The World Economic Forum reports that more than 25% of a company’s market value is directly attributable to its reputation. Yet, according to a Deloitte survey, only half of business leaders can identify reputational risk events and only 53% have the capacity to analyze these risks and predict their impact. Part of the problem is an emphasis on preventing only the most catastrophic, worst-case scenario events.
Large-scale reputational disasters compel our attention, and the social media age is particularly rife with opportunities for sudden public meltdowns. All it takes is one post from a customer or employee for a company’s values and reputation to be put on public trial.
The bigger risk, however, is the “slow-burn”—a culmination of numerous decisions, even if intentional and aligned with company goals, that companies make every day without considering the long-range potential consequences.
Forrester analyst Renee Murphy has referred to impacts from corrosive decision-making not as “black swans” (Nassim Nicholas Taleb’s famous term for unpredictable, devastating risks), but rather as “black chickens”—impacts that, in retrospect, are largely foreseeable and unnecessary.
WeWork is a great example. The slow-burn pressure of increasing future lease payments without a matching incline in committed leasing revenue eventually eroded the brand. WeWork’s devaluation and eventual abandoned IPO seemed abrupt. But, in retrospect, the increasingly complex nature of its business model and unconventional governance structure posed a slowly-developing strategic risk that accelerated as the business grew in scale and exposure.
Facebook faced a seemingly similar “black chicken” event related to the Cambridge Analytica scandal. Since the case came to light in April 2018, Facebook engagement in the form of likes, shares and posts has dropped, placing advertising revenue streams at risk. Ultimately, Facebook’s business model is to provide customers (advertisers) with a platform that allows demographically-targeted marketing programs. But by fulfilling this mission while overlooking the slow-burn risk of degrading quality and transparency in consumer data privacy, Facebook allowed its content to be misused for harm.
Building a Risk-Aware Culture
Most slow-burn risks are not unethical or scandalous in nature. They are motivated by performance—primarily the need for speed and multitasking or diversification of effort. This can lead to a slow erosion of quality due to shortcuts, reduced sampling, or less auditing and testing. This can eventually impact brands by harming consumer satisfaction or health, employee safety or even economic competitiveness.
Many catastrophic impacts to brands are the result of slow-burn risks that have gone unchecked for too long. It is wise to prepare for the worst-case scenarios, but mature risk management strategies go further to influence and inform day-to-day behavior and continually re-evaluate against the organization’s objectives.
Avoiding the slow burn requires a risk-aware culture marked by companies weighing risk impact with every business decision. Every single person that touches the business—from the C-suite to third-party partners—has a responsibility to protect the organization.
To start, assign a C-suite champion to set the tone and drive support throughout the company. Next, bake risk management expectations into performance plans to incentivize employees to keep risk front and center. Positive reinforcement, such as monetarily rewarding employees who identify risks, and negative reinforcement, such as withholding bonuses for missing risk-reduction targets, have their place. Coach your desired behaviors through training and education programs with hands-on sessions that help employees practice identifying and describing risks.
Creating a risk- and compliance-based culture also requires collaboration. When silos are broken down and all departments use a centralized system for viewing and managing risks, organizations can effectively identify situations where a risk factor in one area affects risk in another, and work together to make better decisions and address issues early.
Aligning Corporate and Risk Objectives
According to a Riskonnect survey, only 40% of organizations today are confident they have the risk and compliance information required to establish business objectives. Risk professionals should examine how risk is managed vertically and horizontally to ensure the overall corporate risk strategy aligns with the organization’s goals. Every strategic decision made by the organization should take risks into consideration, thereby preventing slow-burn situations that could inhibit new business opportunities, performance, consumer trust, brand reputation and expansion.
Risk and brand leaders can act faster to address both worst-case and slow-burn scenarios when they are informed of all the potential risks, how they relate and what the cumulative impact could be. This becomes possible when they embed best practices, processes, collaboration and technology in the organization. Only then can risk professionals confidently equip senior leadership with the information they need to make decisions that protect the brand and add value.
Jim Wetekamp is the CEO of Riskonnect.