For purposes of the CRM program, the most useful definition of risk is: "Uncertainty that may be either positive or negative arising out of a given set of circumstances. "

General Classes of Risk

1. Economlc -financial marketplace risks

2. Legal - compliance with statutory liability

3. Political - changes in law political environment

4. Social -public relations, reputation, cultural issues

5. Physical - property, people, or information

6. Juridical - jury or judge's decision or jury attitude

Definition of risk management :"The process of managing uncertainty of exposures that affect an organization's assets and financial statements using five steps: identification, analysis, control, financing, and administration."

Five Steps of the Risk Management Process

1. Risk Identification-The process of identifying and examining exposures of an organization

2. Risk Analysis-The assessment of the potential I impact of various exposures on an organization

3. Risk Control-Any conscious action or inaction to minimize at the optimal cost the probability, frequency, severity, or unpredictability of loss

4. Risk Financing-The acquisition of internal and external funds to pay losses at the most favorable cost

5. Risk Administration-

a.Implementation - Implementing the desired actions and risk management plan

b.Monitoring Examining and evaluating the results of risk management actions and plans

 How Risk Administration Supports the Risk Management Program:

1. Identifying skills, attributes, and traits required of a risk manager

2. Developing internal and external members of a risk management team

3. Using infonnation technology for communication, allocations, loss control, and loss development to properly identify and manage risks

4. Developing and implementing risk managemel policies and procedures

5. Addressing internal and external consulting issues

6. Addressing ethics in risk management

7. Addressing how risk management can be effective · within the organizational culture.

Demands and Skill Sets of an Effective Risk Manager:

1. Technical: Identification of exposures using various methods ; Analysis of losses and exposures;

· Selection and implementation of appropriate safety and loss control programs using cost-benefit analysis; Claims and lltigation management; Selection and management of agent/broker/insurer partners and other service providers; Arrangement of risk financing through retention, transfer, and insurance; Review and negotiation of contracts; Evaluation, interpretation and cost-effective purchasing of insurance coverages;  Development and leadership of crisis management and business continuity programs; Analyze results of accident investigations ; Participation in due diligence analysis; coordination of compliance programs

2. Managerial: planning, organizing, leading, controlling

Skill sets required: personal attributes, professional and technical skills, managerial skills and experience

Values added by an effective risk manager:

Elevates the importance and support of risk management

Supports managerial decisions to achieve reduction of the TCOR.

.. Improves morale and productivity among the work force

Improves quality, processes, and technology

Direct tie-in between benefits and risk management issues

Timely, accurate, and comprehensive data and reports fromusing an effective and integrated RMIS

Increases profitability (reduced costs or increased revenue)

Protects the organization's reputation and brand

Risk Management Mission Statement

Purpose - states the purpose and overall goal of the risk management program and guides the actions and decisionmaking of the risk manager

Characteristics Relatively short, clear, and concise Should be aligned with the organization's mission statement · Used with all activities related to risk management

Content - includes the priorities of the risk management program

Risk Management Policy Statement

Purposes Defines the policy for managing risks and the relevance to the organization's strategic plan, goals, and objectives Clarifies risk management goals and direction Outlines the fundamental guidelines of the risk management function

Focuses on fundamentals and addresses ideas that may not otherwise be presented to the organization

Forces senior management to actively consider an organization's risk tolerance to increase the value of the risk management program

Clearly specifies responsibility and authority, opens up lines of communication, and minimizes duplication of efforts

Characteristic - should be one to two pages in length

Content Refers to the risk management mission statement Addresses various areas of risk management · Incorporates the risk management philosophy and ethical considerations

Risk Management Standard Operating Procedures Manual (also known as the Risk Management Policy and Procedures Manual)

purposes- Reaffirms and communicates senior management support for the risk management program to all employees with a brief statement Defines scope, responsibilities and authority manager and others associated with the risk management program.  Establishes expected levels of performance and cooperation. Familiarizes personnel with procedures to effectively manage risks and exposures. Provides a convenient reference or "how to" guide

Characteristic - a lengthy document that can be from several pages to several hundred pages

Content- Letter of support from chainnaniCEO/president Risk management mission and policy statements · Risk management department functions · Ethical and regulatory considerations Risk financing program . Procedures · Crisis management and business contInuIty plan

The purpose of a a risk management stewardship report is to provide an overview of risk management programs on a periodic basis to identify successes and opportunities for improvement.

A Risk management stewardship report should contain:

charts and graphs

organization's core vales

total cost of risk

benchmarks

loss control program features and results

claims management updates on settlements and reserves

status of open litigation

insurance program summary

projects and initiatives

other key indicators of success and opportunities for improvement

Implementing a risk management program:

1. Gain support and commitment from senior management  - this is the critical foundation!

2. Communicate risk management frequently with employees throughout the organization as well as with 3rd party providers

3. Continually reinforce the commitment to risk management principals

4. create and have readily available an organization chart or flow chart showing interaction with other departments.

5. Communicate frequently with the risk management team so the team members understand the goals and objectives of the risk managemet function and how it addresses insurance policy provisions, loss control, claims reporting, and the general treatment of risk.

6. Solicit cooperation from all levels of management and as many internal personnel from the organization and external people as possible.

Monitoring a risk management program:

Periodically review and update the risk management mission statement, policy statement, and standard operating procedures manual.

Evaluate and report on the effectiveness of the procedures.

The risk management reports and/or stewardship report should provide credibility to the risk management program and reassure management of the protection of the organization's assets and resources.

The risk manager needs a team because:

not every risk management function can be performed alone. information or expertise is needed from others both within the organization and outside the organization.

Team members can be the risk manager, safety, HR, finance, dept or operation mngrs, legal, audit, external-agents consultants, RMIS providers, actuaries, etc

· Discuss the purpose and selection methods used by a risk manager for insurance and other service providers.

 (p. 5) 5 pts

The purpose of insurance and other service providers is to provide expertise, loss control, claims assistanc, training etc at optimal cost.

The selection methods for procuring insurance or service providers:

Appointment (AOR or BOR)

Request for proposal (RFP)- invited to propose first come first quoted basis typically

Conceptual bidding- general ideas and concepts then markets are awarded

General Considerations when using bid specifications:

Identification of the parties and introduction

Description of the project or service

Requirements

Time line

Costs

Legal matters

Post-contract activities

Effective communication is important for risk managers becuase the success and survival of the organization may depend on it.  It improves cooperation with both internal and external risk management team members. It also better identifies environmental changes and allows the organization to readily adapt to external influences related to organizational goals, stakeholder expectations, and organizational performance.

Basic personality types affect the communication process:

director/driver

relater/amiable

thinker/analytical

socializer/expressive

Five Steps of the communication process: 1. creation 2.transmission 3. reception 4. translation 5. response

noise affects: anything that distorts a message by interfering with the communication process; it can affect the process at any stage, take many forms, and may not be recognizable.

content-based communication: detail-driven, fact-based advantages-direct and quick disadvantages-lack of awareness of real issues and needs. little opportunity for feedback to confirm the receiver received and understood the message. receivers may not be aware of larger issues and focus only on specifics content.

example of content-based communication is safety video and procedure manuals

 context-based communication: background, setting, framework, advantage- addresses deeper more meaningful issues. disadvantages- takes more time, allows for objections to be raised

example of content-based communication is planning sessions and team meetings

access data by

stand-alone personal computer

local area network

wide-area network

the internet

cloud computing

Considerations when purchasing a RIMS

short-term and long-term cost benefits

currency of technology

system speed

security

licensing options and cost

alignment of system capabilities with org's goals

turnaround time for data loads

data quality control

flexibility

customer support

pricing

ease of use- export/import

Steps of the Benchmarking Process:

Identify the area or process to be measured.

Identify organizations with similar areas or processes.

Identify organizations who are leaders.

Survey those leading organizations for measures and practices.

Study those "best practices" organizations to identify leading edge practices.

Implement new and improved processes reflecting those best practices.

Advantages of benchmarking

Encourages continuous improvement

Helps prioritize areas in need of improvement

Enhances creativity

Disadvantages of benchmarking

 Data must be analyzed and judged; cannot be taken at face value

Data can be easily misinterpreted

Data errors

Comparison problems

Rationale of a TCOR allocation system- in order to remain competitive, an organization must be able to track and properly provide for ALL types of organizational costs, including the TCOR.

Objectives of a TCOR Allocation System

Identify factors contributing to the TCOR

Create accountabilty

Enhance loss control

Support the competitive advantage

Alter behaviors

Total Cost of Risk Allocation Process:

Determine the desired goals and objectives.

Determin the costs to allocate.

Select the allocation variables.

Create the allocation model.

Exposure based method - each unit is assigned costs on equitable basis, based on the exposures each unit presents. examples: sales, payroll, each vehicle, sq footage

Experience-based method the only variable is each unit's loss experience. example - allocations based on # of losses, cost of losses, percentages.

Can also be a combo method of allocation

Purpose of the due diligence -

to perform an investigation of a business, situation, activity, or person to assist with effective decision-making. 

Broad areas of due diligence:

mergers/acquisition

purchase of new assets

development and introduction of a new product or service

undertaking a joint venture or contract

addition of key personnel

Merger- 2 or more organizations create a new entity and agree to move forward as one and issue the appropriate ownership interests

Acquisition- one organization takes over another organization and is established as the new owner with the ownership interests continuing unchanged.

Three types of structures

Entity

Asset

Merger

Steps of the due diligence process of merger and acquisition

1. Identification- gather info and identify risk

2. Review and analysis- loss runs, insurance coverage review

3. Reporting- existing exposures- qualitative and quantitative- to combine or not

4. Post-transaction- onsite inspections, administrative issues,

Common Law Duties:

Obedience- actions conform to legal standards and requirements.

Loyalty- undivided and unselfish loyalty with no conflict between organizational duty and self-interest

Diligence- competent overisght of the organization in an expedient, knowledgeable manner using the standard of care of a reasonable prudent person in a similar position in similar circumstances

Directors and officers liability is any liability resulting from a director or officer of an organization committing a negligent act or omission, misstatement, or misleading statement.

Five elements of the business judgement rule:

(An all or nothing rule)

1. Business decision- action must be taken in making business decisions.  Not taking action is protected if it was conscious decision not to act.

2. Disinterestedness- a decision must be made in an independent and disinterested manner without expecting personal financial benefit unless the decision results in a benefit to the organization and all of its stakeholders.

3. Due care-a decision must be made based on reasonable and relevant information.

4. Good faith- a decision must be made with an honest belief that the decision is in the best interest of the organization, not simply to preserve his or her position or benefits.

5. No abuse of discretion- a director or officer is protected against honest errors in judgement that can be justified by a rationale or that are not egregious on their face.

Business decision

Disinterestedness

Due Care

Good Faith

No abuse of discretion

Risk Control Techniques for Directors and Officers:

Board Composition

Procedural actions by board members

Delegation by board members

Avoidance of conflicts of interest

Fiduciary liablity is liability imposed upon any person who exercises any discretionary authority or control with respect to the management or administration of an employee benefit plan or its assets.  subject to ERISA.

Fiduciary exposures- employee pension benefit plan

employee welfare benefit plan

Risk Control Techniques for Fiduciaries

Fiduciary/Trustee Board Composition

Procedural actions by fiduciaries

Delegation by fiduciaries

Avoidance of conflicts of interest

Enterprise Risk Management is a systematic process of identifying, analyzing, assessing, and responding to ALL risks, regardless of the source, that affect the achievement of an organization's strategic and financial objectivess positively or negatively.

Benefits of implementing an ERM program:

identifies threats and opportunites

tcor analyze

saves operation costs

safeguards the organization's branding reputation

capitalize on opportunities

ERM:

perspective is that managing risk has the potential to affect both upside and downside.

tied to strategic objectives or key business objectives.

coordinated cross-functional treatment of risk across all areas of the organization.

uses subject-matter experts and risk committees to identify organizational risk that spreads accountability to risk owners and trains all stakeholders to be responsible for managing risks.

proactive and opportunistic

TRM

perspective is to manager downside risks.

oriented to cause-of-loss.

functional specific treatment of risk within an organizational area

places risk identification and ownership with risk manager only.

most often reactionary and defensive.

Components of ERM Impementation

1. Support of the senior management team

2. An implementation leader and dedicated cross-functional committees

3. Framework for the process

4. an ERM risk assessment

5. A common language regarding risk

obstacles of ERM

lack of support from senior management

showing proff of tangible benefits

lack of a common language regarding risk

unclear responsibility and ownership of implementation

getting overwhelmed

perception of risk versus reality

funding

table of frequency and severity quadrants- risk mapping

Risk mapping applied in ERM:

Identifies and prioritizes key risks associated with business activities.

Assists business planning through the prioritization of risk treatment plans

Identifies areas requiring further analysis

Identifies specific risk responses

Facilitiates dialogue concerning risks across functional areas

Common elements of an emerging risk:

high uncertainty

difficult to quantify

difficult to communicate

regulatory involvement

no industry position

examples of emerging risks:

financial risks- credit insurance

natural disasters- -floods

social media-breaches, and cyber attacks

panademic illness- ebola

e-commerce and dependence on technology-solar flares-network outages

food and water supply-contamination

global warming

rising medical costs and obesity

terrorism and politcal risks

critical assests of an organization

losses can single-handedly cause the organization to fail

susceptible to any type of disaster

can be damaged through no fault of the organization, its employees, or its representatives.

The risk manager's role in crisis managemnt in most cases is two part: facilitate or bring others together within the organization.  To mitigate or reduce the financial impact of the crisis.

Content of messages communicated during a crisis:

clear concise- evacuation and safety instructions

rumor control, actions taken, concise description of event and current status, extent of damage and injuries known, actions taken to mitigate further loss and to provide treatment

acknowledge uncertainty

acknowledge tension and emotions as legitimate

acknowledge obvious mistakes and apologize

acknowledge the hazard and avoid over-reassurance.

guidelines for effective media relations

provide relevant information neccessary for an accurate depiction of the event

project authority, confidence, and a sense that a plan is in place to address the crisis

never provide misleading or falise info

never say  - no comment

avoid humor or an appearance of making light of situation

answer a question, but doesn't have to be the one asked- deflection

prepare the spokesperson on how questions not relevant to the event should be addresses.

have a designated spokesperson and limit unauthorized people from media exposure

it's ok to say i don't know yer and we'll update later

internal- corporate behavior

key employee behavior

marketing and communication

careless or negligent acts of employees

external-criminal acts, defamation, negative rude comments

risk control techniques- effective crisis management, implementation of a social media and blogging policy, codes of ethics, wesite gatekeepers

common types of intellectual property exposures- patent, copyright, trademark, franchise, concession

risk control techniques- legal response, rely on observant employees or concerned 3rd parties voluntarily reporting infringemnts, surveys,

RISK is uncertainty that may be either positive or negative arising out of a given set of circumstances.

2 types of risk- pure and speculative

The 6 classes of risk:

Economic

Legal

Political

Social

Physical

Juridical

One type of RISK is Pure Risk- examples chance or loss or no loss.

Second type of RISK is Speculative Risk- which is a chance of loss or gain.  Example Stock market.  Often referred to as a business risk

Risk management is the process of managing uncertainty of exposures that affect an organization's assets and financial statements using five steps:

identification, analysis, control, financing, and administration.

5 steps of the risk management process:

Identification

Analysis

Control

Finance

Administration- Implementation and Monitoring

The first step in the risk management process is identification of the risk.     Risk Identification is the process of identifying and examining exposures of an organization.  Four classes of exposure-property, human resources, liability, and net income.  Methods of identification include using multiple tools including flowcharts, checklists, surveys, insurance policy reviews, physical inspections, compliance reviews, procedures and policies reviews, experts, financial statement reviews, loss data analysis.

This is the most important step because without identifying the risk first, you can not apply any of the other steps and effectively risk manage.  Identification is the key step of the risk management process because an exposure and/or risk must be identified before it can be effectively analyzed, controlled, or financed.

Five techniques of Risk Control:

1. Prevention
2. Avoidance
3. Reduction (pre and post loss)
4. Transfer (contractual,physical, both)
5. Segregation/separation/duplication

Risk Adminstration is the 5th step and consists of 2 parts.

1. Implementation- implementing the desired actions and risk management plans.

2.  Monitoring- Examining and evaluating the results of risk management actions and plans.

How Risk Administration Supports the Risk Management Program:

1. Identifying skills, attributes, and traits required of a risk manager

2. Developing internal and external members of a risk management team

3. Using infonnation technology for communication, allocations, loss control, and loss development to properly identify and manage risks

4. Developing and implementing risk managemel policies and procedures

5. Addressing internal and external consulting issues

6. Addressing ethics in risk management

7. Addressing how risk management can be effective · within the organizational culture.

There are several demands of an effective risk manager. 

Many are classified as technical: identification of exposures, analysis of losses and exposures, selection and implementation of appropriate safety and loss control programs using cost-benefit analysis, claims and litigation management, selection and management of insruance agent/broker, arrangement of risk financing through retention, transfer, and insurance, review and negotiation of contracts, development and leadership of crisis management and business continuity programs, analyze results of accident investigations, participation in due diligence analysis. 

Some demands are managerial- planning, organizing, leading, controlling.

Skills sets of an effective risk manager are in three categories:

1. Personal attributes: ethical, honest, has integrity, ability to stay level-headed/objective in a crisis, detail-oriented while capable of maintaining sight of the "big picture", desire to get the job done, proactive, solution-minded, creative risk taker, proven people skills that encourage support from all levels, change driven.
2. professional and technical skills: strong written and oral communication skills, risk identification anaysis experience and training, experience with loss control programs and claims litigation management, knowledge of commercial insurance ocverages, financial analysis experience, knowledge of the risk management information system.
3. Managerial skills and experience: knowledge of industry and organization, experience with general management and project management, experiece with negotiation and conflict resolution, successful leadership expereience and training

An effective Risk manager addes these values to an organization:

1. Elevates the iportance and support of risk management
2. Supports managerial decisions to achieve improved planning, budgeting, reduction of frequency and severity of losses, increased awareness of indirect losses, reduced risk to exposures from new operations, mergers etc.
3. Improves morale and productivity among the work force.
4. Improves quality, processes, and technology.
5. Direct tie-in between benefits and risk management issues.
6. Timely, accurate, and comprehensive data and reports from using an effective and integrated RMIS.
7. Increases profitability (reduced costs or increased revenues)-reduces claims management and legal costs, optimizes cost of risk, protects cash flow, assets, and financial statements.
8. Protects the organization's reputation and brand.

Risk Management Mission Statement

• Purpose- states the purpose and overall goal of the risk management program and guides the actions and decision-making of the risk manager.
• Characteristics- relatively short, clear, and concise.  Should be aligned with the organization's mission statement.  Used with all activities related to risk management.
• Content- includes the priorities of the risk management program

Risk Management Policy Statement

• Purpose- Defines the policy for managing risks and the relevance to the organization's strategic plan, goals, and objectives.  Clarifies risk management goals and direction. Outlines the fundamental guidelines of the risk management function. Focuses on fundamentals and addresses ideas that may not otherwise be presented to the organization.  Forces senior management to actively consider an organization's risk tolerance to increase the value of the risk management program. Clerly specifies responsibility and authority, opens up lines of communication, and minimizes duplication of efforts.
• Characteristic- Should be one to two pages in length
• Content- Refers to the risk management mission statement.  Addresses various areas of risk management. Incorporates the risk management philosophy and ethical considerations.

Risk Management Standard Operating Procedures Manual

• Purpose- reaffirms and communicates senior management's support for the risk managment program to all employees with a brief statement.  Defines Scope, responsibilities and authority of risk manager and others associated with the risk management program.  Establishes expected levels of performance and cooperation.  Familiarizes personnel with procedures to effectively manage risks and exposures.  Provides a convenient reference or how to guide- job safety, reporting prcedures for incidents and accidents, reporting procedures in accordance with insurance policy terms and risk management department terms, details of the insruance program
• Characteristic- a lengthy document that can be from several pages to several hundred pages.
• Content- LEtter of support from CEO, Risk management mission and policy statements, risk management department functions, ethical and regulatory considerations, Risk financing program-retentions philosphy, insurance info, procedures-safety and loss control, claims management, litigation management, OHSA reporting, return to work program, supervisor accountability,  Crisis management and business continuity plan.

Risk Management Stewardship Report:

• Purpose- provides an overview of risk management programs on a periodic basis to identify successes and opportunities for improvement.
• Content- charts and graphs-used to communicate visually and succinctly, organization's core values-mission statements, policy statement, risk tolerance philosophy.  Total cost of risk, benchmarks-both time series and cross-sectional (internal and external), loss control program features and results, claims management updates on settlements/reserves, status of open litigation, insurance program summary, projects and initiatives, other key indicators of success and opportunities for improvement

Implementation:

1. Gain support and commitment from senior management- the critical foundation for implementation.
2. Communicate risk management frequently with employees throughout the organization, as well as relevant third-party service providers.
3. Continually reinforce the commitment to risk management principles
4. Create and have readily available an organization chart or flow chart showing interaction with other departments.
5. Communicate frequently with the risk management team so the team members understand the goals and objectives of the risk management function and how it addresses insurance policy provisions, loss control, claims reporting, and the general treatment of risk.
6. Solicit cooperation from all levels of management and as many internal personnel from the organization and external people as possible including executive management, middle management, all other employees.

Monitor:

1. Periodically review and update the risk management mission statement, policy statement, and standard operating procedures manual.
2. Evaluate and report on the effectiveness of the procedures.
3. The risk management reports and/or stewardship report should provide credibility to the risk management program and reassure management of the protection of the organization's assets and resources.

Benefits of implementing an ERM program

Identifies threats and opportunities related to an organization's strategic plan and objectives.

Closely links an organization's business, operational, and strategic objectives to the practice of managing risk.

Identifies and aalyzes the organization's total cost of risk.

Increases awareness of activities and associated risks, allowing for better managementof those activities and for refining and reducing the total cost of risk.

Uses performance metrics to drive improvement in decision making.

Provides a common language for communication about risks and opportunities.

Identifies risk owners across the organization.

Helps an organization minimize risks while maximizing opportunities and prioritizing resources.

Saves operational costs and safeguards the organization's branding and reputation.

Allows organizations to capitalize on opportunities to increase shareholder/stakeholder value.

ERM's perspective is that managing risk has the potential to affect both upside and downside.  TRM's perspective is to manage downside risks.

ERM is tied to strategic objectives or key business objectives.  TRM is oriented to cause-of-loss.

ERM is a coordinated cross-functional treatment of risk across all areas of the organization.  TRM is functional specific treatment of risk within an organizational area.

ERM uses subject-matter experts and risk committees to identify organizational risk that spreads accountability to risk owners and trains all stakeholders to be responsible for managing risk.  TRM places risk identification and ownership with the risk manager.

ERM is proactive and opportunistic.  TRM is most often reactionary and defensive.

Componets of ERM Implementation

1.  Support of the senior management team.
2. An implementation leader and dedicated cross-functional committees.
3. Framework for the process.
4. An ERM risk assessment.
5. A common language regarding risk.

1. Lack of support from senior management.
2. Difficult to invest capital in the risk management program.
3. Showing proof of tangible benefits.
4. Unclear responsibility and ownership of implementation.
5. Different skills are required to successfully implement ERM versus TRM.
6. ERM requires techniques for upside risk analysis that TRM does not.
7. Risk is viewed neatively in many organizations, so expanding to include upside risks may be difficult.
8. ERM requires focus on creating or adding value, not avoiding losses.
9. Lack of a common language regarding risk.
10. Perception of risk versus reality; it is common to confuse the characterization of risk with the willingness to take risk.  Taking risk is often seen as a matter of courage rather than a reasoned, quality decision.
11. Getting overwhelmed.  It's a slow process; identifying too many risks or lack or prioritization can bog down the process.

Identifies and prioritizes key risks associated with business activities.

Assists business planning through the prioritization of risk treatment plans.

Identifies areas requiring further analysis.

Identifies specific risk responses.

Facilitates dialogue concerning risks across functional areas.

High uncertainty

Difficult to quantify

Difficult to communicate

Regulatory involvement

o industry position

Social media

Pandemic illness

Reprecussions from natural disasters

E-commerce and internet dependency

Terrorism

Rising medical costs and obesity related medical conditions

Critical assets of an organization

Requires effective crisis management

Suseptible to any type of disaster

CAn be damaged through no fault of the organization, its employees, or its representatives.

Losses can single-handedly cause the organization to fail.

In most cases, the risk manager has two roles:

1. Facilitating or bringing others together within the organization.

2. Mitigating or reducing the financial impact of the crisis.

Internal messages-evacuation and safety instructions, current intellegience on the situation, rumor control, expected duration of the crisis, actions taken and by whom, how future communications will be made, available assistance.

External messages-concise description of event and current status, extent of damages and injuries if known, actions taken to provide treatment and other assistance to those impacted, actions taken to mitigate further loss or damage, description of preparations made in advace for the crisis and how they are being implemented, indication of when operations are expected to return to normal, designation of official spokesperson and how future information will be distributed

Acknowledge uncertainty.

Acknowledge tension and emotions as legitimate.

Acknowledge obvious mistakes and apologize.

Acknowledge the hazard and avoid over-reassurance.

1. Provide relevant information necessary for an accurate depiction of the event.
2. Project authority, confidence and a sense that a plan is in place to address the crisis.
3. Never provide misleading or false information.
4. Never say "No Comment"
5. Avoid humor or an appearance of making light of the situation.
6. Answer a question; however you do not have to answer the question that was asked.  Deflection.
7. Prepare the spokeserson on how questions not relevant to the event should be addressed.
8. "I don't know" "We do not have all the details at this time" and "We will continue to cooperate with the proper authorities throughout the process are all acceptable answers to many questions, particularly if one does not know the answer to a specific question.

Reputation and Brand are affected:

internally- corporate behavior, individual ehaviour of a highly visible employee or officer, marketing and communicatons, careless or negligent acts of employees

externally-criminal acts performed by outsiders that are responded too badly by employees, outsiders sometimes post negative or rude comments on an organization's website.

Collaboration with other functional areas suck as HR, legal, marketing.

Establishment and enforcement of codes of ethics and behavior.

Website gatekeeper for comments made by outsiders.

Effective crisis management plan.

Implementation of a social media and blogging policy to include the following: clearly defined company philosophy, definition of social networking, identification of the person as an employee, recommendations or referrals, reference of any clients, customers or partners, confidential or propietary information, terms of service, copyrigt and other legal issues, guidelines for time spent on social networking in the workplace, consequences for violations

Maintenance of quality assurance programs.

Training employees in procedures and policies.

Patent

Copyright

Trademark

Registered Mark

Service Mark

Trade Secret

License

Franchise

Concession

Methods the organizations use to identify infringements:

Processes vary from organization to organization

Outsource to conduct surveys to determine if other organizations are using their intellectual properties.

Rely on observant employees or concerned third prties voluntarily reporting infringements.