would be testified based within the two department so that general conclusion can be reached to answer the question: ‘‘To what extent can proactive reputation risk management model be applied or testified to Vestas case’’.

4.5.1 TESTING PROACTIVE REPUATION RISK MANAGEMENT MODEL IN RISK MANAGEMENT ACTIVITIES.

From the information obtained from the risk department, we might be clear that reputation risk management is not a considerable element within the risk system. Thus the proactive reputation risk management is at least right now hard to be testified in the current risk management model. There are some reasons behind for

87

explanation:

1. Lack of resources and capability. Right now risk management system in Vestas is at its initial stage and the risk department is recently built with staffs of 4 people. Currently department is capable of serving for production risk, but for other risks dealing it might be not within their competence. As is admitted by the risk staff in Vestas, reputation risk management might require more sophisticated methods to create value, but currently no expertise at this sphere is found.

2. Nature feature of reputation risk itself and requirement of silo breaking. Reputation risk involves the analysis of perception and value orientation of stakeholders, which is subjective and hard to quantify. The risk department might be expert at mitigating the root causes of the reputation risk events, but might not be good at disclosing reputation risk events and measuring the potential impact in stakeholder trust losing. Such task might be within the capability of communication department. However there is no condensed correlation between department of risk management and communication and silo effect blocks the management of reputation risk.

3. No explicit impact criterion for measuring the reputation facet of risk impact. Normally risk from operation has two impacts, one is financial losses and the other is reputation losses. Sometimes qualitative or narrative impact criterion should be used to rank the risks. However in risk registration there is no explicit reputation impact criterion statement which might lead to difficulty to exact measurement. Given the bottom up risk management structure, risk registration from the site without clear explicit criterion would result in over-controlling some risks while neglecting others.

4. The different philosophy on reputation risk management. There is different philosophy of risk management in financial and non financial department. In most financial department, the management philosophy is that ‘‘what can be measured, can be managed’’, while in non financial department such ideas are criticized.

88

From author’s perspective, the main root reason is the underdeveloped risk management system in Vestas and the derived awareness gap within the Vestas risk perception. The risk management capability in Vestas does still need time to expand from managing risk in silo department to the whole enterprise. Incapability in managing reputation risk might leads to the underestimation of reputation risk, which is awareness gap. One of the awareness gaps is ignorance which is shown as risk known but without management due to lack of resources and methods. This can be linked to reputation risk management situation in Vestas: as it is complex to quantify, it is not worthy to manage it due to resource shortage and doubt in cost efficiency. It can be explained by the opinion held by the risk staff in Vestas that ‘‘managing reputation risk is valuable if more complicated methods can be introduced, but dealing the risk at hand is also a value creation’’. It is arguable that such thinking is reactive as it is risk ignorance and gambling. As is stated by risk staff in Vestas, Vestas is lucky to escape from crisis events and huge reputation loss. The good thing is that Vestas risk department is gradually approaching to reputation risk management as is agreed by Vestas risk staff that managing reputation risk would create value and be meaningful for the Vestas long term growth. With the development of Vestas enterprise risk management system and upgraded technology, managing such risk would be on the agenda.

4.5.2 TESTIFYING PROACTIVE REPUTATION RISK MANAGEMENT MODEL IN COMMUNICATION ACTIVITIES

In reviewing the reputation management in communication department, we might find many analogies to proactive reputation risk management model, or in other words it could be in most part explained by the model. The risk identification is viewed from starting stakeholders profiling and ranking, from which key stakeholders would be depicted. Following that, risk identification is through stakeholder analysis supported by the techniques like stakeholder survey, dialogue and communication to identify the risk factors leading to reputation damage, such as child labor, insufficient after-sales services, etc. The sources of such risks are reviewed which are mainly from operation and service behavior. Image gap does

89

exist within Vestas with the example of low customer loyalty. The gap in value orientation is under the control as is illustrated by the fitness of Vestas mission, vision and policy to the value orientation of the main stakeholders. By using the survey, vestas communication staff could to some extent make fair judgment on the stakeholder’s attitude to and how they react to certain events, which in some sense a sort of qualitative measurement of risk severity. It is also interesting that most of critical events that might lead to high outrage are linked to the key stakeholders’ core value orientation. For instance industrial injury or accident always has huge reputation losses in Vestas’ employees whose core value orientation is working in good working environment with option for development. Closing local factories is another reputation risk factor as it contradicts the core value orientation of local community who is highly concerning the employment rate and foreign investment. The strategy used for mitigating reputation risk is to influence the attitude of stakeholders affected by the risk events before stakeholders take action via communication and dialogue plus quick response. It is also testified that solely relying on such strategy is not as effective as is expected. However, the characteristic of such risk management action is that it is not organized in systematic way as risk management, and also the risk control strategy in the communication department is not referring to disclose the root cause of events in the operation and mitigate risk factors within the company. In general, some risk management process and technologies for proactive reputation risk management are mostly embedded within department daily work and actions.

4.5.3 CONCLUSION ON MODEL CERTIFICATION

After testifying the model in actions of two departments, we might find different outcomes for such certification. Such model is not acceptable in risk management actions conducted by risk management department due to the objective reality that risk management is silo functioned and system is underdevelopment. However, it does not mean that such model is useless and unsuitable to the Vestas case. The department resource and capability also determine the adaptability of assumed model, which is proved by the certification of the model in the

90

communication activities. To the most extent, the model finds its practical application in communication activities, which is also an important element in managing reputation risk in Vestas. Therefore this model is not only applicable to the Vestas case, but is actually being conducted in the Vestas daily operations with obvious sample of Vestas communication actions.

However, it does not mean that Proactive reputation model is a copy of communication system or communication action model in Vestas. From author’s perspective, proactive reputation risk management is a system integrating the philosophy of risk management and techniques in reputation management and risk management or even the involvement of the whole Vestas functional silos under the direction of the CEO and board. The individual managing performance of reputation risk in silo department would not result in good control effect. Such assumption is also testified by the current failure or drawbacks of reputation risk management in both risk management department and communication department. Lack of survey techniques and analysis capability, risk management department overlooks the reputation risk, while lack of controlling the root factors of risk events in operation, mitigating risk impact through dialogue is proved to be dysfunction. Although the proactive reputation risk management model has found its application possibility in Vestas case, it also reflects some problems in Vestas reputation risk management situation and furthermore inspires the author’s thinking on how should Vestas manage its reputation risk in a proactive manner, which would be the issue discussed in the next part of the paper .

4.6 FURTHER THINKNG: PROACTIVE REPUTATION RISK MANAGEMENT IN VESTAS

In the previous part, the proactive reputation risk management model is testified to be applicable in Vestas case. During the testifying process, the author reviews the reputation risk management in Vestas and comes up some problems, from his perspective, existing in reputation risk management in Vestas. The author would conclude his thinking on such problems and make further discussion of how to

91

proactively manage reputation risk in Vestas.

4.6.1 PROBLEMS IN REPUTATION RISK MANAGEMENT IN VESTAS

General speaking, Vestas enjoys its sounding reputation in most of the stakeholder group. However, the current low customer loyalty rate and the new entrant into the wind turbine market show the necessity of strengthening its reputation as well as noticing problems in reputation risk management in Vestas .

The first problem lies in the lack of ownership of reputation risk management. Currently there is no single department fully in charge of reputation risk management. Risk management department mainly focuses on maintaining production, while communication is more concerning customer relationship. Although some actions in different department can help mitigate reputation risk, none of them takes the full ownership of reputation risk management. Lack of risk ownership would create risk awareness gap within the company, which is a potential threat embedded in the operation

The second problem lies in the fact that reputation risk management is not formed in a system but silo behaviors. Communication department might have capability to identify the risk sources, but cannot trace the root cause and take action to make improvement in other BU s operations. Therefore the only capable way for mitigating risk is to influence the expectation of stakeholders, which from author’s perspective is only one of the advised strategies for risk controlling. Controlling the risk events from the root is advised as a good option for mitigating risk, which requires the work of risk management staff. Actually the low level of customer loyalty is mainly from service default while Vestas product appears to be of high satisfaction rate, which proves the contribution of risk department work. Therefore cooperation with two departments for managing reputation risk is necessary. Especially the knowledge sharing between the two departments should be a starting step.

The third problem is how to create measurement tools for risk department to 92

identify and measure the reputation facet of risk events. Any risk event might include two facets of impact, one is direct financial loss and the other is reputation loss. It is by calculating the impact of those two and comparing the impact with the risk appetite that can determine the worth of managing such risk. Recently Vestas risk staffs are discussing the possibility of introducing qualitative impact analysis for risk registration by getting assistance from the external consultant. However the concrete items within the consequence scale is still on debating. If explicit items can be introduced, the reputation risk events might expect to be mitigated from the roots.

4.6.2 HOW TO PROACTIVELY MANAGE REPUATION RISK IN VESTAS

Reviewing the problems in reputation risk management in Vestas inspires the author to discuss about how to proactively manage reputation risk in Vestas. Such issue is also a topic that is being debated in risk management department in Vestas. Based on the information available from the interview as well as the author’s thinking on reputation risk management, the author here wishes to stress several ideas and recommendation for successful reputation risk management in a proactive manner.

The first idea for proactive reputation risk management is to assign risk ownership. As reputation risk might come up from corporate behavior from varied departments, no single department can simply afford the risk ownership. Therefore it might be suitable to assign such ownership to a high level management or board level for coordination and governance. Such risk ownership affordance can help to break the silo within the Vestas and organize the managing activities in a system way.

The second idea for proactive reputation risk is to make cooperation of risk management department and communication department or at best involve the communication department into the risk register and reporting system. Risk identification and measurement can be done within the communication

93

department through the data base of stakeholder profile and outcome of stakeholder survey. Primary mitigation strategy and actions can also be done by communication department. The risk department can use the reported information to trace the root source of key risk events threatening corporate reputation and use operational mitigation strategy to control the risk factors deriving from the roots. It is also important for risk management department to consider the reputation facet of operational risk identified. To solve the problem of implicit items for qualitative impact analysis, the author suggests considering primarily the core value orientation or key interest focus of the key stakeholders (the information of which can be obtained from the communication department), and try to make them explicit into concrete items. Take the core value orientation of employees for example. They have core value orientation in safety and good working environment. Therefore items referring to safety and health should be considered. Any risk events contradicting items can be measured in terms of their severity in contradiction. By considering the reputation facet of risk, the reputation risk event would not be ignored and be mitigated by adapting corporate operation.

The third issue that should be considered is about the choice of risk control strategy advised in the theoretical part. If we review the strategies advised before, we might be clear that strategy for reputation risk management can be rooted into two alternatives: one is influencing the stakeholder’s expectation and the other is to control the risk factors in the root. Currently Vestas communication department takes the first alternative which is using dialogue and communication to influence stakeholder attitude, but control the risk factors in the root is a better choice. This means the Vestas operation should try to avoid the mistake in its daily operations which might generate high negative attitude of the key stakeholders. Obviously achieving such goal requires the application of high standard and business objectives, which in Vestas case is illustrated as using CSR, high quality standard in production and other codes of conduct in corporate ethics, human right, etc.

The fourth issue is to build up good knowledge management system. Risk

94

management itself is a decision process which requires huge information for analysis as well as knowledge capability. Proactive reputation risk management demands the information and knowledge sharing with different department and stakeholders. Especially in Vestas, different BU s are independent from operation and sometimes lack of contact. Therefore, good knowledge management is of necessity for reputation risk management.

Chapter 5 Conclusion and Reflection

Reputation is now the most valuable asset and capital for most of the TNCs.

95

Reputation risk is an underlying threat or opportunity influencing the success and survival of most of TNCs. However, the research on such risk is at its infant stage and in practice such risk is often overlooked or neglected due to insufficient theoretical basis and practical means. Traditionally reputation risk management is mixed with public relation and crisis management, characterized as simple image identification and risk exposure loss coverage, which is return proved to be dysfunctional by recent corporate scandals and bankruptcies. Realizing the gap between academic research and requirement of business reality, the author in this paper is dedicated to contribute his thinking to reputation risk management, especially how to manage reputation risk in a proactive way.

From author’s perspective, reputation risk has its lifecycle ranging from potential stage to crisis stage. Compared with the reactive methods or strategy, proactive reputation risk management should have its focus on controlling risk before crisis stage. This requires early risk identification, risk analysis and, more importantly, early risk control. Before the discussion on how to manage reputation risk proactively, the author returned to literatures as is shown by the subtitle of this paper to find relevant theories and concepts assisting to deal with such issue. During the paper review, the author selected stakeholder theory in reputation management and risk management theories as source of methodics for theory construction, which ends in building proactive reputation risk management model. In this model, the author argued that reputation risk could be identified, analyzed through stakeholder scanning, stakeholder attitude analysis. The final risk control strategy should include risk avoidance, namely control the root cause within the company; risk prevention, namely influence the stakeholders’ attitude and expectation before they take reaction; risk reduction, namely control the impact of stakeholders’ reaction; and possibly risk transferring by purchasing reputation risk insurance. In the model, the author also stresses that the key part of managing reputation risk should be in control process. In other word, managing reputation risk has it significance in risk control. The construction of model confirms the possibility of proactive reputation risk management from theoretical perspective

96

and provides general solution to how it functions. In order to testifying the applicability of such model, the author returns to a case company, Vestas A/S, as a platform for model certification. The author firstly investigated the risk management activities in Vestas and later on the communication department so as to form a clear vision of how Vestas manage its reputation risk in practice, based of which model is testified. During the process, the author found model is not able to be tested from Vestas risk management activities, while in the communication activities the author found applicable basis of this model, which in some sense testifies the possible linkage of the theoretical assumption to the business reality and possible applicability of such model, which means in reality proactive reputation risk management could be done or to certain extent has been done by some companies. Considering the conflicts between Vestas actions of reputation risk management and that of mine, the author analyzed the reason behind with explanations and also pinpointed the problems in Vestas reputation risk management and furthermore stressed his ideas on how to proactive manage reputation risk in Vestas case.

The main research purpose of this paper at this stage is conducted. However, it does not mean that the proactive reputation risk management model stated here is perfect and with good empirical application. There are some issues and limitations that might need taking refection over proactive reputation risk management and its model.

Firstly the application of proactive reputation risk model has its limitation from the influence of corporate resources, techniques and governance structures. Managing reputation risk from author’s perspective requires the information and analysis about stakeholders. Data base referring to previous reputation risk events and stakeholders might be needed. Some companies might not have the techniques and resources for building up such system. In addition, proactive reputation risk management requires the frequent cooperation with different departments, which means that company has to break the silos. However, for most of transnational

97

companies, the silo effect between different departments does exist, which to certain degree limits the effectiveness of organizing reputation risk management proactively.

Secondly, this model might be over idealism, especially in the measure methods proposed in the model. In this model, the measurement of reputation risk is determined by analyzing stakeholders’ attitude to the risk factors. However, due to the ubiquity of reputation risk, it is relatively hard to measure the stakeholders’ attitude to each risk factor deriving from other risk sources. The possible solution to this is to identify key stakeholders and their core value orientation. Normally the events contradicting the core value of stakeholders would generate high outrages attitude. Especially for those key stakeholders, their reaction would lead to high impact. If we conclude their core value orientation and specify it into concrete qualitative measurement items, it would be easier to take measurement. However, risk measurement from author’s understanding is only a decision process to decide whether identified risk should be managed or not so as to prevent the problem of risk over controlling. Reputation risk itself is with high damage possibility. It requires special notice and protection. Although reputation risk is hard to be quantified and measured, it does not mean the negligence of control is allowable. As is stated before, the purpose of risk management is to control risk rather than solely measure it. Risk measurement is just a tool. It is the risk appetite or attitude to the identified risks would decide control actions.

Thirdly the adoption reputation risk management is also influenced by the market or industrial environment where the company is in. In the market where competition is fierce, reputation risk management would attract more attention. This can be shown in the Pharmaceutical industry that fierce competition pushes many transnational companies like NOVO NORDISK to develop reputation risk management system under the supervision of board. In the market where competition is not fierce, reputation risk management might not be so systematically organized.

98

Finally it might also be noticeable that proactive reputation risk management model does not consider the ownership of such risk and how different departments should make cooperation, while in the reality such issues would directly influence the outcome of management. Therefore, clarifying risk ownership as well as organizing cooperation between different departments should be put on the thinking.

In conclusion, reputation risk management is a newly developed and sometimes debating subject in both academics and business practice. How to manage reputation risk in a transnational company would end in different academic debate and discussion on methods selection. The author in this paper stated his standpoint on reputation risk management, namely reputation risk can be and should be proactively managed via early identification, analysis and control. Actually the author believes the proactive reputation risk management is not only a solution, but more importantly an ideology or an attitude for companies to deal with risk rather than unwillingly retain reputation risk without protection. Although it might be arguable that the methods and the model in this paper are imperfect, the companies should know they are not venerable to the reputation risk, but could control it and even create opportunity if they proactive managing it in place.

99

References

Abnor Bjarke . Methodology for Creating Business Knowledge. Sage Publications, UK, 1997

Marks S, Dorfman. Introduction to risk management& Insurance, 6th edition. Prentice Hall International Inc, 1998,

Dimitris N Chorafas. Risk management technology in financial services. Elsevier Ltd, 2007

Giampiero E.G. Beroggi/ William A. Wallace. Operational Risk Management –Integration of decision, communication and media technologies. Kluwer Academic Publishers, 1998

James Pickford. Financial Times: Mastering Risk. Pearson Education Limited, 2001

Grahame R. Dowling. Corporate reputations—strategies for developing the corporate brand. Kogan Page Limited, 1994

Dale Neef. Managing corporate reputation &risk -----Developing a strategic approach to corporate integrity using knowledge management. Elsevier Ltd, 2003

Regester Michael. Risk Issue and Crisis Management. Kogan Page Limited, 2005

Tony Merna and Faisal F.Al-Thani. Corporate Risk Management ----An organizational perspective, John Wiley & Sons Ltd, 2005

Torben Juul Andersen. Perspective on Strategic Risk Management. Copenhagen Business School Press, 2006

100

Julian Cummings. Risk management-An implementation guide. Cardiff Caerdydd, 2004,Crouhy, Micheal. Essentials of risk management. McGraw-Hill Companies, 2005

Economist Intelligence Unit. Series Report: Reputation: Risk of risk. The Economist, 2005

Robert G.Eccles. Conference paper: Reputation and its risk-the necessity of managing reputation risk. Bonn/Petersberg, 2006

Adam Jolly. Managing business risk, Kogan Page and contributors, 2003

David Abrahams. Brand Risk –Adding risk literacy to brand management. Gower Publishing, 2008

Allen, D. Risk management in Business. Cambridge University Press, Cambridge, 1995

Croft Susan. Managing Corporate Reputation: the new currency. Thorogood press, London, 2003

Judy Larkin. Strategic Reputation Risk Management. Palgrave Macmillan Press, 2003

Dr Robert G. Eccles. Reputation and its risk: the necessity of managing reputation risk, 2006

COSOC. Enterprise Risk Management—Integrated Framework. Committee of Sponsoring Organizations of Treadway Commission 2004

Stephen Gates. Incorporating strategic risk into enterprise risk management. Audenica Nantes Ecole de Management.2006

Jason Perry and Patrick de Fontnouvelle. Measuring reputation risk: The market reaction to operational loss announcements. Federal Reserve Bank of Boston, 2005

CIMA. Corporate reputation: perspectives of measuring and managing a principle

101

risk. The chartered institute of management accountant, UK, 2007

Henry H Goldman. Risk management: inproving competitiveness through a reputation risk management approach. Risk management associates, International,LLC, 2006

Chonawee Supatgiat, Chris Kenyon and Lucas Heusler. Cause-to-effect operational risk quantification and management. IBM Zurich Research Laboratory, 2006

Madeleine Hayenhjelm. Asymmetries in risk communication. Royal institute of technology, Stockholm, Sweden, 2006

Micheal Zboron. Reputation risk in the context of A.M. Best rating analysis. A.M. Best Europe. 2006

Brian W.Nocco. Enterprise risk management: theories and practice. Ohio state university, 2006

Economist Intelligence Unit. Working paper: Reputation-- Risk of risk. The economist intelligence unit, 2005

T. Vijay Kumar. The methodology behind risk and control self assessment. I-Flex Consulting, 2008

David Davies. Reputation risk management. DBRC, 2001

Peter Forstmoser and Nikodemus Herger. Managing reputation risk: a reinsurer’s view. The Geneva papers, 2006

Kai-Uwe Schanz. Reputation and reputation risk management. Converium Ltd, 2006

Banks, Erik. Alternative risk transfer: integrated risk management through insurance, reinsurance and the capital market. John Wiley & Sons, Incorporated. 2004

Vestas. Vestas annual report 2004, 2006, 2007. Vestas A/S, 2004, 2006, 2007.

Oxford advanced learner’s dictionary of current English, fourth edition. Oxford University Press. 2004

www.dictionary.com

http://www.vestas.com/

http://www.siliconfareast.com/crisis-management.htm

102

http://www.siliconfareast.com/crisis-management.htm

http://www.vestas.com/

http://www.dictionary/

Appendices

Questionnaires for Vestas (1)

Interviewee: Job Title Time:

Intention of this interview is to understand the Possibility of using risk management process, methods and strategy to manage reputation risk in the Vestas Case as well as investigation how Vestas manages its reputation risk (abbreviated to Rep-risk in the context of this questionnaire).

Section One: Risk and Rep-Risk

1. How do you define risk?

2. How do you define reputation to Vestas? Do you think it vital for Vestas?

3. What does Vestas think of the current situation of its reputation? (Good, bad, under threats)

4. How do you define Rep-risk?

Section Two: Rep-Risk in Vestas

103

1. Do you think Vestas have Rep-risk? Yes No

(1)If yes, Could you list the key factors of such risk?

Factor 1. Factor 2. Factor 3. Factor 4.

(2)If No, Could you explain WHY?

(3)Do you believe they are pure risks or speculative ones?

2. How would such risk factors be evolved to threaten or create opportunities to Vestas

Factor 1.

Factor 2.

Factor 3.

Factor 4.

3. How could Vestas discover or identify such risk factors?

4. How could Vestas analyse, measure their impact both in severity and possibility?

5. Facing these impacts, what are the actions of Vestas to respond them? What risk control strategy is vestas used? ( risk avoidance, prevention, reduction and transfer)

Section Three: Risk Management in Vestas

1. The history of Risk management system in Vestas? ( when do you start and how is it evolved? )

104

2. What are the driving forces for building current risk management system?

3. What are the characteristics of Vestas risk management system? (ERM or Silo system)

4. What are the main principles underlying the risk management system in Vestas?

5. What are the components of Vestas risk management system? How do you organize the risk management system?

6. What are the risks faced by Vestas ? How do you identify them? How do you group them after identification? How do you measure them? How do you rank them? How do you control them?

7. What are the key risks within Vestas? What is the core solution to those risks in Vestas?

8. Do you think they might correlate to reputation risk?

9. What is the effectiveness of such system? What about the criteria for judging system effectiveness? (How many risks could this system manage? Could it cover the majority of risks in Vestas? Could it can create value and improve Vestas financial performance? The strength and weakness of such system? )

10. How could this system be integrated into Vestas operation, strategy? How is it implemented? What are the main challenges in implementation? How do you deal with such challenges? What about the reporting and monitoring mechanism within the RM system?

11. Has Vestas ever considered using such system to manage reputation risk?

(1).Yes Please state to what extent could such system help to manage Re-risk?

(2). No

105

a. Please state the reason. What are the difficulties to implement such system in Rep-risk management?

b. Is it possible to use Risk management rationale to manage reputation risk? c. So far as you know, is there any special system for Re-risk management? What are they?

d. Can reputation risk be measurable and controlled? What is the method of doing that? The difficulties to manage reputation risk?

e. What is the ideal Rep-Risk management system from Vestas Perspective? s (The content, problems needed doing with, etc)

Section Four, Other Information

1- Who are Vestas Key stakeholders? What are the criteria of judging who key

stakeholder is?

2- Have you get any corporate reputation survey of the stakeholders?

3- What are the items within the survey? What does vestas wish to learn from such

survey?

4- Could you identify the sources of reputation risk from the survey? If so, what

are they? If not, why?

5- To what extent do you believe by measuring the attitudes of stakeholders to the risk, the possibility and severity of risk can be anticipated (with the involvement of scenario analysis)?

6- To what extent do you believe rep-risk can be managed by risk avoiding (mitigate risk factors within the company), risk prevention (lower the outrage level of stakeholder attitude), risk reduction and risk transfer strategy (lower the severity of stakeholder’s action impact)?

7- Can my thinking be logical and applicable to Vestas case? Any problems do exist? To what extent can it be applicable? What needs to be improved?

106

Questionnaire to Vestas (2) (Supplementary Questions)

1. How do you define reputation in Vestas? What is the value of reputation for Vestas?

2. Do you think reputation is defined from stakeholder?

3. What are the stakeholders group in or around Vestas ? What are the key stakeholders under Vestas concern? (Could you list 5 key stakeholder groups?) Why do you think they are more important? (based on their importance or power)

4. What is their core value focus or interest concern in wind turbine industry and also in Vestas ? (For example, in airline industry safety is the core value focus while punctuality is the sub-core)

5. What is Vestas mission and business objective? Does Vestas mission or objective match such value focus and concern?

6. What is their perception on Vestas ? What is their expectation to Vestas respectively?

7. How do you know their perception and expectation? (by which method)

8. By such methods, could you always update the information of their perception and expectation about Vestas?

107

9. Do you think Vestas enjoy good reputation amongst these stakeholder groups? How do you build up such good reputation? How do you maintain that?

10. What might undermine or threaten the good reputation of Vestas amongst these stakeholders, especially key stakeholders? Could you list the main causes or threats?

11. How does Vestas discover these threats?

12. How does Vestas deal with these threats?

13. What are the methods and strategy used by Vestas for managing reputation?

14. Have you ever considered using risk management strategy and methods for managing reputation?

ADDITIONAL QUESTIONS

15. Do you think the severity of such threat to trust is depended on stakeholders’ attitude to such threat, stakeholder’s power and corporate previous behavior?

16. Do you think such attitude is determined by stakeholders core value focus?

17. Does Vestas have any gap between its performance and expectation from Key stakeholders?

18. Does Vestas have better reputation than its competitors? Why?

19. How would Vestas meet the challenges from corporate environment changes?

108

aalborg universitet - chapter 1 introduction … · web viewtable of contents chapter 1...

Documents