The Urgency of Effectively Managing Reputational Risk

The Urgency of Effectively Managing Reputational Risk

Reputational risk is now the number one concern according to a survey reported by Bruna Martinuzzi in a 2018 American Express blog. We see almost daily in the media, how easily a company’s reputation can be ruined—this is a growing danger we face.

Fortunately, there are many ways to protect our reputations, but we need to develop a solid approach to management of that risk. Reputation is “the emotional bond between a company and its stakeholders,” according to Melanie LoBue in her blog at Reputational risk can threaten the life and longevity of our organization, increase risks to the likelihood of negative events and public opinion, and impact income, as well as public image.

Just as we have smoke detectors to detect a potential fire, we need a similar detector for reputational risk, suggests Carrie Minnich in her blog from the CPA Center of Excellence. At the speed of sound or a simple click, an organization’s reputation can be devastated. For non-profits, the impact on reputation may be even more devastating. As Minnich points out, a hit to a reputation can result in loss of volunteers, lack of referrals, decrease in the win rate of proposals, and create difficulty in hiring and attracting top quality board and staff. She suggests as a starting point periodically “googling your organization to see what others are saying.” It is imperative that we are aware of what the public sees so that we can aggressively correct inaccuracies and mis-information. We also need to monitor third party websites such as GuideStar, the National Center for Charitable Statistics, and the Better Business Bureau to verify that their information about us is accurate and thorough. It is helpful to create forums for board members, staff, consumers and our community partners to tell us what they are hearing about our organization.

Possibly most important, we need to develop a culture and organizational values that drive how employees comport themselves: a culture where staff at all levels of the organization hold one another accountable for ethical behavior, creating an environment of “see something, say something.”

We must own our reputation and actively pursue strategies to communicate who we are to the broader stakeholder community. This requires development of a communication and social media strategy that is smart, conveys our message, and is consistently pushed out over a long period of time. And, we have to live up to this message.

According to Nonprofit Accounting Basics, a growing number of organizations are appointing individuals or creating executive-level committees to lead risk management endeavors. At The Fedcap Group we have not centralized this function, but have actively communicated the importance of risk management–including reputational risk—being the job of every employee. It is a topic of significant importance to executives across The Fedcap Group and discussed during every Corporate Week. We also have an agency-wide Brown Bag Lunch on this topic that I lead annually. It is a major component of our Leadership Academy and our Executive Institute. It permeates the conversations of our organization.

This threat is real. A 2016 investigation by The Washington Post found that over a four-year period, more than 1,000 major US nonprofits disclosed in federal filings that they had suffered a “significant diversion” of assets from internal wrongdoing.”

As Warren Buffet once said, “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that you’ll do things differently.”

I welcome your thoughts.

From Risk Management to Risk Leadership

From Risk Management to Risk Leadership

Almost daily we hear of new cyber security lapses, which are increasingly dangerous in our digital age and may affect all aspects of our operations from finances to employee records.  For this reason, it is imperative “to embrace risk leadership rather than just risk management,” said David O. Renz, in an article in Nonprofit Quarterly. Renz is the director of the Midwest Center for Nonprofit Leadership at the Department of Public Affairs in the Henry W. Bloch School of Management at the University of Missouri-Kansas City.

At an Institute of Risk Management (IRM) seminar this past June, various experts met to discuss just how “the role of the Chief Information Security Officer is evolving.” According to IRM, “risk management involves understanding, analyzing, and addressing risk to make sure organizations achieve their objectives.  It must be proportionate to the complexity and type of organization involved.”  They also point out that “risk is inherent in everything we do,” so the type of roles undertaken by risk professionals are incredibly diverse. They include insurance, business continuity, health and safety, corporate governance, engineering, planning and financial services.”  In other words, all aspects of our operations.

At The Fedcap Group we schedule regular, in-depth discussions about risk working to fully understand the nature and make up of our organizations’ risk profile.  Every discussion is intended to raise awareness and sensitivity to the potential risks in all areas of operations.  We have even devoted an entire module or our Leadership Academy to the concept of Risk Management with board members serving as guest faculty.

Our staff is the first line of defense, so risk awareness training means that with their daily dilligence, they are helping to protect the entire operation.  Our mantra has become “If you see something, do something or say something!”  Just as every person within the organization is a leader—every person plays a pivotal role in understanding and managing risk. 

MITRE CORP has developed a detailed risk management plan of “21 Musts” including a management culture that must encourage and reward identifying risk by staff at all levels of program contribution that I found very helpful.  (See link below).  In it the authors stress, and I agree, that risk considerations must be a central focus of program reviews, risk management must never be outsourced, and technology maturity and its future readiness must be understood.

As pointed out by David Renz, “delay or failure in responding to risk, positions an organization for an even riskier course.”

Managing the Strategic Risks That Come with Change

Managing the Strategic Risks That Come with Change

Change is inevitable in today’s market place.  If The Fedcap Group—or any other nonprofit—is to survive we must remain relevant and attuned to the evolving demands and the competitive environment.  I have learned that there are strategic risks leaders must address to ensure an ability to respond to a changing market.  This is certainly not an exhaustive list, but it hits the imperatives: 

Culture. It is imperative that leaders pay attention to the prevailing culture within the organization. We all know the phrase “culture eats vision for lunch”.   It is the truth.  Culture is really understood by spending time talking to people from throughout the organization.   Do not assume that you have a responsive culture because people are responsive to you as a leader.   Do not assume that you have an innovative culture just because people tend to be positive about change in a meeting.  As leaders, we have to work hard to develop a culture that embraces change as a way to improve the outcomes for those we serve.  We have to tie every decision, every new leadership position, every operational change, and every organizational improvement to this goal.   It has been my experience that the majority of staff will get behind an idea or a change effort—even if it is significant—if it is founded on improving the outcomes for those we serve.  

Talent.  While we may not start the change process with all of the right people at the table, it is imperative that as we move forward, we secure people with the needed skills and experience to execute and maintain a change initiative.  Recruiting and onboarding high-quality talent takes some time—so start now.   You will need both leaders and doers—and hopefully the same person does a lot of both. 

I look for people who are able to obtain buy-in from critical stakeholders, individuals who are able to dissect the effort and then structure the work to accomplish the tasks and who effectively create a sense of urgency.  

Technological Investments That Produce Data.  Lack of data is often a critical constraint to effectively undertaking organizational and programmatic change. Core legacy systems may not be able to provide timely and accurate information and analysis for business decision making. In other cases where organizations have grown inorganically through acquisitions, (such as The Fedcap Group) critical systems and data sets may not be seamlessly integrated to give comprehensive real-time insights on key business issues. Thus, often, core data and IT infrastructure have to be improved –and this often occurs AS process and operational changes are occurring.

Alignment in Priorities.  Effective response to the changing marketplace requires commitment, alignment and sponsorship from key corporate players.  Without the right level of commitment by all critical parties, change efforts can be delayed or become harder to execute. Misalignments do not always occur due to major disagreements or conflicts among stakeholders. Instead, they can occur because different key staff prioritize their work differently.  Thus, aligning the agency primary goals and change processes is required for organizational success. 

Clarity. Change efforts can also fail due to ambiguity about the end goal for the change.  When there is ambiguity of purpose—the project and system requirements may not be precisely specified. The programmers and developers of the system may provide their best interpretation of user requirements, but specific needs may be lost in the interpretation. This can lead to the development of systems that do not meet end user needs.

Getting Comfortable in the Unknown.  Prior experiences can be a very powerful constraining force. That ubiquitous phrase “this is the way we have always done it” is the death knell for effective change and response to an evolving marketplace.  It is imperative that staff at all levels become increasingly comfortable operating in the “gray”.   It’s natural to desire a clear direction and sense of control in our day to day work.  After all, the unknown can be intimidating.  But while it’s certainly comforting to have specific instructions provided at work, a constant need for clarity can limit the potential of any team. Changing habits can be hard and removing enablers of old habits is a critical talent shift if positive change and response is to occur.