VideoFaced with threats from all quarters — recession and credit crunch, heated global competition, continuing Sarbanes-Oxley pressures — companies are making intensive risk management a top priority, and once again CFOs find themselves on the front lines.
Many CFOs now must deal not only with managing risks traditionally under their purview, such as compliance and liquidity, but also with the full gamut of enterprise risks, from politics to product launches, as they increasingly play the role of strategist.
In fact, about half of companies globally assign oversight of risk management to their CFOs, according to a survey of some 1,200 CFOs and senior finance professionals conducted last year by IBM Global Business Services in conjunction with the Wharton School and Economist Intelligence Unit. (CFO.com is part of The Economist Group.)
"Enterprises are looking at risk more systemically," said Stephen Lukens, global and Americas financial management leader of IBM Global Business Services. "Corporations acknowledge that they need to understand the material risks to their value drivers. Therefore, the number of CFOs focusing a portion of their time on risk has gone up."
Some companies are going so far as to transfer their CFOs to chief risk officer (CRO) positions, a move that until recently would have been viewed as a demotion. Walgreens, for example, took this step in May, and truck and engine maker Navistar International did so in June.
"The CRO position is fast becoming a best practice among large companies," said Jeffrey Rein, chairman and CEO at Walgreens, which moved CFO William Rudolphson to a newly created CRO slot. He will continue to oversee audit and compliance, as well as risk management, but not finance, whose new chief is former Tyson Foods CFO Wade Miquelon.
"Given our size and complexity, and the highly regulated industry in which we operate, separating the financial and audit fuctions and increasing our focus on risk identification and mitigation is a prudent move," said Rein.
Most companies, though, have not yet designated a chief risk officer. In the IBM survey, only about 20 percent of respondents said a CRO is responsible for managing risk at their companies. Lukens said he found that result surprising. "The CRO title isn't as prevalent as we all might think," he said.
Mary Roth, executive director of the Risk and Insurance Management Society, whose members focus mainly on operational risk, agreed. "Most of our members report through the CFO," she said, adding, "The CRO position is still trying to find its place in Corporate America."
One part of Corporate America where CROs have gained a firm foothold is in banks and other financial services companies, noted Kevin Blakely, president of the Risk Management Association, which represents financial-institution risk managers.
Blakely said most major banks and financial services companies employ a CRO and keep finance and risk management as"two separate and distinct" organizations. He observed that finance focuses on risk avoidance while risk management focuses on risk taking.
"The CFO doesn't have the capability to assess the collectibility of loan portfolios," Blakely contended. "That's in the realm of the CRO."
But it's precisely that distinction — the traditional CFO role of concentrating on risk avoidance,versus risk taking in pursuit of profits — that organizations are obliterating in other industries by having risk management report to the CFO.
Forty-three percent of finance organizations balance their risk management efforts between risk avoidance to protect assets and risk taking for growth, according to a poll of 680 CFOs and finance executives who attended a Deloitte & Touche webcast last year on risk management. Twenty-two percent focus primarily on what Deloitte terms unrewarded risk, or protecting assets, while 12 percent focus mostly on what it calls rewarded risk, or risks pertaining to growth.
Finance organizations still contribute overwhelmingly to enterprise-wide risk management in the traditional finance areas of compliance, liquidity, credit, and financial fraud — more than 80 percent of finance organizations contribute at least partially to managing those risks, according to the IBM survey.
But some 60 percent contribute partially or fully to managing market risk, more than 50 percent to reputational and information technology risks, and about 40 percent to supply chain disruptions and episodic or catastrophic risks such as pandemics.
"We've seen the nature of the CFO profile move," said Lukens. "In the late 1990s and early 2000s, CFOs tended to be deal makers. Today, CFOs tend to be more focused on strategy, innovation, and performance management. They need to build organizations that are flexible enough to deal with business model changes and innovation."
For companies that don't already have comprehensive risk-management programs, the biggest obstacle to developing one is simply not recognizing its value, according to Lukens.
"Organizations that pursue risk in narrow, legalistic terms will probably never get the discussion started," said Lukens. He recommended that CFOs, in proposing an enterprise-wide risk management program to board members and other senior managers, connect the dots of risk management and performance management. In other words, a comprehensive evaluation of risk provides critical insight into ways that companies can improve their performance.
Reader Comments» Post a comment