It took the whole world by surprise. In the summer of 2015, oil prices began a rapid decline that devastated the industry and resulted in abandoned projects, loan defaults, and 42 oil company bankruptcies to date.
But some companies were in fact prepared. After all, a prudent CFO looks at all the potential risks to a company’s operations and lays out contingency plans. In the case of oil prices, those plans might have included derivative investments that shorted the price of oil, or outsourcing and leasing arrangements that left the company with fewer assets on its books.
Operational risk is everywhere. Identifying it and planning for it requires a careful and systematic approach – and the use of your imagination.
Defining operational risk
The Risk Management Association defines operational risk as “…the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events.” The key to managing operational risk, therefore, is to look carefully at those elements – processes, people, systems, and external events – and establish a contingency plan for each one. For instance, if your on-site IT systems were impacted by a hurricane, there should be a plan that includes disaster recovery services that would restore those systems within a few hours.
Or, if key people are core to your business, what would you do if one or all of them were to suddenly resign or be sidelined by illness or accident? A contingency plan might be to cultivate relationships with key executive search professionals who understand your company’s requirements and could quickly identify candidates to fill critical positions.
Protecting your business plan
In the era of Sarbanes-Oxley and the Basel Accords, your organization must demonstrate that it is prepared for financial risks related to its operations. The CFO is already responsible for financial reporting; taking the lead in operational crisis planning is a logical corollary – particularly for low-probability/high-risk events. Among the techniques for managing and mitigating operational risk are:
- Predicting the impact of a given risk on your business plan
- Establishing a business continuity plan to keep your operations up and running
- Using today’s analytical tools to conduct what-if scenarios
The CFO’s role in managing risk
A recent report by McKinsey & Company states, “Good strategic risk management requires a concerted effort by all top decision makers. As stewards of a company’s financial health, CFOs need to play a lead role in orchestrating these efforts. Fortunately, key elements of strategic risk management are natural extensions of several activities CFOs already perform, so it is relatively easy to lead by example.”
Managing operational risk is a complex topic, and can’t be covered in a single article. But the basic principles can be applied to many contingencies. And they can help your entire organization operate with greater security.
In my next blog, I will focus on how the CFO can become the enforcer of internal policies. I hope you’ll be back then – and welcome your comments.
To learn more about how finance executives can empower themselves with the right tools and play a vital role in business innovation and value chain, review the finance content hub, which offers additional research and valuable insights.