Enterprise Risk Management Summit It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently. Warren Buffet Reputation risk is consistently one of the top ten risks of any executive / board level survey. Question: Why? As our business strategies shifted from selling products and services to selling experiences and solutions, we depended on brand and reputation to accomplish it. At the same time, technology advances gave consumers unprecedented access to information, communication, transparency, and global forums, which shifted the power from companies to consumers. It is essential in today’s world that reputation is linked with enterprise risk management on one end and crisis and business continuity management on the other end. Our brand and reputation are more important than ever before. So where does risk management fit into all this? We are all over the place! In risk management we are asked to work at the highest level with enterprise risk management to lowest level with business continuity management. We are expected to manage and respond to familiar (i.e., well-defined domain) and unfamiliar (i.e., complex domain) risks. We need to manage the traditional downside of risk as well as capitalize on the upside risk. To do our job we operate across organizational functions and domains but with limited authority and priority. We may be accountable for risk management; however, specific persons that work with the risk own it. It is our job to ensure we have the system, processes, capabilities, transparency, and the methodologies in place to allow people to properly do risk management. Linking enterprise risk and reputation with crisis management and business continuity is a challenge for us. We have to work within our confines of the organizational structure, which at times is design to change once a crisis has occurred; that is, crisis is the only catalyst for change. Let’s look at a few structural changes we can run into.

1. 1
Serious business play

2. 2
Linking reputation
management,
crisis management
& business
continuity
NOVEMBER 2016
Sean S. Murphy
CEO, Lootok
Andrew Miller
Executive in Training, Enterprise
Risk Management , ADP

3. 3
Speakers
Sean Murphy
CEO & President
Lootok
Andrew Miller
Executive in Training, Enterprise Risk
Management
ADP

4. 4
What we will cover
• Overview of the problem
• Enterprise risk management
• Reputation risk management
• Crisis & business continuity management

5. 5
It takes 20 years
to build a
reputation and
five minutes to
ruin it. If you
think about that,
you'll do things
differently.
—Warren Buffet

6. 6
World numbers
220KNumber of photos posted
on Instagram per minute
300KNumber of tweets per
minute
5BNumber of daily Google
searches
80%Percentage of Americans
online
4.9Average years of CEO
tenure at Fortune-500
companies
2.5MNumber of pieces of
content shared every
minute on Facebook
40-50Average year lifespan of
Fortune-500 companies
1.5BNumber of people with
pocket sized devices

7. 7
Our humble beginnings
It took mankind roughly 24,000 years to produce 5 terabytes of data. (250,000 years of DVD
quality video.
Venus of Willendorf
Circa 22,000 BCE
First iPod
2003

8. 8
Information
comes of age
We now generate 5 exabytes of
content every 2 days. (250,000
years of DVD quality video)
Today

9. 9
If I was down to
my last dollar, I
would spend it
on public
relations.
—Bill Gates

10. 10
Centralized vs. decentralized

11. 11
It is a lot easier
to start a fire
than to put one
out.
—Eric Dezenhall

12. 12
Too big to fail

13. 13
If you live by the
brand, you die
by the brand.
—Daniel Diermeier

14. 14
Build a common language

15. 15
Repetition
makes
reputation
and reputation
makes
customers.
—Elizabeth Arden

16. 16
Most of the measures common in the practice of
ERM can be placed in one of two categories: those
measures related to the degree of the
organization’s solvency, and those related to the
volatility of the organization’s performance on a
“going concern” basis.
—Casualty Actuarial Society

17. 17
Integrated assurance
• Governance, Risk
Management, and
Compliance (GRC)
• Mergers, acquisitions,
divestures
• Scenario Planning
INFLUENCE

18. 18
Consumer-centric
RUN DELIVER SELL

19. 19
Signals of change

20. 20
Reputational management
… by the time a more
conclusive picture of guilt
or innocence emerges … the
coverage has often moved
on, leaving the original
impression largely
unrebutted.
—Paul Farhi

21. 21
Trust Radar
Commitment Transparency
Empathy
Expertise
Daniel Diermeier

22. 22
Reputational Terrain
Society
Importance
Audience Interest
Daniel Diermeier
Low
Low
High
High
Facts
Analysis and
Interpretation
Stories
Live Updates

23. 23
Media

24. 24
Intelligence

25. 25
Crisis & business
continuity management

26. 26
Crisis management

27. 27
Crisis communications

28. 28
Business continuity
Risk assessment 9 Rs
Relocate
Reassign
Repair/replace
Reinforce
Replicate
Redundancy
Risk transfer
Relinquish
Rapid

29. 29
Crisis cards
What do these words mean to you?
• Crisis
• Incident
• Interruption
• Disaster
• Catastrophe
• Disruption
What are the criteria for a crisis?
• Public knowledge?
• Injuries/fatalities?
• Financial loss? What amount?
Fragments of blue
plastic are found in
your product in the
morning. All product
from the previous
day’s production are
still within your
control.

30. 30
Prioritization activity
Attackers & defenders
Identify your most vulnerable high impact
equipment items using competitive strategies.

31. 31
Attackers
Instructions
• Try to cause maximum damage
to the business by attacking
three equipment items.
• Write your selections, why you
chose these items and how you
would attack them.
• When done, fold your card in
half.

32. 32
Defenders
Instructions
• Try to keep the business afloat
by choosing three equipment
items to protect from the
attackers.
• Write your selections, the
strategies you would use, and
your reasoning for doing so on
the back of your defender
cards.
• When done, fold your card in
half.

33. 33
Let’s play!

34. 34
Questions?

35. 35
Thank
you!