Americas CFO Hot Topics

A CFO's role in risk management

  • Share
  • Introduction

    A CFO’s role in risk management

    CFOs should holistically evaluate their companies’ risks while challenging their internal audit teams to ensure that their strategy is aligned with the imperatives of the company but also structured to identify emerging risks.

    Risk management – find out more

    EY - Risk management – find out more

    CFOs should holistically evaluate their companies’ risks while challenging their internal audit teams to ensure that their strategy is aligned.

    Risk management – a key CFO issue

    Today’s CFO has an expansive financial perspective with a view of the “big picture.” That’s why risk – with its bearing on all aspects of an organization – must be viewed through the CFO lens. By monitoring the economic impact of risk, CFOs are most adept at managing resource allocation and scenario planning.

    Risk management demands top-tier attention for three primary reasons:

    • The pace of business complexity is so brisk that it’s outpacing the sophistication of risk management, leaving companies vulnerable.
    • The risk implications of social media are tremendous; business ramifications are immediate.
    • The correlation between risk management and bottom-line performance is strong and direct.

    CFOs must use risk management to improve the predictability of results, optimize resources, protect organizational assets and enable growth. Seizing business opportunities is often heavily dependent on the CFO’s ability to identify, assess and manage risks. Inability in this area is risking business and exposing vulnerability.

    CFOs should consider marrying risk management and performance measures. There’s a strong correlation between the two, and by unifying the scope, the organization can achieve a better return on its risk management investment.

  • Internal audit’s role

    Internal audit’s role in risk management

    CFOs should champion efficiencies in the core business through the use of enabling technologies, such as data analytics and continuous control monitoring. This elevates the internal audit team’s role and heightens its efficiency in performing day-to-day control activities. Increasingly, internal audit functions utilize subject-matter resources as they address and combat emerging risks.

    Emerging risks

    Which emerging risks present the greatest threat and demand the most CFO attention is dependent on a company’s priorities and direction. CFOs should focus on the overall risk landscape, making certain there's direct alignment with business imperatives, the company’s strategy and the areas most impacted (positively or negatively) by risk.

    Although the risk management focus varies from company to company, emerging risks demanding the attention of many CFOs include cybersecurity, emerging markets, the use of data analytics and social media.

    Risk presented by social media has festered in an unforeseen way due to its inherent speed, even in the realm of fraud investigations. Twenty percent of companies report social media as a data source in investigations. In our digital business world, managing risk around social media is a key duty of the CFO.

    Challenging the internal audit function

    CFOs can do much to objectively challenge their internal audit function’s effectiveness: conduct assessments, incorporate leading practices and implement benchmarking. Most importantly, CFOs must align internal audit with the risks posing the greatest threat to business drivers. In other words, CFOs must not simply manage risk, but rather, devise risk strategy.

    Consider the following priorities for the internal audit function:

    1. Align with company imperatives and the risks that matter most
    2. Increase efficiency
    3. Evaluate skill sets and the structure to optimize value
    4. Embed risk management into the rhythm of the business
    5. Focus resources on current risks and provide timely attention accordingly
  • Risk management’s impact

    Risk management’s impact on business results

    The CFO’s goal through risk management is to impact business results by improving the predictability of results, optimizing the allocation of resources and protecting organizational assets. And while risk isn’t traditionally seen as a growth enabler, managing risk does mitigate losses and position the business to expand.

    There is a positive correlation between strong risk management and bottom-line performance. A recent EY study showed that the top 20% of companies that manage risk well perform three times better on earnings before interest, taxes, depreciation and amortization (EBITDA) than companies in the bottom 20%. Even more compelling are further findings, showing that 82% of institutional investors would pay a premium for organizations with strong risk management functions.

    While CFOs generally view risk in negative terms, risk can be positioned as an opportunity. It is probably the most significant opportunity for organizations to link risk to economic return. Like the brakes on a vehicle, risk management enables companies to slow down when appropriate as opposed to stopping completely. And that element of control can take your company farther and faster than stopping for every business interruption caused by unmanaged risk.

  • Integrating risk management

    Integrating risk management into business

    Risk management must be integrated into the rhythm of the business – strategy, operations, legal and others – to “risk adjust” business approaches that extend well beyond traditional risk management functions. This creates an opportunity for efficiency as well as a common language to identify and manage risks.

    By taking a holistic approach to their risk management strategy, CFOs can anticipate and control risk quickly and more effectively. The more risk management is integrated into the organization, the more adept it is at responding to risk events and the less overlap there is between functions. CFOs who integrate risk management across functions achieve better financial results.

  • Managing fraud risk

    Big risks require big data thinking

    EY - Big risks require big data thinking

    Vincent Walden, Partner – Fraud Investigation & Dispute Services, explains how companies can use big data and forensic data analytics to improve their fraud prevention and detection. [See a transcript of this video]

    Companies are facing increased scrutiny from regulators due to the enactment of the Foreign Corrupt Practices Act (FCPA), particularly in emerging markets. With multi-million dollar fines – and potential incarceration for executives – FCPA is a key topic for CFOs, especially given FCPA’s provision on books and records. To manage these risks, CFOs need to implement effective fraud-monitoring programs and controls. They should talk to their internal auditors and chief compliance officers about what controls and transaction tests they have in place to mitigate bribery and corruption risks.

    Not all anti-fraud programs are equal. Companies can reap substantial benefits – cost savings, time savings and increased detection – through forensic data analytics, which employs data visualization techniques, statistical analytics and even big data processing capabilities.

    It may surprise CFOs that big data is alive and well in fraud prevention and detection. A recent EY forensic data analytics survey found that 72% of respondents agreed that big data technologies play a key role in fraud prevention and detection. Yet, only 2% of those companies reported actually using big data technologies for fraud detection or prevention, and only 7% of respondents are aware of any specific big data technologies. Given those gaps, CFOs need to direct improvement in compliance and anti-fraud monitoring.

View our latest resources on risk management