1. The risk intelligent CFO: The role of the CFO in being a catalyst for enterprise wide risk managementHarvey ChristophersLead Partner Risk Services - Sydney
2. How is risk and the CFO role linked? Evolution of risk intelligence â limitations of conventional risk management CFOâs risk intelligent skills â 6 key focus areas for CFOs Contents
4. Moving from financial risk operator to strategic catalyst for ERMSteward â core financial reporting risksOperator â financial operational risksCatalyst/Strategist â broader ERM role
5. Understanding 3 Lines of Defence and position of ERM Three Lines of Defence Board of Directors Regulators Risks Management 1st Line Corporate - Finance Product Division Subsidiary JV Country Risk Management 2nd Line Operational Risk Compliance Risk Financial Risk Strategic Risk Assurance Providers â IA coordinator role 3rd Line Internal Audit External Audit Safety OHS Other 4
6. Why also important to a CFO Annual report declarations â ASX listing requirement 7.3 and other SEC etc General reporting expectations of the CFO role Part of executive team responsible for oversight
7. Some challenges What is risk management â often a struggle to make relevant to CFOs Very different maturities â what is right for our organisation Link to capital â regulation v good business practice Link to allocation of risk based capital âHandbrakeâ role
8. 7 Maturity Model Current maturity Industry sector peers Maturity target Maturity assessment
10. CFO Beware - limitations of conventional risk management We seem to have a once-in-a-lifetime crisis every three or four years. Leslie Rahl, Capital Market Risk Advisors Conventional risk management persisted in viewing crises as rare, unpredictable, and too improbable and expensive to plan for It was predicated on a set of assumptions that described an accepted understanding of how âthe worldâ worked Conventional risk management approaches presented probable events that did not occur and improbable events that did It also habitually failed to present or describe those rare and never seen before risks. Why? Impact and likelihood assessments of risk tend to overshadow the process and thinking Individuals, as well as the collective organisation, tend to automatically reject notions that seem to contradict their assumptions and their understanding rely as of how âthe worldâ works Accepting new assumptions is difficult. Most people follow a process of first rejecting, then considering, and finally accepting a new idea. However, sometimes we never make it past the rejection stage.
11. 6 key roles for the CFO to play in building a risk intelligent organisation
12. Prepare for the expected; expect the unexpected Recommendation: Create comprehensive scenario plans CFOs should be vigilant in monitoring the environment for new risks and opportunities. They should also develop a process that assesses relevant, high-impact events - even if they are improbable - and then determine how quickly an event can happen and how swiftly they need to respond. Make sure bad news gets escalated. And donât become too comfortable with the status quo. 11
13. Are you a Risk Intelligent strategist? Recommendation: Recognize that your strategy is not iron-clad. Regarding risks âtoâ the strategy, CFOs should engage executive management in strategic risk conversations around new products and alliances. The majority of executives see their jobs as growth - so itâs vital that others in the C-suite understand that value and risk are inseparable and that opportunity is the other side of risk. Risks that impact value creation and future growth, as well as risks to value preservation and existing assets, should be considered. As for risks âofâ the strategy, make a practice of identifying any assumptions that could disrupt your strategy. Whatâs looming that could upend assumptions about your company, customers, and market environment? How deeply are those assumptions embedded in your strategy? Which changing assumptions might actually turn out to be opportunities? Only by identifying risks both âtoâ and âofâ the strategy can you shape a plan that allows your company to make the most of the risks and the opportunities it chooses to take. 12
14. Distinguish between the âvital fewâ and the âtrivial manyâ Recommendation: Put signals in place and define thresholds By putting signals in place, CFOs can bring critical events, developments, and opportunities to the organizationâs attention - helping them distinguish between, say, 500 risks versus a list of five key areas to focus on. CFOs should also define thresholds and escalate problems if those thresholds are exceeded. 13
15. How big is your risk appetite? Recommendation: Determine acceptable and unacceptable risks To make the most of both rewarded and unrewarded risks, CFOs should discuss the companyâs risk appetite with the Board â addressing a range of risk-appetite elements from return on capital employed to selling, general, and administrative expenses. A risk discussion should be placed on the âmenuâ of every meeting. But this is not to suggest that the CFO should have final say on risk appetite. That discussion should take place across and within the C-suite and Board, and decisions should be reached only after the various viewpoints have been aired. The end result should be a fundamental standard and specific guidelines, developed by management and ratified by the Board, by which all enterprise risks are judged acceptable or unacceptable. 14
16. Avoiding a bad rep Recommendation: Control your reputational risks CFOs need to consider what impacts their actions could have on their reputations. They should take proactive - and, if necessary, corrective - action with respect to such risks, including developing a reliable process that assesses and manages risk throughout the life of contracts and relationships. This is another area, too, where the Board should be involved; a Board that is prepared to deal with a crisis situation is less likely to delay decision making at a time when response time is critical. Many companies have also begun to track social media in order to monitor public sentiment and deal with issues before they get out of hand. 15
17. Compliance and enforcement go global Recommendation: Create a compliance stress test To compete in this enhanced compliance and enforcement environment, CFOs should augment their companiesâ existing compliance efforts. Banks in Europe and the United States conduct capital âstress testsâ; now is the time for companies to conduct compliance stress tests that cover key areas of reputational risk, major areas of compliance, and the effectiveness and maturity of the compliance and risk-management process. Risks and growth opportunities go hand in hand when companies expand into foreign markets. CFOs should understand and assess geopolitical, country, and corruption risks that exist in emerging markets and develop an effective plan for managing those risks. Failing to do so can prove to be a costly lesson for companies doing business abroad. 16