This post first appeared on Risk Management Magazine. Read the original article.
The World
Economic Forum reports that more than 25% of a company’s market value is
directly attributable to its reputation. Yet, according to a Deloitte survey,
only half of business leaders can identify reputational risk events and only
53% have the capacity to analyze these risks and predict their impact. Part of
the problem is an emphasis on preventing only the most catastrophic, worst-case
scenario events.
Large-scale reputational disasters compel our attention, and
the social media age is particularly rife with opportunities for sudden public
meltdowns. All it takes is one post from a customer or employee for a company’s
values and reputation to be put on public trial.
The bigger risk, however, is the “slow-burn”—a culmination
of numerous decisions, even if intentional and aligned with company goals, that
companies make every day without considering the long-range potential
consequences.
Forrester analyst Renee Murphy has referred to impacts from
corrosive decision-making not as “black swans” (Nassim Nicholas Taleb’s famous
term for unpredictable, devastating risks), but rather as “black
chickens”—impacts that, in retrospect, are largely foreseeable and unnecessary.
WeWork is a great example. The slow-burn pressure of
increasing future lease payments without a matching incline in committed
leasing revenue eventually eroded the brand. WeWork’s devaluation and eventual
abandoned IPO seemed abrupt. But, in retrospect, the increasingly complex
nature of its business model and unconventional governance structure posed a
slowly-developing strategic risk that accelerated as the business grew in scale
and exposure.
Facebook faced a seemingly similar “black chicken” event
related to the Cambridge Analytica scandal. Since the case came to light in
April 2018, Facebook engagement in the form of likes, shares and posts has
dropped, placing advertising revenue streams at risk. Ultimately, Facebook’s
business model is to provide customers (advertisers) with a platform that
allows demographically-targeted marketing programs. But by fulfilling this
mission while overlooking the slow-burn risk of degrading quality and
transparency in consumer data privacy, Facebook allowed its content to be
misused for harm.
Building a Risk-Aware Culture
Most slow-burn risks are not unethical or scandalous in
nature. They are motivated by performance—primarily the need for speed and
multitasking or diversification of effort. This can lead to a slow erosion of
quality due to shortcuts, reduced sampling, or less auditing and testing. This
can eventually impact brands by harming consumer satisfaction or health,
employee safety or even economic competitiveness.
Many catastrophic impacts to brands are the result of
slow-burn risks that have gone unchecked for too long. It is wise to prepare
for the worst-case scenarios, but mature risk management strategies go further
to influence and inform day-to-day behavior and continually re-evaluate against
the organization’s objectives.
Avoiding the slow burn requires a risk-aware culture marked
by companies weighing risk impact with every business decision. Every single
person that touches the business—from the C-suite to third-party partners—has a
responsibility to protect the organization.
To start, assign a C-suite champion to set the tone and
drive support throughout the company. Next, bake risk management expectations
into performance plans to incentivize employees to keep risk front and center.
Positive reinforcement, such as monetarily rewarding employees who identify
risks, and negative reinforcement, such as withholding bonuses for missing
risk-reduction targets, have their place. Coach your desired behaviors through
training and education programs with hands-on sessions that help employees
practice identifying and describing risks.
Creating a risk- and compliance-based culture also requires
collaboration. When silos are broken down and all departments use a centralized
system for viewing and managing risks, organizations can effectively identify
situations where a risk factor in one area affects risk in another, and work
together to make better decisions and address issues early.
Aligning Corporate and Risk Objectives
According to a Riskonnect survey, only 40% of organizations
today are confident they have the risk and compliance information required to
establish business objectives. Risk professionals should examine how risk is
managed vertically and horizontally to ensure the overall corporate risk
strategy aligns with the organization’s goals. Every strategic decision made by
the organization should take risks into consideration, thereby preventing
slow-burn situations that could inhibit new business opportunities,
performance, consumer trust, brand reputation and expansion.
Risk and brand leaders can act faster to address both
worst-case and slow-burn scenarios when they are informed of all the potential
risks, how they relate and what the cumulative impact could be. This becomes
possible when they embed best practices, processes, collaboration and
technology in the organization. Only then can risk professionals confidently
equip senior leadership with the information they need to make decisions that
protect the brand and add value.
Jim Wetekamp is the CEO of Riskonnect.