The Ultimate Guide to Enterprise Risk Management

Social media is a vast ocean of opportunities for brands. It’s also a dark sea full of risk.

Risk of being non-compliant. Risk of humiliation due to errant tweets. Risk of irreparable reputational damage. Like I said — a dark, scary, risky abyss.

Companies are aware of these risks. In fact, 71% of businesses are concerned about the potential risks of social media. But being aware is apparently not the same as being prepared. Only 36% of these same businesses engage in social media training and 33% have clearly defined social media policies.

Many brands are not taking enterprise risk management seriously.

And if you’ve seen any of the headlines regarding ‘accidental tweets’ and account hacks, the results clearly reflect this under-investment in risk mitigation. As social media grows and consumer expectations rise, these ‘accidents’ and ‘human errors’ will no longer be forgiven. Brands need to adopt a comprehensive risk management strategy.

They need to invest in the following three areas:

Social media compliance:

This means adopting the right technologies that will help them stay safe, yet agile, on social media.

Crisis management:

This requires creating a step-by-step plan for anticipating and managing social-media-related brand crises.

Social governance:

This involves forming a comprehensive framework for ensuring that your brand is represented in the right away — across all properties, channels and locations.

Social Media Compliance

The first step in staying safe on social: making sure your social media accounts are compliant. Without compliance, companies leave themselves exposed to multiple instances of financial and reputational damage:

• an individual with admin-level access has his/her social media network account hacked

• unreviewed posts containing false, misleading or mistaken information is published from corporate accounts

• a disgruntled (ex-)employee with admin-level access posts disparaging or confidential information

Being compliant as an organization means making compliance a priority internally and encouraging your employees to post wisely. It also means adopting enterprise-grade technologies to enforce this mindset across the company.

How to pick the right enterprise-grade vendor for your technology needs? Use our checklist:

Crisis Management

The next area in risk management is preparing your organization for the worst. Brand crises are hard to predict — even harder to prevent. But by preparing your organization for these less-than-ideal situations, you’ll be able to significantly reduce damage. A well-thought-out crisis management plan can be the difference between a X, formerly Twitter #fail and a brand catastrophe.

There are two typical types of brand crises: Flash Fires and Rolling Disasters.

Flash Fires

These are your social media nightmare stories. The intern who forgot to log off the company’s account. The angry ex-employee who has access to your brand’s native accounts. The list goes on. These crises escalate quickly and massively, but are not likely to have longevity.

Rolling Disasters

These are your website hacks, product failures or compliance issues. As time progresses, updates from news outlets will continue rolling in and more details regarding accountability and impact will unfold, requiring you to stay on top of the situation.

The way you handle a Flash Fire differs considerably from how you handle a Rolling Disaster. Before you start determining how to handle a crisis, you need to first identify it. So, how can you tell what type of crisis you have on your hands? We’ve provided a flowchart below to assist.

Now that you know what type of crisis you have on your hands, how do you go about handling it?

Best Practices for Handling a Flash Fire:

1. Know conversation drivers
   A celebrity who tweets about your brand will pack more punch than the ‘Average Joe’.  But influential figures won’t always take to social to say good things about your brand. That’s why your social media management system should offer influencer-based alerts that automatically help you identify and engage early on with conversation drivers.

2. Get the big picture
   Crises don’t just live on social media. They can sprout from blog posts, news articles, etc. In order to effectively manage crises, you need to look beyond what your social communities are saying. This is where adopting a social listening platform comes in handy — your platform should look for conversations about your brand across the web as a whole. It should give you a ‘big picture’ view of your organization, products, campaigns and even competitors.

3. Listen and act
   Today’s connected consumers don’t want you to just listen to their issues, they want you to act. Your social listening platform should not only monitor for conversations, it should allow you to act upon your listening insights. If there’s an issue bubbling up, having listening integrated into an existing CRM system allows you to respond to conversations in real time. Integration allows you to take steps to ameliorate the situation right away, rather than just being a helpless observer.

4. Acknowledge your mistake
   Don’t bury your brand’s mistake. The truth will find a way, even if you delete the incriminating tweet. Apologize — the sooner, the better — and offer an explanation whenever necessary.

Social Governance

Social governance is the third critical piece of a successful risk management program.

What is social governance?

Social governance involves anticipating every possible customer interaction to determine who is best-suited to respond, creating a map of how the interaction should unfold, deciding who is authorized to continue the relationship and so on.

It’s optimizing every possible customer touchpoint in order to deliver one, seamless brand experience.

When executed correctly, the outcome of social governance is simple: customers enjoy a positive, consistent brand experience. Proper social governance often goes under-noticed because there are no dramatic stories to tell. There are no headlines about the ‘tweet heard around the world.’ There are no highly-publicized security breaches. Great governance ensures that discussions around the brand stay focused on its great products and even better customer service.

Successful social governance allows innovation with guardrails.

There are eight focus areas that a governance framework must touch to truly protect a company from all angles:

1. Social Business Ethics

2. Technology

3. Security

4. Privacy

5. Social Program Governance

6. Employee and External Guidelines

7. Customer focus

8. Crisis management

How is your brand performing in each of these eight areas? Take the social governance quiz.

Instructions: Evaluate your brand’s performance along each of the eight areas, starting with Social Business Ethics. Give your brand a check if you’re currently in the Defined stage, another one if you’ve made it to the Instrumented stage and so on. Ideally, you should have all four checks for each of the eight areas.

Defined: A clearly documented and approved governance protocol should be put into place. This protocol must be internally published, revised and easily available to employees.

Instrumented: For all areas of the framework, multiple procedures are necessary to meet the appropriate goals. These operations should be prepared to scale for all teams across the organization. This means identifying bottlenecks and weaknesses in processes, so that teams can grow and improve.

Enforced: Once the processes and procedures are in place, they should be enforced with qualitative reporting on the organization’s performance. If standards aren’t being met, a plan should be put in place to enforce consequences for high-priority violations and maintain follow-up communications for lower-priority issues.

Dynamic: Just as so many aspects of social governance are continually evolving, so is the governance of each functional area. As social network policies change and new governmental regulations emerge, each piece of the framework should be regularly reviewed and revised.

There’s no doubt about it: creating a comprehensive plan for risk mitigation is no small undertaking. But without it, the inevitable issues that arise require even more time and effort to manage and repair.

Investing in enterprise risk management is investing in the longevity of your brand.