With these examples of organizations suffering reputational damage because of social media, it’s evident that risk-based incident prevention pays more dividends than insurance packages, PR, and other attempts to recoup financial and reputational losses.
After United Airlines’ PR disaster, other major airlines publicized changes to their policies. Delta said in an internal memo that employees must offer up to $9,950 in compensation to give up seats on overbooked flights.
Here’s the kicker. Incident prevention isn’t just about having policies in place; it’s about making sure they’re being carried out. After all, United Airlines only offered Dr. Dao $800 to give up his seat before forcing him off the aircraft, while their policy specifically stated a limit of $1,300.
Why was the policy not followed? United involuntarily removes 8,500 passengers a year. It was only a matter of time before a resisting passenger was caught on a smart phone video and posted online. Although changing the compensation limit tenfold may seem like a nice PR move, if changes to the risk management program to ensure the policy is followed are not put in place, you can bet another scandal is around the corner.
What if United had leveraged a system that measured the effectiveness of policies in place? What if the sexual harassment incident reported by Uber employee Susan J Fowler had been escalated to the proper level and acted upon? What if there was an integrated system in place that required routine incident and policy risk assessment screenings?
The United Airlines and Uber scandals aren’t failures in writing proper policy. They’re failures in good governance through enterprise risk management. Operationalizing the risk management governance needed across the organization to prevent these scandals is not just recommended, it’s an obligation.
Every company, no matter its industry, product, or service, impacts employees, customers, stakeholders, and the community at large. Failure to do so will guarantee a repeating series of devastating scandals in the future. Just look at Wells Fargo, Chipotle, Kmart and thousands of other firms that haven’t made the news but have suffered the reputational damage among their customer base all the same for failures in risk management governance.
Fortunately, today’s ERM solutions can identify and assess risks and guide the proper controls and policies to counter them through effective mitigation and monitoring. Ultimately, ERM solutions help businesses achieve good governance through risk management by ensuring controls, policies, and other mitigation tactics are linked together operationally by tying them directly to specific operational risks.