Savvy CFOs are Using Data Analytics to Mitigate Risks

Data analytics has shifted from being “just a fad” to a business necessity. Once considered the playground of marketing, data analytics has entered the mainstream stream business. Companies are no longer investing in data and analytics with the sole purpose of aiding marketers and drive revenues.

Rather, they are also exploring the opportunities of data analytics application in risk management.

The risk landscape is changing fast and this is driven mostly by increased volatility, heightened economic and political uncertainty, intense regulatory complexity, high-profile data breaches, rising employee fraud, shifting consumer habits and preferences, and increased competition.

As a result of these fundamental changes the strategic conversation around risk is changing too. Thus, business leaders should embrace risk as a tool used to create value and achieve higher performance. It is no longer something to only fear, minimize and avoid.

Applying data and analytics to an organization’s risk efforts plays an important role in strengthening internal controls. Implementing stronger controls is essential for avoiding and reducing substantial financial and reputational losses.

Companies that have previously placed little value or emphasis on strengthening internal controls have learned the hard way, and for many, the wake-up call came too late.

High-profile Data Breaches

The number of cyber attacks and ensuing data breaches is at alarming rate. Hackers are targeting companies across all industries and stealing treasure troves of data for criminal proceeds. Recently, a global cyber attack “WannaCry” halted service delivery and brought businesses and countries to their knees, locking people out of their data and demanding they pay a ransom or lose everything.

In the wake of these massive data attacks, companies are waking up to the realization that they need to strengthen their cyber resilience programs.

Investing in data analytics is one way of achieving this, and CFOs are uniquely positioned within the organization to drive the analytics efforts. Although data is the oil of the new digital economy, finance executives must look at data in two ways – as a source of risk and as a means to manage the risk.

Real-time Monitoring of Data

This is essential for reducing the potential of data breaches and better protect strategic data of the company. The CFO can help monitor the company’s data by performing real-time data-flow analysis and outlier analysis.

The former involves tracking the location of data at different times during a business process. Internet of Things (IoT) has brought about new ways of collecting and storing large quantities of data sets.

For instance, sensors are being installed in machines, clothing items, delivery vehicles, wearable devices, company products etc and these minute devices are capable of transmitting the data to an internal server for further analysis and insight generation.

Majority of the data hacking incidents happen at night when business have shut down for the day. It is this period that companies are more prone to cyber breaches.

By regularly conducting data-flow analysis, personnel responsible for data security will be able to detect any unusual data queries being made on the company’s database during a certain period, and compare that number with trends over the last month, quarter, year or longer.

If a trend is identified, this should act as a starting point for asking specific questions around data security and trigger responses.

Outlier analysis, mostly used by credit and debit card companies and other financial institutions, helps identify anomalies in the customer’s transaction history. Based on the historical transactions of the credit or debit card holder or customer over a period of time, the company is able to develop a profile for each and every customer.

Suppose one of your clients resides in Location A where he or she mostly transacts from, one day you notice that soon after recording a transaction in Location A another large sum transaction is recorded in Location B within a short period of time and the commuting distance between A and B is long making it impossible for your customer to be in one place at one time, this transaction must immediately be flagged up as an outlier and tell you that something is unusual.

Thus, as the purchasing history data of your customers increase, more focus should be placed on real-time outlier analysis. Thanks to technological innovation, today’s computers have massive computing power to store and perform this critical analysis on very large datasets.

Make Use of Both Structured and Unstructured Data

Structured data is easy to analyze because it is highly organized and predictable. Unstructured data is essentially the opposite, it takes more effort and time to compile.

However, much of the company’s data is unstructured, and this where CFOs can uncover perils and act almost immediately to avert hazards.

Thus, as social media networks continue to grow in use, finance executives need to find meaningful ways of combining data from multiple sources, regardless of location or format, for analysis.

It is through this combination and analysis of disparate datasets that finance is able to make informed analysis and provide improved decision support.

Many brands have suffered mishaps because of poor or misaligned social media strategies. For instance, a negative tweet was allowed to go viral before the company could hardly respond leading to damaged reputations.

Thus, having a coherent and well executed social media plan will help you detect any external threats to the company’s reputation. One negative tweet has the massive potential to make you lose your key customers and shut door.

In high performing companies, CFOs are taking advantage of new technologies and keeping an ear on the ground in order to hear what is being said about their companies on social media platforms.

This new software has the capabilities to gather and combine data from various social media platforms concerning the company’s products, services, competitors etc.

They have also deployed teams to provide round-the-clock monitoring of social media activities.

When this data is analyzed and insights gleaned, the company can reach out to the message source, tell its side of the story and resolve any differences. Better more, the company is also able to trigger a response ahead of any negative story.

Retail companies are making use of image-recognition software to detect product issues while they sit on market shelves and ensure these errors are corrected well in advance. Using their smartphones, sales reps can snap photos of the company’s products. The software then makes an instant visual analysis of the photos leading to corrective measures being taken.

Email Risk and Fraud Prevention

As employee fraud continue to skyrocket, email use, in its unstructured form, is getting special attention. If fraud perpetrators are not detected well in advance and their plans allowed to flourish, the organization stands to lose hundreds if not millions of dollars.

It is therefore imperative that companies invest more time and resources analyzing the email patterns of their employees. For example, real-time monitoring of patterns in the metadata of employees’ email communications can help you reveal risks before they take centre stage.

You need to look at clues such as – Who is the email being sent to? What is the subject and the nature of the content? Is the email high priority or low priority? Who is copied and blind copied? What time of the day is the email sent?

Investigating such information can help you monitor incoming and outgoing email traffic of specific groups or individuals, locate high risk areas that you need to look into and also establish if restricted company information is being released to the public either accidentally or on purpose.

The success and power of data analytics in achieving value-adding risk management depends heavily on the quality and preciseness of the questions asked, the organization’s ability to gather data that addresses these questions, the integrity of the data gathered and the ability of users to draw insights from the data in an objective manner.

Before investing in data analytics software, first identify the challenges your business is currently facing and ask the critical key performance questions that you want answers for.

Share

Defining and Evaluating Business Risks

Having an effective enterprise risk management (ERM) program that helps to measure, monitor and manage risks is no longer a nice to have but a must.

Organizations regardless of which industry they operate in are increasingly facing strong headwinds that are forcing them to rethink the way they run their businesses, build new capabilities, implement agile strategic responses and approach risk management more seriously.

New technologies, increased economic and political uncertainty in emerging markets, slowing global growth, commodities price decline and Brexit are some of the issues posing immense pressures on organizational decision makers and value chains.

In this environment, objectively defining risk and measuring its impact on the business is very imperative. This is critical for designing and implementing effective mitigation plans, creating value and improving business performance.

Benchmarking is not always the answer

Benchmarking is one of the popular tools used by decision makers to improve processes and ultimately business performance. So often business managers make reference to benchmarking information to gauge their organization’s performance against the “so called best” in the industry.

However, the fact that every business and organizational structure is unique in their own special ways, care must be taken when using benchmarking. No two businesses are exactly the same in all aspects.

Data is critical when measuring risk. Without the data, the whole process becomes pure speculation. In today’s digital economy and information age, data collection is dynamic, allowing businesses to continuously evaluate risks. However, the data type, quality, quantity and method of gathering varies by organization, process, and functionality.

Thus, in order to benefit from benchmarking, decision makers need to first clearly understand the methods used to gather the benchmarking information, the integrity of the gathering process, and how this relates to their organization’s specific situation.

Identify the risk

Identifying the risk events is one of the most critical attributes required to perform a successful risk assessment exercise.

The challenge for many people is that they consider the risk identification process as a “listing” exercise of all the things that might go wrong in any given time period.

The objective of enterprise risk assessment is not to maximize the number of key risk indicators (KRIs), but rather to take a holistic view of risk across the enterprise and prioritize resources and efforts on those risks deemed critical to the business.

Identified risks must be those significant to the business and have the potential of adversely derailing successful strategy execution. Thus, it is imperative that risks and strategic planning are clearly linked with some type of appropriate risk response.

What is the probability of occurrence?

The probability of occurrence should determine whether the identified risk(s) is/are worthy of management, control, or not. Determining this probability is not a subjective or guessing exercise.

Instead, data analysis is a critical part of the process as this provides factual information to base upon. Data is one of the most valuable assets for an organization today. Businesses that are able to leverage data and analytics in their risk assessments are uniquely positioned to better run their operations and achieve strategic, operational and financial success.

Make sure the data used in the analysis is accurate, reliable and real-time as this is critical for both performing an objective/fact-based risk assessment and presenting a truer reflection of the situation.

In today’s data and analytics world, organizations can take advantage of new technologies and incorporate predictive analysis in their data-based risk assessment models. Making strategic decisions based on information provided by backward-looking and reactive models will lead you and your business to unwanted territories.

Predictive models are forward-looking and allow business managers to be proactive. They help you identify trends and patterns, plan for the future with greater certainty and implement agile responses.

Consider the impact of the risk event(s) on the business

Unfortunately, for many organizations, risk management is a box-ticking exercise with little emphasis placed on overall impact on the business. People do not understand the impact of identified risks on the overall achievement of objectives and business performance.

Furthermore, risks today are interconnected. One risk event can lead to a chain of risk events, and if not properly mitigated, the exposure to the business is big. It is therefore imperative that you clearly understand the impact of aligned risks that occur as a result of the original risk event taking place on the achievement of objectives.

Being knowledgeable about these risks helps design and implement an effective ERM program that prioritizes identification, assessment and management of those risks considered significant to cause havoc to the business and negatively affect performance.

Build a good foundation

Designing and implementing a successful ERM program is not once-off or short term business objective. Instead, it is a continuous strategic initiative for the long-term success of the organization.

Laying up a good foundation starts with the organization clearly defining its ERM strategy, identifying key risks to the business and utilizing an effective set of KRIs.

If properly designed, these KRIs will help you to calculate the probability and also evaluate the impact of more than one risk across different aspects of your business. The focus is not on managing individual risks, but rather,  taking a holistic view of risks across the enterprise to ensure success.

Senior management commitment towards ERM is also required to ensure middle and lower level employees continuously recognise risk management an important strategic imperative critical for driving performance.

I welcome your thoughts and comments.

Share

Increasing Finance’s Relevance to the Business

To remain successful and relevant to the business in today’s VUCA environment, Finance must move beyond the control and compliance status quo, become a better business partner, and provide insights that enable decision makers to allocate resources effectively and grow the business.

Become a better business partner

Finance Business Partnering (FBP) reaches far beyond number crunching and closing the books. Instead, FBP involves Finance taking a holistic view of the business and helping managers understand not just the financial results, but also the underlying causes, trends and drivers of those results.

CFOs should be able to identify, assess and address current and future conditions with long-term impact on the organization. In other words, they should be objective, proactive, analytical, and thinking beyond Finance, to be able to see the bigger picture and challenge existing assumptions. How can Finance successfully support the business to execute strategy?

In addition to understanding the business and developing forward-looking capabilities (through the use of rolling forecasts, driver-based planning and scenario modelling techniques), in order to become better business partners, CFOs should also improve their communication skills. They must be able to communicate the numbers in easy to understand terms. At the same time, they also must develop effective change management, interpersonal and leadership skills.

The above soft skills are key to bringing the desired results.

Successful finance transformation is about improving business performance as a whole, and not only about increasing process efficiency within the Finance function.

Finance teams should therefore engage with all business leaders on a continuous basis and focus on value-adding analysis to support better business decisions.

Improve the current operating model

As the role of the CFO continues to evolve from a number cruncher to a more strategic advisory role, the Finance operating model must also evolve. Strategies that have previously worked to deliver efficiency and drive growth will not do it today.

For instance, in the past many companies outsourced and offshored certain finance processes in order to shrink costs and support decreasing margins. However, new technologies are reversing this trend. There is a decline in outsourcing and offshoring trends, and a rise in inshoring.

Companies are realizing that by investing in advanced management and analytics technologies, they can automate and streamline processes that were once preferred candidates for outsourcing, increase efficiency and reduce costs.

These companies have also built Centres of Excellence and Shared Services Centres in order to increase efficiency.

You therefore need to perform an assessment of all dimensions of the your organization’s existing operating model (Organization, Processes, Controls, Technology, Data, Resources etc.) and evaluate if they are still relevant.

What are the forces disrupting and reshaping your current Finance operating model?

You also need to note the potential inter-dependencies between the various finance processes and activities as well as how they shape the overall value creation.

This will help you identify weaknesses in any processes, evaluate the impact on performance, and select smart ways to strengthen these processes, for example, through implementing new systems or upskilling  and reskilling of current resources.

Thus, it is important to set out a clear vision and strategy for Finance and define key performance metrics that are aligned with business strategy.

Embrace new technologies

The gap between Finance and IT has significantly narrowed. Without IT, you cannot do Finance. New digital technologies are helping CFOs to shorten reporting cycles, improve forecast accuracy, better manage business risks, and speed up decision-making processes.

Innovation is no longer a nice to have, but an imperative. That’s why today’s CFOs are expected to be tech-savvy.

Digital technologies have the potential to transform Finance into a more agile, forward-looking and insight-driven function. Unfortunately, in many organizations, outdated legacy systems are limiting Finance’s ability to deliver value.

However, it is important to note that technology alone is not the answer. In order to achieve true digital transformation, you need to ensure that there are adequate support systems in place, from the right talent mix to the suitable operating model.

Although the number of digital tools out there is large, you need not invest in each tool on the market. Develop a clear digital strategy and choose the tool(s) that will help you positively change the way your business operates and deliver maximum results.

I welcome your thoughts and comments.

Share

The Basics of Cyber Risk Management

New technologies, increasing digitization and globalization are transforming customer behaviors, operations and business models, presenting huge opportunities for business success, at the same time driving up cyber incidents .As organizations embark on their digital transformation journeys, it is imperative that they also assess possible threats presented by these new technologies.

Traditionally, the focus for risk management has exclusively been on protecting value. However, in today’s digital economy, there has to be a shift from value protection to value creation. How best can you leverage risk management to benefit from new technologies and digital innovation?

Companies that are placing a higher emphasis on value protection and risk avoidance are most likely to find themselves behind the packing order. On the contrary, those organizations that are approaching risk management the appropriate way and establishing better ways to address cyber risk are in a unique position to achieve greater competitive advantage and superior business performance.

Cyber Risk Should Become a Strategic Imperative

As the number of reported cyber incidents continue to escalate, it shows that cyber risk is now a top tier business risk. This means cyber risk management must become a strategic priority. The challenge for many C-suite executives and boards is that they lack a deeper understanding of cyber risk and its implications on the business.

This lack of deeper knowledge and an understanding of the cyber threat landscape is making it difficult for many executives to make meaning conversations around the topic.

Although cyber risk is everyone’s responsibility within the organization, boards and C-suite executives play the ultimate oversight role. They have to make sure the organization has a functioning cyber program that is aligned with risk appetite and threshold.

As one of the members of the C-suite, in partnership with the CEO, the CFO can play a critical role in ensuring that there are frequent discussions around the strategy table concerning cyber risk.

Risk and performance are interrelated, and since the CFO is mainly responsible for organizational performance improvement, s/he possesses the business acumen and analytical capabilities to create awareness of cyber risks and provide regular reporting to the CEO and the board.

The business environment is increasingly complex and so is the enterprise risk landscape. Successfully driving performance in this environment therefore, demands the board and C-suite level to have a deeper understanding of risks capable of derailing strategic execution.

In other words, these senior personnel must develop a positive risk mindset and as well as the ability to ask the key performance questions. This is necessary to gauge the organization’s cyber risk exposure and build cyber resilience.

It is therefore, critical that boards and C-suite executives stay informed about cyber threats and their potential impact on the organization’s strategy execution, reputation, financial and operational performance.

Understand the Nature of Cyber Threats and Attacks

In order to effectively manage cyber risk, it is important for senior executives and their teams to have thorough knowledge and full awareness of the different types of cyber incidents. Over the past few years, cyber crime has grown from simple cases of theft and fraud. Cyber threat has grown to include digital terrorism, government sponsored hacks, disruption of services, corruption of data, Man in the Middle (MITM) attacks, malvertising, rogue software, ransomware and advanced persistent threats.

The above cyber incidents can all result in the organization incurring huge tangible and intangible costs. Organizations that have fallen victim to cyber criminals can attest that the aftermath cost are detrimental to the long-term survival of the business. Costs incurred by these organizations include regulatory penalties, legal damages, financial compensation to affected parties, loss of competitive advantage, loss of customer and business partner trust and ultimate damage to the organization’s reputation and brand image.

How is your organization’s track record in terms of documented cyber attacks and data breaches?

Having an experienced and knowledgeable leader surrounded by a capable team is key to ensuring that the organization has the traits to detect, monitor and proactively respond to cyber threats and attacks.

Today, stakeholders are placing higher confidence in leaders who are exhibiting greater risk awareness and have sound strategies in place to protect business assets against unknown threats.

Important to note though is that cyber risk management goes beyond technical. Not everyone needs to be an IT Security specialist.

Having business acumen and enough appropriate knowledge to engage in intelligent conversations concerning cyber security and risk is key to grasping the fundamentals of cyber risk.

Embed Cyber Risk into the ERM Framework

Having an enterprise-wide cyber risk policy that is approved by the by the board and embedded into businesses’ ERM framework. The cyber risk program must take into account all the aspects of the business that are susceptible to attacks and data breaches. Are there adequate security controls in place? Does the organization have capabilities to detect and monitor vulnerabilities?

Moreover, KRIs and KPIs must be developed and monitored regularly. This will help immediately identify any threshold and performance breaches, and in turn, escalate such breaches to senior management.

When cyber risk is part of the ERM framework a cyber-aware culture is promoted, which means cyber risk management becomes an everyday part of the business. People will take own responsibility for the management of risk and proactively involve others when needed.

The board and C-suite should set the right tone at the top in order to ensure there is a buy-in at the lower levels. If the top level is not concerned and ignorant of cyber risk, it is extremely difficult for the lower levels to prioritize cyber risk management.

Thus, it is important that when executives talk about cyber risk, they do so openly and honestly using common language that promotes shared understanding throughout the organization.

I welcome your thoughts and comments.

Share

Finance Can No Longer Afford to Keep Up With the Status Quo

The world around us has significantly changed and the rate at which this change is happening is terrifying. Established business models are under attack and subject to rapid displacement.

Digitization, increased regulatory demands, advanced technologies, the emergence of new business models, rapidly changing risk landscape and new challenges from global competition are all disrupting businesses from left, right and center.

Instead of viewing disruption as a threat, executives must rather, view disruptive forces as catalyst for change and great opportunities. Unfortunately, many executives are slowly responding to disruption because of fear of failure. All they see are the negatives, and not an opportunity to exploit the unseen possibilities.

In this rapidly changing climate, maintaining the status quo is not a recommended option. If you snooze, you lose. The organization must constantly be attentive to what is happening, both within and outside its walls. Which forces are driving and hampering value creation? What are the risks of and to the strategy? What are the strong beliefs that are significantly held in your industry; can these be challenged and reframed?

Answering the above questions will help you identify new forms and mechanisms of value creation. Finance is uniquely placed within the organization to provide solutions to these questions.

Leveraging on its analytical capabilities, the function can help decision makers spot and monitor leading indicators, model alternative scenarios and implement modern planning techniques to ensure long term success.

Data is the new oil of the digital economy

Data and analytics technologies are altering business models and transforming the way finance creates and adds value to the business. Data is expanding in volumes and variety and the challenge for many organizations is to harness data power to drive business performance.

In the past, implementing cost cuts across the board was more than enough to improve the bottom line. Unfortunately, in today’s digital economy, this approach is no longer feasible. You can only lower costs to a certain point, after that point, the exercise becomes self-defeating.

Digital technologies have reduced the cost of doing business and barriers of entry.

Because of these changes, finance has to find alternative ways of driving value up the value chain. Executives can longer rely to base strategic decisions on financial statements information alone. Doing so is a sure recipe for failure. They need better information that support decision-making and propel the company forward.

Finance can successfully fulfill this role by embracing analytics and providing data-driven insights. Cloud and subscription-based technologies are making it inexpensive for companies to invest in analytics. These technologies have the advantage of helping companies analyse larger and complex data sets and extract accurate and trusted actionable insights.

Any company, big or small, is now a suitable candidate of becoming an analytics powerhouse. However, to get an edge from data, it is critical that the organization has the right data talent, data governance and management processes and systems in place.

By combining the right technology with the right analytics and expertise, businesses can use both structured and unstructured data better to identify trends, derive real-time insights, facilitate decisions, and define actions that improve performance and deliver a critical competitive advantage.

Finance transformation is more than automation

When it comes to finance transformation, there is a general perception that the whole process is about automation. It goes beyond process automation. Technology is just another piece of the complete puzzle.  Yes, it is true that technology enables you to standardize processes, eliminate redundancies, achieve operational agility and perform activities much faster and cheaper but it is not the only ingredient.

People and processes are also key ingredients. Traditional finance professionals are used to working in the back-office all day long. Gone are these days. Finance transformation calls for a different skill set. Front-line players. People with a brilliant understanding of business, great leadership, influential, collaborating and communication skills.

Fulfilling the catalyst and strategic advisory role requires a finance person with a great vision of the future, someone who has the ability to anticipate change, challenge widely held beliefs, innovate new business models and persuade peers to embrace change.

Now that you have automated your accounting and finance mundane processes, as a finance leader, has your contribution to the business increased? How more involved are you in the business now versus pre-automation? How much time do you spend on strategic issues and decision support versus financial reporting?

All three – people, processes and systems must be in sync in order to achieve the best outcomes.

Do not be afraid to take the first step

Done successfully, finance transformation is worth it and can yield positive results for the business. The opposite is true. Done badly, the business can end up incurring unnecessary costs and suffer badly.

The challenge for many companies is starting the transformation journey. Naturally, people are resistant to change and prefer the tried and tested methods of doing things. However, in today’s highly volatile environment, growth strategies that got you here will not get you to the next level. If your organization is to survive and grow, you need to adapt, develop and implement dynamic strategies.

Transitioning from the traditional finance status quo to finance business partnering is an ongoing process and not a once-off project with a defined start and end date. That won’t happen overnight. Finance transformation requires a joint effort, time and the adequate mix of talent and tools.

You therefore need to continuously re-evaluate transformation gains and flaws, and build lessons learned into the next stages of transformation. This is critical for large scale, long-term successes.

By making continuous improvement an everyday focus, you will certainly make great progress.

I welcome your thoughts and comments.

Share

+27 (0) 73 007 1933

info@erpminsights.com