Category: Compliance Risk

The Value of Policies in Protecting Reputation

What is the value of policies, especially in terms of building, sustaining and protecting corporate reputation?

The value of policies is immense. It sets a framework for people to operate within.

Prevention of reputation related incidents in an organisation is one of the least costly and most efficient means of protecting a treasured reputation, but usually the most overlooked. Preventing in the first place, the types of defects that can badly tarnish or destroy a reputation saves an extraordinary amount of anguish, time, effort and money.

Prevention starts with the published policies, guidelines and procedures that all organization employees are expected to follow and implement. These published policies, guidelines, and procedures should be a reflection of the reputation that the firm wants to achieve. If a company wants to be known as a safe and friendly place to work, its policies should assure employees won’t suffer from discrimination, harassment or safety issues. If a firm wants to be a good community neighbour, its programs should allow employees to contribute and participate in community programs and services.

However there are a number of important principles to remember when writing, distributing and implementing policies.

– The mere fact that a policy has been written and distributed is no guarantee that buy-in into the implementation will occur. How will you measure adherence to the policy?

– How can you ensure that I as the recipient of the policy understand and will act on the content?

– Has your policies been benchmarked against best practice, environmental context (An USA Policy may not work in Arabia)

Measurement of compliance needs to be built into the design phase, delivery, and implementation and distribution phases.

You cannot leave it to the Internal Auditors to report six months later that a policy is not working due to the following…..


A Social Media Policy can Protect your Corporate Reputation


Time and time again the issue of Social Media is raised in my Stakeholder Reputation workshops. Is it a must? Is it a Stakeholder Engagement tool? What is its value? Should we restrict its access?

Companies are coming to terms with the growth and use of Social Media within and without their organisations and some of the companies that I deal with are grappling with its implications and how to use it in a positive way. Others simply do not allow it and damage their own reputation by not viewing it strategically. Others just implement it without giving adequate thought to potential reputation risk.

The benefits of social media are real, and use of this communications medium as an important Stakeholder engagement tool will likely only increase. However, for organisations to reap the full benefits, it is critical to take a customised, strategic approach to managing the risk of social media vs. reputation.

For me it is important for companies to determine that it fits the purposes of it stakeholder engagement plan and is supported by necessary policies, processes, technologies and roles to manage the risk.

Having a well-designed Social Media Policy is the start. Jeff Bullas define it A social media policy plain and simple outlines for employees the corporate guidelines or principles of communicating in the online world”.

Companies without adequate social media policies are placing themselves at risk of security breaches and reputational damage, among other issues. Last year, a study from Protiviti Inc., a global business consulting and internal audit firm revealed that the majority of UK employees have not been provided with clear guidance on using social media networking sites.

  • Many organisations had no policy in place regarding social media networking
  • Many employees were unaware of such policies
  • Social media usage in the workplace has grown enormously in recent years with more than half (51 percent) of workers surveyed now claiming to engage with a social networking site whilst at work. Almost a third (30 percent) of workers use sites such as Twitter, Facebook and LinkedIn on a daily basis, while more than five do so several times an hour. 

Many organisations do not allow social media activity in the workplace, but this is an unsustainable policy as staff are still able to access social networks from home, posing the same potential risks to the company’s brand and reputation.

In this respect, it is interesting to note IBM’s view. In the spring of 2005, IBMers used a wiki to create a set of guidelines for all IBMers who wanted to blog. These guidelines aimed to provide helpful, practical advice—and also to protect both IBM bloggers and IBM itself, as the company sought to embrace the blogosphere. Since then, many new forms of social media have emerged.

I like Point 11 – “Try to add value. Provide worthwhile information and perspective. IBM’s brand is best represented by its people and what you publish may reflect on IBM’s brand” See more – IBM’s Social Computing Guidelines

The Gap Inc., struggling to make its brands stand out in today’s crowded marketplace, is turning its workforce loose on social media in an attempt to recreate some of the buzz for which it was known in the ’80s and ’90s.The clothier gives each of its 134,000 employees a no-nonsense social media policy titled: “OMG you will never guess what happened at work today!!” The policy serve as a guide to how a large, multinational corporation can strip away the legalese and provide a real-world manual on social media that keeps the company’s best interests in mind. Read more

In designing your Social Media Policy, I can highly recommend that you also access the following resource:

Common sense is also required. To prevent any online crisis on Social Media networks, you should monitor the names of companies, brands and employees. To ensure this, you need to develop proactive communication strategies to reduce both online and offline crisis. The simplest way to do this is to:

  • Create Training Programs that show employees how to use Social Media effectively.
  • Share Best Practices that give examples of how others use Social Media and respond to stakeholder interactions
  • Develop Guidelines that clarify in simple terms how Social Media should be used and the exceptions you need to avoid when using these channels.
  • Monitor how staff use Social Media and made the necessary corrections, adjustments or interactions where necessary using influence & guidance.

Employees will stop using Social Media if they feel there are being policed. Instead adopt a light touch policy where you try to help employees do their job better with Social Media and reward those who get it right.

If you’re looking for ways to control your Online Reputation, then ensure you have a well-designed and communicated Social Media Policy in place, one that focus on what’s important: engaging the stakeholder.

New Stakeholder Group – The National Regulator for Compulsory Specifications

One of the lessons I teach in my Stakeholder Reputation Master Classes is that every campaign, project, problem or issue will need a relook at stakeholder profiling.

So here is a new stakeholder group whose role you will have to factor in carefully when you do your crisis management preplanning, especially where potential product recalls is listed as one of your key risks.

The NRCS (National Regulator for Compulsory Specifications) is a new public entity that administers technical regulations known as compulsory specifications on behalf of the Department of Trade and Industries in the interest of human health, safety, protection of the environment and fairness of trade.

The regulated products include vehicles and components, electrical appliances components and electronics, frozen marine products, safety equipment and construction materials. The NRCS also administers the Trade Metrology Act and regulations relating to Weights and Measures.

Lack of Legal Compliance is often cited as a major cause of reputation risk. Your compliance with the regulations of the NRCS as well as the relationships that you build with this new entity is important for your reputation.

When last did you inspect your Company’s Bathrooms?

When last did you inspect your Company’s Bathrooms?

Oh, it is not my function!

Isn’t it? Do you think that something as important as that can really be outsourced to a cleaning company?

Reputation Risk is not something you can outsource, and the visual images that visitors see, can influence their impression of the company.

Very often next to the Reception area, the bathroom facilities is the first thing a visitor will go to. And, let me tell you, not all bathrooms are a place where you even want to take a child to. A Few weeks ago I made the mistake (or did the right thing) by going to the wrong bathroom facility. I went to the shop floor bathroom instead, and what I saw there was shocking.

No toilet seats, a blocked toilet, toilets in need of a desperate deep clean, broken window panes. Plan & simple, it was disgusting!

What do you think my opinion was of the management team? What do you think, I think about the company’s reputation?

In the Bible, there is a verse that basically says :’’If God cannot trust you in the small things, how on earth can he trust you in the big things’’

If reputation is about what you see, hear, feel and experience, then you’ve got it! I do not think much of them. How can I trust them in the big things, if I cannot even trust them not to violate a basic human right, i.e. The Right to Safety?

The other day I took two old-age pensioners to a Public Hospital in Roodepoort. They asked me to stop on the way at a Quick shop, because they had to buy their own toilet paper. I mean , here is two old-age pensioners, going to see the Doctor and the medical facility cannot even provide toilet paper. Is that what they think of their customers?

Worldwide companies are instituting hand washing campaigns as an initial protection measure against the spreading of swine flu (South Africa has just had its first confirmed case). How on earth is companies going to influence this, when they cannot even provide a clean and hygienic bathroom facility for employees and visitors.

Take a look at the worst example I had ever seen in my life. This is from a factory floor.


PriceWaterHouseCoopers found in one of their studies that Compliance failure is one of the leading causes of Reputation Risk. In South Africa, companies are not paying enough attention to complying with the Occupational Health & Safety Act , which contains a detailed section on Health & Hygiene.

So what can you do about this:

1. Be kind. Use your mobile phone, take pictures and send it to management and not the Media or The Department of Labour.

2. Call your Health & Safety representative and point out the conditions, so that they can report it to the Health & Safety Committee.

3. Take a good look next time when you go to the loo. Ask yourself, is this a place where a visitor can take his kid to?

To those in management, it is a time to realise that the responsibility for basic cleanliness and hygiene cannot be outsourced. Today staff and customers have camera equipped mobile phones, with which they can do damage.

After all, who wants their reputation ruined, because of a shabby loo.

Is your company at risk of damaging its reputation due to noncompliance?

In August 2004 I wrote an article in my newsletter Powerlines Number 50 that is well worth repeating today.


Well, if you have been reading the papers lately, you would have noticed that quite a few organizations have received nasty fines from the Competition Commission of South Africa for price fixing and other anomalies. And, these are the ones in the limelight.

PricewaterhouseCoopers have found in one of their research studies that compliance failure is one of the biggest reasons for reputation loss.

Here is the article:

A company was fined a heavy penalty the other day for a workplace accident that was caused by the company managers condoning illegal actions, because that is the “way we have always done it in the past”.

In this case an unlicensed driver of a forklift caused an accident. The company decided to plead guilty being negligent in terms of the Occupational Health & Safety Act, expecting a thousand rand fine, but the court decided a fine of R10000 would be more appropriate.

The judge’s words: “Do not think you can just come in here and walk away with a small fine and continue the practice. This fine will help you to take Health and Safety issues seriously”.

What if the accident resulted in a death and the company had no proper safety practices in place? According to the law the CEO could then be held negligent, and he could receive a sentence of two years in jail and a fine of R100000. With that the media would have a field day!

Luckily in this case, no media reporter picked up the case, so the damages were confined to R 10000, but what if they did?

Organisations have two kinds of visibility to deal with.

The first is planned visibility, which is caused by day-to-day operations and actions by your organisation. The second is unplanned visibility, which is caused by the vulnerabilities you face due to the very nature of your business. These threats are caused by employees, environmental threats, safety issues and government intervention due to a company’s noncompliance to a changing legal environment, and unplanned visibility often does more harm, because of its editorial value.

In this case the company caused problems for itself by not taking the law seriously. In South Africa laws are changing “thick and fast”. Keeping up with all the new legal developments is difficult. Maintaining compliance is even more challenging. Fortunately, employers can take practical, proactive steps to maintain compliance and reduce liability risks.

Here’s a list of some of the steps you can take to reduce non-compliance:

  • Take appropriate measures to ensure that you receive timely notice of new legal developments, and that someone be instructed to evaluate its potential impact. Often in companies this is the job of the company secretary to evaluate the potential impact of for instance Internet legislation and the HR department to evaluate Employee Equity and whistle blowing legislation on company policies.
  • Take note of internal developments and their impact on the company’s legal obligations. Reengineering efforts and business expansions can have an impact on employee legislative matters.
  • Find out which policies are being complied with and which are not working anymore. Review current procedures and policies of your organisation — especially those regarding good business practices, including those to reduce risk of product contamination, etc; what hazardous chemicals are used; how product is labelled for distribution; and, what mechanisms are in place for communicating externally and internally. A simple exercise is to conduct a quick survey amongst senior management or the crisis team. Ask them to list those current procedures and policies that need to be examined and documented, or to list those that are no longer in use or working in practice.
  • You could even set up a web based survey using, or– Some of these sites offer a basic free survey. This technology can help you to quickly gauge opinion and get a feel for issues surrounding compliance.
  • Identify all the relevant legislation concerning your products and services. Consult various government departments and in-house or external legal counsel to ensure that nothing has been omitted. Measure your organisation’s compliance with these laws and evaluate likely impact of non-compliance.
  • Review your approach. The old Latin maxim: “Ignorance of the law is no excuse” applies here. What is often ignored is the reputational impact of business decisions taken. Taking a minimum legal compliance approach in your business may not be enough to avoid potential litigation and the ensuing publicity that could accompany it. What about your company’s role in becoming a good corporate citizen and paying attention to the triple-bottom line? Should you go beyond what is legally acceptable? A useful rule of thumb; “Will your decision stand up in a court of public opinion, never mind a legal court?”
  • Noncompliance with changing laws can damage your reputation. How compliant are you? When last have your company conducted a reputational audit? A Reputation audit is a systematic way of approach to identifying issues and risks that currently affect your company or will affect it within the next 12 to 36 months. (Like it or not, your company’s policies and actions are shaped and developed in anticipation of, and reaction to, political, economic, legal, social and technological forces).
  • It is also a process of casting a look internally and examining processes, procedures, policies and issues that could impact and damage the company’s reputation. It involves an in depth look at the quality of management, financial soundness, use of corporate assets, community and environmental responsibility, quality of products or services, value as a long term investment, innovativeness, and the ability to attract, develop and keep talented people.

Does your company have a dedicated person dealing with the issues of compliance? If it doesn’t, perhaps you need to reconsider. Tiger Brands recently only appointed a Chief Compliance Officer after a number of scandals. Perhaps you need to get some advice from the Compliance Institute of Southern Africa.

Take a look at Compliance Institute is the recognised industry body for compliance officers in the South African financial services arena and it endeavours to enable professional compliance and to promote the application of international best practice.

The lesson: Prevention is better than cure.