By: Peggy M. Jackson, DPA, CPCU of Adjunct LLC

*******************

For-profit and nonprofit entities never envision or plan for the potential destruction of their reputation because of the actions of a few or the uncontrollable (or controllable) situations in which they find themselves; but the headlines say it all:
• "Peanut Company Execs Refuse To Answer Lawmakers' Questions" (Peanut Corporation of America);
• "More Pet Deaths Expected in Tainted Pet Food Disaster" (Menu Foods);
• "Fry's Exec Dropped Millions on Gambling";
• "Children's Hospital Exec Guilty of Child Porn" (Lucille Packard Children's Hospital at Stanford University in Palo Alto, CA).

Damage caused by such news reports is not simply confined to the "offending" product or some fleeting adverse publicity; it is real and possibly permanent. The entity's name, reputation, public trust and brand image may never recover, or at least not for a long time. Headlines like these are the worst nightmare of any executive.

Unfortunately, today's 24/7 media climate allows adverse publicity to be everywhere - quickly. Internet news and information lingers and is accessible for an unknown amount of time; its effects can be very long-lasting or even spell or contribute to the demise of the company, as it did with the Lynchburg, Va.-based peanut products manufacturer.

Reputational risk is often difficult to recognize, identify or place a value on its protection, but repairing a company's good name and brand image can take years. Every for-profit and nonprofit has the potential to be exposed to situations or perceptions that can generate damaging adverse or even false publicity. For example, the Packard Children's Hospital headline might make the public wonder if any of the child pornography victims were patients. While that does not appear to be the case, it's still a possible public perception.

The Basis for Reputational Risk

Lack of internal controls, lax financial management, the nature of a manufacturing process, the intrinsic nature of the products and/or the materials used in the manufacturing process all contribute to and may increase reputational risk exposures. "Hot button" public relations issues such as those relating to the environment or a political cause are just as likely to make an entity vulnerable to a loss of reputation.

Beyond internal issues, external factors such as economic conditions can contribute to attacks on an entity's reputation. During economic downturns employees, customers and others, whether associated with the company or not, might engage in spurious claims or litigation in hopes of obtaining a settlement.

Even if the claims are false or exaggerated, the headlines still broadcast that the entity is involved in a suit due to questionable practices and/or conduct. "Not guilty" headlines rarely make it to the front page. If or when the entity is exonerated, newspapers generally tuck the story somewhere near the back, TV news might make a brief mention and the poster(s) of the original Internet story probably won't post a follow up or remove the original story (leaving the negative out there without the rest of the story detailing the positive outcome).

Reputational Risk Management in this information age is more important than ever. Steps can and should be taken to reduce the potential for damage to any entity's reputation arising out of a bad situation.

Steps to Reducing the Potential for an Adverse Incident

Corporate mismanagement, fraud, criminal behavior and/or negligence are the primary areas of organizational reputational vulnerability. The first step in reducing any organization's potential for an adverse incident is to assess the "threat level" in terms of what might trigger an accident, claim, litigation or other adverse incident.

The best approach is for the entity to conduct an overall "reputational risk assessment" as part of a broader risk management plan. However, if such a broad-ranging approach is not feasible, entities can apply an abbreviated three-step approach:

Step 1: Assess those areas which present the highest level of vulnerability: Organizations must be honest in this assessment. Factors such as the lack of good financial management controls, the nature of the organization's work, the use of toxic chemicals or dangerous materials, human resources problems, theft and inventory "shrinkage" are individual and collective indicators of potential problems.

Step 2: Talk with a Trusted Advisor: Every for-profit and nonprofit entity needs at least these four trusted advisors: 1) legal counsel; 2) an insurance professional; 3) a financial professional; and 4) an IT professional. These advisors should be trusted with the intimate details of the organization to allow them to understand the nature of the entity and its areas of vulnerability. Allow them to participate in and provide direction in the "Step 1" assessment.

Step 3: Develop and Implement a Program to Reduce the Potential for Adverse Incidents: Correcting, mitigating or planning how to address the major vulnerabilities identified in Step 1 is essential to reducing the potential for an adverse incident. Not just asking for but actually applying the advice provided by the advisors in Step 2 is of utmost importance for any entity desiring to avert a reputational crisis. Step 3 requires the organization to actively address the issues discovered in steps 1 and 2.

Applying these three steps doesn't eliminate the possibility of an adverse incident or undue bad press; but it does reduce the potential for an adverse event and the sting of potentially damaging headlines. The more action taken up front, the better; including improving internal controls, introducing better and more effective HR policies and procedures and improving security in and around the operations.

Part 2 of this series will discuss how to deal effectively with a public relations crisis situation.

***********

Dr. Peggy M. Jackson, a Principal with Adjunct LLC in San Francisco, CA, is a consultant and nationally recognized lecturer in risk management, business continuity planning and Sarbanes-Oxley compliance. Jackson has written seven books on Sarbanes-Oxley compliance and best practices, risk management and business continuity planning.

Jackson holds an earned doctorate in public administration (DPA) from Golden Gate University in San Francisco and holds the Chartered Property and Casualty Underwriter (CPCU) designation. As part of an award-winning doctoral dissertation on risk management techniques, Jackson designed the Jackson Risk Management Model©.

Inspired by her clients' needs, she designed the Done in a Day® risk management, contingency planning and SOX compliance product line. These "in a box" solutions have saved her clients valuable time and resources.

Jackson is a member of the Association for Corporate Growth, the Golden Gate Chapter of the Chartered Property and Casualty Underwriters (CPCU) Society, Provisors and the Junior League of Oakland and the East Bay.