How Not-for-Profit Organisations Can Mitigate Reputational Risk
In 2012, a scandal hit the UK Royal Society for the Prevention of Cruelty to Animals (RSPCA), as it was found that the not-for-profit had been overzealous, spending millions to prosecute a small group of hunters. In the court case, the hunters were found guilty, but the presiding magistrate criticised the RSPCA for ‘spending millions’ on this single case.
The not-for-profit’s chief executive lost his job as a result of the scandal, and donations to the Society dropped sharply in succeeding years.
A besmirched reputation can be ruinous to a not-for-profit organisation.
“We all know how speedily news travels these days, not to mention how it leaves a lasting imprint on social media. When it’s good news, it can do wonders for your donor-attracting potential. However, anything that unhinges a good reputation can have quick, lasting and serious consequences. With money tighter than ever, it’s increasingly essential for not-for-profits to make sure they are prepared for any risks to their reputation. To keep building your respect, you need to make sure you’ve identified any potential weak spots and have a strategy in place for any potential problems that might arise. Do you have an action plan in place if one of your ambassadors is arrested for example, or if something false is printed about your organisation in the press or on Twitter?” writes Claudia Cahalane in a report for the Guardian Voluntary Sector Network.
Mitigating reputational risk means mapping potential threats
The first step for any not-for-profit in mitigating reputational risks is to map them – create a risk map. This is the same approach a risk management professional would take at a for-profit enterprise, but the context is different:
“Reputation risks can be difficult to map, as they are by their nature ‘consequential’ risks: Ones which arise as a product of other risks,” warns Zurich Insurance expert Victoria Bales. “Reputational damage is not something that can be planned for in a vacuum. They are the result of larger issues, such as changes to the funding landscape and new opportunities for public service delivery, or new cultural developments such as our increasing use of social media.”
Charities should establish a formal process for identifying vulnerabilities in different areas of their organisation – such as fundraising, frontline services, IT or communications – as well as the long-term risks to them overall. Once these are known, the next step is thinking about the kind of impact they might have.
“Would a drop in fundraised income inhibit the delivery of service, or would a cyber-attack threaten communication with key partners? The reputational thought process comes after establishing the scale of impact: how might such disruptions harm what others think about the organisation or influence decisions to work with it?” Bales asks.
“Establishing a consequence for each risk area is also an important step. In other words, what’s at stake? Questions not-for-profits can ask to establish this include:
- How bad would it be if this risk materialised?
- Would it limit our ability to continue “business as usual”?
- What areas of our organisation would be impacted?
- Who else would it impact: Our service users? The public? Our partners?
- Do we stand to lose anything, such as a contract or a donation, if this risk materialises?”
It’s important to involve relevant stakeholders when identifying risks, as the Institute for Risk Management points out.
“In this way you are less likely to overlook anything critical. You can hold a workshop, interview people or do an email survey. Consulting people is also a good way of raising awareness of risk, securing buy-in and making sure the risks get managed. This is important for monitoring and reviewing the risks in future.”
Mitigating reputational risk with an action plan
Once the answers have been established, it’s easier to know how reputation might fare as a result. Creating a proportional plan of action in response to these risks therefore becomes more straightforward.
A common way to approach this is to decide whether to Treat, Tolerate, Terminate or Transfer the risk, what the Institute of Risk Management calls “the 4 Ts.”
For the most severe risks, the plan should include what mitigating action to take. Boards must consider the impact it would have on your objectives, and how to forestall that impact.
“For example, if there is a risk of staff leaving the organisation, you need to understand what is driving their decision, whether the issue is poor morale or if salaries are higher elsewhere. Can they be replaced quickly? What cost is attached to this?”
In reality a risk might have a number of causes, so remember that you might need to consider more than one course of action to address the risk. On the other hand, you might find that one action will address a number of risks. For example, a programme of staff engagement might improve staff morale and reduce staff turnover, as well as improving their knowledge and reducing the number of mistakes they make, the Institute explains.
“Don’t forget to consider the cost of any action you take and make sure it’s proportionate – you wouldn’t spend £1 million (US$1.27 million) to prevent a loss of £100,000 ($127,300) for example,” the Institute notes.
BoardEffect supports good governance
Not-for-profit board members require the support of a quality board portal like BoardEffect – it has all the tools to make them more efficient and better performing.
BoardEffect makes collaboration at the board level easy and secure – we serve over 200,000 users worldwide, providing competitive pricing and exceptional value.
It allows not-for-profit boards of directors in sectors from developing nation funding to healthcare to work together wherever they are, and with whatever device they are using – it is user-friendly, so no extensive training is required.
The BoardEffect platform has been developed to be clear, intuitive and elegant. This is particularly important, as the high-profile audience who use BoardEffect usually have other jobs and commitments. Ease of use has become our “true north” – ensuring that our system can be used successfully by those with any level of technology experience and comfort. We back this up with 24/7/365 training and support for all users.
Communication among trustees is safe, and sensitive data stored on the portal is protected by the highest grade of encryption. They can securely access board books and other documents and collaborate with other users electronically. Collaboration can include discussions, surveys, electronic voting and more. The platform has unlimited storage that can be configured for each group to work privately.
BoardEffect ensures the highest level of security through a five-part security programme. We encrypt data in transit through Transport Layer Security (TLS) and at rest (AES-256), have secure SSAE16 audited SOC1 and SOC2 data centres with fail-overs, mirroring, third-party penetration testing and 99.99% facility uptime. We also have disaster recovery and business continuity plans, specialised compliance modules for healthcare, intrusion detection systems and much more.