Transcription
A leadership guidefor the risk leaderStrategies and tools for the risk leader
Chartered Global Management Accountant (CGMA )The CGMA designation is the most widely held management accounting designation in the world. It was establishedin 2012 by the American Institute of CPAs (AICPA) and the Chartered Institute of Management Accountants (CIMA) toelevate the profession of management accounting globally. It distinguishes more than 150,000 accounting and financeprofessionals who have advanced proficiency in finance, operations, strategy and management. In the U.S., the vastmajority are also CPAs. The CGMA designation is underpinned by extensive global research to maintain the highestrelevance with employers and develop competencies most in demand. CGMAs qualify through rigorous education,exam and experience requirements. They must commit to lifelong education and adhere to a stringent code of ethicalconduct. Businesses, governments and nonprofits around the world trust CGMAs to guide critical decisions that drivestrong performance.cgma.orgA leadership guide for the risk leader – Strategies and tools for the risk leader 2
Contents4Skills to navigate risk landscape5But how does a risk leader lead?9Risk leader checklist12 Additional resources13 AcknowledgementsA leadership guide for the risk leader – Strategies and tools for the risk leader 3
Skills to navigate risk landscapeAgility. Awareness. Complexity. Continuity. Influence. Leadership. Strategy.These are skills needed to navigate and manage therisk landscape of today. The luxury of annual monitoringand intermittent identification of risks is a practiceof the past. The need to manage risk effectively andpromptly has risen to new levels. The complexity of therisk environment requires awareness, dependent verymuch on the entity’s culture(s) and strategies. To leada successful risk program, the finance professionalmust be a strategic thinker, analytic superstar, agileand resilient leader with the ability to communicate andmotivate the organisation to success and continuity.This tool explores the requisite skills, talents and abilitiesrequired to lead your organisation’s risk program. Inaddition, there will be a focus on how to develop theseskills, both in yourself and your teams.Figure 1: CGMA Competency Framework — 2019 eadershipskillsThe leadership qualities needed to successfully lead anorganisation through its Enterprise Risk Managementprocesses are integrated into the holistic competenciesof certified accountants and financial professionals.The CGMA Competency Framework, shown above,demonstrates leadership skills as one of five necessaryPeopleskillsknowledge areas. Inherent within each skill area is theprofessionalism and ethics of the individual. As canbe expected, there are varying levels of proficiencywithin each of the skill areas: Foundational, intermediate,advanced and expert. All five skills work togetherand function at different levels in the risk leader.A leadership guide for the risk leader – Strategies and tools for the risk leader 4
The role of the finance professional from information to impactFinance professionals are expected to add value to an organisation. This can be done through a process of:(a) Assembling information — Unstructured data from a range of relevant sources is collected and cleanedfrom its raw format and assembled into meaningful information. (b) Generating insights — Analysis ofboth financial and non-financial information leads to insights needed to improve the performance of theorganisation. (c) Influencing decision-makers — Insights are obtained and then used to advise and influencerelevant stakeholders within the organisation. (d) Achieving impact — Management accountants use enablingand control systems (e.g., strategic planning, budgeting and performance reviews) to guide actions and helpensure the required impact is achieved.AssembleAdviseAnalyseApplyReference: CGMA Global Competency Framework 2019 edition, page 5But how does a risk leader lead?First off, know that, as a leader, you can’t and won’tknow everything. Developing, creating, nurturing andbuilding a team of individuals who have strengths tocomplement one another in each of the areas is critical.Humility in leadership enables success for your team andorganisation. Further, recognise that while you empowerthis team to make the necessary decisions to evaluate,mitigate and identify and analyse manage risks, you donot own the risks — these are owned in the particularfunction or business unit from which they arise withinthe organisation.Know your role. Bring to the table the overallstrategy, vision and ultimate end goal. Ideally, you’vebeen included in your entity’s strategies, goals andmission/vision development and revisions. You’ve heardvarious stakeholder’s needs, wants and nice-to-haves.You are aware of the constraints: time, budget, resources,support and third-party assistance. Key performanceindicators (KPIs) have been discussed at an executive levelfor at least the most critical of identified risks. Your role isto ensure that your risk team is aware of how the variablesaffect their daily work and achievements. And plan forfailures: Expect the unexpected by proactively preparing,identifying and dealing with potential failures. Foster anenvironment that allows for learning through failures.A leadership guide for the risk leader – Strategies and tools for the risk leader 5
Know your team’s role and know your team and theculture in which they are operating. Through awareness,analysis and listening, determine your team’s strengthsand weaknesses and position them for success. Ensurethat appropriate and relevant training is received. Donot be one of ‘those’ managers who is known formicro-management. As a leader, you’ve come up throughthe ranks and therefore have a lot of knowledge andexperience to impart. Let your team develop theirskills and abilities with direction, but not constantoversight, especially at the mid-level and above. Inthe multi-generational, evolving business environmentin which we all find ourselves, there is rarely onlyone single path to the same outcome. Guidance isoften appreciated.Communication and influence. As a leader,your team is no doubt very diverse in all areas(education, experience, social, etc.) and, with that,several methods of communication should be used.Whether it is one-on-one weekly meetings, a largeweekly meeting with the team, or email directions andinformation, ensure that your team is kept abreastof current activities relevant to their position and theorganisation. Gone are the days when an employee is‘tested’ by withholding information. Transparency iscritical in risk and it begins with you and your frequent,relevant, timely and sensitive communication.Effectively influencing both upwards and downwardsin your organisation includes being able to affectdecision-makers and implementers.Another point on influencing. You may wish to developa network of managers, staff or other interested“champions” in the organisation. These folks may notdirectly report to you or your office, but can play a pivotalrole in the early identification of risks and further analysiswhen needed. Successfully leveraging this networkserves as a force multiplier for your influence. On theother hand, if this network is poorly leveraged or ignored,the force multiplier works in the opposite direction toyour detriment.What does influencinglook like?The skill of influence is often demonstratedthrough your willingness to learn (and listen), a cknowledging viewpoints different fromyours instead of quickly jumping to defendyour viewpoint, s upporting organisational initiatives (eventhose that are not developed by your team), t he gravitation of others towards you inmentor/mentee relationship, c reating a cohesive and respectful environmentto allow for mistakes and failures as well assuccesses and merits.Trust your team. The remote and virtual environmentkicked off the current decade, and trust was a spotlightfocus. Trust has to be earned; your responsibility as aleader is to cultivate the proper environment that beginswith leading by example. Demonstrating the behavioryou seek from your team is an effective method ofencouragement. Honesty is a critical facet of trust.Although this may at times be awkward, it should neverbe rude or demeaning. As a leader, taking the time toactively listen is a purposeful activity that will soonbecome a habit. Seeking feedback from your team,as well as providing the same, cultivates a culture ofaccountability and ultimately trust.In the early stages of an Enterprise Risk Managementprogram, people may be reluctant to share risks as theyperceive that it shows weakness in their management.You must work to build trust and ensure that as risksare identified, those identifying risks are not penalised.The goal is to promote transparency and communicationand this can only be accomplished in an open andtrusting environment.A leadership guide for the risk leader – Strategies and tools for the risk leader 6
Drive performance. Ultimately, performance is themeasurement of success. The ability as a risk leaderis reflected in possessing the necessary skills andapplying these skills to drive results towards thesuccess of the entity in achieving its strategic objectives.The leadership skills identified to attain success areprovided from the 2019 edition of the CGMA CompetencyFramework and include:1. a n understanding of the business structures,operations and financial performance2. m anagement responsibility for implementingand achieving results3. a strong understanding of the organisation’senvironment, current strategic position anddirection, with strong analytical skills andthe ability to advise on strategic options forthe business4. a bility to develop strategic vision and provideunique insight into the overall direction andsuccess of the organisationThe application of leadership skills is oftendemonstrated through the influencing skills asoutlined above as well as developing a reputation forbeing a subject-matter expert or thought leader in therisk discipline. This comes from not only educatingyourself on relevant and current information, trends,and regulations but disseminating these to your staffand other pertinent stakeholders in the organisation.Demonstrating a positive, inquisitive, solutions-orientedcharacter and encouraging those around you to dothe same is a key skill of a successful leader.CGMA leadershipskills definedIntermediate M anage and communicate all aspects of theperformance management process, ensuringalignment with development plans. E nsure accountability among the team toset stretch targets; drive challenging targetsand review functional performance againstthese targets. C reate an environment where teamsand individuals enjoy achieving results;leverage additional capability in resourcesto deliver results. P romote the expectation of exceptionalperformance as the norm; look for new waysto improve performance and deliver value.Expert L ead in driving and enhancing performancemanagement throughout the organisation. E stablish and drive the strategies and standardsrequired to deliver against business plans;translate internal and external analysis intostrategy and action. S et and promote standards for best practiceand outstanding service delivery; createprogrammes and incentives that drive andreward results. S et up and structure business units so theycan deliver against strategic targets.¹ CGMA Competency Framework, 2019 edition p. 67A leadership guide for the risk leader – Strategies and tools for the risk leader 7
‘ A robust [Enterprise] Risk Management system is like a bridge over spansof dangerous waters that provides an enterprise capability to carry and leverageits business opportunities. The stronger this bridge the greater the spans andrisk load bearing capacity and that enables an enterprise to monetize theopportunities with greater leadership agility’.Ash Noah, CPA, FCMA, CGMA, VP & Managing Director CGMA Learning, Education & Developmentat the Association of International Certified Professional AccountantsBe agile. The definition of agile is the ‘ability to movequickly and easily’. Agility has quickly come to the forefrontglobally and focuses not only on flexibility and changebut on resilience, continuity and efficiency. The effects ofexcellence in agility are ultimately seen in the success ofthe financial performance of an organisation. Althoughagility has come to be understood as going hand in handwith technology, the demonstration of agility is beyondincreased technical and digital skills and awareness. Manyattributes define an agile leader, including:Adaptability — An agile leader must adapt to leadin times of disruption. Having the courage to benimble and take action to address disruptionsbased on current relevant information and trendsis what defines an agile leader.Collaborative — To implement operationaland process changes, an agile leader must becollaborative to trust and empower their teams tosolve problems most efficiently. Agile leaders fosterinclusive cultures where differing perspectives andideas are encouraged and celebrated.Curiosity — Agile leaders continuously listenand learn with a genuine curiosity and opennessfor process improvements.One of the first things accountants and financeprofessionals are told as they enter into the professionis the 80–20 rule. ‘Twenty percent of the people do 80%of the work’, ‘20% planning; 80% execution’ and the listgoes on. For a risk leader, this could mean concentrating80% of the efforts on the 20% of identified critical risks,or finding 20% of your work and your team’s that delivers80% value. Agility is a form of efficiency and lookingbeyond the habitual methods of thinking and practicingthis will yield results. Beyond the immediate results, thischange in approach will increase the value that yourteam can provide to the organisation.Change strategies quickly. This has never beenmore apparent than in early 2020 when the entire worldwas forced to rethink how work was accomplishedon nearly a week-to-week basis. An organised, formalrisk discipline is newer than established functions likefinance or accounting. Organisations are adapting towhat this new function looks like and what to do with thenew information that an Enterprise Risk Managementprogram provides to executive management. What doesthis mean to the risk leader? You must be agile andchange strategies quickly if something isn’t working. Newrisk leaders may fall into the trap of providing too muchinformation, risk heat maps that are too detailed or toomuch analysis to executive management. The risk leadermust listen to the audience for their needs and quicklyadapt or refine strategies if something isn’t working.ClearleadershipStrong leadership is one of the top three criticalsuccess factors for a successful financetransformation. Leaders have many roles:introducing and communicating the needfor change, acting as a change championand enrolling employees in idea generation.Concurrently, leaders must ensure that theirteams have the right mix of digital, technical,business and people skills to deliver.Reference: Association of International Certified Professional Accountantsand KPMG International joint reportA leadership guide for the risk leader – Strategies and tools for the risk leader 8
Risk leader checklistQuestions for a risk leader and sample responsesQuestionYesNoMaybeAction item/notes/exampleMe1. Have I done a skills analysis ofmyself and team?2. H ave I identified skill gaps?Note: Make sure I do this.XJohn needs to develop entity understanding —check out AICPA/CIMA/CGMA for additionalresources.X3. H ave I identified what weare doing great? And amI replicating it?X4. H ave I identified growthopportunities?X5. D o I think I’m missingsomething?6. D o I foster a culture of riskawareness in the organisation?XNeed to finalise for each staff memberDo a quick search (and assign to some staff)of risks related to my industry; think outsidethe box purposefully.Training for managers and staff, opencommunication, etc.X7. Professional networking:Do I have a strong network ofprofessional risk managers?Sometimes — I need to do better at this.Sylvia is excellent at designing easy tounderstand slides to convey risks to ourvarious departments. I’ll start by leveraging her.XIncrease connections on professional networks.My team8. Is my team working with a directfocus on strategy?9. Do my team and organisation havea common ‘risk’ language that allunderstand?My performance goals as well as my teams linkto our organisation’s strategies/mission. Wediscuss these frequently and link our daily work tothe overall strategyXXMy team knows the lingo but we do experiencebarriers in understanding as terminology canbe confusing. Assign Cathy to develop a ‘RiskDictionary’ and then involve the whole team inenterprise training efforts.A leadership guide for the risk leader – Strategies and tools for the risk leader 9
QuestionYes10. D o I have a mechanism tomeasure performance andensure accountability?11. Are there pockets (i.e., departmentsor teams) within my organisationthat appear to ignore risk or berisk-averse? How can this beaddressed?NoMaybeDevelop performance and outcome measures.Review them on a routine basis and discuss themwith key stakeholders.XThe training area of my organisation seemsto be seen as mitigation of risks; BUT I need toinvestigate to see what risks exist there.X12. Have we built enterprise-widerisk management skills? Dowe collaborate with HR onnecessary skills?X13. P rofessional networking: Is myteam actively developing a networkof risk professionals both internallyand externally?Action item/notes/exampleLook into how we teach or coach risk within theorganisation. Understand how staff use risk todraw conclusions.Identify and align with risk leads in otherdepartments.XEncourage team and allow time to attend events.Sometimes, but not always.14. I s my team aware of the connectionbetween what they are doing andhow it meets the organization’sstrategies?X15. Is my team able to bridgecommunication of the risk programand understand it themselves?XThey seem to struggle a lot with conveying theirunderstanding outside of our team.XAnalyse and document how the organisationidentifies and responds to change.My organisation16. Is my organisation equipped tohandle change?17. Is my organisation willing tomake changes?X18. A re risks linked to the strategicgoals of the organisation?19. Does my organisation’s budget tieto a strategic plan that mitigatesrisk to a tolerable level?Continue to develop and improve the rightcommunication, change managementapproach, and training.XXCheck into whether risks are written as an‘abstract’ and that they can be tied to the strategicgoals of the organisation.I am responsible to fund the performance goalsthat link to the organisation’s mission.A leadership guide for the risk leader – Strategies and tools for the risk leader 10
QuestionYesNo20. When risk arises, does myorganisation have the infrastructureto communicate about those risksboth internally and externally?X21. Can my organisation articulatethe difference between enterpriserisk management, internal controlsand internal audits?22. Does my organisation havea formal Enterprise RiskManagement process?MaybeXYes!XX24. Have we built skills related tointernal controls and testingof internal controls?X25. C an we work with HR to developa basic understanding of internalcontrols and create a mechanismto report internal controldeficiencies when they areidentified internally?27. Does my organisation have arisk champion/risk network?I am responsible to fund the performance goalsthat link to the organisation’s mission.Develop, train and implement training.23. I s the formalised processadopted by the executive staff?26. Has my organisation identifiedan internal control frameworkand does it periodically testkey controls?Action item/notes/exampleNeed to check executive meeting minutes.Determine how skill development is handledentity-wide.Work with HR to determine if adequate trainingis available to all employees.XDo we have a formal internal control frameworkand a plan and personnel to periodically testthose controls?XXThese are people who are ‘interested’ but nota formal part of their duties.A leadership guide for the risk leader – Strategies and tools for the risk leader 11
Additional resources2021 Risk Heat oadabledocuments/risk-heat-map.pdfCommunicating Risks using a Heat A Risk MA Competency framework.htmlEnabling the accountant’s role in effective htmlAICPA Risk Management ndgovernment/resources/erm.htmlGlobal Management Accounting entaccountingprinciples.html/Finance Transformation: The Human sformation-the-human-perspective-form-2.htmlA leadership guide for the risk leader – Strategies and tools for the risk leader 12
Lori A. Sexton, CPA, CGMASenior Technical Manager, Management AccountingAssociation of International Certified Professional AccountantsSuzanne Lowensohn, Ph.D., CPA, CGMAAssociate Professor of AccountingThe University of VermontJeff Parkison, CPA, CGMADirector – Treasury and Financial Planning & AnalysisCity Utilities of Springfield, MOSteve Vetter, CPA, CGFMCompliance and Risk OfficerAdministrative Office of the U.S. Courts, Federal JudiciaryFounded by AICPA and CIMA, the Association of InternationalCertified Professional Accountants powers leader in accountingand finance around the globe.cgma.org 2021 Association of International Certified Professional Accountants. All rights reserved. CGMA and Chartered Global Management Accountant are trademarks of theAssociation of International Certified Professional Accountants and are registered in the US and other countries. The design mark is a trademark of the Association ofInternational Certified Professional Accountants. 2104-40763
The CGMA designation is the most widely held management accounting designation in the world. It was established in 2012 by the American Institute of CPAs (AICPA) and the Chartered Institute of Management Accountants (CIMA) to elevate the profession of management accounting globally. It distinguishes more than 150,000 accounting and finance profe.
