To decide what to write for my monthly SocialFish post, I used free association to relate risk management to social media. I discovered a link between creating a social open community and a risk management community. There is only so much you can say about social media risks, although I keep hearing the same questions and concerns. But one constant thread is that “reputation management†is now everyone’s responsibility – not just the marketing and public relations personnel. Risk management is also everyone’s job – not just the person responsible for risk management.
As a risk manager and consultant I struggle with how to engage people in the practice of risk management. Many view it as the purview of a select group and not an issue involving everyone. As I read Open Community, it is also a roadmap for implementing and managing a risk management program.
Open Community is “A diverse group of people, bonded by a common interest in an industry and an organization, who care enough to contribute and cooperate online for the good of the group.†The only difference for a risk management program is to remove the word “online.†The community needs to establish its risk culture and philosophy to further enhance the organization’s capacity to build value for its stakeholders and society. Senior management and the board set the risk management philosophy that guides employees, members and others in their actions just as the set the social media/engagement strategy for the organization.
Here are just of the few pearls of wisdom that caught my attention. My Enterprise Risk Management presentation from 2005 highlights the similarities to creating an open community.
Start with people, not the tools
Risk management has lots of tools usually in the form of policies and procedures. Too often a policy is written in response to an isolated incident so probably 90% of procedures are written to address less than 10% of the population. People will always “game†the system. You can respond by micromanaging or setting the culture that encourages positive behavior.
Work through the secret tug of war
People have opposing points of view of risk management. Some people think risk management is either a waste of time or worst all about saying “no†to new ideas. Others see its value in setting expectations and values as a way to guide operations. People have different responses to change which need to be worked through whether it’s for social media or board governance.
Forget perfect
Your risk management program will never be perfect. You are working with people who always complicate things. Do something; you can always modify it later. A key component is to monitor your risks and techniques for managing exposures. Your elaborate new social media policy may be unworkable or not achieving the results you expected. So modify it to meet your revised needs and/or risks.
The time suck
Often when you introduce a new procedure people see it as a big time infringement. They have to learn a new system or ways to behave so you have a learning curve; their productivity may fall briefly but should rebound and exceed the prior levels.
Understand your role in the ecosystem
If you are responsible for risk management you are just one small part of the association’s ecosystem. You need to understand how your actions affect the rest of the ecosystem. We always have unintended consequences (good or bad) so consider the risk management program’s affect on the association.
Create safe places
The first standard of risk management is the safety of your constituents or stakeholders. So your job is to create safe places for your employees and members to engage, participate and do their jobs.
You can’t achieve Open Community by replicating what someone else is doing.
Each organization is different – unique culture, mission and vision, and reasons for existing. While reviewing others’ risk management programs is educational you need to tailor the policies, procedures, insurance policies and other risk management techniques to meet your needs. The social media policy for one organization may not be appropriate to your association. Your policy should to be tailored to address your exposures and needs.
Speaking of unintended consequences, thanks to Lindy and Maddie for writing a book on association risk management. (Note to self – talk to them about writing a risk management edition.) Applying many of these techniques when developing a risk management program increases your potential for success.
Washington, DC 
![Understanding Meetings Cost in the New Reality [HYBRID EVENT 5/23]](http://www.socialfish.org/wp-content/plugins/special-recent-posts/lib/phpimage.php?width=50&height=35&rotation=no&file=L3Zhci93d3cvdmhvc3RzL3NvY2lhbGZpc2gub3JnL2h0dHBkb2NzL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDEyLzA1L1JlZ2lzdGVyLVRvZGF5LWZvci1ISVAtTmV0d29yay1TZXNzaW9ucy1pbi10aGUtQ2l0eS1IeWJyaWQtRXZlbnQtb24tTWF5LTIzLTIwMTItWW91VHViZS0xLmpwZw==){kind=small}
