why we lump our CFOs with risk management
If made easier, most of us would embrace risk management. But it’s not, so we pass the monkey to our CFOs. You know, that C-level role we love to delegate annoying things to.
The board of directors are responsible for governance, including risk management.
Risks are to be identified at a company level, then cascaded with clear ownership through various layers of management and org design. Risks should also be managed for strategic initiatives, projects, critical processes and key stakeholders (clients, suppliers, partners and contractors).
Sounds great in theory. But that’s a lot of risks, creating a lot of admin.
We all talk about risk management, but few of us really do it.
Public companies issue regular risk statements. Often their executives and senior managers have no clue as to what has been published to shareholders and the general public on their behalf.
Single use apps are no good either. We don’t want to open a single use app, just to do risk management. That’s no better than trying to find the last doc or sheet we were using. I cannot count how many board meetings I’ve been to where the risk log is either lost, out of date or deferred over to the next meeting.
CFOs are in a no-win situation taking on risk management. They face a dual headache:
- Getting people to take ownership of each risk, and the corresponding mitigations
- Keeping the risk information up to date
#stratapp changes the game on risk management.
There are two fresh thinking angles behind #stratapp’s approach:
- #stratapp includes risk management inside what you do strategically and operationally - you don’t have to go to another app or place, it becomes a natural part of daily work for all levels, roles and generations
- #stratapp has dumbed it down to the bare essentials - language and methods you already know
Let’s unpack those two fresh thinking angles.
What you already know
Most of us can quickly rattle off the 10 common components of risk management:
- Title - what is the risk?
- Summary - a brief description of the risk
- Impact - how great is the impact if the risk occurs (high/medium/low)?
- Probability - how likely is the risk to occur (high/medium/low)?
- Status - where are we at with this risk (urgent, needs attention, under control, closed, draft)?
- Assumptions - what are our assumptions about this risk?
- Owner - who owns this risk, and who assigned it to them?
- Source - what does the risk relate to (goal/objective/action/ project, task or idea)?
- Org Design - what org-design attributes correspond to each risk (functions/verticals/horizontals/geography) and how to filter on risks versus these attributes?
- Security - who can see this risk and who can invite others to see it?
These are the exact same 10 components that make up the risk cards that sit inside #stratapp. And all the other things you need in relation to each risk (meeting notes, tasks, workboards, social collaboration, related items, files and links) are easily accessible in one place, right there on each risk card.
… Cox’s risk matrix theorem for rating probability vs impact. This construct is built into #stratapp. Risks can be standalone, or added to any of the 9 other apps inside #stratapp.
Imagine filtering and tracking risks globally or locally by unlimited combinations of geography, levels, functions, verticals and horizontals.
Actually, the whole of #stratapp has been designed around what you already know. We keep it simple across each piece, so your time to value is days - not weeks, months or quarters.
CEOs and business owners don’t want to send employees to 10+ different apps to get their work done.
#stratapp is 10-apps-in-1, and this includes risk management:
With #stratapp, CFOs can now thrive when they are thrown the risk management monkey.
CFOs get to elevate how their organization executes on strategy, goals and plans - alongside an intuitive approach to risk management that adds value, rather than just ticking another compliance box.
CFOs know better than most: ideas are a plenty, execution is what matters!