Skip to main content
Risk Management

Putting risk mitigation at the forefront of business decision-making

How two organizations are weaving risk management into budgeting and strategy planning.
article cover

Miragec/Getty Images

3 min read

News built for finance pros

CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.

While it might be an underappreciated function, enterprise risk management (ERM) can play a key role in decision-making for executives, including the CFO, experts said at a recent conference.

A pair of risk professionals speaking at RIMS’ ERM conference offered examples of how their organizations’ leadership has benefited from the practice of looking at enterprise risk holistically across a number of processes.

“One of the best examples of this is how we integrated ERM into our budgeting process,” Marianne Roth, chief risk officer at the Consumer Financial Protection Bureau, said.

All aboard. Roth said when the bureau got a new CFO, he agreed to use the CFPB’s “risk profile as an input to the budget process.” This meant that “every budget request had to be referenced against” a specific risk with an explanation of how the request could help mitigate that risk.

The process was “a little bit messy” at the onset, Roth admitted; a lot of people asked how to tie risks into their budget requests. To iron out those wrinkles, Roth sat down with the bureau’s risk owners (those accountable for one of the bureau’s enterprise risks) and members of its risk management council to lay out their mitigation strategies.

“I think that’s been a very successful way for us to have a more robust and transparent budgeting process, but also show value in ERM,” Roth said, “where it’s not just…having a list of risks that sit on a shelf and then no one does anything with it until the next year, when you have to update that list.”

Tone at the top. And what better way to make an organization accountable for its risk management strategy than having that message of accountability come from the highest level of management? That’s the case at AARP, where “our CEO is the executive sponsor of the ERM program,” according to Joseph Pugh, AARP’s senior director of ERM and compliance.

“We have a really strong tone at the top that I’m fortunate to have—I know a lot of places struggle with that,” Pugh told the audience. This top-level sponsorship “really sends the tone down to their C-suite, who…are the risk owners.”

Pugh offered another nugget of wisdom for the strategic-minded CFO. While risk management used to be an “addendum” in AARP’s strategy planning, it’s now front and center.

The organization conducts a risk assessment and identifies its top 10 risks “before strategy planning kicks off,” Pugh said, surveying board members and management to see where people are aligned in their perception of key risks, and where there may be disconnect. Leaders then “have a conversation in the boardroom, flesh it out, get everyone on the same page, [and] move to the strategic plan,” he said.

In effect, strategic planning pulls double duty in also mitigating risk, according to Pugh. The process “really helped management and the board kind of connect the dots between risk and strategy, which I think is really important.”

News built for finance pros

CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.