Faced with threats from all quarters — recession and credit crunch, heated global competition, continuing Sarbanes-Oxley pressures — companies are making intensive risk management a top priority, and once again CFOs find themselves on the front lines.
Many CFOs now must deal not only with managing risks traditionally under their purview, such as compliance and liquidity, but also with the full gamut of enterprise risks, from politics to product launches, as they increasingly play the role of strategist.
In fact, about half of companies globally assign oversight of risk management to their CFOs, according to a survey of some 1,200 CFOs and senior finance professionals conducted last year by IBM Global Business Services in conjunction with the Wharton School and Economist Intelligence Unit. (CFO.com is part of The Economist Group.)
“Enterprises are looking at risk more systemically,” said Stephen Lukens, global and Americas financial management leader of IBM Global Business Services. “Corporations acknowledge that they need to understand the material risks to their value drivers. Therefore, the number of CFOs focusing a portion of their time on risk has gone up.”
Some companies are going so far as to transfer their CFOs to chief risk officer (CRO) positions, a move that until recently would have been viewed as a demotion. Walgreens, for example, took this step in May, and truck and engine maker Navistar International did so in June.
“The CRO position is fast becoming a best practice among large companies,” said Jeffrey Rein, chairman and CEO at Walgreens, which moved CFO William Rudolphson to a newly created CRO slot. He will continue to oversee audit and compliance, as well as risk management, but not finance, whose new chief is former Tyson Foods CFO Wade Miquelon.
“Given our size and complexity, and the highly regulated industry in which we operate, separating the financial and audit fuctions and increasing our focus on risk identification and mitigation is a prudent move,” said Rein.
Most companies, though, have not yet designated a chief risk officer. In the IBM survey, only about 20 percent of respondents said a CRO is responsible for managing risk at their companies. Lukens said he found that result surprising. “The CRO title isn’t as prevalent as we all might think,” he said.
Mary Roth, executive director of the Risk and Insurance Management Society, whose members focus mainly on operational risk, agreed. “Most of our members report through the CFO,” she said, adding, “The CRO position is still trying to find its place in Corporate America.”
One part of Corporate America where CROs have gained a firm foothold is in banks and other financial services companies, noted Kevin Blakely, president of the Risk Management Association, which represents financial-institution risk managers.
Blakely said most major banks and financial services companies employ a CRO and keep finance and risk management as”two separate and distinct” organizations. He observed that finance focuses on risk avoidance while risk management focuses on risk taking.