This article was originally published in 2015 and has been completely updated in 2020.
Do you include a risk management plan when you organize significant communication activities? A risk management plan should be part of every important communication activity so you can minimize the impact of potential problems and are not caught completely by surprise if something goes badly wrong.
Risks are present in all communication activities, especially in major undertakings. Communication activities may not appear to involve much risk, but closer examination shows risk is integral to communication. Think of the risks resulting from a bad reputation, in controversial public issues, corporate crises, major sponsorships turning bad, poor counsel to senior management, hyped product claims in marketing communication, and in major events gone wrong. Many risk management experts believe that reputational risk is the most important of all – a risk that can cost in the billions of dollars to the value of a major company when its share price plunges.
Definition: A business risk is anything that can that can prevent or reduce the likelihood of the organization achieving its goals and objectives.
Risks can be categorized into 5 broad types:
In PR practice and communication management, control of risks is especially relevant to activities like:
We only need to see the way Facebook has handled its responses to the various business blunders it has made to see the way the company’s reputation and share price have suffered in recent times. The company’s share price dropped nearly 40% in the four months from July to November 2018 due to revelations about the unauthorized handling of user information, security breaches involving 50 million users, and the company’s use of a PR firm to denigrate its competitors.
Communicators tend to focus strongly on reputation risks, which are negative events that will diminish the opinions that stakeholders have of your organization, and therefore stakeholders’ willingness to give their support.
Reputational risks relate to the likelihood of negative perceptions adversely impacting an entity’s income, brand, support, and public image. Reputation penalties can be huge. Just look at the crises experienced by major companies in recent years when they failed their operational and ethical obligations and paid major formal and informal penalties: BP (Deepwater Horizon explosion and oil spill – cost $62 billion), Toyota (airbag problems), Wells Fargo bank (fake accounts scandal) and Volkswagen (car emissions fraud)
A corporation with a low reputational risk is positioned to gain greater stakeholder support and enjoy higher returns. On the other hand, a company with high reputational risk is less likely to overcome a PR-related crisis. These companies are not in a position to withstand a drop in stakeholder support, and often suffer legal setbacks and major loss of revenue as a result.
I will be writing an article soon on managing reputational risk.
Risks are part of corporate life. You should be alert to corporate and operational risks because communication may be needed to address the problems they raise.
Risk management comprises the culture, processes and structures for effectively managing potential opportunities and adverse effects. The role of risk management is to identify potential risks, reduce the chances of those risks becoming reality, and to reduce the size of incidents if risks do turn into reality.
Effective communication is vital to contain cyberrisk, one of the fast-growing types of risk. Around half of all cyberbreaches spring from insider threats – created by the behavior of employees, including contractors and trusted third parties.
Key benefits from active risk management
The risk management process can also identify potential opportunities from risk, just as issues and crises can create opportunities as well as problems.
Basically, risk management is intended to answer three questions:
Risk reduction is the selective application of appropriate techniques and management principles to reduce either the probability of an occurrence or its impact or both.
Risk management should be a continuing process applied to all significant communication activities, especially when planning sizable new activities. Eight steps are commonly used for effective risk management:
The step of establishing the context involves identifying the key stakeholders. Risk management activities are more likely to be successful when internal and external stakeholders understand each other’s perspectives and are actively involved in decision making. The extent of any risk management actions for communication initiatives will reflect the corporate culture and risk management policy. The comms team needs to set objectives for risk management activities, and to establish criteria for accepting and treating risks.
Potential risks can be identified in various ways:
Analyzing a risk is about developing an understanding of the risk. Through understanding a risk and ways to minimize its impact, the probability and impact can be estimated, allowing a level of risk to be determined. The likelihood, possible impact and levels of potential risks can be evaluated using tables or matrices that show likelihood against impact. Impact of an event or situation could be a loss, injury disadvantage or gain.
The adequacy of existing risk management strategies, if any, should be reviewed in this step.
Here is an example of risk analysis for a sponsored road race:
Here is a further example of a risk assessment matrix from a business setting. It can be easily adapted to communication activities:
Conducting risk evaluation enables you to make decisions based on the outcomes of the risk analysis, about which risks need responses. The list of possible risks can be set in priority order according their rating, in a similar way to the ratings calculated in the above tables.
Also, the risks can be assessed in other ways. For instance, risks could be prioritized according to the cost of mitigation, the chance of occurrence, or the ease of action. Some of these approaches are obviously more rigorous than others and need to be developed within the corporate risk policy and criteria of acceptable PR risks.
Risks exist in all projects. Don’t skip the risk management process; failure to identify and document risks could end up killing the project. Creating, maintaining, and utilizing a risk register is a vital component of successful project management.Establishing a risk register for every significant project or activity is important so team members and stakeholders can quickly gain an overview of the risks involved. Team members, stakeholders and relevant end users should contribute to the development of the risk register. The risk register or risk log becomes essential as it records identified risks, their severity, and the actions steps to be taken. It can be a simple document, spreadsheet, or a database system, but the most effective format is a table, which can show considerable information quickly.
The risk register should be maintained as a management tool through a review and updating process that identifies, assesses, and manages risks down to acceptable levels. The register provides a framework in which problems that threaten the delivery of the anticipated benefits are recorded. Actions are then initiated to reduce the probability and the potential impact of specific risks.
Make your risk register visible to project stakeholders so they can see that risks are being addressed. They may identify risks you haven’t identified and give other options for risk mitigation. Some of the most widely used components of a risk register are:
You should review your risk register regularly, especially before progressing to the next phase of a project. Ensure your project sponsor is aware of the risks associated with the project.
Risk treatment involves identifying the range of options for treating risk, assessing these options, and preparing and implementing treatment plans. Potential risks can be treated and controlled to:
Few risks remain stationary – changing circumstances require close monitoring. Potential risks can be monitored and reviewed through:
Communication and consultation should be involved in every step because of the value resulting from being aware of stakeholders’ points of view. This ensures stakeholders are adequately informed and have the opportunity for input into the risk management plan, and can act to treat aspects of the risk applicable to them.
Try to avoid several common mistakes that prevent risk management plans from being effective:
Employers want communications professionals who continue to develop key skills Recruiters are actively seeking to place internal communications professionals who
The implementation stage of your PR plan will need to outline the various communication methods or channels to the key
Research has identified that the most important stakeholders of large organizations are employees – who come ahead of customers, suppliers,