Best Practices for Managing Risk through Automation


Finance leaders face continuing challenges in measuring and managing risk. Newer resources and tools have become available – especially in the realm of automation – but such approaches come with challenges of their own, including user resistance to organizational change.

As a panelist on the recent CFO magazine webcast, Best Practices for Managing Risk through Automation, I explored some of these challenges and discussed their solutions with my co-panelist Dr. Joel Bresser. We also discussed how risk management can be improved through automation and the specifics of the CFO's role in bolstering a company's ability to identify and mitigate risk.

The CFO must either lead or be one of the key participants in deciding what to automate and how to drive that automation. Four specific areas a CFO must consider include 1) establishing controls and verification, 2) determining underlying technology and where it is being deployed, 3) obtaining and retaining the right skill sets, and 4) understanding the inherent risks associated with the people who are driving the project and identifying best practices.

Despite resistance and other challenges, the finance team tends to have a clear understanding of enterprise risk management. In an online survey during the webcast, we found most participants agreed that their finance teams have a clear understanding of enterprise risk management, with 9.8 percent strongly agreeing, 63.9 percent agreeing, and 18 percent disagreeing.

But the gap between understanding the challenges and overcoming them still must be closed. Modern risk management requires a new paradigm for the CFO and analytics teams, and most organizations have not yet adopted this new paradigm. The place to start is establishing best practices for governing automation programs and risk management. A Center of Excellence (CoE) model lends itself to developing those best practices and establishing plans for responding to risks. Often the CoE revolves only around the automation layer, but organizations that are successful with automation have a governance layer as well – and a means of identifying and mitigating risks. 

Companies accomplish this by doing at least two things:

  1. Dedicating time during regularly scheduled governance team meetings to discuss program and automation project risks and issues the CoE is encountering.
  2. Applying best practices for organizational change management, including managing communications and expectations, aligning pre-automation deployment with operations, planning organizational design, and creating step-by-step transition plans that specify task-level detail for the deployment of rapid, successive waves of automated processes.

The CFO plays an increasingly important role in helping the company identify and manage risk. After all, the CFO has a unique vantage point that allows him or her to see the entire business, understand the risks to the business, define how the company monitors and manages those risks, understand which risk management processes can be automated, and positively influence the organization to take greater advantage of automation tools. Many risk management processes are dynamic, and the CFO can help define them so they are clear and automatable. In addition, the CFO's role involves overcoming user resistance and facilitating organizational change.

Webcast participants reinforced the idea that CFOs need to play a holistic role in risk management, with 24.8 percent strongly agreeing and 55.2 percent agreeing that their CFO has the knowledge and resources necessary to take the lead in enterprise risk management.

To do this, the CFO needs to understand whether the right metrics are in place, and whether the right questions are being asked. It's often said that, "What gets measured, gets done." Leadership, governance and guidance are essential components of automating risk management. The CFO should involve IT early on in the process, develop best practices and build controls into the automation process while measuring progress at every step.

When we asked webcast participants within what time frame their organizations intended to apply automation in identifying and mitigating risk, the results were encouraging, with 35 percent indicating they have already begun to do so, and 19.7 percent saying plans to do so will begin this year.

If you didn't have a chance to join us live, the playback is now available online.