The Oxfam story must be a warning sign to risk managers
As Oxfam finds itself engulfed in crisis due to the actions of its employees, we take a closer look at the consequences of reputational damage. Following sexual misconduct claims against the charity’s staff dating back to 2011 in Haiti, Oxfam is scrambling to contain the crisis, with the UK government threatening to cut its funding of over £30m. The charity must now demonstrate to the government that they have “moral leadership” to stand any chance of retaining any of the funding.
This not the only high profile scandal that has shaken a once-reputable organisation. In September 2017, Mrs Thatcher’s favourite PR firm, Bell Pottinger entered into administration this week on the back of a disastrous, well, PR campaign. The swirling scandal that brought down an industry giant started with a £100,000 per month contract to run a campaign in South Africa on behalf of the Guptas, a family-run business empire ensnared in the largest web of corruption and political intrigue since the end of apartheid.
Bell Pottinger began its campaign with fomenting discontent of “economic apartheid,” the idea that racial injustice in South Africa has simply been replaced with economic injustice. However, this campaign increasingly became about deflecting attention away from the actions of the Gupta brothers.
If reputational risk is not already one of the top five things on your risk management system, it should be now. A good reputation can take a lifetime to build and sometimes just seconds of a viral video to destroy. While many institutional-level companies can and do weather harsh PR storms, they often need to pour resources into image-boosting campaigns and crisis management operations to steady the ship for many years after.
Dealing with the fallout from reputational risk is expensive, damaging and, as Bell Pottinger has shown, potentially fatal. So what can senior executives and risk managers do to mitigate these risks? VinciWorks’ risk experts have identified seven vital steps to mitigate reputational risk.
The seven vital steps to mitigating reputational risk
1. A strong board that pays attention
Risk management has to start at the board level. Without executive champions and a top-level commitment to getting things right, a risk-ready culture can easily seep in and undermine whatever other measures have been put in place. From the Chair to the CEO, risk has to be a standing agenda item, not an excuse for a coffee break
2. Assess potential risks in light of the business strategy
This means taking stock of risks in light of the business strategy. If, for instance, one of your key strategic goals is to double your turnover, you need to consider the entire arena of risks connected to that. From what the risks are if you don’t meet that target to the risks if you do meet it, or even exceed it. Or, like Bell Pottinger, the manner in which you operate could be so damaging that if exposed, would destroy your company
3. Live up to your brand
Telling your business story is not just a job for the marketing department. Everyone, from the board to the cleaners, needs to understand the image and brand, and ensure they live up to the story they are trying to tell. Establishing accountability means living up to the story you tell yourself. Talking about integrity and values while consistently falling short can cause institutional cognitive dissonance that can lead to a collective blind eye of potentially damaging actions.
4. Don’t reward excessive risk
In a recent VinciWorks survey on the risks of tax evasion, one in ten legal and financial firms admitted to having a bonus structure that rewards excessive risk taking. Corporate culture is often shaped by the most successful employees; so if everyone knows your best paid workers are those flying by the seat of their pants, this behaviour will be seen as not only acceptable, but the only way to get ahead.
5. Compliance is everyone’s responsibility
Compliance management is becoming increasingly easier and automated with incident registers, online training and live policy trackers to inform and test staff on how well they know company policies. There’s little excuse today for any company to say that making compliance a priority is too hard. The bottom line is that better compliance leads to less risks across the board.
6. A risk management system that works
Enterprise risk management systems have revolutionised the entire concept of risk management. Coming up with control measures and assigning responsibility is a hallmark of an effective system. The best systems can even send automated emails to those assigned as owners of a risk, making sure they deal with their responsibility. Just shoving everything on a spreadsheet and hoping for the best is no longer an option.
7. Have a rapid response plan ready to go
Your business must be able to measure and deal with risk velocity. This is the time it takes for a risk to impact your business. Something like poor customer service could, over time, dent your reputation as more and more people complain about the poor service they’ve received. While this is a very real risk that could significantly impact your business, the velocity is quite low. However, something like an email leak, a breaking news scandal or a raid by the authorities has a very high risk velocity that can quickly damage your reputation. The second there are TV cameras outside your offices, there isn’t time to sit down and have a planning meeting. High risk velocity events require rapid responses.
VinciWorks’ Risk Management System
A dynamic incident reporting system such as VinciRisk’s Omnitrack is essential to a well-functioning risk management system. It helps to store data in one place, as well as track and manage it in real time. A risk system is far more than a static document that’s written, passed around, and never looked at it again. To be effective, it must be live, dynamic, fit your business strategy and fit your way of working.
These steps will help get you started in managing risk in your organisation. VinciWorks has an extensive risk management system and world-leading expertise that can help your risk management department easily identify, log, track and mitigate risk. For more information and consultation, contact us below.