6 steps for CFOs to minimize organizational risk

In the past year alone, the world of business has been impacted by geopolitical tensions, supply chain disruption, inflation, changing fiscal policies and regulations, and intensifying natural disasters. A lingering pandemic has also stress-tested the risk management processes of global organizations.

To best mitigate risk and ensure that critical business functions will continue to operate in the event of an unexpected disruption, finance leaders should aim to create robust business continuity management (BCM) and implement enterprise risk management (ERM) while fostering a culture fluent in dealing with risk and strengthening a risk mindset throughout the entire organization.

Accounting and finance professionals can take the lead on risk management through these key steps.

  1. Form a comprehensive risk management strategy

Disruptions happen. It’s how businesses deal with them that matters most to stakeholders. A solid business continuity plan allows organizations to continue delivering critical products and services in the face of an unplanned incident or crisis.

In addition to minimizing the impact of a crisis on your business, risk management processes have the potential to offer valuable insights about which initiatives are most likely to pay off and which might not be worth the risk.

  1. Include diverse viewpoints in the planning process

As your organization creates or enhances its ERM plan, make sure you’re hearing from a diverse set of viewpoints throughout the planning process. Open lines of communication with all key stakeholders, including customers, contractors, suppliers, community members, and employees at all levels. Representatives from each function should have the opportunity to participate and express their thoughts and concerns. Also, finance professionals should avoid using jargon and make the numbers as visual as possible to increase understanding and facilitate discussion.

By casting a wide net and soliciting feedback from a range of sources, you can decrease blind spots and the chance of your organization being caught by surprise.

  1. Keep tabs on emerging risks

The list of historic or emerging risks that organizations face includes:

– Digitalization of society and emerging technologies;

– Public distrust in business;

– Trade tensions;

– Economic and social inequalities;

– The changing regulatory environment.

Keeping tabs on the myriad of risk factors and evaluating the various ways they could affect your organization is an overwhelming task. With the ever-increasing amount of available data, it makes sense to harness technology to sort through the noise and uncover insights about which risks are most likely to affect your business and estimate the probability of their occurrence and the likelihood of occurrence of the specific risks. To respond rapidly to crises, it helps to see them coming or at least know about them as soon as they occur.

  1. Don’t rely on numbers alone

Other common blind spots organizations fall victim to include confirmation bias and an overreliance on numbers. It might be tempting to find comfort in the clarity numbers bring, and to use those numbers to confirm preexisting theories or predictions. However, relying on numbers alone means ignoring unmeasurable, intangible but very real, factors that contribute to the situation.

Instead of presenting management reports as static and final documents, use them as jumping-off points for cross-functional discussion and productive debate to uncover potential blind spots, and focus on asking questions rather than providing answers.

  1. Invest in risk management for the greatest returns

Most organizations have some processes in place to manage risk, but some may not be investing enough resources into ERM.

Organizational leaders should think of risk management as a way of ensuring success rather than as a distraction from other top priorities. If your organization doesn’t have complete ERM processes in place, your next step will be to engage key stakeholders to create a plan to define and refine them. The best time to prepare for an incident or crisis is during periods of relative calm. Once an incident occurs, it’s already too late to form an effective plan.

  1. Open lines of communication across functions

Silos are the enemy of agility. When an incident occurs, each key function needs to work together to address the situation with a unified front. To make sure risks are managed across the enterprise, many organizations have formed management-level risk committees comprised of individuals from each business function.

The finance function is able to facilitate cross-functional problem-solving by encouraging debate and constructive conversations around doubts. Not all risks are going to be revealed in spreadsheets, which is why it’s essential for management accountants to consistently raise questions about things that cannot be measured. When working to solve complex problems with other business functions, finance professionals should address and mediate any tensions that arise to develop better solutions for the entire enterprise.

With a more positive approach to risk management, organizations can focus on what risks will help them succeed — not just what will make them fail. To create this type of organizational culture, organizations must ensure that risk leaders are well-versed in strategy, so they know when to embrace rather than simply mitigate risk.


Adapted from: “6 Steps for CFOs to Minimize Organizational Risk”, by Ashok (Ash) Noah, CPA, CGMA, is vice president and managing director of management accounting at the Association of International Certified Professional Accountants (AICPA), published on CFO News on 18 April 2023.

Leave a Reply