By Peter Spence, Associate Technical Director – Management Accounting, AICPA & CIMA
Events of the past few years have stress-tested the business continuity management (BCM) and enterprise risk management (ERM) of organisations around the world.
According to the 2022 Global State of Enterprise Risk Oversight, jointly commissioned by the ERM Initiative at North Carolina State University and AICPA® & CIMA®, in most regions of the globe, only about one out of every three organisations claim to have complete ERM processes in place.
In a complex world, unknowns are unavoidable. Eliminating uncertainty is not only impossible, but ill-advised, because the pursuit of certainty can lead to focusing only on what can be measured, creating dangerous blind spots.
Finance leaders should aim to create robust BCM and ERM processes while fostering a culture that encourages debate and constructive tensions around data to surface unknown but knowable risks and opportunities.
For senior leaders looking to minimise risks and take advantage of opportunities in a world of unknowns, here are some key tips gleaned from AICPA® & CIMA® research:
Boost resilience through business continuity planning
Disruptions happen. It’s how businesses deal with them that matters most to stakeholders. A solid business continuity plan allows organisations to continue delivering critical products and services in the face of an incident or crisis.
The CGMA Business Continuity Management Tool outlines six key steps to developing BCM capabilities:
Financial management professionals possess many of the skills required to create effective and cost-efficient business continuity plans. Leverage your finance team to conduct cost-benefit analyses, align investments with business objectives and identify how organisational change affects large investments.
Invest in risk management for greatest returns
Most businesses have processes in place to manage risk, but some organisations may not be investing enough resources into ERM. According to the 2022 Global State of Enterprise Risk Oversight, fewer than half of organisations think their risk management processes provide important strategic advantages.
Organisational leaders shouldn’t think of risk management as competing with other top priorities, but as a way of ensuring their success.
If your organisation doesn’t have complete ERM processes in place, you should engage key stakeholders to create a plan to refine them.
The best time to prepare for an incident or crisis is during periods of relative calm. Once an incident occurs, it’s already too late to form an effective plan.
Business leaders have packed schedules, often lacking time to focus on managing risk. For that reason, an increasing number of organisations are appointing a Chief Risk Officer (CRO) to spearhead risk management.
The CRO might start by asking a series of questions to assess the organisation’s starting point, such as:
- What aspects of current ERM processes are working well?
- Which aspects could be improved?
- How can the organisation better align risk information with strategic decision making?
- Which issue should be addressed first?
More advice for assessing an organisation’s risk management can be found in the Global State of Enterprise Risk Oversight report.
Open lines of communication across functions to pinpoint potential risks
Silos are the enemy of agility. When an incident occurs, each key function needs to work together to address the situation with a unified front.
To make sure risks are managed across the enterprise, many organisations have formed management-level risk committees comprised of individuals from each business function.
Whether an incident in question is a global pandemic or company scandal, it will probably involve more than one function. For example, a pandemic will require a coordinated response by human resources, IT, finance, marketing and more.
The finance function can help facilitate cross-functional problem solving by encouraging debate and constructive tensions around doubts.
In AICPA® & CIMA®’s thought leadership on Dealing with the Unknown, the report’s authors argue for management accounting systems that are:
Not all risks are going to be revealed in spreadsheets, which is why it’s essential for management accountants to consistently raise questions about things that cannot be measured. When working to solve complex problems with other business functions, finance professionals should address and mediate any tensions that arise to develop better solutions for the entire enterprise.
Peter Spence is the Associate Technical Director – Management Accounting of the AICPA & CIMA