Should CFOs focus more on non-financial risk?

19th May 2014

Whether or not you agree is increasingly moot, suggests FSN writer Lesley Meall, as demand for this is growing. 

Business is all about risk: some you take, some you avoid – and for most of its history the finance function has been expected to focus on the risks within its control. But what is expected of finance chiefs and teams is changing, as business responds to the growing scrutiny and changing demands of investors, regulators and other stakeholders. As well as being a financial steward and managing financial transactions and reporting, many CFOs are being asked to take on a much broader strategic role and responsibilities that require them to consider both financial and non-financial risk. 




Rising to the challenge is not easy. “These are uncertain times and the CFO is surrounded by many types of risk,” says David Taylor, an executive VP with Trintech (the record-to-report software specialist) in a recent FSN webinar. As anything from political and economic events to social change and cyber security can impact on an organisation and influence the way it is perceived (by those inside it and outside it), these risks can also impact on top line revenues and bottom line profits, so ignoring or mismanaging them can be disastrous for a business and for its finance function. 

If every risk is ultimately financial, the risk landscape can seem never-ending, but some risks loom larger than others in the corporate psyche. In Exploring Strategic Risk, a global survey from Deloitte, executives in large companies rank ‘company reputation and the fallout from reputational damage’ as their top strategic risk. This resonates in finance. In recent survey results from the accountancy bodies AICPA and CIMA, 76% of management accountants said that their organisations were ‘prepared to lose profit in the short term to protect their image over the long term’. 

Off balance sheet, but on your mind

“Organisations are increasingly recognising the need to take reputational risks very seriously,” says Tanya Barman, head of ethics at CIMA. “Nearly a quarter of those surveyed admitted to experiencing reputational failure in the past and the widespread use of the internet and social media casts a harsher spotlight than before.” Responses indicate that 65% of organisations ‘often or always’ consider the financial implications of reputational risk when making decisions, and 44% have rejected projects that made financial sense because the reputational risks were too great.

 “Reputation may not be on the balance sheet, but it is one of the most important assets that companies have,” comments James Blake, CFO of Morey’s Piers in New Jersey. He says: “In an age where reputation can be wrecked at the speed of a Tweet, finance teams increasingly have to understand that reputation lost in an instant can have a long tail in affecting the company’s future,” – and also appreciate the many risks with this potential. “This requires a broader understanding of the business environment so that such risks can be appropriately assessed,” he adds.

A gap remains between theory and practice. “Businesses appear to be struggling with how they go about managing non-financial reporting in this area,” says Barman, who urges finance leaders to stop focusing primarily on the short term and to collect, report and monitor reputational risk information. This calls for enterprise-wide risk management processes, a cross-functional view of financial and non-financial risk, plus the software and systems to record and analyse the information this requires and then report on it.

Software solutions

The disparate and disconnected software that characterises many organisations does not make it easy to overcome functional and operational silos and access the required information – even if it is being collected. But many software tools have the potential to help. They range from specialised enterprise risk management (ERM) solutions which integrate a broad range of risk-management functionality, to enterprise performance management (EPM) solutions, which focus more on financial budgeting, planning and reporting (and offer varying levels of insight into non-financial risk).

The LogicManager EPM, for example, unifies business continuity, governance, performance and policy management (and more) and streamlines internal control over financial reporting; MetricStream does this and offers more specialised tools such as Conflict Minerals software and services. EPMs such as Anaplan, Board, IBM Cognos, OneStream, Oracle Hyperion and Cadency from Trintech can all be used to manage financial risk, although their capacities to combine financial and non-financial governance and risk management vary widely.

A framework for reporting

For non non-finance reporting to be as meaningful as financial reporting it needs to provide real insight, comparability and visibility to organisations and their many stakeholders. This requires the support of a globally accepted reporting framework that can show the connections between financial and non-financial risk and relate risk management to corporate performance – something the International Integrated Reporting Framework that was released by the International Integrated Reporting Council (IIRC) at the end of 2013 could eventually become.

“The framework brings technical rigour and cohesion to a process that has grown organically and through market pressure,” says Paul Druckman, the accountant who is IIRC CEO. The framework is being trialled in more than 25 countries by corporates including Coca-Cola, China Light and Power plus Tata Steel; but you can already get an idea of its potential to enhance reporting on non-financial risks and explain the links between this and financial risk and their impact on performance – and make this easier to understand among providers of capital (and myriad other stakeholders).

Witness the SAP integrated report: unlike the unwieldy annual reports where many financial statements are buried, this report seems designed to aid insight. Among other things, it shows which non-financial information is of most interest to stakeholders and its integrated performance analysis uses selected key economic, social and environmental indicators and corporate objectives to demonstrate the connections between financial and non-financial performance.

So if CFOs do have to broaden their focus to include non-financial risk, at least the tools are there to help them.