Managing Risk is What We Do!By
The safest place for a boat is in the harbor or, in the case of a rowing shell, in the boathouse. But that isn’t what boats are made for.
They’re made to transport people and goods to other destinations, whether across the oceans for commerce or simply up and down the Maumee River in northwest Ohio for pleasure. And that involves risk.
According to IMA® research on megatrends impacting our profession, management accounting and finance professionals are increasingly being held accountable for enterprise risk management (ERM). Our CEOs and cross-functional business partners are looking for us to take the lead. That said, do you consider risk management an integral part of your job responsibilities? Do you feel qualified?
Risk management is certainly one of our core competencies. In the IMA Management Accounting Competency Framework, ERM is in the Strategy, Planning & Performance domain, while internal control is found in the Reporting & Control domain. And I certainly remember tackling multiple questions on ERM and internal control while taking the CMA® exam.
If we’re being called to take the lead in ERM, though, we need more than a basic understanding. Fortunately, IMA is an ERM thought leader and offers many valuable resources to support your journey. To build your knowledge, participate in an IMA webinar, read Strategic Finance articles on the topic, review IMA’s Enterprise Risk Management: Frameworks, Elements, and Integration, or leverage one of the free white papers issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), such as Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management. Also consider earning the COSO Enterprise Risk Management Framework certificate to showcase your expertise.
As we build our expertise, what does managing risk look like day to day?
Back in 2003, while leading Campbell Soup Company’s original global Sarbanes-Oxley compliance team, I was introduced to COSO’s Internal Control—Integrated Framework. Like many others, my first exposure to COSO was in the context of internal control over external financial reporting. Years later, while representing IMA on COSO’s project to refresh the Framework, I had an epiphany: Effective internal control can benefit the achievement of operational objectives as well.
It has taken me even longer to realize that creating and maintaining an effective system of internal control isn’t the point. Neither is identifying and managing risk. Rather, the point is to be focused on your organization’s vision and mission, defining its strategic goals and objectives, and then working diligently to achieve them, which entails identifying potential roadblocks or barriers to your success (i.e., identifying the risks) and overcoming them (i.e., identifying appropriate risk mitigation plans and putting in place appropriate controls).
When we arrive at work each morning and plan out our day, should our top priority read something like “be intentional in actively managing risk”? No, of course not. Rather, managing risk is simply what we do!