The days of the CFO being siloed in a world of financial reporting, far distant from business operations and strategy, are long gone. Today’s businesses need the combined efforts, knowledge and expertise of a team of business leaders to thrive, of which the CFO is one. Risk management is an area that touches every area of the business, and the CFO’s contribution to managing risk cannot be understated, especially in these precarious economic times.
CFO Risk Management: An Overview
There are 101 definitions of risk, but for present purposes, let us work with the all-encompassing something bad happening or something good not happening. That is quite the catch-all, and includes such diverse eventualities as the following:
- Losing a major client due to a quality issue
- A sudden external event causing the business’s main operating currency to tank
- A business interruption event such as a fire or sudden supply chain breakdown
- Dishonest activity by an employee leading to adverse publicity and potential brand damage
- Falling behind the competition through failure to invest in new technology
In days gone by, it is probable that only one of those risks, the currency one, would have fallen within the purview of the CFO. However, look a little closer and every one of these risks has a financial angle to it, and potentially a financial consequence. Some are self-evident, such as the impact on turnover if a major client suddenly goes elsewhere. Others, such as the brand damage issue, are likely to have a financial impact that is more gradual but no less damaging in the long term.
The CFO’s role in risk management becomes even more critical during uncertain financial times. On a macro scale, when the CEO and board talk about a company’s risk profile, financial risks will inevitably be near the top of the agenda. Even for non-financial risks, the financial implications will take on a greater significance.
In short, the CFO has a role to play in managing risk that is every bit as important as the COO, CIO and other senior officers - and often even more so.
Digital CFO: A new breed of CFOs
Digital transformation has left its mark across every business function over the past decade and the finance function of a business must be right at the heart of that transformation. Ostensibly, this is nothing new. The CFO has always been central to decision-making when it comes to, for example, automating certain tasks to achieve business efficiencies. However, in the past, these types of decisions have largely centered around low-hanging fruit that can be rapidly gathered for small wins.
In 2023, digitisation is more than that, it is fundamental to a business’s core strategic goals. That could be through data analytics to gain superior market insights or digitisation of internal audit functions and compliance controls to improve the quality of audits and reduce audit times.
Technology is central to business success, and to risk, and to the way risk is managed. It has to be front and central in the mind of every CFO. Ultimately, the CFO is the chief steward of a company’s assets and today, those assets are as likely to be digital as physical. Safeguarding such assets goes beyond IT solutions like firewalls, important though they remain.
A broad remit
But of course, the CFO is not only concerned with protecting assets. He or she also has a voice in what digital transformation investments to make. Becoming a Digital CFO requires a complete understanding of both benefits and pitfalls that can be associated with investing heavily in, for example, AI automation.
It sounds a little melodramatic to say “evolve or die” but it shouldn’t be overlooked that some smaller businesses have seen the CFO role itself as something that can be digitised. Sam Harith might be known as the Comic Accountant, but he was being deadly serious when he outlined the benefits of using what is essentially CFO software and saving a company the $400,000 per year that the average CFO earns.
This is not the time or place to discuss the comparative merits of a human or virtual CFO, but suffice it to say that humans need to demonstrate such merits by being digitally savvy such that these tools remain exactly that - tools to help guide CFOs to strategic insights that help them to do their job better, not threats to their existence!
Digital CFOs and Risk Management
Now we have a better understanding of what a Digital CFO is, we can zero in on how he or she can take a lead role in transforming risk management. We have touched on this with a couple of examples already, but the fundamental relationship cannot be overstated, and there are linkages in every angle of risk management:
- Managing risk - using digital tools to better understand and measure risk. This applies not only to financial risk but also to pragmatically contributing to the discussion over the investment benefits of such tools in operational risk, compliance and so on.
- The changing risk landscape - protecting digital assets and understanding how digitisation has changed the risk landscape.
- Introducing new risks - does introducing the new breed of Digital CFO bring about new risks in itself? This is certainly possible, especially for those businesses that might decide CFO software can completely replace a full-time CFO. There is also the aspect of a little knowledge being a dangerous thing if the CFO does not have the necessary digital awareness.
CFO Tech Stack: Tools for Effective Risk Management
It sounds like a different world, but it really wasn’t so long ago that even the biggest companies managed their finances using real physical ledgers and journals. The arrival of QuickBooks, Excel, Oracle and the like in the 1980s heralded a new era.
Of course, those software applications have themselves evolved beyond recognition since then, but the fundamental purpose of technology remains unchanged. It is there to bring efficiencies by automating certain tasks, reducing errors, speeding up processes, providing extra information and analysis and shifting repetitive, mind-numbing number-crunching away from humans so they can focus on more important things.
When you focus that in on the CFO, the importance of having appropriate technology in terms of the right tech stack in place for a CFO becomes self-evident. In companies big and small, a great deal can fall on the shoulders of the CFO. Getting caught up in day-to-day fire-fighting is going to be inevitable sometimes, but when that becomes the everyday MO, something is seriously amiss.
Of all the responsibilities that can land on a CFO’s desk, the priority, the responsibility that justifies that $400,000 salary, is taking ultimate responsibility for steering the financial ship. To stretch the metaphor a little, if the CFO is also having to rush across the deck every 20 minutes to trim the sails and carry out other tasks, the likelihood of successfully negotiating more than one or two icebergs is slim.
Even when a business has a large finance team to handle these different strands, there is the additional complication of maintaining coherent reporting lines and communication channels. Having the right tech stack in place is vital to keeping the entire team focused and efficient, and optimising the overall return on investment, whatever size the finance function.
That is a point worth contemplating for a moment. It’s easy to fall into the trap of thinking a tech stack is only the sort of thing those multinationals employing tens of thousands of people need to think about. However, it is essential for any finance team to have the right tools, regardless of size. Just think back to our earlier remarks about why a business uses software tools in the first place. The right tools can help teams to work faster, smarter and more comfortably.
So what tools should feature in the ideal tech stack? Obviously, there is no one size fits all solution here, but the following areas need to be considered:
- ERP and accounting systems to automate day to day processes
- Financial planning software to turn data into actionable insights. This needs to incorporate rolling forecasts and advanced modeling capabilities
- CRM software for better visibility of broader risks spanning sales, marketing and so on.
- Spending management solutions for enhanced transparency and ease of reporting for tax, audit, etc.
- Data connectors and integrations to sync data and provide information at the CFO’s fingertips.
This list is certainly not exhaustive, but covers most of the basic areas.
Partnering with the CIO
The importance of collaboration cannot be overstated. As we have already mentioned, effective strategic risk management cannot be achieved in a silo and must be a collaborative effort between several stakeholders. These include the likes of the CEO, COO, head of HR, head of Legal and others. But perhaps the most important partnership of all is between the CFO and the CIO. There are three core reasons for this:
- First and foremost, it means that both need to understand the big picture and how their roles and responsibilities overlap. A 2016 study by Ernst and Young found that three quarters of finance leaders acknowledge technology to be having a profound impact on their role. That in itself was a follow-up of a 2010 survey, and plenty has changed between 2016 and now. If EY were to ask the same questions today, the number would almost certainly be even higher.
- Collaborating with the CIO is essential in order to understand technology’s role and the benefits it can bring to the organisation. It also helps CFOs to effectively balance priorities in terms of the short term gains from those low-hanging fruits we mentioned and adding long-term value.
- That EY study also made several references to a historic disconnect between the finance and IT functions in many businesses. If CIOs and CFOs can effectively pool their knowledge and skill, with the one championing technology that can be most effective in helping to meet strategic goals and the other translating IT investments into solid benefits to the bottom line, a strong synergy is forged.
Best practices in Strategic Risk Management
It is better if an organization can rely on smoke detectors to warn of a fire starting than fire extinguishers to tackle an inferno. It’s better still if it can rely on fire safety training to prevent that kitchen hazard or overloaded power socket in the first place.
That illustrates the thinking behind proactive risk management in a nutshell. It sounds great in theory, but making it work in practice is, again, dependent on collaboration and buy-in across the different functions within an organization.
Everyone is a Risk Manager
Empowering personnel at all levels to take responsibility for managing those risks that apply to them is important, but it is only so many words unless the nature, shape and size of those risks is properly understood and communicated.
That means performing regular risk assessment exercises. Getting everyone together to talk about business risks and the adequacy or inadequacy of controls is worthwhile, but is not in itself revenue-generating, so there will always be push-back to doing it too often. Once again, we can look to technological tools to understand risks and find meaningful ways to compare and measure them. That way, time, energy and resources can focus on the risks that are genuinely meaningful. It is only too easy to waste an afternoon of the entire C-suite management’s time discussing risks that are either highly unlikely to happen or that will have little material impact if they do.
Measuring and rating risks
Risks are typically measured according to the likelihood of the event coming about and the impact if it does. The risk management team can then assess the uncontrolled risk, which assumes mitigating controls do not exist or fail and the controlled risk, ie how the controls reduce the likelihood and impact. This methodology is great as far as it goes, and it is easy to represent graphically - a large delta clearly represents an important control, so it is worth devoting energy to ensuring it is really working, is properly managed and so on.
The stumbling block here is that “rating” the risks in this way can sometimes be a “finger in the air” exercise. This is particularly so with “opportunity risks” - for example the risk associated with failing to invest in some particular technology or of neglecting some emerging market. Here, financial tools such as IRR and NPV can bring added meaning. And by using firm financial instruments, risk managers have greater confidence that the business is focusing on the risks that really matter.
Identifying, describing and measuring both the risks and the control mechanisms is important, but there is still more to be done. Those risks must be properly communicated across the business. On one hand, this serves as a sense-check and ensures the risk has been assessed from every angle. On the other hand, it can also have an impact on the control mechanism.
For example, a business’s procurement department might highlight supply chain issues with a particular material. At the same time, the marketing team might be pushing product lines that use this material particularly heavily. Or alternatively, the product development team might have intelligence that there are other materials that consumers prefer. One team needs the risk information to potentially alter its strategy, while the other has information that might change management’s perception of the risk.
Looking to the future
The role of the CFO in managing risk is more critical than ever in the digital age. CFOs need to be technologically aware, but at the same time, cannot be expected to take everything on their shoulders. Collaboration with other C-suite leaders is vital to make risk management more than a mere box-ticking exercise.
Going forward, CFOs need to be deliberate about ensuring risk management is aligned with both technological transformation and strategic goals. That means working closer than ever with the CIO, COO and other stakeholders. Effective financial management is at the heart of effective risk management, and that means getting the most out of the best tools.
Understanding opportunity risk could prove to be one of the biggest differentiators to gain competitive advantage, and this will be where CFOs can genuinely add value, injecting the knowledge and experience that goes beyond what can be coded into CFO software. The most effective digital CFO still has a human face, and that is unlikely to change any time soon.