Building Resilience: The Role of the Finance Department
In recent articles, we have discussed how business owners and CEOs are addressing risk management and cyber security in their organizations today, as well as how disruptive a lack of planning for contingencies can be.
Cybercrime is an especially hot topic for businesses right now when it comes to risk management. For example, one study determined that 18 cybercrimes now occur every second, and three-quarters of respondents to a major cybercrime survey said they had experienced at least one cyber-security event in the past year.
Preparing for Interruptions and Disruptions
Increasingly, finance departments are being given responsibility for helping prepare their organizations for the disruptions that can occur due to cybercrime and other major business interruptions. This is especially true for finance departments with internal audit responsibilities.
More and more companies today are tasking the internal audit function with not only assessing their direct financial and operating environments, but also identifying and evaluating events that may cause disruptions to efficient operations. By being proactive, preparing thoroughly and performing regularly scheduled risk audits, finance departments can help mitigate some of these risks while also exposing potential weaknesses in the organization.
Traditionally, the role of internal auditors has been to “look back” after the fact and then make recommendations for corrective actions. As a result, internal audit activities often do not proactively address disruptions when changes occur in regulations, business strategy and technology. There are many potential negative impacts and costs (both tangible and intangible) to this, including the following:
§ A limited opportunity for timely pursuit of market moves.
§ Organizational underperformance.
§ Unanticipated cost increases.
§ Damage to customer relationships.
§ Service and/or production interruptions.
To help avoid these and other negative impacts and costs, the finance department should lead the way in preparing “what if” scenarios that assess the risks and challenges organizations may face due to major business disruptions like cybercrime. These scenarios should be included in presentations made to executive management and all other key organizational stakeholders.
The finance department should also take other additional steps, including the following:
§ Assign experts or knowledgeable personnel to rotate onto and off of internal audit teams as needed.
§ Act collaboratively with all departments early on as a strategic partner to discuss potential vulnerabilities and make adjustments to minimize risks going forward.
§ Develop loss-recovery plans and risk models using analytics tools.
§ Work with quality control to enforce process controls and equipment maintenance.
§ Review business interruption insurance policies with the appropriate insurance companies.
Your organization could realize a number of positive outcomes if your finance department takes steps like these, including the following:
§ A lower risk profile.
§ Fewer and less disruptive business interruptions.
§ Improved operational performance.
§ Enhanced brand reputation.
§ Minimized financial losses.
§ Stronger customer and supplier relationships.
Increasingly, finance departments are being given responsibility for helping prepare their organizations for the disruptions that can occur due to cybercrime and other major business interruptions. By being proactive, finance departments can help mitigate risks while also exposing potential weaknesses in the organization. In particular, the finance department should lead the way in preparing “what if” scenarios that assess the risks and challenges organizations may face due to major business disruptions like cybercrime. An outsourced CFO services provider can help you address risk management and cyber security in your organization.