Reputation Is Not a Soft Risk and Boards Are Accountable for It
When things go wrong, organisations rarely stumble in private. Issues that begin as operational, regulatory or cultural failures quickly become reputational crises, played out in public and judged at speed.
That is why boards need to think about risk through a reputation lens, not just an operational one.
The UK Corporate Governance Code makes clear that ultimate responsibility for risk sits with the board. Oversight cannot be delegated away, even where execution rests with management or specialist committees. From a governance perspective, reputation risk is no different from financial or operational risk, and boards that treat it as softer, secondary or someone else’s problem are exposed.
Reputation matters because it is the mechanism through which other risks do their damage. A controls failure becomes a headline. A compliance issue becomes a test of leadership ethics. A cultural weakness becomes a board‑level credibility problem. Markets, regulators, employees and the media don’t ask whether a risk sat neatly in a register: they ask what the board knew, when it knew it, and what it did.
The consequences of getting this wrong are well established and felt in brand erosion, share price impact and increasing personal accountability for directors and senior executives. In many recent crises, the reputational fallout has proved far more damaging than the original issue itself.
The Code also raises the stakes. From 2026, boards will be required to state publicly whether their material internal controls were effective throughout the year, and to explain failures. This heightened transparency means boards will need far greater confidence not just in systems and processes, but in how risks that affect trust, credibility and public confidence are identified and managed.
So what does this mean in practice?
Boards should treat reputation as a board‑level risk in its own right: explicitly named, clearly owned and regularly reviewed. They should pressure‑test how the organisation would stand up to plausible reputation‑threatening scenarios, commission vulnerabilities audits, and ensure crisis response arrangements are robust and structured rather than improvised. And where internal capability is limited, they should not hesitate to bring in specialist support.
Reputation is often described as an intangible asset. But when things go wrong it’s where risk becomes visible and personal. Under the Corporate Governance Code, failing to manage reputation risk is not just a strategic blind spot, it is a failure of oversight.
Alder helps boards manage reputation risk. Call us today to discuss your challenges.
