Managing Reputation Risk: An ounce of prevention worth a pound of cure

Managing Reputation Risk: An ounce of prevention is worth a pound of cure in many instances

This blog about reputation risk from the Reptutation Institute caught my eye because BlueChip's issues/reputation risk kit has had a serious work out since January 2008.

Of course financial services organisations, be they large, small, new or established, have found themselves needing to manage reputation risk far more closely in the the last two years than ever before.

Suddenly financial services public relations switched gear from the occaisional perceptual crisis and lots of marketing to lots of perceptual crises and the odd bit of marketing support.

Hence the many calls we've had that start "We've got a problem. It's highly sensitive, and we think we need help in case it becomes public/when it becomes public/so that it doesn't ever become public/now that's become public."

As communication or marketing professionals our key contacts inside client organisations already know that reputation risk prevention is better than cure. What they struggle with is getting the CEO and executve team to buy that, and to invest the time and money needed to really properly risk manage their their reputation with anything appoaching the care factor applied to, say, financial risk.

Dr. Majorie Dijkstra of the Reputation Institute gives a four-step process for managing reputation risk, summarised below:

1. Risk identification - assessing the gap between stakeholder’s perceptions and beliefs and the actual performance of the company.
2. Prioritisation (risks and stakeholders) - assessing the probability of risks and the impact of the risk on reputation.
3. Mitigation - assessing the best response based on controllability of risk, the impact of risk on the business across stakeholders and the cost of implementing the strategy.
4. Monitoring - closely monitoring changes in stakeholder’s beliefs and expectation that may affect reputation.

BlueChip's process is similar:

1. Identification: through scenario planning (what are all the things that could go wrong here and where might that leave us??) risk logs and context analysis (e.g. media commentary or sentiment around a particular issue)
2. Prioritisation: through risk logs/workshops and stakeholder analysis
3. Response: through management action and communication strategy & action plans/actions/running orders across stakeholders. We include monitoring in this part and step 1!
4. Embedding: as often as not, whatever led to the issue has it's roots in longer term organisational issues. The only way to prevent similar issues in the future is to look back at those root causes and address them going forward through conscious management and communication behaviour.

When capable in house communicators or trusted consultants are allowed to complete step 4 we're able to help prevent a whole truckload of potential trouble.

Of course not everyone on the senior team necessarily takes that at face value.

I've always found that having that risk log or scenario planning from step 1 to hand, fleshed out with some of the more scary potential outcomes, tends to help colleagues focus on the potential downside of not managing reputation risk!