New research shows that businesses across Australia have room for improvement when it comes to adequate preparation to manage reputational risk.
The “Reputational Risk Australia 2019 Survey Report”, published by global firm Norton Rose Fulbright, was compiled based on responses from 132 senior business and government responses across Australia. It found that 51 per cent of businesses don’t have a crisis management committee, and of those that do, 41 per cent of committees don’t regularly conduct scenario analysis or simulation exercises.
It also found that 43 per cent don’t have a crisis management protocol in place, and of those that do, 40 per cent haven’t reviewed those protocols in more than one year.
Elsewhere, it found that 31 per cent do not use risk scenarios to estimate potential impact of incidents, 25 per cent do not perform regular audits of organisational processes to identify compliance breaches, 20 per cent don’t organise training to mitigate reputational risk and embed awareness into the organisation’s culture, and 14 per cent have no policies in place to address key reputational risks.
That all said, the dial is moving in the right direction in some of these areas, NRF noted, compared to responses in 2017.
“For instance, while 21 per cent of respondents in 2019 admit that they don’t organise specific training on reputational risk, this figure was closer to half of respondents in 2017. The trend is encouraging, showing signs of maturing risk management and compliance practices,” the firm wrote.
“However, the less prepared among respondents are leaving themselves and their organisations exposed to some of the serious consequences of reputational damage. One in four [has] not conducted regular reviews of organisational processes to identify compliance breaches and one in five [is] also failing to eﬀectively embed compliance requirements through training.
“These statistics [suggests] that some organisations may be placing undue reliance on the mere existence of rules and policies to do the work and ignoring the reality that eﬀective compliance requires more active engagement and ongoing monitoring.”
When it came to measures taken to mitigate the potential impact of reputational damage, NRF continued, most respondents appear to have strengthened governance and risk management and reporting processes (77 per cent).
“Similarly, a large proportion [has] also redesigned organisational processes to improve compliance (64 per cent) and implemented culture improvement initiatives such as training and education, and reward and recognition programs (64 per cent),” the firm wrote.
“The most significant change from 2017 has been a notable drop in responses regarding insurance. While purchasing insurance coverage for certain risks (such as product liability and cyber breach) was the top mitigation strategy in 2017 (78 per cent of 2017 respondents) this fell to the fourth most selected response in 2019, for only 58 per cent of respondents.”
In the same report, NRF found “interesting discrepancies” between board members and GCs in perceived threats to a company’s reputation.