The word “risk” has taken on a whole new meaning in the past few years. Regulations, supply chain disruptions, and fast changing markets have created very unstable and constantly changing consumer sentiments. It seems that every business decision carries an element of risk, turning even small decisions into a longer and more difficult process than normal.
Unfortunately, that’s not the only thing making the lives of CFOs and financial planners harder. At the same time that elements of risk are constantly there, investors are demanding more disclosures and a deeper analysis. The never ending game of juggling risk management and increased transparency, all while continuing to lead the finance team and conduct day to day activities, has made the job of a CFO more demanding and complex.
As we make our way into the second half of 2022, another challenging year for risk management and customer sentiment, there are three risks that CFOs need to take into account in order to navigate the market and keep the company ahead of the game. While risks such as the supply chain crisis, renewed restrictions, and inflation are incredibly important and affect everything on the market, this article will focus on rising risks that are more pertinent to the second half of 2022.
1) Increased Cybersecurity Risks
Cybersecurity is talked about constantly, yet it is still something that many companies aren’t prepared for. On the other hand, hackers are always many steps ahead, making the cat and mouse game difficult to catch up to once the organization starts to fall behind.
What exacerbated the problem even more was the rapid adaptation to new ways of working- whether it be delivering business services to customers, or adapting to work from home and the transition to the cloud, many companies were forced to completely change their business developments overnight. All of this has increased organizations’ attack surface by creating more access points for potential hackers or unauthorized users who can rather easily extract data and enter the system.
Even now, more than two years after many of these rapid cloud transitions occurred, there are many companies that are still far behind on their cyber security plan. Whether it be because executives thought the transition would be temporary, or because management was too involved with dealing with the additional endless pressing issues, far too many organizations pushed off cybersecurity concerns for too long.
In order to combat the risks involved with expanded data entry points and vulnerable systems, CFOs need to invest in systems, processes, and people in order to minimize the risks and protect the organization. A good cybersecurity plan involves cautionary steps, choosing the right security measures, and following through:
The first step is identifying high risk areas that need to be protected and identifying its vulnerabilities. While CFOs aren’t risk managers or IT professionals, they need to be able to collect the information from these experts and put together which high risk areas exist.
The second step is choosing the right service. Whether it be a software tool or hiring a cybersecurity expert for the organization, the CFO is at the center of making the decision of what is needed based on the budget and long term plan of the organization.
The last step is changing the company culture to ensure that everyone is aware of the cybersecurity threats. Whether it be enhancing training for the remote workforce to ensure that security is part of the culture or developing a zero trust mindset, CFOs are also at the heart of this both for the finance team and the rest of the company.
2) Third-Party Risk Management Framework
This is one area that is impossible to ignore in any organization and it's directly related to the supply chain disruptions. The reason why it is especially important for the second half of 2022 is because companies need to differentiate the 3rd party vendors that have changed their services temporarily due to COVID-19 and plan on going back, and those that have changed permanently.
In the beginning of 2020, many vendors moved quickly to remote work models and reconfigured service delivery models, and some organizations even accepted short term violations of their third-party risk management policies in order to avoid business disruptions as much as possible. For CFOs, figuring out which modified processes will become permanent and what the long term strategy of third party vendors are, is incredibly important for the long term success of the company.
Now that the “new normal'' is here, companies need to evaluate geographic concentrations of business vendors and whether backup systems and geographic locations are sufficiently diversified. In addition, CFOs should implement forecasting tools and predictive analysis to enhance the monitoring and deeper analytical understanding of third party risks and how it can affect the company’s output.
3) Enhanced reporting disclosure risks
The increased pressure from investors and regulators to disclose regulatory changes and increase transparency is one of the biggest catalysts for more risks and tougher challenges in the CFO office. But it’s not just the time and resources needed to complete the reporting disclosures, it’s also the risks involved for those businesses who fail to meet the requirements.
For those not living up to the increased transparency requirements of their investors, the repercussions are apparent. The level of trust will go down which can harm future endeavors, and investors will be more cautious about what happens inside the organization. Nobody wants a strained relationship between businesses and investors.
In addition, businesses that fail to meet the legal requirements, risk Security and Exchange Commision (SEC) orders and penalties. The SEC has made it clear recently that they have the legal authority to mandate enhanced disclosures to all publicly traded U.S. companies and will start enforcing it.
But it doesn’t end there. The SEC is actively looking to implement two key proposed rules that are deemed critical to the department. When they will come into effect they will influence every business. The first one is cybersecurity disclosures (making a company’s cybersecurity plan even more important) and the second is environmental, social, and governance (ESG) reporting. Although these are the two SEC plans that are more imminent, the organization has a long list of potential plans that would benefit the average small investor but will put additional strains on CFO reporting.
Whether the organization needs to improve their investor relationship or prepare themselves for the SEC and legal transparency aspects, the biggest thing at risk is a company’s reputation. Therefore, a CFO needs to help a company prepare for transparency in order to keep their reputation intact and avoid long term damage that can result from being unprepared and unorganized.