The CFO as a Chief Risk Manager

by Paul L. Walker, CPA, Ph.D., and Mark L. Frigo, CPA, CGMA, Ph.D. | Feb 22, 2018

The role of the CFO in managing enterprise risk and creating future value continues to evolve in this dynamic and rapidly changing environment of disruption. Our research, which we released in a report by the Financial Executives Research Foundation (FERF), The Strategic Financial Executive: Managing Enterprise Risk in a Disruptive World, describes strategies CFOs can use to manage risk and create value in today's dynamic landscape and discusses how CFOs can incorporate strategic risk themes emphasized in the new enterprise risk management (ERM) framework by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

The research is based on extensive interviews with financial executives and other corporate stakeholders from leading companies. The takeaways in the report encompass four strategic themes: recognizing disruption, developing risk management maturity, communication, and strategic thinking.


The roles and skill-sets of the financial executive must swiftly adapt. CFOs bring value to the table by, among other things, informing the board and CEO regarding matters they may not be familiar with and providing insight to nuances they may not have seen.

Fifty years ago, people managed physical assets to deliver cash flows, explained Corey West, CPA (inactive), chief accounting officer and corporate controller for Oracle. "Today, you manage intangible assets to deliver cash flow. Those intangible assets can be valuable one day, and it can go 'bye-bye' the next, depending on who enters a marketplace where you're competing. ... The importance about understanding the business you're in, the competitive landscape, and where your competition might be coming from, [from] a strategic standpoint, is a lot more important now. I think CFOs need to be part of that thought process." (See "Dealing With Disruption" below for actions to take to recognize and cope with change.)


ERM is evolving and becoming more strategic in its efforts and results. Given the efforts of COSO to highlight strategic risk dimensions, executives should expect board members to ask more strategic risk questions and be prepared to address them when asked. The ERM framework developed by COSO points out that strategic risks can be sourced as follows:

  • Strategy and business objectives not aligning with mission, vision, and values.
  • The implications from the strategy chosen.
  • The risk involved with executing the strategy.

Executives and board members should seek or reconfirm their knowledge related to those strategic risk dimensions. To get this right, financial executives should look to leverage their current ERM processes to determine what strategic risk help and analysis is being developed. Some advanced companies already use strategic risk analysis tools, such as workshops on strategic disruption, black swan events, and emerging trends practices. (See "Boosting Risk IQ" below.)


With the proper strategic thinking, noise and signals can help your organization to know where the market is heading and where to compete. Consider all the factors, such as customers, the global economy, foreign currency hedging, and contracts with escalations. (See "Thinking Strategically" below.) Financial executives are in a unique position to take advantage of an integrated approach that sees changes, identifies the risks, and links them to the business model.


Successful financial executives look toward future value creation. Decisions made with this risk information are aimed toward better business models and future strategy. "Enterprise risk management consists of a set of forward-looking tools for senior management," said Jeff Pratt, general manager of enterprise risk management at Microsoft.

Knowledge of accounting, finance, reporting requirements, and related skills may have helped financial executives move to the top. But that knowledge is not enough to keep them successful and able to add the most value to their organizations. We recommend based on work with CFOs that they develop a professional development plan for their CFO team that incorporates strategy, strategic risk management, and business model skills. Consider the profile of skills needed, and access the current skillset as a starting point. "The more senior role that you play in the organization, the more time you should spend looking forward versus looking in the rear-view mirror," said Bob Verbeck, senior vice president of finance and corporate controller at Boeing. "... It's really about proactively determining where you are going with your responsibility [and] your business."

Dealing with Disruption

Financial executives can take the following steps to help recognize disruption, grapple with the speed of change, and understand the underlying sources of change:

  1. Periodically rethink and redefine your real competitors. Look outside of the normal channels.
  2. Get involved in the identification of signals of change facing your organization.
  3. Ensure that you are looking at the right sources of change and disruption.
  4. Build a sophisticated process to identify noise and potential changes.
  5. Consider your company's customers as a key source of information, not just about current sales but about future change and potential disruption.
  6. Have contingency and resiliency plans based on the size of a disruption.
  7. Factor in reaction time. It is more important for some areas than others. Identify when it is critical for your organization.
  8. Survey the landscape. Look for disruptors in technologies. Look for disruptors in other industries that might indicate changes in your sector.
  9. Build a method to link change and disruption to the business model and to your enterprise's current strategy.

Boosting Risk IQ

Financial executives can take the following steps to help their organizations boost their risk IQ and capabilities:

  1. Check with your board to determine what information they need about each of the three strategic risk dimensions.
  2. Develop a plan to address those needs.
  3. Compare your current risks with the three dimensions. Do they all fall into one of the dimensions (perhaps strategic execution risk)? Adjust for any areas that have no associated plans or tools.
  4. Review how strategic risk is addressed in your ERM process.
  5. Know the answers to the following questions: What tools have we applied to know that our strategy is the right one? What tools have we applied to determine if we are aligned? What tools have we applied to strategic execution risk?
  6. Work with the ERM team to improve the risk IQ and broader risk thinking in the organization.
  7. Ensure that risk thinking is seen as part of business thinking.
  8. Review the smaller recurring risks for potential surprises. Look for a larger pattern or theme that could signal additional risks.
  9. Develop tactical strategies for known risks. Take the risk beyond a map and consider the longer-term budgeting and financial implications.
  10. Identify the assumptions in the risk-profile rankings.

Thinking Strategically

Financial executives can take the following steps to think and communicate more strategically:

  1. Ensure that identified risks are incorporated into the business units.
  2. Have regular sessions to rethink derailment, opportunities, new business models, and the related risks.
  3. Understand the business's view of the risk. Engage business units. Listen to their points of view.
  4. Bring in subject-matter experts, futurists, and others to validate the potential business model and strategic risks.
  5. Review trends in cross-functional business teams to determine their impact and opportunities.
  6. Measure each dimension of strategic risk.
  7. Test new strategic risks.
  8. Flesh out the financial implications of major risk assumptions.
  9. Track identified risks to the strategic plan.
  10. Have regular sessions to focus on leveraging the risks into new business models. Do this also with your key customers.

Paul L. Walker ( is the executive director of the Center for Excellence in ERM at St. John's University. Mark L. Frigo ( is the director of the Center for Strategy, Execution and Valuation and Strategic Risk Management Lab at DePaul University.

This article first appeared in CGMA Magazine. For more articles, sign up for the daily email update CGMA Advantage at

© 2017 Association of International Certified Professional Accountants. All rights reserved.

Please log in to post a comment.


The Washington Society of Certified Public Accountants is the only organization in the state of Washington dedicated to serving the professional needs of CPAs, educating consumers about CPAs and the services they provide, and encouraging students to study accounting and enter the profession.

Your Profession. Your Future. Your Advocate.


Washington Society of CPAs
902 140th Ave NE
Bellevue, WA 98005-3480

  • (P) 425-644-4800
  • (F) 425-562-8853

The WSCPA's business hours are 7:30 a.m. to 4:30 p.m., Monday through Friday.