Reputational risk refers to the potential harm to an organization's reputation and credibility as a result of its actions or decisions.
Reputational damage is the loss to financial capital, social capital and/or market share resulting from damage to a firm's reputation. This is often measured in lost revenue, increased operating, capital or regulatory costs, or destruction of shareholder value. Ethics violations, safety issues, security issues, a lack of sustainability, poor quality, and lack of or unethical innovation can all cause reputational damage if they become known. - Repuational Damage, Wikipedia
Example: Wells Fargo, a large US bank, was involved in a scandal in 2016 in which it was found to have opened millions of unauthorized bank and credit card accounts in order to meet sales targets. The scandal resulted in significant fines for the bank and significant reputational damage, as well as a loss of customer trust.
Example: In 2012, Barclays was fined $453 million by US and UK authorities for [manipulating global benchmark interest rates. The scandal led to the resignation of CEO Bob Diamond and a significant loss of customer trust.
Risk Management Activities
Making The Case For Contribution
Organisational change can be very hard to achieve since organisations are naturally protective of themselves and the status quo. Setting up an OSPO and beginning an open source journey will seem like a risky and dangerous proposition for many parts of an organisation.
Open Source Contribution Training
It is generally preferable if an Open Source Contribution Policy can be enforced via tooling (so called policy as code). However, often policy will refer to behaviours and expectations of staff which cannot be controlled through systems. In these cases, training courses will be needed to help promote desired behaviours.