Finance Monthly December 2019 Edition

For CFOs, it can be a difficult task to determine how much money to dedicate to risk management. Without properly analysing each sector of the company and asking critical questions, this task can seem impossible. So, how can you determine the right amount of money to spend on risk management? The answer isn’t a simple numerical value or percentage, but rather a process of thinking that allows you to better grasp the potential risks of the business as a whole. Asking preliminary questions to frame thinking is the best place to start when making a determination. By considering the key questions below, and reviewing the risks of each area of the business in isolation, you can perceive the bigger picture of potential risks. STEPS EVERY CFO SHOULD TAKE TO CREATE A HOLISTIC RISK MANAGEMENT BUDGET Ask yourself: ● What kind of industry are you in? ● What kind of personally identifiable information (PII) or sensitive data do we handle? ● What is the current regulatory landscape of our industry? ● How complicated are our risks? ● What are the impact scores of our risks, both individually and aggregated? Once these questions are answered, take time to dig deeper and examine how security needs vary throughout the company. It is the risk manager’s responsibility to identify these considerations for the CFO to review, but many managers have difficulty articulating and quantifying returns. This is because risk management projects often don’t have end dates or set metrics to report. Working together and communicating is key to understanding the security risks of the company. Ask Vital Questions The process of mitigating risks and interpreting results are both equally important. Keeping costs in line starts with asking the right questions from the very beginning. It’s hard to follow a budget if it ignores essential expenditures that could easily be identified by proper analysis of the risk management program. Asking vital questions about real dollars and business impacts will help to calculate actual costs and anticipated returns from planned projects. Risks are constantly shifting and changing with business needs and practices. An effective risk Kevin Jacobson, CFO of LogicGate 30 www.finance-monthly.com FINANCE & BUSINESS - RISK MANAGEMENT BUDGET