The nature of risk has evolved in recent years, driven by advances in technology and an increasingly fraught geopolitic climate. In an age of globalization, companies must be aware of all major incidents across the world, as there are very few that will not have at least some kind of impact on larger companies.
Ownership of risk management is, however, often difficult to determine, and people seem unclear who is responsible. The role of the CFO has changed in recent years, and they have become essentially a partner to the CEO as their strategic responsibilities have increased. This sees them ideally placed to set appropriate risk preferences and instill a risk-oriented approach to decision making processes amongst management. As Anton Dominique, CFO & CMO at London School of Marketing, notes: ‘CFOs have to constantly monitor the business to ensure it is resilient to possible shocks and have mitigation strategies in place should these shocks occur. It is not eliminating risks, sometimes at high costs, but understanding and managing risks.’
Risk management is now widely recognized by CFOs as one of the most important of their responsibilities. In a recent EY survey of 769 finance leaders, ‘The DNA of the CFO’, 57% cited risk management as a critical capability in the future. Despite this, many are failing to adequately prepare for even the risks that they see coming. Take the recent EU Referendum. A Deloitte survey taken beforehand found that 75% of the 120 FTSE 350 CFOs questioned believed that leaving the EU was the wrong decision. Despite this, just 26% of CFOs who responded to the survey said their company has ‘made, or is in the process of making contingency plans for a possible British exit of the EU’, which 53% explicitly said that they have ‘made no such plans.’
Such a failure to put into place a contingency plan to deal with what they themselves widely considered a risk is a failure of duty to their organization. The CFO may see risks, but they need to take action, and ensure that there are strategies in place to mitigate against risks and that they are carried out by employees.
To do this, CFOs need to pinpoint exactly how and where risk will impact a business plan and incorporate them into forecasting models. CFOs that employ rolling forecasts are best positioned to do this as they can adjust their models easier to new developments. They then need to carry out stress testing to ensure that they are capable of dealing with any risks should they arise, both operationally and financially, to ensure their contingencies have the best chance of working.
CFOs need to understand where risk are coming from and what can be done to minimize the damage should they occur, but they cannot do it alone. Risk management requires an holistic approach across the company, and different risks are the problem of the department that they most impact. For example, cyber security is that of IT, while a natural disaster will most likely impact supply chain worst of all. The CFO needs to co-ordinate efforts and work alongside other C-suite executives to see risks coming and best understand how to mitigate them.