In an increasingly transparent world, failures in risk management within the widespread and nearly instantaneous reach of media outlets ranging from Facebook and Twitter to the Wall Street Journal have had destructive effects on companies like Uber. What started as an evidently ignored employee’s ‘incident report’ posted to a personal blog caught like wildfire only hours after she pressed the Share button. The blog caught the attention of the world’s most trusted news sources and cast a net so wide and so profound that skeptics and stakeholders began to question the future of the fast-growing ridesharing app.
The proceeding months led to a public investigation of Uber’s policies and identified a series of issues that tied back to risk management failures within executive management. More recently, these issues included an investigation into whether the (now former) CEO Travis Kalanick was aware an Uber engineer had stolen Google files before hiring him last year. Kalanick resigned under pressure from shareholders in June, and the company hired their new CEO Dara Khosrowshahi in August.
Similarly, United Airlines felt the wrath of social media when a video surfaced that showed local law enforcement physically removing Dr. David Dao from an overbooked plane. The aftermath of the video, and pending investigation into United Airlines’ policies, cost the company $250 million of its market value.
The loss in market share not only reflects a slow in cash flow; it reflects a profound blow to the company’s reputation. According to Vipal Morgan of the Wall Street Journal, intangible assets, such as brand reputation, account for 87% of the value of the S&P 500.
As said by Warren Buffet, “It takes 20 years to build a reputation and five minutes to ruin it.” Why is this? Because scandals cause outrage. Consumers are outraged that companies they once trusted to safely transport them from point A to point B failed them. Within moments of reading a single headline, valued customers began to question the hard-earned trust they instilled in these companies.
With these examples of organizations suffering reputational damage because of social media, it’s evident that risk-based incident prevention pays more dividends than insurance packages, PR, and other attempts to recoup financial and reputational losses.
After United Airlines’ PR disaster, other major airlines publicized changes to their policies. Delta said in an internal memo that employees must offer up to $9,950 in compensation to give up seats on overbooked flights.
Here’s the kicker. Incident prevention isn’t just about having policies in place; it’s about making sure they’re being carried out. After all, United Airlines only offered Dr. Dao $800 to give up his seat before forcing him off the aircraft, while their policy specifically stated a limit of $1,300.
Why was the policy not followed? United involuntarily removes 8,500 passengers a year. It was only a matter of time before a resisting passenger was caught on a smart phone video and posted online. Although changing the compensation limit tenfold may seem like a nice PR move, if changes to the risk management program to ensure the policy is followed are not put in place, you can bet another scandal is around the corner.
What if United had leveraged a system that measured the effectiveness of policies in place? What if the sexual harassment incident reported by Uber employee Susan J Fowler had been escalated to the proper level and acted upon? What if there was an integrated system in place that required routine incident and policy risk assessment screenings?
The United Airlines and Uber scandals aren’t failures in writing proper policy. They’re failures in good governance through enterprise risk management. Operationalizing the risk management governance needed across the organization to prevent these scandals is not just recommended, it’s an obligation. Every company, no matter its industry, product, or service, impacts employees, customers, stakeholders, and the community at large. Failure to do so will guarantee a repeating series of devastating scandals in the future. Just look at Wells Fargo, Chipotle, Kmart and thousands of other firms that haven’t made the news but have suffered the reputational damage among their customer base all the same for failures in risk management governance.
Fortunately, today’s ERM solutions can identify and assess risks and guide the proper controls and policies to counter them through effective mitigation and monitoring. Ultimately, ERM solutions help businesses achieve good governance through risk management by ensuring controls, policies, and other mitigation tactics are linked together operationally by tying them directly to specific operational risks.
Request a personalized demonstration to learn how LogicManager’s ERM software safeguards thousands of organizations from harmful pitfalls through effective enterprise risk management.