Several nonprofit organizations have had their reputations tarnished recently. The National Restaurant Association had its 15 minutes of fame via Herman Cain. Susan G. Komen for the Cure is still reeling from its decision to defund Planned Parenthood. Penn State University (PSU) has been handling the repercussions of a grand jury report of child abuse allegations against former assistant football coach, Gerald (Jerry) A. Sandusky. Unfavorable media coverage is every organization’s worst nightmare.
Quantifying reputational risks is hard because the financial impact can take months to appear. The association may experience a decline in membership, advertising revenues, donations, or sponsorship that won’t be known for awhile. How do you know if you are still attracting or retaining members, students, talented employees, volunteers or board members? But there can be substantial upfront costs when your reputation is being attacked. Penn State has disclosed scandal offers insight into the initial costs of managing its reputation.
Penn State established a website, http://openness.psu.edu/, to demonstrate its commitment to openness and transparency. The site details the costs associated with the scandal.
Costs to Penn State
Protecting your reputation is not cheap. Penn State disclosed that as of January 31, 2012, it had paid $5,723,553 to respond to the Sandusky incident. (F.A.Q. 14. How much money is the University paying for legal fees, consultants and PR firms associated with the Sandusky matter?)
- Internal Investigations and Crisis Communications $3,936,137
- University Legal Services/Defense $ 813,427
- Externally Initiated Investigation $ 49,788
- Officers Legal Defense $ 338,545
- Other $ 558,656
The University states that it will not use donations or tuition fees to pay for the scandal. Some of the costs may be covered by insurance but much of it will be “out of pocket.”
The University’s bylaws [Article 5, Section 2 (a)] state that “except as prohibited by law, every trustee and officer of the University shall be entitled as a right to be indemnified by the University against expenses (including counsel fees) and any liability (including judgments, fines, penalties, excise taxes and amounts paid in settlement) paid or incurred by such person in connection with any actual or threatened claim, action, suit or proceeding, civil, criminal, administrative, investigative or other.”
Penn State promises to reimburse every trustee and officer for their expenses and any resulting liability from this scandal via its bylaws. The indemnification provision does not include employees so it is unclear what protection Penn State will provide to its non-officer employees.
General Liability Insurance
Penn State is relying on its general liability policy to cover many of the lawsuits and allegations arising from the Sandusky scandal. However, according to Business Insurance, the University’s general liability insurer, Pennsylvania Manufacturers’ Association Insurance Company (PMA), filed for declaratory judgment or basically denied any coverage for the lawsuit filed in November 2011 (alleging Penn State’s negligence related to Mr. Sandusky’s alleged sexual misconduct). PMA asserts that Penn State is not entitled to coverage and defense under certain policies issued by PMA mainly because of an abuse and molestation exclusion. Penn State has countersued PMA over its refusal to cover the lawsuit (Penn State sues insurer PMA in dispute over Sandusky case coverage).
So now Penn State is paying for its own defense against this lawsuit (probably only the first of many). Plus the University is funding its legal expenses to sue its own insurance company – never a cheap endeavor.
Directors & Officers Liability
On a brighter note, Penn State’s D&O policy may provide some coverage including defense costs. But coverage is dependent upon the terms and conditions of the policy such as how it defines “wrongful acts,” “claim,” and “insured.”
Some of the defense costs for both the entity and its directors and officers may be covered by the D&O policy. But a D&O policy usually excludes coverage for bodily injury claims so that policy won’t cover the specific negligence allegations.
Penn State has already spent almost $4 million in internal investigations and crisis communications which is probably not covered by insurance.
Lessons to be learned
Crisis Management Plan
If you haven’t already, develop and test your crisis management plan. The need for a crisis plan is reinforced every day with the power of social media (Trayvon Martin, Kony 2012, Arab Spring). Social media can both generate and respond to a crisis.
When you are prepared you can strive to keep the initial costs low since many of your actions may not be covered by insurance. Penn State probably had a crisis plan but doubtful it addressed the possibility for allegations of child abuse especially one involving its football program.
What does your bylaws or other corporate indemnification provision say about directors, officers, employees, volunteers, etc? The provision is probably rather broad and not all costs will be covered by insurance.
Review your insurance coverages
Meet with your insurance agent to review your coverages; use these current crises to analyze your coverages and limits. Remember several liability policies such as D&O, professional liability, media liability and others may include defense costs inside the policy limits. Penn State has already paid over $1.1 million in defense expenses; it’s not unusual for defense costs to exceed the settlement.
No one likes to think about bad things happening but they do and often occur to good people. It is only a matter of time before your association experiences unfavorable attention. Be prepared – it may save your association.
It has been weeks since the Great Virginia Earthquake of 2011 but we Easterners are still talking about it. While our West Coast friends laughed at us for our naiveté as we stood around wondering what to do in an earthquake. Afterwards, many associations and businesses scrambled to get their employee handbooks and disaster recovery plans updated. Of course it will probably be another 100 years before we have another earthquake but I’m all for being ready.
However there is still a lot of misinformation about what to do in an earthquake. Do you or don’t you get under heavy furniture? Do you sit against an inside or outside wall? When do you leave the building? And so on. So being a risk manager I did some research and decided to rely upon the Federal Emergency Management Agency (FEMA) and the American Red Cross (Earthquake Safety Checklist) for the best information. Both of these sources focus on protecting your home but the same tactics apply for businesses.
Before the Earthquake
You can take some preventive measures to reduce the damage from an earthquake by securing large objects and latching cabinets. Most were lucky with pictures knocked over but the National Cathedral suffered millions of dollars worth of damage.
According to FEMA, What to Do Before an Earthquake, first check for hazards in your home (or office) and find safe places. You should have emergency supplies, a communications plan and work with your community for earthquake preparations. Historically, the earthquake causes some damage but the greater risk is fires from broken electrical and gas lines. In the 1906 San Francisco Earthquake fires from broken gas pipes and electric lines caused most of the damage. Therefore you need to know how to shut off the utilities in your home and office building.
- DROP to the ground;
- Take COVER under a sturdy table or other furniture;
- HOLD ON until the shaking stops;
- Stay AWAY from glass, windows, outside doors and walls, and anything that could fall, such as lighting fixtures or furniture (bookcases, file cabinets, large pictures, etc)
- Stay inside until the shaking stops and it is safe to leave the building.
After the Earthquake
FEMA’s suggestions are to get to a safe place, expect aftershocks and listen to radio, television or social media channels (I added that one) for the latest emergency information. Cell phones and landlines become inoperative quickly so rely upon text messages to communicate. Also the American Red Cross has its Safe and Well website where you can register that you are safe and well. You can also search for other registrants. Many people use their Facebook pages as a check-in site so decide within your family how you will communicate after an earthquake.
If you can and it is safe, help injured or trapped people and administer basic first aid. Also check for hazardous materials such as chemicals, bleach, gas and gasoline. If you can safely clean up the spilled materials do, otherwise keep others away from the dangers.
A little preparation goes a long way whether it’s an earthquake, hurricane or fire. Make your plans for your home and family as well as your business and office. When people know what to do it improves their chances of surviving a disaster. Take the time now to make your plans.
After the recent Virginia earthquake, many people asked about the need for earthquake insurance. Let’s do a risk assessment.
Earthquake is not the risk but rather the peril or cause of loss for damage to property. A building can sustain structural damage, walls crumble and ornate facades, pinnacles and spires fall off. Heating, ventilation and air conditioning equipment if not secured properly will shift and be damaged. Broken gas pipes and electrical wiring create other dangers. The shaking can make interior walls collapse, file cabinets, large furniture and other objects tip over, and pictures fall off walls.
If the quake caused any significant direct property damage your business operations will be interrupted. During the interruption your association may lose income (rental fees, dues, sales, conference registrations) or incur added expenses to keep up operations including setting up a temporary office.
During the analysis phase we consider the frequency (how often) and severity (dollar loss) potentials of earthquakes. The U. S. Geological Survey (USGS) is a tremendous resource all things earthquake.
USGS suggests you find your proximity to active earthquake faults, the seismic history of the region (frequency), and how long since the last earthquake. On the East Coast earthquakes are relatively low in both frequency and intensity. However the New Madrid Fault in southeastern Missouri and western Tennessee has a higher probability of a significant earthquake. The West Coast including Utah and Nevada has a higher incidence of earthquakes. USGS’s 2009 Earthquake Probability Mapping site enables you to check the probability by zip code.
As we say in the insurance world “frequency breeds severity,” so the more earthquakes in a region the greater the chance for a significant event. Alaska is the most earthquake prone state but California has had the most substantial earthquakes.
When assessing severity consider both the potential intensity of an earthquake and your building’s and office’s susceptibility to damage. Brick buildings don’t do well in earthquakes while frame construction fares better due to its “flexibility.” Other construction types depend upon its level of “earthquake resistance.” Buildings in California are more earthquake resistant than in other parts of the country. You also need to consider the soil composition, slope of the land and annual rainfall to assess severity.
You can purchase earthquake insurance as an additional peril under your property insurance policy (personal and commercial). The premium depends upon your location (proximity to faults) and building construction. Earthquake insurance is much cheaper on the East Coast than the West Coast. You can buy coverage for the full value of your property or as a sublimit.
Another factor is the size of the deductible. On the East Coast your deductible may be as low as 2% of the property values while in California your deductible would be 10 – 15% of the property values.
While assessing the need for earthquake insurance, determine the property values subject to loss by an earthquake. If the property values are low and you have a high deductible, the claim may be under the deductible. If you own an older building with ornate features you may sustain more damage than a newer building. The East Coast quake caused damage mainly to churches and older brick buildings where it might be appropriate for earthquake insurance.
If you are still undecided, ask your insurance agent to get a quotation for earthquake insurance. Knowing the cost and deductible can help you decide if you need earthquake insurance.
The Virginia earthquake awakened people to this exposure. We learned that few of us know what to do and unintentionally endangered themselves and others. Even if you don’t purchase insurance learn what you should do before, during and after an earthquake to protect people and property. After writing your new procedures don’t forget to train your staff. Be safe.
By Leslie White on August 2, 2011
During the CommPartners’ Learning Socially: Associations at the Crossroads Seminar, Susan Robertson, CAE executive vice president of ASAE and president of ASAE Foundation, mentioned a speech by Barry C. Melancon, CPA, chief executive officer, American Institutes of CPAs about risk. Association TRENDS selected Mr. Melancon, as its 2011 Association Executive of the Year. According to Association TRENDS Melancon said that “association executives ‘have an obligation to drive our individual associations forward,’ noting that this cannot happen without taking risks, finding an appropriate balance, and communicating effectively.” You can view his speech here (risk discussion begins around 16:00).
My heart warms when an association executive talks about risk especially one that practices good risk management. Melancon shared his view that an association’s board and key volunteers need to be willing to take risks. The association leaders have to recognize that not every effort will be successful or get the results expected. When an association tries something new and gets unexpected results it is not “failure” but rather an opportunity to learn and move forward.
Innovation and Risk
I’ve written about Innovation and Risk before that an association has to take risks to be creative but be smart about the risks it takes. Risk involves uncertainty; we don’t know the outcomes of our efforts. A lot of us are uncomfortable with uncertainty we still hold the illusion of control. We don’t know if that new service, program, membership model will have the results we want (or expect)? As Jamie Notter tweeted during the seminar
Jamie was talking about social media but the statement holds true for other activities. Some associations are still offering the same arguments against social media – what if someone says something bad about? An employee or member misbehaves? In my first guest post for SocialFish, The Hidden Risks of Social Media: It’s Not What You Think, I declared the greatest social media risk is not being an active participant. If you use social media you are aware negative comments and can respond accordingly. Therefore,
The greatest threat to an association’s survival is to not take any risks; not trying something new or moving forward.
Or another way to say it is failure to take risks leads to failure. Albert Einstein defined insanity as doing the same thing over and over again expecting different results. If you don’t change what you are doing the results won’t change either. The downward spiral will continue until your association becomes completely obsolete and out of business.
Risk Management as Change Agent
So how do we get out of this insanity loop? How do we start taking some risks? A risk averse association isn’t going to change simply by a board or CEO edict; this requires a cultural change. Change doesn’t come quickly to many people or associations but the practice of risk management provides techniques to facilitate change and address people’s fears.
Risk management is about learning to deal with uncertainty; not knowing how people will receive a new initiative or when something bad may happen such as an auto accident, office fire, employee injury, or anything else that goes wrong. You first need to know how your management team and board feel about risk – their appetite for risk, tolerance for uncertainty. If risk averse, you have a bigger challenge to get them comfortable with risk and uncertainty.
Another way risk management is a change agent is by putting risks into perspective. Our first reaction to an idea is its too risky but after evaluating the potential outcomes we realize it is not so bad. The risk may be acceptable or can be mitigated effectively. A part of implementation is to set up the metrics to measure the impact of the change. Through the metrics you find if the results are what you expected or if you need to change some aspect of the project.
Remember everything has its risks but each decision also has the possibility of reward. The new membership model, chapter re-organization, or volunteer management tools may be successful, even exceed expectations. But you won’t know until you do something. Push through the fear and inertia by managing risks. You’ll be amazed at the results.
Many consider risk management the language of “NO.” “No we cannot do X because it is too dangerous or risky.” But this decision is usually made too early in the risk management process before the organization has analyzed its risks to decide if they truly threaten your association. To be effective in managing risks you have to follow all the steps in the risk management process starting with (1) risk identification and (2) risk analysis and prioritization.
Identifying risks seems pretty easy where you just sit around and brainstorm everything that can go wrong with an idea. However the brainstorming approach is limiting and less effective. People’s personal knowledge and worldviews restrict their ability to discern when a good idea is stopped or a more dangerous project goes forward.
Instead of just brainstorming possible negative outcomes you should be identifying all potential events (positive or negative) that affect the organization. To increase your chance for success use a more systematic identification method. The process starts with identifying the values exposed to loss (people, property, income, business operations). Then look at the possible events that can cause a loss. The cause or peril can be natural, human or economic coming from an internal or external source. There are risk checklists and other means of identifying risk available based upon your association’s needs and operations.
The second step of the risk management cycle is to analyze and prioritize the identified risks. Many overlook this step and make decisions based solely on their personal perception of the risk. Without analysis, risk becomes an emotional issue; we are considering the loss of something of value. Each person perceives risk differently (Read Risk and Fear: How Do You Perceive Risk?) and reacts based upon their beliefs. Human beings are not rational; we don’t always act in our own best “rational” interest but our emotions. Many exposures especially liability generate fear that equates to risk for many folks. Fear affects your decisions that may or may not be in the best interests of your organization.
Risk analysis offers a practical and rational approach to counter the emotional responses to risk. In this phase we decide how likely and often an identified event will occur, its potential “frequency.” If you live on the Atlantic or Gulf Coasts there is a higher probability of a hurricane than in the Midwest.
After assigning the level of frequency of an event, you have to rank the potential severity when it happens. Severity is usually evaluated in financial terms – how much it will cost – but can also consider non-financial factors such as reputational damage.
The process of assigning frequency and severity rankings helps people to recognize their fears and perceptions of risk. For example you may be a risk-taker in a group of risk-averse people so you need to acknowledge and address their concerns.
After analyzing the risks we can set our priorities for managing these risks. Not all risks are equal some are more important than others. Through frequency and severity analysis you decide which risks need to be addressed first. Generally any risk with a high severity ranking has to be managed or avoided. An exposure with both high frequency and high severity should be first on your priority list. A low-frequency – low severity risk can perhaps be ignored. By setting priorities attention is focused on managing the most important risks improving your chances for success.
Don’t just identify your risks. Without analysis and setting priorities you can’t be confident you will manage the right exposures and make the best decisions. Analysis enables a full understanding of the risk and selecting the most proper management techniques. Anything less leads to bad decisions and possible harm to your association.
With apologies to my more liberal-minded friends . . .
Risk management is one of those nebulous terms that we all interpret personally. Some think it is a complex, time-consuming process that is only helpful to larger organizations. Others believe it is impractical and/or not worth the effort. You may think it’s valuable but have no idea how to apply its practices and principles to your daily operations. Finally a few have incorporated risk management into their organizational culture and use its concepts daily.
Risk management is simply what you do to prepare for the unexpected. No matter where you are on this continuum, risk management is a part of your daily life if you wear your seatbelt, lock your doors, use passwords or do other everyday tasks. You don’t know if you any of these events are going to occur but you are prepared. The same principle applies to your association.
But how do you prepare for the unexpected – it’s unexpected? Donald Rumsfeld’s “Unknown unknowns” speech offers an explanation.
Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don’t know we don’t know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.
Rumsfeld went on to say, “The absence of evidence is not evidence of absence, or vice versa.” He expanded on this in a speech at NATO Headquarters in June 2002:
There’s another way to phrase that and that is that the absence of evidence is not evidence of absence. It is basically saying the same thing in a different way. Simply because you do not have evidence that something exists does not mean that you have evidence that it doesn’t exist. And yet almost always, when we make our threat assessments, when we look at the world, we end up basing it on the first two pieces of that puzzle, rather than all three.
People minimize the need for risk management by the absence of evidence (nothing bad has happened yet). However that doesn’t mean it won’t happen (not evidence of absence). Your association may not yet have had a fire, an auto accident, a social media nightmare, a disruption to your annual meeting or the sudden loss of a key person but that doesn’t mean it can’t happen.
For associations, the “unknown unknowns” are a serious threat because you don’t plan for the unknown event. There will always be “unknown unknowns,” new risks arise, but other people are familiar with these unknowns. A formal or structured risk assessment can help you uncover some of the “unknown unknowns” and plan accordingly.
The foundation of a risk management program is a risk assessment (where you identify and analyze the risks). Through the process you decide if the risks are manageable or significant enough to change your plans. You may decide that your association is not ready to develop that new service until you gather the knowledge and resources needed to do it correctly.
Risk management is not only concerned about “unknown unknowns” but also the other two types of “knowns.” Among the “known knowns” which ones have you addressed? Is your business continuity plan current? Have you assessed and managed the risks associated with volunteers, people driving their cars on your behalf, or employee theft? Employment-related incidents still plaque associations, so what’s the condition of your employee handbook and supervisory training?
“Known unknowns” often cloud our decision-making. Social media terrified many associations because it was a big unknown. Some associations decided to identify, analyze and manage the risks while others just stayed away or prohibited its employees from participating. My assessment of social media risks determined it was manageable and the greatest business risk was to not participate in social media.
You can only be ready to respond to outcomes (good or bad) of a potential event if you have identified what could go wrong (or right) and what you are going to do to try to prevent or respond to the event. Jump in and explore both the “knowns” and “unknowns” to advance your association.
While talking with an association executive about his insurance program (I’m quite a hoot at cocktail parties) he described his insurance broker as good because he returned calls promptly. Responsiveness is the most common criteria for judging insurance agents and brokers but there are other factors to consider. Timely responses are desirable but the quality of the answers, the other services provided and the appropriateness of the insurance coverages recommended are critical to protecting your association.
For full disclosure, I am not an insurance agent or broker (tried it for six months, not a good fit) but assist clients in managing their property and liability insurance programs including broker selection. I always answer insurance questions by telling people how important it is to have a knowledgeable, qualified insurance agent to safeguard their association or nonprofit.
Why is a good insurance agent so important? Because associations and nonprofits depend upon their property and liability insurance program to protect their organizational assets. An uninsured fire, auto accident, employment-related allegation, liability claim or lawsuit can bankrupt an organization. For something so important to your organization’s well-being it’s surprising how little time some executives spend on choosing their insurance professional.
For whatever reason, most association executives do not consider their insurance agent as a valuable, trusted business partner. Many are quick to call an attorney but rarely remember to call the agent to discuss the insurance implications of opening a new office or moving, having remote employees, buying a new vehicle, introducing a new program, product, service or event, or before signing a contract. Your insurance agent can’t advise you if you don’t keep him or her informed. No one wants an uninsured claim especially if insurance was available but not purchased.
Here’s what I think is important in judging and selecting your insurance agent or broker.
- Knowledge of Industry – Associations and nonprofits are unique so the agency should have extensive experience with that sector.
- Account Team Qualifications – Remember the person you see is the “producer,” the sales person. Find out about the “back room”, the people working on your account.
- Knowledge of Account – How much do they know about your organization? Have they done any research or just providing generic information about their services?
- Account Handling
- Responsiveness – How quickly do they respond to your calls or emails?
- Timeliness – Are they there even when you don’t know you need them? Set up pre-renewal meeting, account reviews, claims issues, etc.
- Credibility – Do you believe them? Do you trust them?
- Commitment – Willing to do what it takes to meet your needs?
- Claims Handling – Are claims handled promptly? Are they your advocate?
- Accuracy – Insurance companies are notorious for issuing policies incorrectly. Is the account team catching the errors? Doing what you asked? Is their proposal error-free?
- Results – Are you getting the results you want and deserve? Price is a poor method of evaluating your coverage and your broker. A very low price may mean extremely poor coverage and/or service.
My advice is to conduct a broker selection process rather than have multiple brokers get quotations for your account. In June 2007 I wrote How Many Agents? Bidding Your Insurance, an article about selecting an insurance broker. Your insurance program is too important to your association’s survival to be left to the person with the best sales technique or returns your calls quickly.