The nature of risk has evolved in recent years, driven by advances in technology and an increasingly fraught geopolitic climate. In an age of globalization, companies must be aware of all major incidents across the world, as there are very few that will not have at least some kind of impact on larger companies. Ownership of risk management is, however, often difficult to determine, and people seem unclear who is responsible. The role of the CFO has changed in recent years, and they have become essentially a partner to the CEO as their strategic responsibilities have increased. This sees them ideally placed to set appropriate risk preferences and instill a risk-oriented approach to decision making processes amongst management. CFOs have to constantly monitor the business to ensure it is resilient to possible shocks and have mitigation strategies in place should these shocks occur. It is not eliminating risks, sometimes at high costs, but understanding and managing risks. The CFO may see risks, but they need to take action, and ensure that there are strategies in place to mitigate against risks and that they are carried out by employees.
To do this, CFOs need to pinpoint exactly how and where risk will impact a business plan and incorporate them into forecasting models. CFOs that employ rolling forecasts are best positioned to do this as they can adjust their models easier to new developments. They then need to carry out stress testing to ensure that they are capable of dealing with any risks should they arise, both operationally and financially, to ensure their contingencies have the best chance of working.
CFOs need to understand where risk are coming from and what can be done to minimize the damage should they occur, but they cannot do it alone. Risk management requires an holistic approach across the company, and different risks are the problem of the department that they most impact. For example, cyber security is that of IT, while a natural disaster will most likely impact supply chain worst of all. The CFO needs to co-ordinate efforts and work alongside other C-suite executives to see risks coming and best understand how to mitigate them.
1) Think broader – today’s CFO cannot restrict themselves to Financial, Accounting or Tax aspects but must think broader in terms of the how the particular proposal fits within the overall strategy and economics of the organisation.
2) CFOs are often obsessed with numbers and thanks to the quarterly /half yearly reporting to analysts, may falter in seeing longer trends beyond reporting numbers. The drivers may tell a very different story from the actual P&L.
3) Many organisations, especially large ones, are so huge and ‘silo-ed’ that the focus of the staff becomes largely internal or at most superficially external. The biggest risks actually come from external developments not internal.
4) Rely on the robustness of systems and processes rather than the accuracy of forecasts. Most CFO’s are obsessed with getting forecasts right.
5) Watch cycles. Unfortunately, large companies operate in cycles so when you are feeling like you are on the top of the cycle, probe and prod for what could give way. Identify the “weakest link”.
6) CFOs often convince themselves with spreadsheets instead of talking to the real line and business folks. The guys on the ‘shop-floor’ will tell you what is wrong and what could go wrong.
7) Most enterprise risk comes from the organizational structure. A complex organization structure creates more risk of adjacencies – more chances of things that could fall in between the cracks. The creators of complex structures would argue that it is designed as checks and balances which paradoxically may just not be the case.
Whatever be the scale or size or industry of the organisation, it is imperative that CFOs will play a key role in ERM and will be required to display some of the attributes mentioned above, helping the overall organisation to not only survive but thrive in a world filled with increasing uncertainty and challenges.