Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘economist intelligence unit

IBM Survey: Social Media Impacting Threats From Reputational Risk

with 2 comments

More than 400 respondents in 23 industries across the globe agree: managing reputational risk is crucial to their business, and managing IT risk is a major part of their efforts. And, social media is cited as a major factor for those shifting more focus to their reputational risk management efforts. Learn what these respondents are doing — and what they’re overlooking — in the 2012 IBM Global Reputational Risk and IT study report.

So here’s a question for you?  What is your organization doing to more effectively manage its risk profile?

IBM recently released its 2012 Global Reputational Risk and IT Study, and the findings suggest that companies are viewing their IT investments through a new lens.

First, some background, and then a summary of the findings.

This study is an investigation of how organizations around the world are managing their reputations in today’s digital era, where IT is an integral part of their operations and where IT failures can result in reputational damage.

The report was written by the Economist Intelligence Unit, which both executed an online survey and conducted client executive interviews.

That included 427 senior executive responses from around the world, 42 percent of those being C-level, with 33 percent of respondents coming from North America, 29 percent from Europe, and 26 percent from Asia-Pacific.

The survey included industries that ran the gamut, including banking, IT, energy and utilities, and insurance.

Impact of Social Media On Risk

Corporate reputations are especially difficult to manage in an era when anyone with a smartphone and Internet connection can file their complaint with a single touch.

With social media sites like Facebook and Twitter boasting over 1.4 million people combined, there is now a highly visible and immediate alterative to a company’s own communications regarding its reputation.

Because of that, more organizations have introduced reputational risk as a distinct category within their enterprise risk management frameworks.

The study suggests that companies have begun to pay closer attention to the links between IT failures and reputational damage, and also examines how executives are attempting to protect their brands from what could arguably be called “a preventable glitch.”

So, drum roll, please.  Here’s a summary of some of the key findings:

  • IT risk management and investment directly supports a company’s reputation.  Reputational risk has evolved into an asset that is fundamentally supported by IT planning and investment.  78 percent say they included reputational risk in their own IT risk planning, and 75 percent say their budget will grow due to concerns for such. Eighteen percent indicate that spend will increase by more than 20 percent in the next 12 months.
  • The CEO owns it but shares it. When asked to name the top 3 C-level execs who owned reputational risk, close to two-thirds say it was shared across the C-suite. 80 percent of CEOs indicated it was theirs to win, followed by 31 percent of CFOs, 27 percent of CIOs, 23 percent of CROs (Chief Risk Officers), and 22 percent of CMOs.
  • Five characteristics of highly effective companies — they get reputational risk and invest in it. Of those who do, 83 percent indicated they have integrated IT into their reputational risk management regimes. They also perceive stronger links between IT threats and key elements of reputation (especially customer sat and brand reputation), and they also say they have strong or very strong IT risk management capacity (84 percent). Seventy-seven percent indicated they have well-resourced IT risk management functions, and are more likely to require vendors and supply chain partners to meet the same levels of control as they require internally.

Improving Reputational Risk Management: Best Practices

So what’s a concerned C-level exec to do? The study revealed several core strategies:

  • Be proactive rather than reactive. That is, be prepared to invest in developing comprehensive reputational risk management strategies that include robust controls on IT risks, particularly those related to security, business continuity and tech support.
  • Create an organization where IT managers collaborate with other risk management specialists. Together, they should be tasked with presenting a comprehensive profile of organization-wide reputational risks to senior management.
  • Engage in scenario analysis, especially with new and emerging technology. Don’t wait for the worst to happen — there are plenty of case studies to be used as a basis for “what-if” planning.
  • Assess risks across the entire supply chain. A failure by a downstream supplier can be just as devastating as an internal problem, and risk controls can be harmonized among key players.

A More Integrated, Holistic Approach

This more integrated, enterprise-wide approach to risk management — led by the C-suite on down — can help your organization increase the attention being paid to the direct reputational impact of IT risks, and help you mitigate those risks (including those stemming from the use of new technologies).

To learn more and to gain access to the full study, go here.

Managing & Mitigating Risk: The 2011 IBM Global Business Risk & Resilience Survey

with one comment

Once again, IBM has published a global business risk and resilience study, this year in partnership with Economist Intelligence Unit on behalf of IBM.

The study was conducted in June of this year, and included responses from 391 senior executives…Thirty-five percent of the respondents were C-level executives…About 39% were from North America,38% from Western Europe, 20% from Asia Pacific, and 3% from Eastern Europe.

Companies with less than U.S. $500M in revenue comprised 39% of the responses, and 48% of the respondents hailed from companies with more than U.S. $1 billion in revenue…The survey also covered a gamut of industries, including financial services (16%), IT and technology (16%), professional services (13%), manufacturing (8%) and healthcare (7%).

Click on the image to enlarge. The IBM Global Risk & Resilience Study revealed that to date, companies around the world are focused heavily on building out their resilience and risk plans, as well as putting the supporting technologies and processes in place to get them into effect.

Before I dive into the results, here’s the setup: Global organizations are increasingly emphasizing business resilience; that is, the ability to rapidly adapt to a continuously changing business environment. Resilient corproations are able to maintain continuous operations and protect their market share in the face of natural or man-made disasters as well as radical changes in the financial or economic climate. They are also equipped to seize opportunities created by unexpected events.

So, the question is, are they?

It’s a mixed bag.

The research suggests that more and more businesses will adopt a more holistic approach to risk management in the next three years ass they deal with growing uncertainty and the increasing interconnectedness of the varied risks they face.

That’s the good news, aspirational though it may be.

But in terms of today’s reality, the study indicated that only a minority of companies (37%) has implemented an organization-wide business resilience strategy…with 42% saying they’ll do so in the next three years.

Almost two-thirds (64%) say they have a business continuity plan of some sort, and a robust 58% have dedicated contingency plans for dealing with a variety of risks.

That’s the topline…now on to the deeper dive:

  • Larger organizations are more likely than smaller ones to have an integrated strategy.  They, of course, typically have more to lose, and complexity increase’s an organization’s exposure to risk. Larger firms are more likely to have assigned overall responsibility for enterprise risk management to a single executive (which means, of course, direct accountability). Still, there is a contingent of small companies that have adopted integrated strategies. These companies also rank highly with regard to indicators of success such as revenue growth, profitability, and market share.
  • Continuity, IT and compliance risks remain in the foyrefront, but companies are diversifying their strategies to build business resilience. Nearly 40% of respondents say their organization regards business continuity as primarily an IT issue. However, when they’re asked to name their “primary risk management concern,” some name more than one, including disaster recovery (47%), IT security (37%), and regulatory compliance (28%). Though most have started by addressing the largest threats first, they increasingly are expected to turn to such things as communications and training programs designged to build a more resilient culture overall.
  • Business resilience planning increasingly involves specialists from across the organization, yet CIOs and IT pros remain the most prominent stakeholders.  Hey, what happened to sharing the love…and the risk??  Because a culture that imbues responsibility for risk management at every level enables companies to respond to changes and unexpected events. A solid majority of respondents (60%) say that business resilience is considered a joint responsibility of all C-level execs. Yet as IT penetrates more deeply into every aspect of company operations, CIOs and IT pros remain key players in building more resilient organizations. Fifty-six percent of respondents say the CIO collaborates with top IT strategists much more frequently than three years ago.

Click on the image to enlarge. Silos, budget and predicting ROI were cited as the biggest barriers in the study to adopting an holistic approach to business resilience and risk.

How Can I Better Manage Risk Moving Forward?

In most organizations, improving business resilience requires a shift in corporate culture because that is what shapes values and behavior. If a company’s culture blends risk awareness with other corporate values, then people instinctively know the right thing to do when confronted with an unexpected situation, and that reduces risk.

Understanding these principles is a good first step, but in interviews, executives are clear that buy-in from the top is essential to foster broad organizational change. Promoting holistic risk management concepts to peers and employees is also critical.

Taking an incremental approach with broad participation in strategy development can help, because it is easier to promote change if a new initiative is not seen as being pushed by one particular faction.

Senior-level commitment and adequate resources are also needed to develop comprehensive communications and training programs to support integrated risk management. One of the distinguishing features of the most resilient companies is that they are much more likely than other firms to have developed a communications strategy to push the message of resilience out to every corner of the organization.

Companies that embrace these measures are more likely to create an effective business resilience plan. This will provide a robust foundation on which to build a long-lived competitive position supported by end-to-end risk management.

Go here to download the full report.

%d bloggers like this: