Is Doing Nothing A Reputation Risk?

Tim Cook, CEO of Apple, recently issued an open letter on Apple website, publicly apologizing for the shortcomings in the Apple maps. The first paragraph reads:

“To our customers,

At Apple, we strive to make world-class products that deliver the best experience possible to our customers. With the launch of our new Maps last week, we fell short on this commitment. We are extremely sorry for the frustration this has caused our customers and we are doing everything we can to make Maps better.”

The purpose was to pacify the angry customers who found inaccuracies in the Apple maps. The words of the CEO mattered.

Now let us assume that none of the customers knew who the CEO of Apple is. They have not heard of the CEO before. The CEO visibility was zilch in media, social networks, business conferences etc. Would the words have mattered then? Wouldn’t the customers say – “Who is this guy? We never heard from him before and now he is giving excuses for horrid products?”

Managing an organization’s reputation is part of CEO/CXO job. When reputation risks occur, their communication is part of the risk mitigation plan. Hence, the effectiveness of risk mitigation plan is dependent on the CEO/CXO profile. Until here, I think you will agree with me.

Now let me ask you the difficult question. If the senior management of the organization does nothing to add to the brand or reputation of the organization, is it a risk?

Here is my argument. Normally, we take the following criteria for reputation risks.

Source- ICAI ERM Training Material

This measures only the negative impact. We talk about negative coverage in the media, but what about no coverage in media. In India, most of the CEO/CXOs have no media visibility and unlike the west, 90% do not give interviews etc. in the media. They even don’t have a social media presence and one can hardly find them directly interacting with customers. That is, except for traditional advertising of products in newspapers, magazines and television, there is no coverage of the organization and the senior management in the media.

Now let us see from risk management perspective. One of the strategic objectives of the organization is to build brand and reputation of the organization. The purpose of enterprise risk management is to give an assurance to the board that the entity is moving in the right direction to achieve its objectives. As risk managers, we focus if something goes wrong, but what if, the company is not moving at all in any direction – positive or negative – in meeting its objectives. Should we capture that as a risk?

Closing thoughts

Negative viral messages in social media tarnish a reputation in a span of few hours. It takes just one tweet to go viral. It will be very difficult for a company to defend itself if a company does not have a twitter account and reputation management plan. The same applies to executives. Now the thought process is either develop a brand or get branded. Silence gives an opportunity to others to put labels and develop negative perceptions. Continuous positive messages at a personal level need to go out about the brand for customers to have a favorable opinion. Doing nothing may become a huge risk.

4 comments on “Is Doing Nothing A Reputation Risk?

  1. Another great post Sonia. There is definitely a risk in doing nothing. Many organizations have not taken the plunge into social media. But I believe that because of the power of social media, someone somewhere is definitely discussing your product or service offering. Social media gives organizations the ability to shape and define their brand. It also provides a mechanism to attempt to correct/defend brand inaccuracies. Doing nothing allows others to quickly define your brand on a wide scale. I’m actually doing a webinar next month on managing social media madness. Thanks for another great post.

  2. Hi Soniaji,

    Another interesting post. Considering the definition of Risk as ” effect of uncertainty on Objectives” as per ISO 31000, one has to do something or atleast attempt to do something towards the set objectives , in this case “build brand and reputation of the organization”. But doing nothing for an established objective is making the situation certain that the objectives will not be achieved at least in the obsolute sense.

    Given the above , I wonder “doing nothing” fits the definition of risk and seem to be odd in the context of modern risk management approaches.

    Else, we may have to call this using another terminology or redefine the definition of risk taking into consideration of such cases.

    • Hi Mohamed,

      If you consider ISO 31000, then for risk treatment it specifies – terminate, transfer, treat and tolerate – the risk. Doing nothing in a way would come under tolerate a risk.


Comments are closed.