No experienced finance executive has to be convinced of the need to invest in enterprise risk management—and their conviction isn’t just a reaction to increased regulatory scrutiny. Especially since the financial meltdown of 2008, executives appreciate the value of avoiding risks, even the rarely occurring Black Swans.
But in a growing economy, risk management encompasses more than just subduing every material menace. Innovation and exploration invariably involve new risks, the kind that must be identified and, to any extent possible, mitigated ahead of time. Skillfully minimizing risk— whether by bypassing it or passing it along to, say, investors—thereby becomes a path to creating value and sharpening competitive advantage.
Of course, that presumes that the company has identified and neutralized the right risks. Managing risk, especially in a growth environment, requires a subtler approach than simply barking “no” at every potentially precarious opportunity. To avoid stagnation, it’s critical to bring a more holistic view to any strategy-oriented decision making, seeking out areas where the company can safely take more risk. For many companies, this means soliciting input concerning key and emerging risks from representatives of a variety of functions and geographies. Those leaders also need the training, and the tools, to mitigate risk.
Risk-management tools enable CFOs to address their top two—and seemingly contradictory—aims: protecting the business and improving financial performance. Where to start? Here are three suggestions:
1. Practice cloud control: Increased agility and improved cost-effectiveness have driven companies into the cloud, whether building their own private-cloud environments or buying public-cloud offerings. But the benefits shouldn’t obscure the risks involved in having sensitive information lodged in an external setting. Make sure, for example, that rules are enforced about who can access the cloud and what they can access when—all of which can be automated. In addition, make sure that awareness and training regarding risk is spread throughout the organization; some companies link compensation to compliance. Given the abundance of wireless devices, it’s crucial that employees understand what’s at stake should they have sensitive data stored on their mobile phones—and leave their devices behind.
2. Build a Security Operations Center (SOP): If Sony can be hacked, so too can your business—although the email trove is likely to be less scandalous. And many a company has helped increase its own vulnerability by choosing the wrong service provider, or failing to read the contract’s small print. As a result, the most effective option may also be the most resource-intensive one: hiring a team of in-house analysts who will monitor the company’s network for suspicious activity, including attempted security breaches. While it may be costly in the short-term, the long-term benefits of safeguarding sensitive data can also be enticing. By training your own team, IT security can not only thwart cyberattacks, but can also help support the company’s growth strategy.
3. Leverage Predictive Analytics. CFOs are well aware that there’s untapped potential buried in their companies’ data. Typically, that has meant sifting through historical information. But recent advances in technology now make it possible to assemble and analyze huge troves of data, enabling executives to evaluate various what-if scenarios. Given the declining cost of processing power and storage, it’s also feasible for companies to—on their own, or with outside help—construct their own predictive models. (Some industries, such as financial services, can buy off-the-shelf software.) Given that most companies are collecting data in their ERP or CRM systems, the additional investment may be relatively small. The payoff? Armed with models that use historical and transactional data to measure risks, CFOs can guide management toward making better choices.