Risk Management

7 Ways CFOs Can Create Value With ERM

Effective enterprise risk management practices help organizations achieve strategic goals, grow sustainably, and be more agile in managing disruption.
Steve McNallySeptember 6, 2022
7 Ways CFOs Can Create Value With ERM
Photo: Getty Images

More than ever, CEOs, boards, and cross-functional partners are looking for their CFO to bring structure to the decision-making process. While they need support in clarifying and executing their business strategies, there is also a desire for greater assurance over the viability of these strategies. 

Are you effectively leveraging enterprise risk management (ERM) to create economic value for your organization?

The ERM Value Proposition

Traditionally, risk management was a defensive tool focused on risk mitigation, risk elimination, and value preservation. For example, say you inherited a once magnificent mansion in the Old West End section of Toledo, Ohio, where the wealthiest and most well-to-do moved in the late 1800s/early 1900s. Unfortunately, the home has been vacant for years and is in disrepair. According to traditional risk management, you should focus on the measures needed to keep it from deteriorating further. You should, of course, stop the mansion from collapsing. 

Steve-McNally copy.jpg

  Steve McNally

But the value proposition of ERM has changed over time, even in just the last five to 10 years. Today, ERM is on the offensive, focused on creating and optimizing value; it’s about leveraging risk to create differentiation. For example, with investment, maybe you can convert the Old West End mansion into a destination bed-and-breakfast, high-scale apartments, or a trendy restaurant or pub, addressing Toledo’s current demand.  

Seizing The Value of ERM

Here are a few practical ways CFOs can create value by leveraging modern ERM.

  1. Strategic management. Every organization has a vision and mission. Strategic planning translates your organization’s “reason for being” into clearly defined business goals and objectives. By actively managing risk and performance, effective risk management enables you to achieve these strategic goals. Thus, you should ensure ERM is woven into the ongoing strategic management process. 
  2. Environmental scans. In defining strategy and setting objectives, conducting both internal and external environmental scans is critical. Internally, you should conduct environmental scans across four categories, namely capital, people, process, and technology. Externally, you should cover six categories, including political, economic, social, technological, legal, and environmental. 
  3. Risk appetite. How much risk, on a broad level, is your organization willing to accept in pursuit of value? Are you taking enough risk to attain your organization’s targets? Or too much? CFOs can support their CEO, board, and cross-functional partners in thinking through risks and rewards and being intentional regarding the amount of risk that is acceptable to achieve a given goal.
  4. Business performance reviews. CFOs should proactively ensure business performance reviews, including an assessment of potential risks, are a normal part of everyday operations. Has your organization performed as expected? What risks are occurring that may impact performance? I knew a smaller, private company where closing the books and reporting performance was not the priority. There were no forecasts and no reviews. And, as expected, management’s decision-making ability was lacking. 
  5. Scenario planning. CFOs can significantly enhance their organization’s decision-making by ensuring various “what if” scenarios are considered during the strategic planning process and ongoing. Consider, for example, the impact of acquiring a major new customer, supply chain disruptions, or different levels of inflation. For each scenario, estimate how cash flow will be affected, identify leading indicators to watch, and determine what preventive measures can be taken now to lower risk.     
  6. Evolving risks. If you disregard evolving risks, you do so at your peril. Severe winter weather in Texas, for example, is rare. Before February 2021, the vulnerability of the Texas power grid was known but disregarded. Then a winter storm with freezing temperatures hit, causing widespread blackouts impacting ~4.3 million people. According to the World Economic Forum Global Risk Perception Survey 2021-2022, climate action failure and extreme weather are the top two identified risks. Your organization’s potential risk will vary depending on where your operations are located. But, from an environmental perspective, what has once been considered lifetime risks are no longer so rare.  
  7. Tabletop exercises. Several years ago, I participated in a half-day crisis management and business continuity plan exercise with the full senior leadership team. The theme was a severe flu outbreak. New information was revealed throughout the exercise, forcing us to refine our plans. In retrospect, that tabletop exercise was quite premonishing. Your ability to manage challenges like supply chain disruption, natural disaster, or even COVID-19, significantly improves if you have documented crisis management, disaster recovery, and business continuity plans in place, even if they are only loosely linked to the crisis at hand. 

Call to Action

To enhance your organization’s enterprise risk management activities, consider leveraging COSO’s ERM framework entitled Enterprise Risk Management: Integrating with Strategy and Performance (published June 2017). Indeed, consider earning the COSO Enterprise Risk Management Certificate to learn about ERM best practices and build your personal expertise. 

Adoption of effective enterprise risk management practices along with leveraging the COSO ERM Framework as appropriate, can help your organization achieve its strategic goals, grow sustainably and in control, and be more anticipatory, agile, and adaptive in managing disruption or sudden events. 

Steve McNally, CMA, CPA, is CFO of The PTI (Plastic Technologies Inc.) Group of companies and Chair Emeritus of IMA (Institute of Management Accountants).

4 Powerful Communication Strategies for Your Next Board Meeting