How a Part-Time CFO Will Conduct Risk Analysis on Your Business

The CFO Centre will provide you with a highly experienced senior CFO with ‘big business experience’ for a fraction of the cost of a full-time CFO.

This means you will have:

• One of Canada’s leading CFOs, working with you on a part-time basis
• A local support team of the highest calibre CFOs
• A national and international collaborative team of the top CFOs sharing best practice (the power of hundreds)
• Access to our national and international network of clients and partners

With all that support and expertize at your fingertips, you will achieve better results, faster. It means you’ll have more confidence and clarity when it comes to decision-making. After all, you’ll have access to expert help and advice whenever you need it.

In particular, your part-time CFO will work closely with you to take on the burden of designing the roadmap for the business.

Although our review process will reveal areas of weakness you specifically require help with, we take a very proactive approach to finding out where we can best help you. In other words, we don’t expect you to tell us what you need because that way, you are left to do the thinking. We work through a detailed methodology to ensure that no stone is left unturned.

Your part-time CFO will work with you to understand the risk profile of the business and of the shareholders. Too many initiatives launching or running concurrently can be problematic.

By managing the company’s risk profile and the risk profiles of the shareholders the whole business can be brought into alignment and can operate as a unit rather than as a set of individual parts.

When our part-time CFOs look at ‘risk’ in your business, they also work with you to:

• Identify future risk areas across the business and share that information with key employees.
• Include significant risk areas in the business plan.
• Test assumptions to find weaknesses in the business plan.
• Evaluate alternative scenarios and approaches which may lead to improved outcomes.
• Consider contingency plans in case things go wrong.
• Provide forecasts based on risk analysis.
• Provide your organization with an elevated sense of credibility (with a high calibre CFO as part of the team) your organization will be perceived by funders and other third parties as a much ‘lower risk’.
• Act as a sounding board to discuss and critique your plans.
• Liaise with funders when circumstances change.
• Test the effectiveness of your marketing.
• Test the effectiveness of your operating procedures.
• Identify problem areas before they become unmanageable.
• Correct mistakes quickly before they cost too much.
• Develop incentive schemes for staff to lower the risk of losing key members of the team. After all, replacing employees is a costly enterprise. The average fee for replacing a departing staff member is £30,614 [$56,000], says Oxford Economics and income protection providers Unum.
• Coach you and your department heads through the implementation process.
• Safeguard all intellectual property including patents.
• Implement hedging strategies where there are financial risks such as currency or interest rate exposure.
• Improve resourcing to strengthen performance.
• To re-engineer the business as and when the competitive landscape changes.
• Improve customer relations where they pose a threat to the business.
• Use our own experience and the experience of the wider CFO Centre team and expanded contact network to help surround you with the best possible team.
• Help you achieve your work/life balance objectives (careful planning is key to freeing up your time and energy).
• Guide you through the business growth stages so you know what to expect and how to deal with changes.
• Help create a clear roadmap for delegating responsibilities and tasks out to your team to create more time and space for developing the business.
• Help communicate the business objectives to your family where appropriate (it can often help to have a third party involved who understands the needs and concerns of your family).
• Devise a reporting structure which acts as an early warning system for problems.
• Liaise with lawyers to understand possible legislative changes and ensure compliance.
• Investigate existing insurances and make sure that you are adequately covered if things do not go according to plan.
• Look into hedging strategies for borrowing abroad for example to fund overseas subsidiaries.
• Reduce your personal risk by looking into other types of security/funding.

Conclusion

It is never possible in business to eliminate risk or worry, but it is possible to create a framework and implement systems which lower your exposure to risk. That in turn allows you to focus primarily on growing your business.

Knowing that you have a framework in place to mitigate risk means that you can free up time and mental energy.

Lower your risk today!

Let one of The CFO Centre’s part-time CFOs help you with business risk analysis. To book your free one-to-one call with one of our part-time CFOs get in touch on:
tel: 1-800-918-1906
email: [email protected]
www.thecfocentre.ca

Business risk analysis is an essential part of the planning process. It reveals all the hidden hazards, which occupy the business owner’s mind on a subconscious level but which have not been carefully considered and documented on a conscious level.

Conducting and regularly reviewing business risk analysis brings huge benefits to a company. In this article, you will see:

• What are the risks facing your company?
• How to conduct a business risk analysis
• How a part-time CFO will conduct a risk analysis on your business

Not understanding the risks your company faces can bring your company to its knees, as a 2011 report, ‘The Road to Ruin’ from Cass Business School revealed. 

Alan Punter, a visiting Professor of Risk Finance at Cass Business School, said the detailed survey of 18 business crises during which enterprises came badly unstuck revealed that in simple terms, directors were often unaware of the risks they faced.¹

This report makes clear that there is a pattern to the apparently disconnected circumstances that cause companies in completely different areas to fail. In simple terms, directors are often too blind to the risks they face.

“Seven of the firms collapsed and three had to be rescued by the state while most of the rest suffered large losses and significant damage to their reputations,” he said.

“About 20 Chief Executives and Chairmen subsequently lost their jobs, and many Non-Executive Directors (NEDs) were removed or resigned in the aftermath of the crises. In almost all cases, the companies and/or board members personally were fined, and executives were given prison sentences in four cases.”

“One of our main goals was to identify whether these failures were random or had elements in common. We studied a wide range of corporate crises, including those suffered by AIG, Arthur Andersen, BP, Cadbury Schweppes, Coca-Cola, EADS Airbus, Enron, Firestone, Independent Insurance, Northern Rock, Railtrack, Shell, and Société Générale.”

“And our conclusion? To quote Paul Hopkin of Airmic, the Risk Management Association that commissioned the research: ‘This report makes clear that there is a pattern to the apparently disconnected circumstances that cause companies in completely different areas to fail. In simple terms, directors are often too blind to the risks they face.’”

A lot of business owners spend an unhealthy amount of their time worrying about what might go wrong but don’t have a formal risk management framework in place.

It is dangerous not knowing what might go wrong:

• When the money might run out.
• Whether a new product launch is viable.
• Whether a competitor has the resource and motivation to drive you out of business.
• What risks are involved in penetrating a new market.
• How the market is changing (and how it will react to your future plans/products/services).
• Whether a recession will change the playing field.

It is also dangerous not knowing your internal risks:

• What products are delivering the greatest profit?
• What happens if key members of your team decide to leave?
• Are you likely to reach market saturation?

What are the risks facing your business?

Business risks can be broken up into the following:

• Strategic risks – risks that are associated with operating in a particular industry.
• Compliance risks – risks that are associated with the need to comply with laws and regulations.
• Financial risks – risks that are associated with the financial structure of your business, the transactions your business makes and the financial systems you already have in place.
• Operational risks – risks that are associated with your business’ operational and administrative procedures.
• Market/Environmental risks – external risks that a company has little control over such as major storms or natural disasters, global financial crisis, changes in government legislation or policies.²

The ‘shoot, fire, aim’ approach favoured by many entrepreneurs is great for making things happen quickly but often jeopardizes the long-term stability of the business.

What is needed is a balance.

Once the business understands the risks, it means that it can move forward decisively and confidently. It’s hard to do this when there is a cloud of confusion hanging over the business.

Where to start…

You need to identify potential risks to your business. Once you understand the extent of possible risks, you will be able to develop cost-effective and realistic strategies for dealing with them.

Categories of risk

• Financial: This category includes cash flow, creditor and debtor management, budgetary requirements, tax obligations, remuneration and other general account management concerns.
• Organizational: This relates to the internal requirements of a business and issues associated with its effective operation.
• Equipment: This covers the equipment used for the conduct and operations of the business. It includes equipment maintenance, general operations, depreciation, safety, upgrades, and general operations.
• Legal & regulatory compliance: This category includes compliance with legal requirements such as legislation, regulations, standards, codes of practice and contractual requirements. It also extends to compliance with additional ‘rules’ such as policies, procedures, or expectations, which may be set by contracts, customers or the social environment.
• Security: This category includes the security of the business premises, assets and people, and extends to the security of technology, information and intellectual property.
• Operational: This covers the planning, operational activities, resources (including people) and support required within the operations of a business that result in the successful development and delivery of a product or service.
• Reputation: This entails the threat to the reputation of the business due to the conduct of the entity as a whole, the viability of product or service, or the conduct of employees or other individuals associated with the business.
• Service delivery: This relates to the delivery of services, including the quality and appropriateness of service provided, or the manner in which a product is delivered, including customer interaction and after-sales service.
• Commercial: This category includes the risks associated with market placement, business growth, diversification and commercial success. This relates to the commercial viability of a product or service and extends through establishment to retention and then the growth of a customer base.
• Project: This includes the management of equipment, finances, resources, technology, timeframes and people associated with the management of projects. It extends to internal operational projects, projects relating to business development, and external projects such as those undertaken for clients.
• Safety: This category includes the safety of everyone associated with the business. It extends from individual safety to workplace safety, public safety and to the safety and appropriateness of products or services delivered by the business.
• Stakeholder management: This category relates to the management of stakeholders (both internal and external) and includes identifying, establishing and maintaining an appropriate relationship.
• Strategic: This includes the planning, scoping and resourcing requirements for the establishment, sustaining and/or growth of the business.
• Technology: This includes the implementation, management, maintenance and upgrades associated with technology. This extends to recognizing the need for and the cost benefit associated with technology as part of a business development strategy.

Before you begin to identify the types of risks you face, you need to assess your business. Consider your critical business activities, including your staff, key services and resources, and the things that could affect them (for example, illness, natural disaster, power failures, etc.).

In particular, consider:

• The records and documents you need every day
• The resources and equipment you need to operate
• The access you need to your premises
• The skills and knowledge your staff have that you need to run your business
• External stakeholders you rely on or who rely on you
• The legal obligations you are required to meet
• The impact of ceasing to perform critical business activities
• How long your business can survive without performing these activities.

Doing this assessment will help you to work out which aspects your business could not operate without.

Identify the risks

Look at your business plan and determine what you could not do without and what type of incidents could have an adverse impact on those areas. Ask yourself whether the risks are internal or external. When, how, why and where are risks likely to occur in your business? Who might be affected or involved if an accident occurs?

Ask ‘What if?’ questions. What if your company’s critical documents were destroyed? What if you lost access to the internet? What if you lost your power supply? What if one of your key staff members resigned? What if your premises were damaged? What if one of your best suppliers went out of business? What if services you rely on, such as communications  or roads, were closed?

Think about what possible future events could affect your business. Consider what would lead to such events happening. What would the outcome likely be? This will help you identify risks that could be external to your business.

Assess your processes

Evaluate your work processes (use inspections, checklists, and flow charts). Identify each step in your processes and think about the associated risks. What would stop each step from happening? How would that affect the rest of the process?

Consider the worst case scenario

By thinking of the worst possible things that could affect your company can help you to deal with smaller risks. Once you’ve identified risks relating to your business, you’ll need to analyze their likelihood and consequences and then come up with options for managing them. You need to separate small risks that may be acceptable from significant risks that must be managed immediately.

Analysing the level of risk

To analyse risks, you need to work out the likelihood of it happening (frequency or probability) and the consequences it would have (the impact) of the risks you have identified. This is the level of risk, and you can calculate it using the following formula: Level of risk = consequence x likelihood

Level of risk is often described as low, medium, high or very high. Assign each risk a likelihood rating from 1 (being very unlikely) up to 4 (being very likely). You can use a rating level higher than 4.

You should also assign each risk a consequence rating from 1 (being low) to 4 (being severe). Again, you can use more than four levels.

Once you’ve assigned each risk a likelihood and a consequence rating, calculate the level of risk. You then need to create a rating table for evaluating the risk (which means making a decision about its severity and ways to manage it).

You need to consider:

• How important each activity is to your business
• The amount of control you have over the risk
• Potential losses to your business
• The benefits or opportunities presented by the risk

When you’ve identified, analysed analysed and then evaluated your risks, you need to rank them in order of priority. You can then decide how you will treat unacceptable risks. To do that, you will need to consider.

To do that, you will need to consider:

• The method of treating the risk
• The people responsible for the treatment
• The costs involved
• The benefits of the treatment
• The likelihood of success
• The ways to measure the treatment’s success

To do that, you will need to consider:

• Avoid the risk
• Reduce the risk
• Transfer the risk
• Accept the risk

---

¹ ‘ The Road to Ruin’, Punter, Alan, Financial Director, www.financialdirector.co.uk, Aug 18, 2011One of our main goals was to identify whether these failures were random or had elements in common.