Not so long ago, risk was one of several portfolios entrusted to a mid-level executive. Various related activities were often relegated to the back office. Today, risk has moved its way into the C-suite and boardroom. That means CFOs, who also own risk management broadly, need to expand their tool kits to include risk-sensing tools, dashboards and other appropriate technologies. They also need to work seamlessly with chief risk officers, business units and strategic planners.
To get that right, the first question should not be, “What technology do I need?” Instead, CFOs should ask first, “Is there an organization or group in place that is appropriately set up to make risk a strategic enabler and to identify the unknown?” That answer will shape the selection of the best tools and approaches to mitigate the firm’s most strategic risks, whether they’re cyber, financial, operational or the increasingly important reputational.
Fortunately for CFOs, risk-sensing tools are becoming more sophisticated. They come in a variety of forms — dashboards, off-the-shelf software, listening posts, SaaS and programs developed in-house for specialized needs. They can uncover and track the “word” on the company and its industry, products, policies, management and much more.
They capture comments made in various forums and media by shareholders, regulators, customers, competitors and legislators. Depending on their configuration, risk sensors can pick up a broad swath of information from social to traditional media outlets.
They can also help separate the “noise” from substantive issues and comments. Such capabilities are invaluable for monitoring trends and heading off a single event before it becomes a full-blown reputational crisis. When the data gathered is subjected analytics, it can also provide deeper insight into what’s happening and why and into any likely impact on the business.
Risk-sensing technologies are not designed to run on auto-pilot. Rather, their value in creating relevant risk information depends in good measure on the people analyzing the data and the company’s broader risk-governance structure. Those charged with monitoring risk, be it the CFO, CRO or equivalent, should have a seat on the executive committee, with open access to the CEO, the board and the board’s risk committee.
Given the many risks in the professional-services industry, our organization has benefited from have two teams charged with risk oversight — one focused on day-to-day operating risks and the other on bringing a strategic perspective to risk management.
The operational risk team is composed of risk officers from each business unit who analyze and report on the data captured by the risk-sensing systems. The strategic risk team typically includes the heads of strategy and the leaders of the various businesses. They work with the operational risk team and analyze risk in strategic terms, with an eye to identifying trending risks or uncovering new and emerging risks.
The members of both teams — and anyone else monitoring information to detect risks — should be first and foremost well-versed in the strategy of the business and its operations. And they should ensure that relevant information moves up the organization’s chain in a rigorous and systematic way before it reaches the attention of a company’s executive committee or board.
To ensure effective and strategic risk reporting, the process must be fully aligned with the company’s strategic goals and objectives. Irrelevant, excessive, disjointed or obsolete data can hinder the entire process and prevent management from receiving the insight it needs to plan and take action.
Here again, proper governance will ensure that the process is manageable and productive. It’s also important to identify the outputs and timing of the risk-sensing process. Leave some flexibility for gathering specifics to address particular risks or oversight requirements.
In our experience, a one-page dashboard that captures the state of the reputational risk universe is very useful in planning. To be most effective, yet simple, it should indicate where the competition stands and reflect what stakeholders are saying. The dashboard should also reflect the main strategic categories of the company’s business as well as its strategy drivers.
Updating the dashboard is vital. Do it periodically — daily or weekly, depending on the risk — and prepare an aggregated version at least monthly or quarterly. When needed, complement the dashboard with studies that consider a specific type of emerging risk or with reports on an ongoing challenge.
With data fatigue plaguing so many executives today, the dashboard should provide the executive committee and board with some relief. In one glance, they can evaluate leading risks that could affect reputation, performance, share price corporate strategy and many other measures of success and sustainability. Always leave room for dialogue, debate and additional discovery.
Risk-sensing and dashboards are not just defense mechanisms. They’re valuable for CFOs in shaping a strong offense and in weighing M&A possibilities, development of new product lines or dissolution of older ones, plans to enter new markets or leave existing ones and capital-allocation decisions around innovation.
All those decisions carry elements of risk – upside as well as downside. Dashboards, listening posts and other risk-sensing tools can help CFOs understand how customers, competitors, suppliers, the Street and others perceive the strategic risks their company is about to assume. That could provide just the insight and lead time the organization needs to change a strategy and redirect a critical play.
Frank Friedman is U.S. CFO and managing partner of finance and administration for Deloitte LLP. Chuck Saia is chief risk, reputation and crisis officer and partner for Deloitte LLP.