managing-reputational-risk

Structures reputational risk identification with scenario planning and mitigation strategy documentation. Use when assessing reputational risk, planning crisis scenarios, or documenting reputation management.

11 stars

Best use case

managing-reputational-risk is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Structures reputational risk identification with scenario planning and mitigation strategy documentation. Use when assessing reputational risk, planning crisis scenarios, or documenting reputation management.

Teams using managing-reputational-risk should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/managing-reputational-risk/SKILL.md --create-dirs "https://raw.githubusercontent.com/CaseMark/skills/main/skills/finance/managing-reputational-risk/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/managing-reputational-risk/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How managing-reputational-risk Compares

Feature / Agentmanaging-reputational-riskStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Structures reputational risk identification with scenario planning and mitigation strategy documentation. Use when assessing reputational risk, planning crisis scenarios, or documenting reputation management.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Managing Reputational Risk

Structures reputational risk identification with scenario planning and mitigation strategy documentation.

## When To Use

- Conducting periodic reputational risk assessments across the enterprise
- Evaluating reputational exposure from a proposed transaction, partnership, or product launch
- Building or updating crisis scenario playbooks tied to reputation-damaging events
- Responding to an emerging reputational threat (media coverage, regulatory action, executive misconduct, data breach)
- Preparing board or senior leadership reporting on reputational risk posture
- Integrating reputational risk into broader enterprise risk management (ERM) frameworks

## Inputs To Gather

- **Entity profile**: Organization name, industry, geographic footprint, public/private status, and brand positioning
- **Stakeholder map**: Key constituencies (investors, regulators, customers, employees, media, communities) and their relative influence
- **Risk inventory**: Existing risk register entries related to reputation, compliance findings, prior incidents
- **Threat landscape**: Recent adverse events, pending litigation, regulatory inquiries, social media sentiment, competitor incidents in the sector
- **Governance documents**: Code of conduct, crisis communication plan, ESG commitments, whistleblower policies
- **Financial exposure data**: Revenue concentration by customer/geography, stock price sensitivity (if public), insurance coverage for reputational events

## Workflow

1. **Define scope and risk appetite**
   - Confirm whether the assessment is enterprise-wide, business-unit specific, or event-driven
   - Establish the organization's stated risk appetite for reputational harm (e.g., tolerance for negative media cycles, regulatory scrutiny)
   - Identify the time horizon (point-in-time snapshot vs. rolling 12-month forward look)

2. **Map reputational risk drivers**
   - Categorize drivers into primary sources: operational failures, ethical/compliance lapses, leadership conduct, product/service quality, third-party associations, ESG performance, cyber/data incidents
   - For each driver, document the transmission channel (media, social media, regulatory disclosure, litigation, employee leaks)
   - Cross-reference against the stakeholder map to identify which constituencies are most sensitive to each driver

3. **Develop scenario narratives**
   - Draft 3–5 plausible adverse scenarios grounded in the identified risk drivers
   - For each scenario, specify: trigger event, likely escalation path, affected stakeholders, estimated severity (high/medium/low), velocity of impact (hours/days/weeks)
   - Assign likelihood ratings using qualitative scales or historical incident frequency where data exists [VERIFY against internal incident database]

4. **Assess impact and quantify exposure**
   - Estimate financial impact per scenario: revenue loss, market capitalization decline, customer attrition, increased cost of capital, litigation/settlement costs
   - Evaluate non-financial impact: regulatory relationship damage, talent retention/recruitment difficulty, partnership disruptions
   - Where possible, reference industry benchmarks or published studies on reputational loss (e.g., shareholder value studies post-crisis) [VERIFY currency of benchmark data]

5. **Design mitigation strategies**
   - For each high-priority scenario, document preventive controls (policies, training, monitoring) and responsive controls (crisis communication protocols, escalation procedures, pre-drafted holding statements)
   - Identify ownership: assign each mitigation action to a named role (not a department)
   - Define escalation triggers — the specific indicators that move a risk from "watch" to "activate crisis response"
   - Document third-party dependencies (PR firms, outside counsel, forensic investigators) and confirm engagement readiness

6. **Build the monitoring framework**
   - Specify key risk indicators (KRIs) for ongoing tracking: media sentiment scores, customer complaint volumes, employee engagement survey trends, social media mention velocity, regulatory inquiry frequency
   - Set thresholds for each KRI that trigger review or escalation
   - Define reporting cadence: real-time dashboards for acute risks, quarterly summaries for board reporting

## Output

The deliverable is a **Reputational Risk Assessment Report** containing:

- **Executive summary**: Top 3–5 reputational risks ranked by severity and likelihood, with headline mitigation status
- **Risk driver inventory**: Tabular listing of all identified drivers, transmission channels, affected stakeholders, and current control adequacy (strong/adequate/weak/absent)
- **Scenario narratives**: Detailed write-up per scenario with trigger, escalation path, impact estimates, and likelihood
- **Mitigation action plan**: Per-scenario table with preventive and responsive controls, assigned owners, target completion dates, and resource requirements
- **KRI dashboard specification**: List of indicators, data sources, thresholds, and reporting cadence
- **Gap analysis**: Areas where current controls are absent or inadequate relative to risk severity
- **Appendices**: Stakeholder map, supporting data sources, methodology notes

## Quality Checks

- Every scenario includes both a financial and non-financial impact estimate — flag any scenario missing either dimension
- Mitigation owners are named roles, not generic references to "management" or "the team"
- KRI thresholds are specific and measurable, not qualitative (e.g., "sentiment score below –15" not "negative sentiment")
- Scenarios reflect the organization's actual industry and operating context, not generic templates
- Cross-check that all high-severity/high-likelihood risks have at least one preventive and one responsive control documented
- Confirm escalation triggers are concrete and observable, not subjective judgments
- Verify that regulatory and disclosure obligations related to reputational events are referenced where applicable [VERIFY jurisdiction-specific reporting requirements, e.g., SEC materiality thresholds, FCA conduct rules, APRA CPS 220]
- Ensure no internal confidential data is included in outputs intended for external distribution

Related Skills

We are still matching the closest adjacent skills for this page. In the meantime, continue through the full directory.