Reputational risk runs through many layers of your business: product quality, customer service, supply chain, operational infrastructure, and executive behaviour. Deep-seated risks lurk in private data management, the opinions of social media users, employee health and safety, and even, as Facebook recently discovered, in the actions of third parties that have little connection to one’s own business.
A blow to a company’s or brand’s reputation can have significant impact on a company’s bottom line. A string of bad online reviews, a data breach, an ethics scandal, or a reputation for poor customer service can drive away customers. Oftentimes, these incidences can be outside a company’s control but are damaging no matter where the fault lies.
Experts offer tips below on how businesses can prepare for, and help mitigate, reputational damage.
Start at the top and plan ahead
Behaviour of a company’s leaders is a common high-risk area, said Frances Dwyer, general manager of The IMPACT Agency, an Australian communications agency. Protecting your firm’s reputation starts with setting a tone of integrity and honesty at the highest levels.
“If the behaviour of a company’s leaders is not ethically or culturally aligned to the organisation, that can be incredibly damaging,” she explained. “Every organisation should consider proactively addressing this from an issues-management perspective.”
In fact, proactivity should be the pattern for all risks, Dwyer said. A thorough risk strategy that identifies potential scenarios and establishes an action framework will ensure the organisation can identify issues earlier and more effectively manage crises if and when they occur.
Executive-level engagement is an essential part of this strategy, Dwyer said. It should contain a directive around how communication is managed through all levels of the business and also contain concrete steps covering legal and financial liabilities.
The downside of data
In this era of big data, a privacy breach is one of the most serious reputational issues that can occur, and it’s not just about customers, said Tony Chapman, the CFO and executive director of Forticode, an Australian cybersecurity firm. Businesses are becoming bigger targets for data hackers as they collect more data about their employees, like healthcare information, financial statistics, and personally identifiable information.
Should a breach occur, figure out what needs to be done in the short term and communicate facts to necessary personnel within the business. Internal and external announcements should already be part of a risk management strategy.
Importantly, when things finally calm down after the breach, the business must identify exactly how it needs to improve, and act on this information.
“The protection of your customers’ personal data ranks up there as one of the most important questions at the beginning of every board meeting. How are we protecting our data?” Chapman said. “That’s how important reputational risk is — it should be at the top of every board meeting.”
Prior to the internet era, businesses could avoid reputational risk by not participating in certain arenas. If a business didn’t manufacture fireworks, for example, it would never have a problem with fireworks-related injuries.
Social media, however, abolishes the safety-through-nonparticipation rule.
“The risk can actually be worse by not participating in social media,” said Alexander Larsen, president of Baldwin Global and a fellow of the Institute of Risk Management who is based in Glasgow, Scotland. “People are still online and still talking about your company. If you’re not there, then you’re not aware of it and not able to direct the conversation in the way you’d like it directed.”
Larsen said a good social media strategy begins with a good organisational culture.
“The bigger you are, the more exposed you are, so that value-driven culture is vital,” he said. “You can’t manage every single person, but you can be very clear about values and about social and cultural expectations.”
Make sure the business has a social media policy that is regularly updated and well-communicated throughout the entire organisation, Larsen recommended. It should outline how a brand and individual staff should behave online and can be used to guide messaging and even tone of voice.
A social media policy, importantly, should clearly outline what is not acceptable, such as the sharing of “internal use only” documents, new business plans, or work-related legal matters.
When in trouble, be human
When a potentially damaging event occurs, respond with human values, the experts say.
“An organisation needs to show that they genuinely care that they’ve hurt, hindered, frustrated, or inconvenienced people before they discuss how or why it happened and what they’re going to do about it,” Dwyer said. “Remembering that you’re talking to human beings and being human is an important part of managing a crisis.”
Whether in crisis or not, Larsen said, having the right staff on board, with the right value sets, is vital.
“It’s important that companies understand that values are what drives a company’s reputation,” he said. “Staff drive these values, so the right staff are more important than ever.”
Chris Sheedy is a freelance writer based in Australia. To comment on this article or to suggest an idea for another article, contact Drew Adamek, an FM magazine senior editor, at Andrew.Adamek@aicpa-cima.com.