The CFO as chief risk manager

The CFO as chief risk manager

The CFO as chief risk manager

Disruption is driving risks for every organisation. CFOs can play a critical role in helping organisations proactively manage them and create value.

The role of the CFO in managing enterprise risk and creating future value continues to evolve in this dynamic and rapidly changing environment of disruption. Our research, which we released in a report by the Financial Executives Research Foundation (FERF), The Strategic Financial Executive: Managing Enterprise Risk in a Disruptive World, describes strategies CFOs can use to manage risk and create value in today’s dynamic landscape and discusses how CFOs can incorporate strategic risk themes emphasised in the new enterprise risk management (ERM) framework by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

The research is based on extensive interviews with financial executives and other corporate stakeholders from leading companies. The takeaways in the report encompass four strategic themes: recognising disruption, developing risk management maturity, communication, and strategic thinking.


The roles and skillsets of the financial executive must swiftly adapt. CFOs bring value to the table by, among other things, informing the board and CEO regarding matters they may not be familiar with and providing insight to nuances they may not have seen.

Fifty years ago, people managed physical assets to deliver cash flows, explained Corey West, CPA (inactive), chief accounting officer and corporate controller for Oracle. “Today, you manage intangible assets to deliver cash flow. Those intangible assets can be valuable one day, and it can go “˜bye-bye’ the next, depending on who enters a marketplace where you’re competing. … The importance about understanding the business you’re in, the competitive landscape, and where your competition might be coming from, [from] a strategic standpoint, is a lot more important now. I think CFOs need to be part of that thought process.” (See the sidebar “Dealing With Disruption” for actions to take to recognise and cope with change.)


ERM is evolving and becoming more strategic in its efforts and results. Given the efforts of COSO to highlight strategic risk dimensions, executives should expect board members to ask more strategic risk questions and be prepared to address them when asked. The ERM framework developed by COSO points out that strategic risks can be sourced as follows:

  • Strategy and business objectives not aligning with mission, vision, and values.
  • The implications from the strategy chosen.
  • The risk involved with executing the strategy.

Executives and board members should seek or reconfirm their knowledge related to those strategic risk dimensions. To get this right, financial executives should look to leverage their current ERM processes to determine what strategic risk help and analysis is being developed. Some advanced companies already use strategic risk analysis tools, such as workshops on strategic disruption, black swan events, and emerging trends practices. (See the sidebar “Boosting Risk IQ.”)


With the proper strategic thinking, noise and signals can help your organisation to know where the market is heading and where to compete. Consider all the factors, such as customers, the global economy, foreign currency hedging, and contracts with escalations. (See the sidebar “Thinking Strategically.”)

Financial executives are in a unique position to take advantage of an integrated approach that sees changes, identifies the risks, and links them to the business model.


Successful financial executives look toward future value creation. Decisions made with this risk information are aimed toward better business models and future strategy. “Enterprise risk management consists of a set of forward-looking tools for senior management,” said Jeff Pratt, general manager of enterprise risk management at Microsoft.

Knowledge of accounting, finance, reporting requirements, and related skills may have helped financial executives move to the top. But that knowledge is not enough to keep them successful and able to add the most value to their organisations. We recommend based on work with CFOs that they develop a professional development plan for their CFO team that incorporates strategy, strategic risk management, and business model skills. Consider the profile of skills needed, and access the current skillset as a starting point.

“The more senior role that you play in the organisation, the more time you should spend looking forward versus looking in the rear-view mirror,” said Bob Verbeck, senior vice president of finance and corporate controller at Boeing. “… It’s really about proactively determining where you are going with your responsibility [and] your business.”

Dealing with disruption

Financial executives can take the following steps to help recognise disruption, grapple with the speed of change, and understand the underlying sources of change:

1. Periodically rethink and redefine your real competitors. Look outside of the normal channels.

2. Get involved in the identification of signals of change facing your organisation.

3. Ensure that you are looking at the right sources of change and disruption.

4. Build a sophisticated process to identify noise and potential changes.

5. Consider your company’s customers as a key source of information, not just about current sales but about future change and potential disruption.

6. Have contingency and resiliency plans based on the size of a disruption.

7. Factor in reaction time. It is more important for some areas than others. Identify when it is critical for your organisation.

8. Survey the landscape. Look for disruptors in technologies. Look for disruptors in other industries that might indicate changes in your sector.

9. Build a method to link change and disruption to the business model and to your enterprise’s current strategy.

Source: Financial Executives Research Foundation.

Boosting risk IQ

Financial executives can take the following steps to help their organisations boost their risk IQ and capabilities:

1. Check with your board to determine what information they need about each of the three strategic risk dimensions.

2. Develop a plan to address those needs.

3. Compare your current risks with the three dimensions. Do they all fall into one of the dimensions (perhaps strategic execution risk)? Adjust for any areas that have no associated plans or tools.

4. Review how strategic risk is addressed in your ERM process.

5. Know the answers to the following questions: What tools have we applied to know that our strategy is the right one? What tools have we applied to determine if we are aligned? What tools have we applied to strategic execution risk?

6. Work with the ERM team to improve the risk IQ and broader risk thinking in the organisation.

7. Ensure that risk thinking is seen as part of business thinking.

8. Review the smaller recurring risks for potential surprises. Look for a larger pattern or theme that could signal additional risks.

9. Develop tactical strategies for known risks. Take the risk beyond a map and consider the longer-term budgeting and financial implications.

10. Identify the assumptions in the risk-profile rankings.

Source: Financial Executives Research Foundation.

Thinking strategically

Financial executives can take the following steps to think and communicate more strategically:

1. Ensure that identified risks are incorporated into the business units.

2. Have regular sessions to rethink derailment, opportunities, new business models, and the related risks.

3. Understand the business’s view of the risk. Engage business units. Listen to their points of view.

4. Bring in subject-matter experts, futurists, and others to validate the potential business model and strategic risks.

5. Review trends in cross-functional business teams to determine their impact and opportunities.

6. Measure each dimension of strategic risk.

7. Test new strategic risks.

8. Flesh out the financial implications of major risk assumptions.

9. Track identified risks to the strategic plan.

10. Have regular sessions to focus on leveraging the risks into new business models. Do this also with your key customers.

Source: Financial Executives Research Foundation.