In the IBM CFO Study 2008 of over 1,200 CFOs and senior Finance professionals, two out of three (62 percent) enterprises with revenues over US$5 billion encountered material risk events in the last three years.1 Of those, nearly half (42 percent) admitted to not being well prepared for it. Risk comes in many flavors besides financial. The IBM CFO Study 2008 found that 87 percent of risk types were non-financial in nature, that is, strategic, operational, geopolitical, environmental / health and legal / compliance risks. Of the risk event types, the most frequently mentioned were strategic risks involving decisions about markets, customers, products, M&A activity and other top-line business decisions. Geopolitical and environmental / health risks were the next most prevalent. However, for publicly traded companies, it seems all risks come home to roost in the stock price. Therefore, virtually all risks ultimately have a financial impact. Astoundingly, most organizations don't plan for risk. While most enterprises are not in the business to manage risks but instead to drive performance, does effective risk management correlate with better enterprise performance? In a word, yes. The IBM CFO Study 2008 found that increased effectiveness at supporting / managing / mitigating enterprise risk characterizes financial outperformers. CFOs are uniquely positioned to determine and guide the overall enterprise risk profile – largely due to their influential roles both at the strategic and tactical levels, expertise in the organization's operations, support of data and measurement programs, and ultimate accountability to shareholders (and regulators). The CFO as maestro
Successful enterprises are starting to take a broader view of risks and to orchestrate change by leveraging performance management tools to manage risk. The IBM CFO Study 2008 findings suggest two types of CFO actions to help businesses understand the trade-offs among revenue, profit and risk: - Develop a more holistic view of risk. Facing a wide range of risks requires enterprises to broaden their risk apertures and focus on those risks with the greatest potential impact and occurrence. Enterprises will need to identify and properly define the most important risks, and assess internal and external risks across silos.
- Integrate risk into planning, budgeting, reporting and forecasting. Factoring risk into four main areas of performance management positions the enterprise to better limit surprises and capitalize on upside opportunities. Governance and the management system should include: assessing a set of risks, implementing risk management plans from prior risk assessments and monitoring the effectiveness of risk management plans already implemented.
CFOs can exploit their knowledge of planning, budgeting and forecasting to help set the risk management strategy. Key risk indicators (KRIs) can be presented alongside key performance indicators (KPIs) to monitor their material impact on value drivers. Therefore, factoring risk into the four main areas of performance management presents an opportunity (see Figure 1). 
The risks enterprises face have the possibility to destroy or create value, and the successful mitigation of risk often defines who survives and who leads in the marketplace. Enterprises that place risk in context with performance should find themselves better able to navigate today’s challenges and recover quickly from the inevitable events they will face. How can IBM help?
Finance Transformation: Help to define your Finance strategy and operations improvements to improve the transparency of your data
Business Performance Management: Help to leverage your information assets to support and enhance business planning and performance
Business Risk Management: A comprehensive approach that integrates risk and compliance management into the overall business strategy and execution to assess, manage and optimize business risks
To read the full report, download the PDF file at the top of this page. | 
