With regulatory compliance and overall financial scrutiny increasing on a regular basis, companies around the world are finding it difficult, especially as they grow and become more complex, to reliably strengthen their controls throughout the entire Record to Report process.
Simultaneously, risk management is becoming a heavier focus for executives worldwide. Not only does this create a keen focus on this area as they work to prevent potentially financially damaging incidents, such as incorrect filings with governing bodies and misstatements in general, but risk management is also being recognized as a tool that helps provide valuable insight to drive business strategy.
However, the current manual processes involved in managing a company’s finances and resulting risk are making those valuable insights difficult to attain; the lack of visibility into the financial close process denies companies important insights on potential or even existing issues.
To help you be the exception and not the rule, below you’ll find five risk management best practices for the office of finance that will help improve your overall risk framework and promote a successful culture of risk mitigation.
Whenever companies start deciding if they’re going to make changes of any kind, there is a moment of natural hesitation that occurs. Major changes can have ripple effects that can add complexity to your day-to-day life until the transition period is over, and this fear of change can cause some companies to avoid any adjustments at all.
To be sure, a healthy amount of hesitation is vital to ensuring that a company finds a solution to the problem that’s best for them. After all, it’s not a good idea to jump into the first option that they find.
However, it’s also important to remember that the strategies that allow businesses to establish themselves are rarely ever exactly the same as those that create continued growth. By doing what they always have and not utilizing the technology available today, they are increasing their risk of errors that will lead to lengthy, time-consuming audits riddled with errors and even potential misstatements.
Your company, whether on purpose or not, has created their own status quo of how they like to handle things. Unfortunately, a commitment to that status quo makes innovation and forward progress impossible, denies the additional benefits that often come with well-intentioned change and makes adapting to any market variations difficult.
The risk environment for organizations is becoming increasingly complex and harder to manage with new regulations, both domestically and internationally, being established almost daily. Because of this, more and more executives are making “risk” and “risk culture” a higher priority to help drive their decision-making.
To effectively establish a healthy risk culture within a company, some introspective thinking needs to occur. Companies need to understand what their specific risk goals are as well as the overall goals of the company. What’s your corporate risk tolerance? How much are you willing to spend on risk management? If the cost to ensure that your critical risks are covered exceeds that amount, are you willing to spend more, or will you make a compromise?
Companies are generally aware of the high-level problems associated with their organization’s risk environment, but few have thought about the specifics and what if scenarios. Before identifying exactly how you’re going to achieve your goals, it’s important to know where you stand and what those goals are.
The ultimate risk management goal for any company is to create the best risk mitigation approach for the least amount of time and money. Ensuring that outcome can best be accomplished by focusing on the keystones of a solid risk management foundation.
Initially, Aim for Broad-Coverage. One of the largest issues with establishing financial controls within a company is that the risks themselves aren’t static. For example, not being in compliance with newly established regulations serve as a constant source of financial and reputational risk to a company. Unfortunately, the specifics and effort required to remain compliant with those regulations change quite frequently along with your business, especially as it grows and pursues new opportunities.
To counteract this moving target, choose to cast your risk net wide, as opposed to homing in on one specific issue. Operational, reporting and compliance risk categories all demand a company’s attention to ensure a strong culture of risk mitigation. Thankfully though, this doesn’t mean that every category requires equal attention. Qualify what your company wants to do and quantify the outcome to help your company prioritize any issues.
Adopt The Best Practices
Many companies want to adopt a risk management framework, but aren’t sure where to begin, and understandably so. After all, each company has a varied risk profile, with differing levels of acceptable risks and differing critical and acceptable risks, and it’s hard to find an example of a situation similar to yours as a starting point.
When first establishing a strategy/framework, or even if you already have a risk management strategy in place, it’s best to look for a solid source of authoritative guidance. The Committee of Sponsoring Organizations, or COSO, is the established point of authority on developing a system for internal controls and developing a mechanism for testing the effectiveness of those controls. No matter how you choose to handle your risk management, it’s important to learn what you can from your peers to test the validity of your risk management solution.
Most companies already have some kind of risk management strategy in place – one that is at least somewhat capable of adapting to new areas of risk and related challenges.
Unfortunately, the majority do not have a clear view of how exactly they’re spending their money to maintain that risk strategy. Managing administrative costs, ongoing maintenance and any other fixed or variable costs are often not looked at as part of the picture, but they do add up if you’re not careful. Creating a roadmap that clearly identifies where your company spends their “risk dollars” allows you to optimize the budget that you have in place.
As risk management continues to grow in priority for executives and a risk-based decision culture grows as a tool for driving business strategy, F&A teams can, and should, play a larger role in providing valuable insight to drive business strategy. Simply standardizing processes, workflows and formats will immediately reduce the audit risk. Technology has advanced and can provide a great resource for risk management in finance departments—the issue is that even though this technology exists, it’s woefully underused.
Automating the testing of key controls surrounding your risk management strategy enables your employees to take the risks you want, with the information they need to make those decisions confidently. Activities like journal validation and control scoping are typically very manual processes. Removing the manual aspect of these tasks not only allows your team to spend less time on compiling the data, and more time acting on that data, but also reduces the likely sources of risk and expense for your company.
To learn more about how you can leverage automation to enhance your risk management strategy, check out our blog over automating variance analysis.
Written by: Caleb Walter & Jon Sykora