Risk management. A key role for any finance professional, this is something used by everyone from the audit committee to the CFO to you, all used to provide control over the company and understanding of initiatives.
But as a controller, you know the value of risk management. It delivers the reliability and protection that your company needs to remain compliant. You also know the hassles that go into risk management. Efforts to increase compliance can be viewed by other members of your staff as limiting, redundant, or providing a false sense of security.
Well—both are technically correct. Can risk management help to identify overt problems in the business? Yes. Can it still leave gaps in coverage while leaving your company with more hassles than value? Also yes.
This isn’t your fault. You can have the sharpest eye in the business and the skills to address risk management processes, but when you’re laden with manual processes and poorly planned activities, even the best in the business can be left unprepared.
The Three Faces of Outdated Risk Management
As discussed in a recent Wall Street Journal article, the problems naysayers have with the risk management process were bad initially, but in the wake of a nationwide work from home order, the difficulties were amplified. It was bad enough when internal controls could be handled internally during meetings, but now that everything is email based, the value seems nonexistent—especially as fraud cases ramp up.
According to the article, organizations struggling to keep up with the new challenges fall into one of three operating models, driven either by a lack of accountability, a lack of strategy, or a lack of streamlined operations.
- Lack of Accountability: In one model, management lacks accountability to controls and risk management while relying too much on internal audit to act as the first line of defense.
- Lack of Strategic Oversight: Typical in less mature organizations, this challenge takes place when management is hands on, but compliance and internal audit functions do not provide strategic risk management support.
- Lack of Value Adding Collaboration: For those who are already heavily regulated, the company can do great to avoid problems in the long and short term, but more often than not, companies spend unnecessary time duplicating activities and relying on manual processes, leading to both assurance gaps and audit and regulatory fatigue on the front lines
Digitizing the Risk Management Process: From Removing Hurdles to Adding Value
However, despite the challenges, many organizations see opportunity in digitizing processes. Allowing for the reduction in duplicate activities and a proactive approach to risk and control, companies have found that there is a better way to align processes and design for improvement.
“To build such a risk and control structure, organizations can begin with a clear view of existing challenges and opportunities, then identify where digital capabilities can connect and enhance risk management activities. Controls can be rationalized and harmonized across the business to eliminate redundancies, often reducing the strain on the organization and lowering the cost of compliance.”
By doing this, controllers can lead their organizations to increased value while reducing the burden that risk management presents for staff. From outright cost savings to the ability to discover new money-saving areas, initiatives can go further to create proactive risk management.
“A modernized, strategic approach that integrates risk and controls across the enterprise would position an organization to leverage more advanced technologies, such as robotic process automation and predictive analytics, to improve ROI and add value. “
Learn more by reading the entire article here.
Part of the Contemporary Controller’s Playbook
Risk management has long fallen under your umbrella of duties, but with the rise of technology designed to create value, you can reduce the workload on your staff while still taking steps to steer the organization in the right direction. Have you taken steps to digitize your risk management initiatives? We’d love to hear from you.
We recently launched our latest study to address the changing roles and responsibilities of the controller in the 2020 landscape. In July through October 2020, the Controllers Council surveyed more than 300 Controllers, CFOs, and related professionals in accounting and corporate finance roles. The objective of this study: to identify how the roles and responsibilities of these important executives have changed, adapted and evolved. Get the full report.
Additional Risk Management Resources for Controllers
Risk Mitigation and Management: Cybersecurity Basics for Controllers
Grabbing the Ring—If You Want It: Making the Move from Controller to CFO