casemark/managing-reputational-risk
skills/finance/managing-reputational-risk/SKILL.md
Structures reputational risk identification with scenario planning and mitigation strategy documentation. Use when assessing reputational risk, planning crisis scenarios, or documenting reputation management.
$ install --global
skillsauthnpx skillsauth add casemark/skills managing-reputational-riskInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 24, 2026, 3:38 AM116.1s1 file scanned
SKILL.md
- name:
- managing-reputational-risk
- language:
- en
- description:
- Structures reputational risk identification with scenario planning and mitigation strategy documentation. Use when assessing reputational risk, planning crisis scenarios, or documenting reputation management.
- author:
- casemark
Managing Reputational Risk
Structures reputational risk identification with scenario planning and mitigation strategy documentation.
When To Use
- Conducting periodic reputational risk assessments across the enterprise
- Evaluating reputational exposure from a proposed transaction, partnership, or product launch
- Building or updating crisis scenario playbooks tied to reputation-damaging events
- Responding to an emerging reputational threat (media coverage, regulatory action, executive misconduct, data breach)
- Preparing board or senior leadership reporting on reputational risk posture
- Integrating reputational risk into broader enterprise risk management (ERM) frameworks
Inputs To Gather
- Entity profile: Organization name, industry, geographic footprint, public/private status, and brand positioning
- Stakeholder map: Key constituencies (investors, regulators, customers, employees, media, communities) and their relative influence
- Risk inventory: Existing risk register entries related to reputation, compliance findings, prior incidents
- Threat landscape: Recent adverse events, pending litigation, regulatory inquiries, social media sentiment, competitor incidents in the sector
- Governance documents: Code of conduct, crisis communication plan, ESG commitments, whistleblower policies
- Financial exposure data: Revenue concentration by customer/geography, stock price sensitivity (if public), insurance coverage for reputational events
Workflow
-
Define scope and risk appetite
- Confirm whether the assessment is enterprise-wide, business-unit specific, or event-driven
- Establish the organization's stated risk appetite for reputational harm (e.g., tolerance for negative media cycles, regulatory scrutiny)
- Identify the time horizon (point-in-time snapshot vs. rolling 12-month forward look)
-
Map reputational risk drivers
- Categorize drivers into primary sources: operational failures, ethical/compliance lapses, leadership conduct, product/service quality, third-party associations, ESG performance, cyber/data incidents
- For each driver, document the transmission channel (media, social media, regulatory disclosure, litigation, employee leaks)
- Cross-reference against the stakeholder map to identify which constituencies are most sensitive to each driver
-
Develop scenario narratives
- Draft 3–5 plausible adverse scenarios grounded in the identified risk drivers
- For each scenario, specify: trigger event, likely escalation path, affected stakeholders, estimated severity (high/medium/low), velocity of impact (hours/days/weeks)
- Assign likelihood ratings using qualitative scales or historical incident frequency where data exists [VERIFY against internal incident database]
-
Assess impact and quantify exposure
- Estimate financial impact per scenario: revenue loss, market capitalization decline, customer attrition, increased cost of capital, litigation/settlement costs
- Evaluate non-financial impact: regulatory relationship damage, talent retention/recruitment difficulty, partnership disruptions
- Where possible, reference industry benchmarks or published studies on reputational loss (e.g., shareholder value studies post-crisis) [VERIFY currency of benchmark data]
-
Design mitigation strategies
- For each high-priority scenario, document preventive controls (policies, training, monitoring) and responsive controls (crisis communication protocols, escalation procedures, pre-drafted holding statements)
- Identify ownership: assign each mitigation action to a named role (not a department)
- Define escalation triggers — the specific indicators that move a risk from "watch" to "activate crisis response"
- Document third-party dependencies (PR firms, outside counsel, forensic investigators) and confirm engagement readiness
-
Build the monitoring framework
- Specify key risk indicators (KRIs) for ongoing tracking: media sentiment scores, customer complaint volumes, employee engagement survey trends, social media mention velocity, regulatory inquiry frequency
- Set thresholds for each KRI that trigger review or escalation
- Define reporting cadence: real-time dashboards for acute risks, quarterly summaries for board reporting
Output
The deliverable is a Reputational Risk Assessment Report containing:
- Executive summary: Top 3–5 reputational risks ranked by severity and likelihood, with headline mitigation status
- Risk driver inventory: Tabular listing of all identified drivers, transmission channels, affected stakeholders, and current control adequacy (strong/adequate/weak/absent)
- Scenario narratives: Detailed write-up per scenario with trigger, escalation path, impact estimates, and likelihood
- Mitigation action plan: Per-scenario table with preventive and responsive controls, assigned owners, target completion dates, and resource requirements
- KRI dashboard specification: List of indicators, data sources, thresholds, and reporting cadence
- Gap analysis: Areas where current controls are absent or inadequate relative to risk severity
- Appendices: Stakeholder map, supporting data sources, methodology notes
Quality Checks
- Every scenario includes both a financial and non-financial impact estimate — flag any scenario missing either dimension
- Mitigation owners are named roles, not generic references to "management" or "the team"
- KRI thresholds are specific and measurable, not qualitative (e.g., "sentiment score below –15" not "negative sentiment")
- Scenarios reflect the organization's actual industry and operating context, not generic templates
- Cross-check that all high-severity/high-likelihood risks have at least one preventive and one responsive control documented
- Confirm escalation triggers are concrete and observable, not subjective judgments
- Verify that regulatory and disclosure obligations related to reputational events are referenced where applicable [VERIFY jurisdiction-specific reporting requirements, e.g., SEC materiality thresholds, FCA conduct rules, APRA CPS 220]
- Ensure no internal confidential data is included in outputs intended for external distribution
Related Skills
casemark/skills/legal/automated-contract-summary
development
VerifiedTrustedCommunity
name: automated-contract-summary language: en description: Generates structured executive summaries of contracts using ML — captures key terms, party obligations, risk allocations, and compliance requirements in a standardized format. Optimized for high-volume review where speed and consistency matter. tags: - summarization - agreement - corporate --- # Automated Contract Summarization Produces standardized executive summaries of contracts using machine learning, capturing essential term
21SKILL.mdUpdated May 26, 2026
casemark/obligation-mapping
tools
VerifiedTrustedCommunity
Extracts regulatory obligations from dense regulations across jurisdictions. Breaks down multi-level regulations into clear article-level obligations, classifies applicability to a business, and prioritizes by risk level. Use when translating regulations into actionable compliance requirements.
21SKILL.mdUpdated May 25, 2026
casemark/horizon-scanning
development
VerifiedTrustedCommunity
Continuously monitors regulatory landscapes for changes relevant to a specific business. Ingests global regulatory updates, filters by relevance, summarizes impact, and produces an actionable change advisory. Use when tracking regulatory developments affecting a particular product or market.
21SKILL.mdUpdated May 25, 2026
casemark/gap-analysis
testing
VerifiedTrustedCommunity
Compares an organization's existing compliance controls, policies, and procedures against extracted regulatory obligations to identify coverage gaps. Produces a remediation plan with prioritized actions. Use when assessing compliance maturity or preparing for regulatory audits.
21SKILL.mdUpdated May 25, 2026