Major events of the past five years--including natural disasters, geopolitical events and system-threatening business breakdowns--have focused a new and intense light on enterprise risk. At the same time, developments in corporate governance, both voluntary and imposed, have moved the responsibility for managing that risk higher in organizations.
Once primarily the responsibility of technical risk managers, enterprise risk management is now rightly seen as a board-level issue in most global corporations. Not surprisingly, this has led to an intense focus on risk mitigation efforts, and a more defensive approach to managing risk across a growing spectrum, including financial, supply chain and more recently, cyber risk.
What is less well understood is how proactive risk management at the enterprise level leads to business resilience, enabling well-prepared organizations to take advantage of critical situations and gain a competitive advantage. "That which doesn't kill me makes me stronger" is an ancient maxim. But today, with global supply chains, it applies in new and interesting ways.
Though some of these risks would appear to fall outside the competency of the chief financial officer (CFO), this office is best positioned to see the whole picture better than any other function in the organization. The CFO should ultimately be responsible for the integration of such risks, drawing on others for relevant expertise. CFOs may also need to recover some old skills and develop some new skillsets to be the strategic partner that CEOs will need to identify and take advantage of these opportunities.
The April 2013 garment factory collapse in Bangladesh, as well as the fire at a similar manufacturer in Pakistan, highlight the fact that even a well-established exposure such as supply chain risk needs to be looked at in a new light. In these cases, the exposure is less about traditional business interruption--which shouldn't be overlooked--but also about the reputational risk of doing business with companies that may have underdeveloped risk management practices
Notably, the primary contractors to U.S. apparel companies had passed numerous safety inspections and met the standards of widely used global certification schemes. However, the violations occurred in factories where sub- or sub-sub-contractors were hired to certify operations with tiny margins on tight deadlines. These incidents have created greater awareness around reputational...