Category: Risk Management

Spotting Signs of Impending Trouble

Danger SlipThe recent agreement reached between the Construction Industry and the Competition Commission for collusive tendering got me thinking. (15 construction companies had agreed to pay fines totalling R1.46 billion for collusive tendering).

What are the signs of impending and unavoidable doom in our businesses and why do we not see, sense them or hear about them? Surely there are signs or hints that there are trouble on the horizon?

Why do we not pick up on patterns of wrong decision-making in committees?

In the book the Alchemist Paul Coelho writes about the importance of omens – prophetic signs or significance. Omens are an indication or sense of what is to come; often the writing on the wall. The allusion is to the Book of Daniel in the Bible, in which a hand mysteriously appeared and wrote a message on Balshazzar’s palace wall foretelling his destruction and the loss of his kingdom.

In business, the signs come in many shapes and definitions.

Incidents. Issues. Near Misses. Rumours. Internal chatter. Suggestions. Complaints. Patterns. CCMA cases. Grievances. Internal Audit reports.

All Signs and Omens. What more do you need to act before there is whistleblowing or a Wikileaks?

A friend of mine once said: “ Watch out for the sleeping crocodiles in your business. Catch it before it gets you”

Ultimately these omens are all signs of possible reputation risk, if we define reputation risk as anything that might potentially damage the good name and reputation of an organisation. Signs that there might be an unwanted event or unwanted publicity around the corner.

To prevent potential damage to an organisation’s most valuable asset – it’s reputation, it is important to realise that the above signs are clear indicators of a need to create better and more robust internal communication feedback systems, better discussion and listening tools and instruments and corporate culture interventions.

Also read my post on You better be Awake: Searching for Vulnerabilities. In this post, I make the point that “To close the gap or feedback loop I would certainly urge Reputation managers to establish close links with the Risk Department, Internal Auditors and Compliance Officers in the organisation. Often these are the individuals that uncover areas what I would call smouldering crises – any serious business problem which is not generally known within or without the organisation, which may generate negative news coverage and reputational damage if or when it goes “public” and could result in fines, penalties or unbudgeted expenses, loss of business and destruction of relationships.

NEW Business Continuity Textbook! – Rothstein Associates Inc. Business Survival ™ Weblog

I do not have a copy of this book, but will certainly place an order.

This quote got my attention about this book:

“As our world becomes ever more turbulent the field of business continuity and risk management increases in importance, often warranting Board-level attention. Organizations must proactively prepare for the future by mitigating risk whilst managing uncertainty through well considered policies, procedures, structure, systems and business culture to react to potentially harmful events as they unfold. In this way, their survival is less likely to be threatened and it will be more likely that their goals will be attained. Too many times we have witnessed business disaster because an organization failed to fully recognize the importance of business continuity and risk management or simply adopted a piecemeal and unsystematic approach.

NEW Business Continuity Textbook! – Rothstein Associates Inc. Business Survival ™ Weblog.

“Practitioners constantly emphasize the necessity of a holistic approach and I am pleased to see this new book by Kurt Engemann and Douglas Henderson does just that. It is also important to blend theory with practice in this hands-on field; again this is accomplished by the authors of this book who have extensive academic and business continuity and emergency management experience. They bring the subject to life with rich teaching and learning features, making it an essential read for students and practitioners alike.”

–Phil Kelly, DBA, Fellow of the Higher Education Academy (FHEA), Fellow of the Institute of Risk Management (FIRM); Senior Lecturer, Liverpool (UK) Business School; Lead Examiner, Risk Decisions, The Institute of Risk Management (IRM)

The Importance of Reputation Risk Root Cause Analysis

j0426621 (2)

There was this case in a hospital’s Intensive Care ward where patients always died in the same bed and on Sunday morning at 11 a.m, regardless of their medical condition. This puzzled the doctor and some even thought that it had something to do with the supernatural. No one could solve the mystery….. as to why the deaths at 11AM?

So a world-wide expert team was constituted and they decide to go down to the ward to investigate the cause of the incidents.

So on the next Sunday morning few minutes before 11 a.m., all doctors and nurses nervously wait outside the ward to see for themselves what the terrible phenomenon was all about. Some were holding wooden crosses, prayer books and other holy objects to ward off the evil…….. Just when the clock struck 11…… What do you think as to what happened???

Scroll down to see what happened.

The part-time Sunday floor sweeper, entered the ward and unplugged the life support system so that he could use the vacuum cleaner.

Reputation Risk can have its origins in seemingly unrelated or small issues in an organisation that eventually becomes big things that can destroy carefully crafted reputations. “Witness, the front pages on a Sunday!”

The damage of a reputation crisis can be direct and indirect. These costs could include penalties incurred because of a lack of legal compliance, litigation, media conferences and advertising costs, hiring of crises communication and risk management consultants.

But what about the indirect costs, the effects on various stakeholders? The customers that do not return? The prospective customers that read and base their future actions on today’s impressions?

The Exxon Valdez oil spill cost more than US$ two billion in the first two months. But ten years later Exxon issued a statement to say that the spill cost them more than US$10 billion in just trying to restore the environment. Added to that tally was the news that the company was fined US$5 billion for the incident by the USA government.

And why did the incident occur? Root cause analysis showed that it happened as a direct result of a faulty HR policy – understaffing and poor working conditions. (By the way the captain was not drunk, he had been suffering from sleep deprivation, I hear).

Many organisations plan for possible business risks but few have in place systems to minimise damage to its most valuable asset – its reputation. – Some studies such as the Ernst & Young “Measures to Matter” survey showed that reputation and the value of intangibles can make up as much as 70% of a company’s share price.

Any crises situation has the potential to damage an organisation’s reputation, impact on the share price and destroy relationships. No matter the factor or risk that caused the crises situation, reputation risk is inherent in it.

Reputation damage inevitably leads to loss of market confidence, critical stakeholder actions, litigation, higher capital costs, etc.

Reputation damage can be defined as the adverse operational and financial impact to business performance when the company’s good name gets tarnished. Yet, how often do management receive training and education on how to manage reputation and minimise reputation fall out? Seldom, I will wager.

To understand the potential ramifications of a reputation risk incident, it is vital to take a reputation root cause analysis view.

Negative publicity should not be seen as the reason for only further intervention downstream, but as an end-of-the-pipe effect, which could be organisationally have been cured upstream.

Often the root causes can originate in culture(values), leadership (actions), structure(relationships) and process (systems). These variables interact and combine to produce organisational reputation results and outcomes.

To empower managers to understand this inter-play, I will facilitate a program in July which I take managers through a guided process so that they can understand how reputation risk incidents develop and evolve.

See for more information.

Have you adequately defined Reputation Risk in your Business?

1257879_26114212 Definitions create the lenses through which we look at the world. The renowned psychologist, Abraham Maslow said that if the only thing you have is a hammer, you tend to treat everything as a nail.

I start every seminar and presentation with definitions, so that I can establish a common framework through which I can work with my audience. In particular there are a number of definitions to describe reputation and reputation risk, each serving a slightly different purpose. These need to be further explored so that you can decide on how you will manage reputation.

The classic definition is that Reputation is all that is generally believed about your character, respectability, credit, integrity or notoriety. (Latin: reputatio – reckoning). But it is not enough to guide us.

I also use these definitions that give it more meaning:

Reputation is a state of mind – A Set of memories, perceptions and opinions that sits in your stakeholders’ consciousness.

Reputation is the net result of the interactions of all the experiences, impressions, beliefs, feelings and knowledge all stakeholders have about a company.

So what then is Reputation Management?

It is essentially a consulting discipline that realizes that Reputation is both an asset and a risk. The definition that I therefore like to work with says that Reputation Management is the building, sustaining, and protection of an organization’s good name, generating positive feedback from stakeholders and resulting in the attainment of strategic and financial objectives. It implies that there is a definite financial link between the work we do in reputation management and the bottom line.

However reputation is also the greatest risk that an organization can face.(Think of a run on a bank). As Warren Buffet have said: ” It can take twenty years to build a good reputation, and only five minutes to destroy it”.

WE therefore have to consider the following definitions as part of our approach to building and protecting reputation.

  1. Definition 1: (Stakeholder Perspective) – Reputational Risk emerges when the reasonable expectations of stakeholders about an organization‘s performance and behaviour are not met. This has been listed in some surveys as the most dangerous reputation risk of all. It essentially involves taking a look at each stakeholders needs and expectations, matching the drivers of an organization reputation and minimizing the gaps that exist.
  2. Definition 2: (Asset Perspective) – Some studies show that Reputation makes up between 55 – 73% of a company’s asset value. In this instance, Reputational Risk is defined as the loss of earnings that occur in a situation of negative public opinion. It normally results in loss of sales, share value decreases and breakdown of relationships. Many a crises have led to stock price decreases and impact in other areas of the business.
  3. Definition 3: (Incident Perspective) – Reputational Risk is the exposure incurred from unexpected incidents, or from unanticipated response to the institution’s initiatives, actions or day-to-day activities. This definition implies that Reputation Risk is the risk that an activity, action or stance performed or taken by a company or its officials will impair its image in the community and/or the long-term trust placed in the organization by its stakeholders, resulting in the loss of business and/or legal action, and is closely linked with the asset perspective.
  4. Definition 4: (Compliance Perspective) – Reputational Risk can also be defined and viewed as the loss or negative publicity that can arise from failure to meet regulatory or legal obligations.

From the above definitions it must be clear that essentially all risks and all related components of an organization potentially impact on reputation. This implies that reputation needs to be systemically managed if an organization wants to extract maximum value from it. Tip – It is essential that you define Reputation Risk in these four ways in your business, as each definition implies a different mitigation strategy and potential danger.

My question to you – Have you adequately defined Reputation Risk in your Business? Do you have a Reputation Risk framework that spells out how you will mitigate, treat and respond to Reputation Risk? If you don’t, you have some work to do.

What Is The Cost Of NOT Training Management in Reputation Risk & Crisis Management?

3338374358_7a2e62c539_o Reputational risk is the risk that an activity, action or stance performed or taken by a company or its officials will impair its image in the community and/or the long-term trust placed in the organisation by its stakeholders, resulting in the loss of business and/or legal action.

Essentially all risks and all related components of the group potentially impact on reputational risk.

Think about this one for a second…

You’re the CEO of a large company with a daily operating budget that floats somewhere in the millions. Your profit margin is already pretty thin and demands all your management skills to keep things in the black. Suddenly, something absolutely crazy and totally unexpected for which even your best contingency planning didn’t prepare you hits you dead on, sinking your thin profit margin into a deep, deep sea of red ink. I’m talking billions here…

No, this isn’t a cheap attempt at dramatics. It’s a nutshell summary of what happened to the airline industry after September 11. We could argue that those are exactly the times when managers really need to remember what they learned in management school. The truth is, however, that (a) We don’t teach them how to deal with crises like that; and (b) they don’t have time to worry about soft and hard skills, etc. when their pants are on fire. All they will worry about is whether they can save the “money”, because after all that is what the shareholders will hold them accountable for.

It is in situations like these that a person will display their normal crisis management style, and unfortunately what will happen is that managers will go for quick solutions rather than proper root cause analysis. There will be a tendency to address symptoms rather than real causes.

Part of the problem lies in our training that we provide in organisations. I am not saying that the quick and dirty phenomena is happening because training departments are doing such a lousy job, at least not from the perspective of understanding what management is about.

Where departments fail is in not performing regular simulations under which crisis readiness and decision making under stress can be tested. Where training departments fail is in not providing their managers with hard nose business skills training, things to do when faced with a crisis, things to prevent smouldering crises from erupting into perceptual crises, teambuilding and decision making under conditions of severe stress, etc.

What is needed is a solid understanding of the processes that support problem solving and ethical decision making and proactive thinking while studying management struggles, confusion, dilemmas, and the moral challenges managers face. Managers need training in understanding the many elements of crisis management, including such critical areas as crisis planning and preparedness, crisis communications, security of human, physical and intellectual assets and organizational behaviour, communication management problems and strategies.

That way we can assure that our management teams can make proper and ethical decisions when times of trouble come, decisions that will rather build than destroy a company’s good name. Let me ask you a question:

  • Does your company have a crisis management plan that has been truly tested and simulated in the past few months?
  • Does Crisis Management & Communication training feature in your training calendar for the year?

Unless it does, your company is a long way off from being adequately prepared. Don’t be upset if quick and dirty solutions are part of your organisation’s behaviour patterns. Sometimes incidents happen due to unfortunate oversight. Most of these times I believe they happen because management have not been sensitised to the importance of managing a company’s greatest asset – its reputation.

In many cases Reputational damage could have been prevented had management received training in the management of reputation.

Prevention is normally better than cure. Management teams should receive training in what reputation is, why reputation is an asset and a risk, the various drivers of reputation, how it is measured and destroyed, strategies for building, sustaining and protecting reputation, corporate governance, ethics and media understanding and media survival skills. It does not matter if you are working for Government, a Corporate or an NGO – Reputation remains the same and has the same impact.

Often Management asks about the cost of training. Why not consider the flipside of the coin? What is the cost of NOT training management in reputation understanding?

The question to ask is whether Organisation’s do enough to sensitise their management teams. BP did most of the above, and yet, even that wasn’t enough. Now that is even more scary!

If you would like to learn, how to prevent reputation risk emerging in your organisation, or would like to hone your crisis management skills, you would not want to miss this training event coming up.

What: Reputation Defence & Protection (Reputation Risk Mitigation) Masterclass
This two-day Masterclass provides comprehensive and practical coverage of all aspects on how to protect and defend an organisation’s reputation, and is based on more than 25 years research and experience on how to protect business reputations. The title word includes the verb defend. The reason – the word defend is generally defined as to take measures to make or keep safe from danger, attack or harm, and implies the actions of protecting, safeguarding, shielding, supporting or preserving. The requirement to defend can be associated with an individual, group, place or thing, and can be associated with honour, reputation, territory, assets and allies (stakeholders). It offers not only international best practices but also provides guidance how to implement a reputation risk management and protection framework. Worldwide reputation risk is seen as the highest-order risk and most dangerous to organizations, because of its volatility and unpredictability. Part of the problem is that some regard it as a strategic risk whilst others see it as a consequence of a risk. The way an organization therefore defines it, will have a material impact on how it will be mitigated and treated. Because reputation risk is volatile, unpredictable and often unquantifiable, it often happens that; what an organization regards as a small incident or issue, erupts and has a major impact, because stakeholders viewed it differently. Understanding the systemic interplay of factors is therefore vital in understanding this risk. If you’re responsible for ensuring that your organisation responds to and survives any form of reputation risk event – this Masterclass covers all the key steps necessary.
When: Tuesday, July 20, 2010 11:00 AM to Wednesday, July 21, 2010 12:00 PM
Where: Hotel Indaba

Johannesburg, Gauteng   South Africa

How to Write and Implement a Media Policy!

imageMany managers and owners think that a media policy comprises of just one instruction, namely :’’Never speak to the Media. Refer all enquiries to our spokesperson or Head Office….’’.

However there is more to a media policy than just an instruction that tells staff who will speak or is allowed to speak to the media. A Media Policy can be a document that sets the tone for communication with the Media and other stakeholders.

The advent of the Internet and Social Media have changed the traditional rules and landscape of media relations. Today an employee or a stakeholder can have their own presence on Facebook, have their own blog, send pictures from their phones directly to websites on the Internet, making it more difficult to control messages.

Some companies profess to believe in engagement with stakeholders, yet do not allow their staff to access social networking sites, whilst others embrace the new technologies. Some cite bandwidth issues as their biggest constraint, yet time and time again it has been shown that unless transparency is understood, a company will not easily open up to these new tools.

This makes the writing of a media policy a vital exercise to steer clear of potential reputation risk. This makes the writing of this policy no longer the responsibility of the PR department, but that of the Risk Committee.

Writing a best practice media policy will therefore need discussions with subject matter and 3rd party experts, dialogue with stakeholders, an understanding of the issues in a company as well as knowledge of the latest laws, rules, regulations, needs and expectations of stakeholders.

Only when these issues have been discussed and researched, can a policy be written. I also believe that it is vital for any business not just to design and write a best practice media policy, but that this policy should be accompanied by a guideline that contains hints to deal with not only the media but also communication with other stakeholders.

To write a media policy you will need specialised help. You can either work with your PR Company or enlist the services of an external services provider such as a specialised writer and/or a Social Media company to assist you in this regard.

Here is a part example of a policy and a short checklist to guide you in this process (Please note that this is not a complete list).

Example of a Media Policy

The objective of the XYZ Company’s Corporate Communications policy and procedure is to ensure that the information contained in all communication with stakeholders is consistent, accurate, fair and timely.

(This statement is not as simple as it looks. Issues of transparency needs to be carefully researched, especially legal issues, issues of voluntary, mandatory and involuntary disclosure and whether the organisation wants to be transparent, i.e intent)

To ensure this, it is the policy of  the XYZ Company that:

The Company will comply with all laws and regulations regarding public disclosure of material events, financial results and operations;

  1. The Company is committed to non-selective, fair disclosure of information about The Company without advantage or disadvantage to any participant in the financial market place;
  2. The Company will voluntarily disclose any non-material information, which is not the subject of a confidentiality agreement and determined by senior management to be in the interest of stakeholders, shareholders, the investment community and the public;
  3. All disclosures to the media will be communicated by an authorised Media Relations Officer or designate;
  4. All disclosures to the financial community, including investment analysts, brokers and current or potential investors will be communicated by the CEO, CFO, and Investor Relations or their designate(s);
  5. All the Company media releases, information prepared for the financial community, and all other Company related information for public disclosure must follow the procedures for review and approval outlined herein;
  6. The External Communications Policy applies to all the Company employees and, with respect to their reference to the Company, all subsidiaries and associates;
  7. Management will be responsible for ensuring that this policy and related procedures are communicated and followed consistently in their operations;
  8. Non-compliance with this policy may damage the Company’s reputation and/or cause the Company and/or its shareholders to be prejudiced and to suffer damages and/or losses;
  9. As with all of The Company’s policies any non-compliance will be treated as serious and will result in disciplinary action and could give rise to civil and/or criminal liability on the part of the employee. It is the responsibility of all employees to familiarise themselves with this policy.

The Public Relations Manager can be contacted should an employee wish to seek clarity or assistance with respect to any aspect of this policy.

Example of a Checklist: Due thought needs to be given to the clarification of procedures for preparation, review and approval of external communication materials:

  1. Media Relations
  2. Industry Analyst Relations
  3. Financial Analyst Relations
  4. Stakeholder Relations
  5. Conference/Seminar/Roundtable/Speaking Opportunities/White Papers/Opinion Pieces
  6. Corporate Identity
  7. Email Signatures
  8. Crisis Communications
  9. Acquisitions, Partnerships, Subsidiaries and associates
  10. Naming conventions
  11. Customer/External Newsletters
  12. Internal Newsletter
  13. Website and Intranet issues
  14. Blogging, Facebook usage, Wikis and other Social Media
  15. IT related issues.

As you can see, due thought has to go into the writing of this policy. Who needs to be consulted and vet certain information? Example – Internal newsletter may have content and remuneration information that has to be cleared by the Human Resources Director.

From a reputation risk perspective, you want clear policies, implementation guidelines & tips for all of these areas.

Writing the policy is one thing. Once you have written it, it needs to be authorised by the Board, and other parties such as the Company’s Legal and PR representatives. Getting the policy scrutinised by external 3rd party experts is advisable.

Once the policy is approved, it is useless to just distribute it and get it to be filed in the company’s policy manual. It is also not sufficient to just communicate the contents via a memorandum or e-mail to managers and staff.

I believe that it is vital that specific training is conducted throughout the organisation, so that staff can understand the dangers and peril of irresponsible communication and the impact it can have on the reputation of the institution. Training managers in Media Relations awareness is not the same as Media Spokesperson training and the two should not be confused.

Media awareness training differs from practical spokesperson coaching. Let me explain. Companies traditionally appoint two to three spokespersons. The spokespeople (who are carefully chosen), need to receive hands on practical training in front of cameras, microphones and live audiences. This type of training is  expensive and time intensive and is normally conducted in a studio. Some trainers put spokespersons on the spot and then proceed to show them their weaknesses. This often breaks down people self-confidence levels and should be avoided (You cannot build on sand). Spokesperson training should be positive and uplifting and conducted in simulated environments.

However I believe that general management also need “contextual” training – training that will add to their understanding but that can be added on in a studio later. It is this training that is needed to ensure adherence and compliance with the Media policy.

Managers need to understand the media stakeholder, how they operate and how to conduct themselves in a media interview situation. This is typically the type of training I conduct in my Media Survival Skills workshop.

Often senior management are the people who have to formulate the messages that spokespersons need to convey or decide on an approach in dealing with the media. They therefore need to understand the media stakeholder, so that these messages and chance interactions with the media will be positive and uplifting.

My favourite saying is that media relations need to be approached with strategic intent and if you do not know the rules of the game, how can you play it.

I believe that my recommended two-tier approach to writing a Media policy and implementation is the best for building sound media relations and minimise that type of reputation risk in the organisation.

My Definition of Effective Risk Management

I have just been quoted in an article in Norman Mark’s blog – ‘How Do You Determine Whether the Risk Management Process Is "Effective"?

This was my response: Effective risk management is when each risk event identified is examined through the lens of both the direct loss to the firm and indirect losses that may arise because of damage to the firm’s reputation associated with the event.

My definition has evolved from working with clients where I could see the imbalance the risk management process i.e that too much attention was placed on financial losses.

Those readers who received my Powerlines newsletter Nr. 89 dated Nov 2009 will recall my article ‘One Event, Multiple Stakeholder Impacts’ in which i showed the danger of how one event could have multiple stakeholder impacts.

That is the type of danger that exists when you do not view a risk event and put it through the stakeholder lens.

The Yin and Yang of Risk Management

a While ago I worked with a client where it soon became apparent that too much attention was given to financial indicators and not enough to intangible measurement. As I explained to the client there is was a need to "balance the yin and the yang" of the risk management approach in the company.


This comment emphasizes both "hard" and "soft" sides of risk management. The hard (yin) includes committees, policies & procedures, quantitative assessments, reporting, limits, audits and systems.

The soft (yang) reflects awareness, people, skills, integrity, incentives, cultures, values, trust and communication. Both sides are essential to a sound program and a sound reputation.

Is your risk management system adequately balanced?


I am just sitting here!

Once there was a rabbit sitting in a field and sprucing himself up. He polished his nails, cleaned his whiskers and even put on some deodorant. An eagle, flying overhead, asked the rabbit what the occasion was. The rabbit replied that "tonight I have a date with the Lioness. The lion is out of town, and the Lioness has a crush on me".

A few minutes later, the Lion returned, his flight having been cancelled.

"What are you doing, Mr Rabbit", asked the lion as he passed by looking at the spiffy-looking rabbit.

Answered the rabbit, "N-n-nothing sir. I am just sitting here talking nonsense to myself".

That’s exactly what I am doing right now!

Right now, I am wondering if this is just the sign of the times. What do you do when at the last minute many people cancel to attend a Masterclass, that they wanted to attend, but now can’t due to operational requirements.

I guess operational requirements take preference over learning activities. So, what now?

I guess I will just sit here for a while. Little I can do, the matter is out of my hands.

I will have to reschedule with these delegates. Watch for the new date!

Technorati Tags:

Reputation Protection & Defence Master Class 7 – 8 December

What: Reputation Protection & Defence Master Class
A 2 day Master Class that will enable Reputation Managers, Risk Managers and Crisis Management controllers to design and implement strategies and frameworks to mitigate reputation risk and manage repoutation risk incidents when they occur. (Event is already 50% full)
When: Monday, December 7, 2009 8:30 AM to Tuesday, December 8, 2009 3:30 PM
Where: Hotel Apollo, Ferndale, Randburg, Johannesburg

Johannesburg, Gauteng   South Africa

You better be Awake: Searching for Vulnerabilities

Business vision

A major activity of reputation management is surveillance of the internal and external environment. 

That’s what journalists do to report on the news. The chief reason reputation managers need to do it is to search for areas of vulnerabilities. To search for potential issues, trends, patterns or events that might harm the organization’s reputation.

To protect your organisation’s reputation, managers need to be interested in certain kinds of information about their organization’s environment, including some of the following information:

  • What are the burning issues in your industry?
  •  Which stakeholders are in a position to help or hurt the organization? The list should include conventional stakeholders, e.g., stockholders, employers, community citizens, government officials, as well as activist groups in the so-called third sector that seek to change corporate behaviour.
  • What opinions do these stakeholders -and the general public-hold toward the organisation?
  • Are attitudes generally favourable or unfavourable? What are their expectations of the organization? Do they feel the organizations measure up to these expectations?
  • If not, how strongly do they feel about the gap between expectations and performances?
  • What actions, if any, are they likely to take?
  • What is the media saying about your organization and industry, etc? 

In addition to monitoring the external socio-political environment, reputation managers should examine data from a variety of internal feedback systems. These data may be collected by the public relations department or by a lateral staff organization such as the personnel/industrial relations, consumer affairs, or investor relations department. For example, employee relations indices could include a high number of grievances, a high turnover rate or even litigation cases.

To close the gap or feedback loop I would certainly urge Reputation managers to establish close links with the Risk Department, Internal Auditors and Compliance Officers in the organisation. Often these are the individuals that uncover areas what I would call smouldering crises – any serious business problem which is not generally known within or without the organisation, which may generate negative news coverage and reputational damage if or when it goes "public" and could result in fines, penalties or unbudgeted expenses, loss of business and destruction of relationships.

You should also create checklists of the questions you want to ask. Here is a partial checklist example:

  • Create checklists for sensitive spots where anticipation can help prepare your organization to combat trouble.
  • Do your homework on current events. Check your organization for the troubles besetting other companies in the news. 
  • j0430721Scanning online and other media aggressively, and in adversary mode, looking for areas on which your company can be attacked, including possible actions, attitudes and policies. 
  • Keep updated on, and check your vulnerability on new laws, regulations, SHE developments, BEE developments, stakeholder expectations, market trends, financial trends. I use tools such as Google’s News Alerts and various search engines especially meta search engines like Pandia Powersearch to keep myself update.
  • Use Social Media monitoring tools such as trackur and others
  • I also use a brilliant program called FeedDemon that in my mind is the best RSS Newsreader program available. It enables me to set up feeds of my interest sites so that I am always up to date with what is happening out there.

What are you doing to stay aware?

Years ago, Watts Whacker, the futurist was asked more about his profession in the Fast Company magazine (Dec & Jan 1997 issue). This is what he said:

"A traveller encounters the Buddha on the road and asks him. "Are you a deity?

Buddha says no. "Are you a saint? Buddha says no.

"Are you a prophet?" Buddha says no. Exasperated the traveller says:

"Then what are you?"

Buddha answers:" I’m awake"

How awake are you? Do you know the latest trends in your market?

What about your company’s reputation? What smouldering crises are there in your business, ready to destroy your careful crafted reputation?

You better be awake.

Towards Managing Reputation in a Formal Manner

If you consider that organisations spend millions every year in building and sustaining operations, building market share and confidence,should reputation, the organisation’s main perceptual asset and biggest risk, not be managed?

Perceptions are reality.

What are you doing to manage those perceptions? Answer the following questions objectively to start a dialogue in your company :

1. Are all your stakeholders – suppliers, customers, the organisation, and its people aligned in one value chain from an value chain perspective?
2. Who in your company has specific responsibility, authority and accountability to manage perceptual assets , such as the company’s good name – it’s reputation or is it being left to chance?
3. Are internal and external ( Verbal and non-verbal)messages aligned i.e. Is there congruence between internal and external messages?
4. Have you identified the blocks, the barriers and the hindrances that prevent this alignment?
5. Have you determined a value that can be placed on the element of name, reputation or goodwill components?
6. When last have you taken a fresh look(introspection) at how your organisation’s operations, systems, policies & procedures, impact on the building of your company’s good name?
7. Have you equipped the people in the organisation with the resources such as knowledge, skills and attitudes to build, maintain and sustain the good
name of the organisation?

j0422353If not, you need to understand the objectives of Reputation Management. The objectives of Reputation Management as a formal discipline are as follows:

To maintain a favourable reputation in the market and workplace;
To enhance and Build your organisation’s good name;
To establish practices, policies, procedures and systems and standards that, will avoid damage to the organisation’s reputation;
To prepare and equip your Management team to take full responsibility for managing the organisation’s reputation.

Here are some guidelines as to what an integrated reputation management approach should embody:

1. Undertake a formal assessment of your company’s reputation – internally and externally.
2. Identify and advise on areas for improvement.
3. Introduce a Reputational Auditing system, to suit your needs.( After all it is an asset and a risk and should be managed accordingly)
4. Establish the necessary documentation, recording, reporting and safekeeping of data.
5. Conduct reputational monitoring.
6. Present and co-ordinate the presentation of relevant training courses to various levels in your organisation( Reputation is more than just customer
service – It is the sum total of everything we sell, deliver, communicate and do).
7. Establish, attend and guide the Company’s Reputational Committee meetings for an initial impact and report.
8. Report to and maintain contact with your CEO and person responsible for RM. All managers would do well to pay attention to what Warren Buffet said
to Salomon Brothers employees when he stepped in as interim chairman in 1991: "If you lose money for the firm by bad decisions, I will be very understanding. If you lose reputation for the firm, I will be ruthless."
9. Co-ordinate and perform a bi-annual compliance audit of your Company’s reputational programme to ensure that standards and requirements are being

Always remember that a company’s reputation is an asset and a risk,( if only just a perceptual one) and that it is like a fragile vase – Once broken, not easy to restore. And, while that might seem melodramatic, don’t try soft selling its meaning to Exxon, Johnson & Johnson, or to Union Carbide who had a shadow cast over its operations since the Bhopal disaster where thousands of people were killed due to a gas leak.

The list is endless. Grim reminders that crises can strike a Business at any time; and during these crises a Company’s image and reputation can be damaged significantly.

So what constitutes a good reputation? This depends from organisation and organisation. There is no one reputation that works for an organisation that will work for another. Each organisation must find its own version, based on the industry the company is in and what the customer requires. Research studies by institutions like the Reputation Institute have revealed a number of dimensions or drivers that can be used as a guide.

BUT one thing stands out "A Company with a good reputation is one in which the deliverable and the demands are in synch". When perception and reality is in alignment.

But let us not make a mistake – Crises do not have to be big. For an entrepreneur a crises is losing one client through not delivering on time. Having systems and policies in place, having trained reputation conscious people such as suggested above will go a long way to maintaining and enhancing your organisation’s good name.

Want to Learn how to Defend and Protect your Organisation’s biggest Asset & Risk?

What: Reputation Protection & Defence Master Class
2 – day Master Class on how to protect and defend an organisation’s reputation. It covers from Reputation Risk, Crisis Management, Crisis Communication & Online Reputation issues.
When: Wednesday, October 14, 2009 (all day)
Where: Hotel Apollo, Randburg, Johannesburg

Bram Fischer Drive
Johannesburg, Gauteng   South Africa
This event is a must attend for PR & Communication Managers, Corporate Affairs, Compliance Officers and Risk Managers.

Lies, Lies…..Impact!

j0438805 How naive some people can be!

Do they really think that in today’s age, lies will not have an impact?

The pathetic handling of the Caster Semenya’s case by the ASA (Athletics SA) is now having a ripple effect.

Leonard Chuene, the president of ASA, has admitted he lied about knowing of the IAAF’s request for tests as well as tests done in South Africa on Semenya before the event.

Worse of all, the ASA council on Thursday decided Chuene could keep his post even after the Department of Sports and Recreation said he should be fired. So by implication, they condone lies.

Is this a case of Medals before truth?

Well, it does not matter what they say or decided. ASA’s reputation is in tatters.

The Business Report today ran an article with the Headline: ‘’Nedbank pulls out as sponsor of ASA events’’

Nedbank, the biggest backer of road-running events for ASA, said sponsorship negotiations this year would take into account the sports body’s handling of Caster’s sex tests. Nedbank has decided to terminate its sponsorship a year earlier due to logistical reasons…….

Obviously the lies and handling of this case, has speeded up the decision process. Nedbank currently is leveraging its approach to sustainability being carbon- free and cannot afford to get their reputation tarnished by standing up for a lie.

It is my professional opinion that many leaders do not understand the ramifications of small actions on their and their organisation’s reputations. Obviously leaders are not being sensitised to the dangers of reputation risk. They do not understand it and think that they can get away with so-called white lies.

The danger is that cracks even when glued up will show up for years.

How Reputation Event/ Crisis-Ready is your Organization?


The following self-diagnostic is not a replacement for a comprehensive crisis audit of your organization by a qualified consultant. But it may help you determine whether it’s time to initiate one!

For scoring, see legend at the bottom. Just answer Yes or No.

  1. You regularly scan your socio-political and stakeholder environment (news media, Internet, consumer surveys, etc.) for possible threats to your organization’s reputation.
  2. You regularly scan your internal environment (union issues, corporate governance issues, etc) for possible threats to your organization’s reputation.
  3. You have identified the main current potential threats to your organization’s reputation (risks are threats which are at least “medium” both in terms of likelihood and seriousness).
  4. For each of these threats, you have prepared a “what if” scenario describing how the threat would most likely unfold, and how the organization should, ideally, respond to it, including your main communication messages to stakeholders.
  5. You have prepared a set of procedures which are to be followed by managers throughout the organization, should any of these threats (or some unanticipated crisis) transpire. These procedures include specific protocols such as notifications of appropriate executives.
  6. You have designated and trained a Crisis Communication Team which is to be convened in the event of a crisis. This may be the same people who sit on your Emergency Response Team, or another group linked to it.
  7. You have prepared a comprehensive, regularly-updated database (ideally in electronic form) of all the key people you may need to reach in the event of a crisis. This includes key media contacts, key contacts in government, key managers, etc., with their home, fax, cellular telephone, twitter, instant messenger and other coordinates.
  8. You have included everything from steps 3-7 in a regularly updated crisis communication manual (paper, electronic or both) which is readily available to all your key executives and managers.
  9. You have condensed the key contact information onto a wallet card which all your key executives and managers can have with them at all times.
  10. You have tested your organization’s ability to carry out this plan and these procedures in a simulation.


Award your organization 10 points for each “yes.”

Under 50 points:
Either your organization has consciously decided it likes living dangerously or it’s living in a fool’s paradise. Let me guess: the organization also carries the least possible insurance, because one of your executives said “the premiums cost too much.”

50-60 points:

You’ve got something stuffed into your parachute sack…unfortunately you don’t know whether it’s a parachute or a dirty hanky. It’s time to turn your plan into a high priority business project with a completion deadline and support from senior management. The majority of listed type organizations fall into this category.

60-80 points:
Now you’re training for the big time! Time to focus on those few things that are keeping you in from being the leader in your field!

80 points or better:
Welcome to being a leader in your industry. You can sleep nights; at least as far as crisis preparedness is concerned. All that is required from you is to benchmark and audit compliance to ascertain levels of assurance.

The questionnaire above is just a small extract of a detailed questionnaire that is included in a product – The Crisis Manager Toolkit that is available on CD or for download. For more information and rates, send me an e-mail.

Brochure for the Reputation Defence Masterclass

I have uploaded the Reputation Defence Masterclass brochure and registration form to my blog for ease of access.

Just visit the link:

What: Reputation Defence Masterclass (Reputation Risk Mitigation)
This two-day Johannesburg-based Masterclass provides comprehensive and practical coverage of all aspects of implementing reputation risk management & protection frameworks and is based on more than 25 years research and experience on how to protect business reputations. It offers not only international best practices but also covers the requirements of some of the principles in the new draft King Code 3 on Corporate Governance, especially “Principle 4.14: The board should ensure that the company’s reputational risk is protected”
When: Wednesday, June 10, 2009 8:00 AM to Thursday, June 11, 2009 5:00 PM
Where: Hotel Apollo

Corner of Bram Fischer Drive and Republic Road, Randburg
Johannesburg, Gauteng 2118   South Africa

If you scroll down the page, you just have to click on the two links, to observe a detailed brochure outlining the programme for each day as well as the registration details. Should you be interested in saving R800, then access the registration form now and make use of the Early Bird option.

I look forward in meeting you and sharing the ways and means to protect your organisation’s biggest asset and risk in today’s knowledge economy.

Please share this information with other colleagues who might benefit from this exposure. Remember Knowledge only becomes Power once it is shared. Your assistance in this regard will be much appreciated.

WHO raises pandemic alert to Level Five – The second-highest level

The World Health Organization raised its pandemic alert to its second-highest level Wednesday, indicating the outbreak of swine flu that originated in Mexico is nearing widespread human infection. Dr. Margaret Chan, the U.N. agency’s director-general, said the decision to raise the alert to level five on its six-point scale means all countries "should immediately now activate their pandemic preparedness plans." for the full article.

The declaration of Phase 5 is a strong signal that a pandemic is imminent and that the time to finalize the organization, communication, and implementation of the planned mitigation measures is short.

What are you doing to prepare your organization against this? Beware thinking that this will not impact locally.

Look at today’s newspaper headlines……

I would suggest an urgent revamp of your Crisis Management & Crisis Communication plans. How ready are you?

The time to act is now!

Out of Sight, Out of Mind?

I just read an extract of the book, ‘’Without Warning’’ by Rodney Johnson (

This book has some valuable lessons for Reputation Managers, such as the question: Do you have an uncomfortable suspicion that your business has a problem lurking in its depths? Is there an issue that you keep catching a glimpse of out of the corner of your eye, but can’t quite get hold of?

This is what Rodney N Johnson’s book, ‘Without Warning’ is about, and he calls these ’silent problems’, as opposed to simple, complex or wicked problems.

  • A simple problem is one in which everyone agrees on the problem and on the solution. If not solved correctly, this could become a complex problem.
  • A complex problem: one in which everyone agrees on the problem, but disagrees on the solution.
  • A wicked problem: a problem (or nest of problems), in which people disagree over what the problem is, so a solution can’t be identified, and without agreement on the problem or a defined solution, you won’t know when the problem has been solved. Different groups of stakeholders understand the problem differently; any proposed solutions can’t be tested or evaluated other than subjectively.


But a silent problem is different, and Rodney Johnson (RJ) defines it like this:

A problem that is being avoided, neglected, or going unnoticed… A problem that is intentionally being silenced.

This is perhaps the worst kind of problem of all. At least a wicked problem can be acknowledged and struggled with. But one that you’re not aware of? How are you supposed to deal with that?

Whose problem is it?

One of the many silent problems RJ uses as case-studies is the sub-prime financial fallout which we’re all too familiar with now – warnings were given, but disregarded.

Question: if someone able to impose a solution had been willing to say ‘here’s a problem’, would it then have become a complex or wicked problem? That is, is it a silent problem only as long as no-one with enough authority to deal with it has spotted it or taken responsibility for it?

If there were warnings, then someone was aware of the problem, so it wasn’t silent for them – but presumably they didn’t have the clout to tackle the issue. A silent problem, then, is a leadership issue: it is a problem that is being ignored by management.

You’re the manager: how do you know if there is a silent problem? Or do you wait for a whistleblower or until the Media conducts an investigation?

This extract really made me think – Do we wait until reputation risk manifest? Or do we deal with issues whilst they are small? Are we prepared as Dr Roger von Oech wrote in the book, A Whack on the Side of the Head, to slay some sacred cows. To ask, which sacred cows or hidden problem can destroy our hard-earned and carefully crafted reputation?

Read more:

This book has implications for communication channels and risk experts.

ISO 31000 – The Proposed New Risk Management Standard


I just read an article about the proposed new ISO 31000 standard in the Enterprise Risk magazine ( of March 2009.

In the article, the author and ex – Chairman of IRMSA, Steve Winks writes about the new way to define risk i.e that risk will be defined as ‘’the effect of uncertainty on objectives’’

The central issue of the definition is "objectives" -that is, the objectives of the individual or entity concerned.

The change in definition shifts the emphasis from "the event" (something happens) to "the effect" which is the effect of the event on objectives. So, the "risk" isn’t the chance of having a fire (for example) but the chance that value will be destroyed and or income flow disrupted (assuming preserving value and income flow was part of the objective).

From both definitions, it can be seen that risk is particular to the objectives of the individual, organisation (or even society) and that it arises because those objectives are pursued against an uncertain background. Although the individual or organisation controls their objectives, they cannot control or predict the background environment fully in which they operate. And it is this background environment, overlaid on the particular objectives, which generates uncertainty and thus risk.

Because risk is directly linked to objectives, it is obvious that risk is not inherently "bad". Many objectives can only be achieved by being willing to accept at least some risk. If risk can be managed effectively, opportunities can be exploited. Risk is generated by every decision that is made by an individual, organisation or society – small wonder that it is beneficial for individuals, organisations and governments to become increasingly proficient at understanding risks and knowing whether, how and when to "treat" those risks in order to improve the chance of realising objectives.

Risk is best characterised by describing both the effects (referred to as "consequences") and the chance of experiencing those consequences (known as "likelihood"). The level of any particular risk can be expressed by combining the two considerations (i.e. the potential consequence in terms of the objectives, and the likelihood of those consequences being experienced). If the resulting level of risk is either too high or too low for the entity whose objectives are at risk, then the risk can be treated so as to adjust the size of the consequences and/or the likelihood of experiencing those consequences.

I must say that this in line with my thinking and advice to clients.

When it comes to reputation risk, it is important to discern between a reputation event and reputation risk. (See words in bold above).

a Reputation event includes any action, incident or circumstance which induces, or is likely to induce, reputation risk for an organization. For example, such an event may arise from market rumours, severe regulatory sanctions, or heavy financial losses. Some of these events, if not acted upon swiftly and effectively, may turn into a full-blown crisis (e.g. a bank run).

Reputation risk means the risk that an organization reputation is damaged by one or more than one reputation event, as reflected from negative publicity about its business practices, conduct or financial condition. Such negative publicity, whether true or not, may impair public confidence in the institution, result in costly litigation, or lead to a decline in its customer base, business or revenue.

This uncertainty is what makes reputation risk so difficult to quantify or predict. Reputation Risk management therefore needs to include elements of reputation event or incident management, reputation risk consideration, environmental scanning and issues management.

Quite a mix! The starting point in managing reputation risk in an organization starts with a simple question. Is Reputation Risk a strategic risk on its own or a consequence of a risk?

For more information about the importance of definitions, go to my page –

In the past, reputation risk management was confined to damage control and fire- fighting after the event or crisis (Reactionary Approach – Reputation Event or Incident management). Now there has been a paradigm shift towards a Proactive approach which includes building up “reputational capital” before an event (problem or crisis0 arises.

To build reputational capital and minimize reputation risk requires an understanding of the drivers of corporate reputation and the risk and opportunities that each driver offers. That knowledge coupled with the understanding that no Company, organisation or individual whose livelihood depends on public support can afford to function without a reputation building and a crises communication plan will enable companies to formulate robust strategies for building, sustaining and protecting corporate Reputation.