cfo risk intelligence - harvey christophers

The risk intelligent CFO: The role of the CFO in being a catalyst for enterprise wide risk management

Harvey Christophers

Lead Partner Risk Services - Sydney

© 2011 Deloitte Touche Tohmatsu 2 CFO Forum

How is risk and the CFO role linked?

Evolution of risk intelligence – limitations of conventional risk management

CFO’s risk intelligent skills – 6 key focus areas for CFOs

Contents

How is Risk and the CFO role linked?

Moving from financial risk operator to strategic catalyst for ERM

Steward – core financial reporting risks

Operator – financial operational risks

Catalyst/Strategist – broader ERM role

© 2011 Deloitte Touche Tohmatsu 5 CFO Forum5

Risks

1st Line

2nd Line

3rd Line

Management

Division Subsidiary JV Country Corporate - Finance

Product

Risk Management

Operational Risk

Compliance Risk

Financial Risk

Strategic Risk

Assurance Providers – IA coordinator role

Internal

Audit

External

Audit

Safety

OHS

Other

Three Lines of Defence

Understanding 3 Lines of Defence and position of ERMB

oar

d o

f D

irec

tors

Reg

ula

tors


Why also important to a CFO

Annual report declarations – ASX listing requirement 7.3 and other SEC etc

General reporting expectations of the CFO role

Part of executive team responsible for oversight


Some challenges

What is risk management – often a struggle to make relevant to CFOs

Very different maturities – what is right for our organisation

Link to capital – regulation v good business practice

Link to allocation of risk based capital

“Handbrake” role


8

Maturity assessment

Current maturityIndustry sector peers Maturity target

Maturity Model

The evolution of Risk Intelligence


We seem to have a once-in-a-lifetime crisis every three or four years.

Leslie Rahl, Capital Market Risk Advisors

• Conventional risk management persisted in viewing crises as rare, unpredictable, and too improbable and expensive to plan for

• It was predicated on a set of assumptions that described an accepted understanding of how ‘the world’ worked

• Conventional risk management approaches presented probable events that did not occur and improbable events that did

• It also habitually failed to present or describe those rare and never seen before risks.

Why?

• Impact and likelihood assessments of risk tend to overshadow the process and thinking

• Individuals, as well as the collective organisation, tend to automatically reject notions that seem to contradict their assumptions and their understanding rely as of how ‘the world’ works

• Accepting new assumptions is difficult. Most people follow a process of first rejecting, then considering, and finally accepting a new idea. However, sometimes we never make it past the rejection stage.

CFO Beware - limitations of conventional risk management

6 key roles for the CFO to play in building a risk intelligent organisation


Recommendation: Create comprehensive scenario plans

• CFOs should be vigilant in monitoring the environment for new risks and opportunities. They should also develop a process that assesses relevant, high-impact events - even if they are improbable - and then determine how quickly an event can happen and how swiftly they need to respond. Make sure bad news gets escalated. And don’t become too comfortable with the status quo.

12

Prepare for the expected; expect the unexpected


Recommendation: Recognize that your strategy is not iron-clad.

• Regarding risks “to” the strategy, CFOs should engage executive management in strategic risk conversations around new products and alliances. The majority of executives see their jobs as growth - so it’s vital that others in the C-suite understand that value and risk are inseparable and that opportunity is the other side of risk. Risks that impact value creation and future growth, as well as risks to value preservation and existing assets, should be considered.

• As for risks “of” the strategy, make a practice of identifying any assumptions that could disrupt your strategy. What’s looming that could upend assumptions about your company, customers, and market environment? How deeply are those assumptions embedded in your strategy? Which changing assumptions might actually turn out to be opportunities?

• Only by identifying risks both “to” and “of” the strategy can you shape a plan that allows your company to make the most of the risks and the opportunities it chooses to take.

13

Are you a Risk Intelligent strategist?


Recommendation: Put signals in place and define thresholds

• By putting signals in place, CFOs can bring critical events, developments, and opportunities to the organization’s attention - helping them distinguish between, say, 500 risks versus a list of five key areas to focus on. CFOs should also define thresholds and escalate problems if those thresholds are exceeded.

14

Distinguish between the “vital few” and the “trivial many”


Recommendation: Determine acceptable and unacceptable risks

• To make the most of both rewarded and unrewarded risks, CFOs should discuss the company’s risk appetite with the Board — addressing a range of risk-appetite elements from return on capital employed to selling, general, and administrative expenses. A risk discussion should be placed on the “menu” of every meeting. But this is not to suggest that the CFO should have final say on risk appetite. That discussion should take place across and within the C-suite and Board, and decisions should be reached only after the various viewpoints have been aired.

• The end result should be a fundamental standard and specific guidelines, developed by management and ratified by the Board, by which all enterprise risks are judged acceptable or unacceptable.

15

How big is your risk appetite?


Avoiding a bad rep

Recommendation: Control your reputational risks

• CFOs need to consider what impacts their actions could have on their reputations. They should take proactive - and, if necessary, corrective - action with respect to such risks, including developing a reliable process that assesses and manages risk throughout the life of contracts and relationships. This is another area, too, where the Board should be involved; a Board that is prepared to deal with a crisis situation is less likely to delay decision making at a time when response time is critical. Many companies have also begun to track social media in order to monitor public sentiment and deal with issues before they get out of hand.

16


Recommendation: Create a compliance stress test

• To compete in this enhanced compliance and enforcement environment, CFOs should augment their companies’ existing compliance efforts. Banks in Europe and the United States conduct capital “stress tests”; now is the time for companies to conduct compliance stress tests that cover key areas of reputational risk, major areas of compliance, and the effectiveness and maturity of the compliance and risk-management process.

• Risks and growth opportunities go hand in hand when companies expand into foreign markets. CFOs should understand and assess geopolitical, country, and corruption risks that exist in emerging markets and develop an effective plan for managing those risks. Failing to do so can prove to be a costly lesson for companies doing business abroad.

17

Compliance and enforcement go global

© 2011 Deloitte Touche Tohmatsu 18 CFO Forum © 2011

Contact details

Harvey Christophers

Partner

Tel: +61 (0) 2 9322 3477

Email: [email protected]

CFO Vantage Program-May11

© 2011 Deloitte Touche Tohmatsu 19 CFO Forum © 2011

General information only

This presentation contains general information only, and none of Deloitte Touche Tohmatsu Limited, Deloitte Global Services Limited, Deloitte Global Services Holdings Limited, the

Deloitte Touche Tohmatsu Verein, any of their member firms, or any of the foregoing’s affiliates (collectively the “Deloitte Network”) are, by means of this presentation, rendering accounting,

business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used

as a basis for any decision or action that may affect your finances or your business. Before making any decision or taking any action that may affect your finances or your business, you

should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication.

Confidential This document and the information contained in it is confidential and should not be used or disclosed in any way without our prior consent.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/au/about for a detailed description of

the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 140 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte's approximately 169,000 professionals

are committed to becoming the standard of excellence.

About Deloitte Australia

In Australia, the member firm is the Australian partnership of Deloitte Touche Tohmatsu. As one of Australia’s leading professional services firms. Deloitte Touche Tohmatsu and its

affiliates provide audit, tax, consulting, and financial advisory services through approximately 4,500 people across the country. Focused on the creation of value and growth,

and known as an employer of choice for innovative human resources programs, we are dedicated to helping our clients and our people excel. For more information, please visit our

web site at www.deloitte.com.au.

Liability limited by a scheme approved under Professional Standards Legislation.

Member of Deloitte Touche Tohmatsu Limited

© 2011 Deloitte Touche Tohmatsu

CFO Vantage Program-May11

http://www.deloitte.com/au/about

http://www.deloitte.com/dtt/home/

cfo risk intelligence - harvey christophers

Business

cfo vantage

deloitte touche

financial

cfo role linked

professional

risk appetite

risk management

cfo forum