Prevail or Flail: The Right Way to Approach Reputational Risk in 2015

LankasterCharles Lankester, Senior Vice President of Reputation Management at Ruder Finn Asia examines the current complex of threats to reputation in Asia Pacific


We are living in a perfect storm when it comes to reputational risk. Images and words are global, instantly. News is accelerated through an array of vibrant, interconnected social media channels. Expectations of corporate behaviour and response have never been higher. And getting the response to a major issue “wrong” can have seismic financial repercussions; a recent Freshfields study showed that 53% of corporations who experienced a crisis had not seen share value recover to pre-crisis levels a year after their initial problem.

There have been an extraordinary series of high profile crisis situations in the past twelve months where, time after time, senior management were widely criticised for poor crisis management skills. Yet in many cases, these were organisations that had crisis management and communications policies in place and were confident they had been tested. The problem? Reputation risk management is too often an administrative exercise. When faced with a full-scale crisis, management teams often discover the “planning” they have in place is close to worthless.

The good news? There is a daily portfolio of analysis about corporates and individuals who prevail or flail in crisis situations. The bad news? There seems to be an institutional inability to take value, or learn, from the growing body of data that a Google “crisis management” search provides.

Spectacular misses

Some of the more spectacular corporate misses in terms of managing high risk situations over the past few months have included Thomas Cook, Malaysia Airlines and FIFA. Some of the corporations who did well include Uber, Alton Towers and Under Armor. In every case, these examples were very high profile, globally “frothy” and social media spikes: relevant and extremely interesting at an individual level and thus of high “Personal Interest Velocity”.

If we look under the hood of some recent global issues, we can often see the real casualties of perceived poor crisis mismanagement. The recent McDonalds expired chicken issue in China had a very high interest velocity, but the greater casualty was the actual chicken producer, OSI. On July 1, 2015, Reuters reported a “nearing US$1 billion cost” for the “scandal” in China and quoted an OSI executive saying that “that many factories were still suspended”. Given the global headlines caused by the OSI issue placing “China” and “food safety” centre stage, it will be interesting to see how quickly these factories are given Chinese Government approval to reopen. I imagine no-one at OSI is holding their breath.

I am not making any value judgments here. I have worked late into many nights in client offices and boardrooms as we try to figure out the right choice when faced with bleak options. It is simple for the uninvolved to look dispassionately and comment, offering views as to what could have been done differently.

So I am not going to deconstruct the past. I am going to attempt to provide a future perspective on how to mitigate risk in the first place and then how to categorise and calibrate a “crisis” response should this be required.

Time to reassess

A starting point has to be a wholesale reassessment of enterprise risk management (“ERM”). This will sound contrary, but I believe the entire ERM philosophy is, in itself, an enormous risk. Why? Because it takes a far too analytical, cold-blooded look at business, seeking to make “risk” an existential issue. ERM is an exercise that is large, unwieldy and largely a box-ticking exercise. Ask Malaysia Airlines. Thomas Cook. Or Toshiba. How well did their ERM work out for them?

I am a realist, however, and appreciate that ERM won’t go away any time soon. What I do propose is that senior management, or those advising individual or high-profile clients, takes the time to do something quite counterintuitive.

Instead of seeing risk as a ethereal concept that lives far, far away, embrace it and work from the inside; internalize the premise that your company will face an appalling situation one day. I give full credit to the evolution of this concept to Dr Ian Mitroff who first started thinking along these lines. He advocates that if risk is internalized by management teams, the shock when a crisis strikes is not a shock at all. My extension of this thinking? When companies philosophically accept risk and genuinely prepare for a crisis, corporate muscle memory kicks in, delivering far better crisis acceptance, preparedness and thus management.

This is a philosophical change for many corporations but one with significant upside. It could save your company.

Building out from this new risk philosophy, there are practical things executives can do to prevail in high risk or crisis situations. Central to these is agreeing what a crisis really looks like and calibrate accordingly. This sounds simple, but companies get it wrong time and time again. It is comforting to have long lists of risks (remember ERM?), but I’d encourage corporate leadership to build very short lists with a single headline: what could put us out of business? “Regional health crisis” is of course a risk, but it is also force majeure; everyone will suffer. “Tainted food entering supply chain in China through our own systemic fraud or corruption” is worthy of far more focus and thought.

In terms of calibration, also accept the fact that people will always do stupid things and, in 2015, often film themselves doing stupid things for millions to ultimately view. The recent HSBC staff away day film showing employees acting out an ISIS execution falls into this category. Horrifying, stupid and HSBC acted swiftly and well. The organisation showed leadership, swift decision-making and was unequivocal in its language. But to go back to an earlier phrase, the HSBC incident had very little Personal Interest Velocity; the film was awful and idiotic, but it doesn’t really affect me. Tainted chicken meat (OSI) has huge Personal Interest Velocity as does children dying of carbon monoxide poisoning (Thomas Cook). So place Personal Interest Velocity at the centre of your risk planning; it will be invaluable in calibrating your response. Especially from a social media perspective.

Burning questions

So with a new risk philosophy and calibration, how can companies stay permanently ahead of the curve? How can they retain the initiative, whatever the circumstances?

A first step is to agree what cannot happen. This is a powerful exercise that liberates your management team from the shackles of ERM and its linear, restricted imagination. It is extremely uncomfortable to sit with colleagues who are running finance and talk about the potential for high-level corruption within your financial operations. So allow your teams to discuss what can’t happen. After the initial aliens landing on the factory roof, you will be amazed at the richness and value of the thinking that evolves from the room. Unfettered, much of what your executives tell you cannot happen will form your new scenario planning around what can.

A second step is to hold existing “crisis planning” up to the light. A close cousin of ERM, crisis management planning (an oxymoron if ever there was one) is often of more harm than good. People feel they are “covered” by the 200 page ring-binder in their bottom drawer. In 2015, your crisis planning needs careful interrogation. Corporations often still have analogue plans that are valueless in our digital world. And if your plan begins a scholarly discussion about what a crisis “is”, I suggest you recycle it with immediate effect.

A much better approach to risk management is bottom-up. Undertake a ground floor assessment of perceived levels of preparedness from front-line executives in communications, legal, manufacturing and other relevant disciplines. Identify “real” attitudes and beliefs towards corporate planning across relevant executives. What do we have? Is it taken seriously? Will it work? This data paints a highly accurate picture of what risk management elements and assets are present, what need improving and what are missing.

A third step is to know what is going to happen, before it does. The technology is now out there to help any business or individual to achieve high levels of prediction through online data and sentiment analysis. The statistics are extraordinary; one company is currently analysing 72 billion records and delivering predictive analytics on 7.2 billion every day. Identify these organisations. Subscribe to their services. It is the best investment you will ever make.

By working through these steps, any organisation will create a far more dynamic, engaged outlook towards “crisis management”. It will create the most valuable asset of all: the purchase of time. There are of course many other factors vital to good preparedness, specifically leadership from the CEO and innovative, challenging organisational stress-tests with social media at their centre.

The overriding element that that will drive a successful response to a potential business-killing threat in 2015/2016? How does your organisation treat risk? It is a speck on the horizon, an interloper or a statistical anomaly? Or does it sit next to you, a permanent fixture and your next phone call?

How you answer these questions will determine your corporation’s valuation long after the crisis has passed. It will also accurately predict whether your organisation will prevail or flail when your world turns upside down and the CNN cameras are pointing directly at you and your CEO.

 Charles Lankester is an SVP with Ruder Finn Asia. He is an expert in reputation risk and has represented Fortune 100 and FTSE 250 corporations as they managed high risk situations. He can be reached at or +852-2521-0800.