July 1, 2021

Risk Management: Dealing with “Social Risk”

The latest episode of “CEOs Behaving Badly” reminded me that I’ve been meaning to blog about this Stanford article, which says many emerging risks faced by companies in the social media age fall under the heading of “social risk.” According to the article, social risk is:

A loosely defined term that describes events that impair a company’s social capital. We can distinguish it from other risks in that the primary  cause of damage is reputational, whereby an incident harms reputation and, subsequently, performance. In some cases, the risk event involves an interaction with the company’s products or services; in others, it is wholly unrelated to the company’s products and involves actions, decisions, or statements by a company affiliate. Either way, media attention (social or traditional) amplifies the impact, sparking a backlash that extends well beyond the directly affected parties.

The article offers up a couple of well-known incidents involving social risks – United Airlines’ heavy-handed removal of a passenger from an overbooked flight in 2017, and the fallout from “Papa John” Schnatter’s criticism of NFL player national anthem protests that same year.

The damage social risk inflicts on corporations is unpredictable – an event causing significant damage to one company might pass with little impact on another. That makes it difficult for management to gauge the impact of such an event at its outset. Furthermore, many social risk events appear immaterial from a financial standpoint. These factors make social risks difficult to identify and plan for under standard risk management frameworks. However, the article does have some specific suggestions about how companies may better position themselves to respond to these risks:

Use knowledge of the past to inform future plans. Companies can accomplish this by examining social risk events that have impacted peer groups and related industries. By developing a comprehensive history of social risk, management and boards can understand the variety of potential risks it faces and evaluate patterns in how risk events have evolved over time.

Conduct scenario planning to identify the highest likelihood risk events. This involves identifying events that are most likely to manifest themselves based on the company’s industry, profile, and vulnerabilities. Quantify the severity by looking at the potential impact on brand, product, suppliers, employees, and overall reputation.

Prepare responses and identify the resources necessary to prevent or mitigate the highest likelihood risks. Consider both preventative and responsive measures, over both short-term and long-term time horizons, and develop resources, programs, and policies to protect the company on an ongoing basis.

The article highlights the fact that many social risk events have a cultural or leadership component to them, and that it is incumbent on the board to evaluate how the company’s culture and leadership may influence its risk profile in this area, and to take appropriate action if those factors are deemed to increase risk.

John Jenkins