Cyber Risks: Your Cheatsheet for Cyber Terms
July 12, 2019Member Matters Issue #3, 2019
July 23, 2019Reputation risk is of great concern to the higher education sector. In the current competitive tertiary environment – with shrinking financial support, fiscal austerity, and changing academic demands – there are few Australian institutions that do not have a reputation matter in their top ten strategic risks. In this two-part series we look at two case studies of large corporations who have survived a great reputational disaster without suffering permanent reputational damage. What lessons can we learn and apply to the higher education sector’s risk management strategy?
Research and higher education institutions are heavily dependent on public funding sources, whether for educating students, conducting research, or implementing the programs desired by government. Risk registers reflect our recognition that public perception maintains stability and that public trust and untarnished reputations are a large part of the value proposition we offer the country.
Reputation damage manifests when an incident occurs which somehow reflects poorly on the operation and management of the organisation. Typical examples include:
- A large-scale or widespread financial fraud, which demonstrates a poor custodianship of public and donated monies
- Academic fraud that calls into question the accuracy and value of research conducted at an institution, again, frequently conducted at the public’s expense
- Administrative corruption or incompetence where the rules of regulators or the institution itself are systematically bypassed, resulting in widespread incidents of favouritism, harassment, personal insecurity, bribery, etc. For example, we see local governments dissolved by State Parliaments in cases where it becomes apparent that the local councils were so dysfunctional they could not be rehabilitated
- Privacy violations resulting from criminal, intentional, or accidental release of personal, medical, research or financial information of staff, students, visitors or contractors
- Poor academic standards whereby the graduates of an institution do not possess the skills expected from an awarded degree
In summary, some type of incident, accident, or example of mismanagement must take place, which falls so far below the expected standards of the sector that significant stakeholders decide to suddenly withdraw their support. Stakeholders could include regulators, governments, students, parents of students, research partners or funders, staff or philanthropic supporters. The cost of a major reputational loss could be extremely significant to an institution and hinder it from meeting its objectives, therefore, this category of risk deserves to be part of the “Top 10”.
Risk Management and Reputation Risk
In some ways, risk management as a professional discipline is a great deal like the discipline of engineering. Both professions richly incorporate past failures, disasters, and mistakes into the teachings of their discipline. How are we able to build such elaborate and complex bridges today? It is because engineers have closely studied all their past bridge failures and incorporated the knowledge gained from past bridge collapses to prevent future bridge collapses.
The risk discipline is not dissimilar. Many risk management learnings come from the detailed dissection of past accidents, incidents, emergencies, crisis and disasters. For example, if we are asked to develop procedures to improve risk communication during large bushfires, the first place the risk professional will look will be in past Royal Commission reports and whitepapers on bushfire tragedies. They would examine the mistakes of the past as highlighted by past investigations and develop risk mitigation programs to prevent past mistakes from reoccurring.
Not all disciplines look so closely in to the ashes of past failures. An example would be the various disciplines in business. They don’t wait for the bridge to collapse to understand what’s gone wrong, but rather look closely at what is working well and try to learn from that positive experience: lessons from success rather than lessons from losses.
Of the risk management areas that rely most on the examination of past crises, reputational risk management probably leads the way. Much of the literature about the mitigation and treatment of this risk is full of examples of past failures to do so. Corporate examples such as Andersen Consulting, Johnson & Johnson, and Monsanto dominate.
Examples of loss-causing reputation risks include accounting failures, IT incidents, quality breakdowns, project failures, customer service snafus, and operational blunders. These incidents result in reputational hits, with ramifications ranging from business interruption to corporate collapse.
While there is nothing wrong with stirring the ashes of past fires, looking for future meaning, risk professionals can learn from other sources as well. As business professionals look at successful companies, perhaps risk professionals should look for examples where major reputational damage did not occur as anticipated. Are there “Teflon entities” to whom reputational damage does not stick? And why is that?
The Boeing Example
There is perhaps no greater matter of reputational damage circulating in the media today than the problems facing Boeing over its recent 737 Max crashes. Such reputational loss incidents strike at the heart of Boeing’s corporate value proposition to their civilian aircraft customers, which seeks to find the balancing point between two features: safety and economy. The struggle to achieve this balance between safety and fuel economy is where Boeing has found itself in its current reputational nightmare.
I have heard on numerous occasions the chant, “If it’s not Boeing, I’m not going.” Therefore, creating a reputation for public safety and trust is a high priority for the company. To the buyers of the aircraft themselves, economy is a strong competitive advantage. Operating margins are as thin as the upper atmosphere and planes which offer better fuel efficiency are highly prized.
Accordingly, in response to the introduction of a more fuel-efficient version of its leading competitor’s midrange aircraft, Boeing decided to introduce the fourth generation of its classic 737 model, with improved fuel-efficient engines and new winglets. The new engines were larger and had to be mounted higher on the wings, slightly changing the flying characteristics of the aircraft. To compensate for these changes, Boeing introduced new piloting software, called Manoeuvring Characteristics Augmentation System (MCAS), which automatically corrects the plane’s flight characteristics to compensate for the new engines.
At the time of writing, this model of aircraft has had two tragically fatal accidents, and ongoing investigations are focusing on the MCAS and the level of training that pilots receive in its use. Increased efficiency has seemingly compromised safety.
This is a classic, major reputational incident. The plane crashes made global headlines for months, resulting in the grounding of the 737 Max fleet and the cancellation of orders. By any normal measure, it has been a cataclysmic reputational loss for the airline, as it strikes at the very heart of key stakeholders’ perceptions of Boeing’s products. While internal and governmental investigations continue, and even the famous and universally loved Captain Sully has testified against the 737 Max, it is instructional for risk professionals to see how this reputation hit has affected the company now that the dust is starting to settle.
A frequently mentioned measure of reputational impact for commercial entities is, of course, share price. It is a direct measure of the confidence of those who financially support the organisation through investment, and a fast-moving barometer of what these stakeholders are thinking in respect of reputation. Research on using share price as a metric for reputational loss was first conducted at Oxford University, and can now be found at the firm Oxford Metrica by Rory Knight and Deborah Pretty.
If we examine share price for reputation-soiled Boeing, we see an unexpected result. We do see a brief, steady decline in Boeing share prices following the first plane crash in October 2018, from an average of USD$350 a share, down to around USD$316 at the end of 2018. Looking forward, however, the share price rapidly recovered in the first six months of 2019, in spite of the second 737 Max crash (in March 2019), to reach USD$440 a share in the third quarter of 2019. This surpassed its performance prior to the two crashes – not exactly the type of stakeholder punishment we would expect given the seriousness of this reputational hit.
Lessons from Boeing
Is there any risk management lesson we can take from this curious example?
In spite of suddenly losing billions of dollars in share value, all of which it quickly recovered and exceeded, we are looking to the apparent success of Boeing in light of this reputational damage. Boeing is considered an excellent investment by the world financial markets, on the “Shares to Buy List” despite the ongoing reputational damage.
I would suggest the following:
- Size does matter: Boeing is the US’s largest exporter and while it trades on its reputation of safe aircraft and product efficiency, it has other divisions, which were unaffected by reputational hit created by its 737 Max problems.
- Lesson for sector: Larger size and diverse operations may provide increased resilience to reputational loss – while larger size may mean wider publicity for reputational incidents, it may also afford a bit of a cushion when it comes to the financial impacts of a loss.
- Diversification: Boeing is far from a one trick pony, its other divisions cover military, space, rotary wing aircraft, missiles, and even something called “Phantom Works”
- Lesson for sector: Having a diverse value proposition is a possible tool for a rapid recovery. An emergency in the 737 product line can be balanced by buttressing other areas, improving their operations, and smoothing out the bumps. A loss or delay of 737 orders would have a very small overall financial impact on Boeing, a fact which has not escaped stakeholders’ notice. Perhaps being many things to many people is a mitigation tool.
- Make certain you are “loved” by as many of your stakeholders as possible: Boeing is a highly valued brand for which many stakeholders harbour a strong affinity. Boeing also appears to be admitting to its mistakes, which allows stakeholders to forgive.
- Lessons for sector: Deep emotional stakeholder investment is a mitigation tool. While not every institution can position itself as a flagship organisation, each institution can be highly valued by its stakeholder community. The community can be local, regional, or even national, but having a large group of people regard your institution as very important is key to riding out a reputational loss with minimal disruption.
While you’re waiting for part 2 of this series, read Emerging Risk Report 80 for more information about managing reputation risk and four things you can implement now to help address this risk.