Finance’s Role in Managing Enterprise Risks
The risk landscape is changing fast. Risks are multiplying at an alarming rate threatening to cause both financial and reputation ruin to the business. Because of this increasing risk complexity, there is a heightened focus on effective risk management.
Senior management and board members are consistently looking for a deeper understanding of the organization’s risk profile and how various risks to the business are managed.
Risk management is an enabler of higher level performance.
Without taking risks, organizations cannot grow and achieve strategic success. Risk is no longer something to only dread, minimize and avoid. Instead, leading organizations are using risk management activities to create value and help them improve their businesses.
It is therefore critical to ensure that efforts to mitigate the downside impact of risks are coordinated with efforts to manage risks that support business growth.
As a strategic thinker, the CFO should play an important role in helping other executives and the board get a deeper understanding of the organization’s key risks and risk management capabilities. He or she can help build an ERM framework that is entrenched in the organization’s management processes and functions.
A well-structured and coordinated ERM framework provides support and guidance on risk management activities, helps identify and manage enterprise risks holistically and makes risk consideration an inherent part of key decision-making processes. On the contrary, a siloed approach to managing risks exposes the business to significant risks and value erosion.
Unfortunately, in most organizations, risk management is a disjointed process. Multiple functions are managing one or more aspects of the company’s risk profile, and there is minimal coordination with each other. For instance, each function carries out its own risk assessment process using different risk terminologies, methodologies and reporting practices. Decision makers are overwhelmed with more than one versions of the truth.
The problem with this approach is that it often leads to confusion on the true meaning of risk, duplication of efforts, unnecessary bureaucracy and costs and poor risk decision-making processes.
When there is a common risk language across the enterprise better decisions are made, for example, concerning market entry, new products and acquisitions. This often leads to reduced earnings fluctuations and increased stakeholder confidence.
Build a clear picture of significant risks.
As the role of the CFO continues to evolve into a more business-partnering one, it is imperative that the finance organization is rightly equipped to proactively identify all the potential risks and defend their businesses. What are the key risks to the achievement of your business objectives? Do you have the required risk management capabilities to address this risk profile? Who is responsible for monitoring and reporting risk information to decision makers?
Thus, the CFO and his team need to consistently assess, improve and monitor the way the organization manages its evolving risk profile. The risk assessment process must provide actionable and real-time insights on inherent risks and link them to the organization’s objectives, initiatives and business processes.
A thorough risk assessment process helps identify and prioritize risks that require urgent monitoring and mitigation. It also allows for the testing of existing internal controls and identification of opportunities for improving controls and risk mitigation strategies.
On the other hand, insufficient risk management processes can lead to costly lawsuits, significant financial losses, massive reputational damage and fly-by-night financial reporting, which can raise fundamental questions about the business as whole, its management team and viability.
An effective continuous risk assessment and management system therefore requires the team given the responsibility to do so to develop thorough knowledge of the company’s strategic objectives, operations, products, services, risk history, internal environment and its external environment.
Some organizations are leveraging data analytics tools to access forward-looking data from a range of sources, generate insights about changing market conditions and behavioural changes, evaluate metrics and integrate this real-time information to build risk models and forecasts as well as comprehensive risk strategies.
Coordinate and align business processes.
Risk management activities should be a key element of normal business operations. For this to happen, there must be top management buy-in to the business case for embedding risk strategy into the day-to-day running of the business as well as enhancing risk management performance.
It is therefore important to receive clear communication, proper oversight and accountability from senior management and the board concerning risk and governance. This will ensure that a common risk framework and universe is embraced and implemented across the organization.
Maturity models and benchmarks of leading practices can be used to help management determine the existing state of their organization’s risk management capabilities and define the desired state.
As one of the organization’s senior executives, the CFO should play a leading role in defining risk management objectives and embedding risk principles into the business processes. They can leverage their analytical and communication skills to broadcast to the business the benefits of risk management and the disadvantages of inadequate risk management processes.
The CFO plays a critical role in establishing the organization’s risk appetite, determining how the business will measure risk and ensures risk taking is within the acceptable risk thresholds of the organization.
By regularly reporting risk information and coverage to business unit managers, a risk aware culture is embedded in everyday business practices, and this in turn will help business managers understand the implications of their decisions on business performance.
I welcome your thoughts and comments.