Risk management: Reputation is everything
Now, The Network operates hotlines in a global call center for incident reporting along with providing communication programs. Its incident management software also offers corrective action plans to help prevent repetition of issues that have been problematic in the past.
The call center is a source of information that indicates the ethical health of an organization, but it must be interpreted in context. “Sometimes after a training session on a subject such as harassment, there is a spike in reported incidents,” Lin explains. “This is not necessarily a negative outcome, because it could indicate there is a problem that needs to be addressed, and doing so can prevent greater problems later.”
While concern about ethics cuts across generations, Millenials are especially interested in corporate behavior and have greater brand awareness and loyalty. More than 80 percent of Millenials report that working for an ethical organization is important to them. They also engage more deeply with brands, particularly on social media, as compared to generations that preceded them. The impact on reputational risk is that they are likely to react quickly and vigorously to companies or products that fail to meet their expectations, whether in the treatment of overseas factory workers or compliance with environmental standards.
Developing a plan
The most overlooked element in developing a reputation risk management program is a holistic vision, according to Keri Calagna, risk mitigation and strategies leader at Deloitte LLP. “This vision needs to connect an organization’s overall strategy with resilience and reputation, and encompass all types of risk,” she says. “We are seeing an important shift now from the operational side of risk management to a more strategic view, including brand and reputation.”
A risk management strategy should begin with an identification plan of all types of risks from the viewpoint of executive leadership, including the CEO, CFO, CMO and CIO, among others. Outside sources whose views could impact reputation should also be considered. A baseline needs to be developed that includes what is known about the risk level of current threats.
From that baseline, a gap analysis should be prepared that examines the potential impact of reputational threats on management objectives. Finally, a proactive strategy should be developed that includes risk sensing alerts and reporting to minimize the impact of reputational threats to overall corporate strategy. One way to develop resilience is to nurture brand advocates who will defend a company in the event of a misstep.
Deloitte LLP, which offers risk management services as one of its professional services, also addresses the issue of its own risk, using a team whose full time job is to sense risks identified through internal and external sources that could affect the organization’s reputation. “Our risk sensing team is embedded in our strategic risk governance structure. Once we detect an issue, we decide whether we have to take action,” Calagna says. “If it’s a big risk, we will pull together a response team immediately.”
Indications are that companies plan to devote more resources to managing reputational risk in the future. Companies such as eBay, Cisco and Dell have set up social media command centers to monitor social media and help mitigate reputational risk. Technavio predicts that GRC software will grow at a healthy rate of nearly 10 percent per year over the next few years.
“Risk is not just a problem for the audit department, and compliance should not be viewed as a nuisance, but woven into the way an organization manages its business,” says Phalke. “Risk awareness needs to be embedded in the corporate culture in a pervasive fashion.”