CFOs Are the Key to Innovating Risk & Compliance During & After COVID-19

By Anthony Stevens & Peter Deans

Considerations when Confronting the Most Prominent Business Risks of Our Time

Why would the CFO be involved in risk management?’. If we had a dollar every time we heard that in the past. Times have certainly changed, yet now, when innovative approaches are needed like never before, enter the CFO once again.

This time two years ago, over half of CFOs surveyed by Deloitte said that they were now responsible for enterprise risk management. That challenge has only grown. More and more risk areas are set to be added to the CFO purview over the next few years.

And thank goodness. Who better to handle the transformation to digital solutions in the expanding regulatory compliance environment? Not to mention, the massive increase in business risks that can impact companies these days. The CFO is perfectly positioned to integrate the identification, assessment, and review of enterprise risks into the corporate strategy.

One can easily trace risk management back to its core origin, the financial services sector, which runs hand in hand with operational, IT and other risk areas. In that spirit, here is a helpful list of some risk areas that need the “CFO touch”:

I Want Money, Honey.

Are you publicly trading or privately held? Failure to issue statements and tax returns will put you at great risk – not just with the tax man, but with regulators and shareholders.

How are the restrictive terms in your loan agreements? Debt risk is real and can sting you in several ways. Failure to obey could cause the bank to call in the loan or penalties. If the rates increase, say hello to higher repayments.

Do you have your eye on cash flow? This is one of the major reasons why businesses fail, and for start-up CFOs, this is a big one. Scrutinise this at all times and it will help your forecasts, so you don’t get caught short.

If you are in a period of growth, then congratulations! Hold on to this when presented with a merger or acquisition. As the CFO, you are all about the assessment of these and owning the smooth transition when analysing contracts.

Smooth Operator

As mentioned before, finance runs hand-in-hand with operations. And operational risk is a massive area of concern. Are you selling products or services? Then you have a tonne of operational risk that needs a constant eagle eye.

Consider process risks, and that there may be more risk involved with outsourcing certain processes rather than keeping them in house. Or vice versa. The CFO is excellent at mitigating these.

Compliance should be resilience, but it’s not. The CFO needs to be across all applicable regulations and have plans for compliance in place. You do not want to be the person held accountable for loss of reputation for selling products from a dodgy supply chain or harming the environment. Speaking of supply chains, here comes the CFO once more to assess the third-party vendor data security, financial security, quality control and labor.

Just when you think that is enough, do not forget your people! Workplace safety (mental and physical), education, training, benefits, and salaries are all part of your bag.

Nerd Alert.

IT risks. Don’t be one of those companies that treats the IT department as an island. As CFO, you have the ability to bring in this team to be deeply involved with data breaches, third-party information security, outsourced IT services, cloud platform security, inhouse information security management systems and scope of delivery in contracts. The CTO can be an amazing resource and your greatest ally here.

The Other Stuff.

These may seem peripheral, but do not ignore environmental risks, like natural disasters and events, as well as crime and terrorism. Yes, you can take out insurance, but there needs to be a plan in place to mitigate these and minimise damage.

But… It’s My First Day!

Are you a newly minted SME CFO? Great! Here is some advice from Peter Deans:

Small businesses and start-up ventures face unique business challenges. This will often limit the investments a business can make, which in turn impacts the range of business management and growth initiatives.

Many years ago, Harvard Business Review published an outstanding article, The Five Stages of Small Business Growth. They are:

  1. Existence – Obtaining customers and delivering the product or service contracted for.
  1. Survival – Demonstrating that it is a workable business entity i.e. generating enough cash flow to stay in business and to finance growth to a size that is sufficiently large.
  1. Success – Deciding whether to exploit the company’s accomplishments and expand or keep the company stable and profitable.
  1. Take-Off – How can you grow rapidly and finance that growth?
  1. Resource Maturity – has the staff and financial resources to engage in detailed operational and strategic

The above may help you with keeping the company on track and influence your CFO managerial style.

OK, So How Do We Return to Normal?

Good question. Below are some recommendations from Anthony Stevens:

Boards should carve out time to reflect on risk management practices, past and present. Lessons from this period can be used to reshape the future of risk management across all businesses. Here are the initiatives to plan for:

  1. Continuity and crisis management plans – Many businesses operated in crisis mode for months during the pandemic. Get rid of outdated or makeshift crisis management and business continuity plans.
  2. Implement a risk management framework – Identify, assess, manage. The AICD has published several guides on how boards should approach ERM.
  3. Leverage technology – Advancements in mobile and cloud-based technology mean it is easier than ever for directors, executives and financial department tied up with risk “administration” to now allocate activities designed to ensure a better system overall.
  4. Financial resources – Appoint a senior risk officer who can regularly present to the board? What investment in technology can best support these resources to do the best possible job?
  5. Reporting and discussion – Does the organisation need to invest in technology-based tools to oversee and report risk management? If one is not already in place, consider a formal risk committee to ensure a timely flow of information between the top and bottom.

Remember, organisations have full control over how they manage risk. Once we reach a post Coronavirus world, examples of businesses that responded well will be sitting in pride of place in everyone’s risk presentation. Within the broad bandwidth of risk leadership, from the chairperson, executive team, department heads and project leaders, it is incredible to think that there’s been a key ingredient missing this whole time. Discussion.

The question is ‘how can we be continuously glancing over the shoulder of our organisation’s present moment and feel confident?’ Well, put simply, the frame you put around your attitude to risk and information security largely determines your experience of it.

There is no silver bullet for the unknown unknowns, but the right mindset is a good place to start.

About the Authors:

Peter Deans is the former Chief Risk Officer for the Bank of Queensland founder of 52 Risks, director of Notwithoutrisk Consulting and The RegTech Association. Anthony Stevens is founder and CEO of 6clicks, and author of Chasing Digital: A Playbook for the New Economy.

To learn more about how 6clicks and how it could assist your organisation, visit www.6clicks.io

Peter Deans
Anthony Stevens