AFP’s latest FP&A Guide explores the intersection of risk and FP&A. Some organizations, like Abt Associates, integrate risk management across their entire business.
“Our risk management process is indistinguishable from our regular operations,” said Mike Powers, Senior Manager, treasury and risk at Abt Associates. Abt analyzed its business operations and determined a set of broad categories (currently four in total) where it takes actions to achieve their company mission “to improve the quality of life and economic wellbeing of people worldwide.”
The four categories are business generation, human capital, operations and compliance, and finance. These areas are currently disaggregated into eight goal statements and 21 specific measurable targets. All are reviewed for relevance and subject to change over time. In some cases, the targets look like risk indicators with specific guardrails, for example, “no more than x% of revenue from a single customer.” In other cases, they are simple metrics, such as time to fill positions. In all cases, they are what the company uses to determine its long-term stability and ability to achieve its goals.
“It took about six or seven years to get here,” says Powers. “We started with a risk taxonomy, although that is a scary word, so let’s just call it a common language of risk.” The CFO led an effort to talk about the business with a common vocabulary and drive that into metrics and individual goals. Over time, it became more structured.
Then, it became part of the planning cycle. “We start our planning cycle with a five-year, long-range plan, and the budget is the first year of that plan.” As Abt models the plan and subsequent forecasts, it models the impact on the same set of targets and reviews them throughout the year at each quarterly business review.
The effort was initiated by the CFO and enacted through FP&A. “The FP&A team was already considered a trusted partner in the organization—in effect the official scorekeeper. Getting the FP&A team involved help to keep stakeholders focused on assessing risk as opposed to challenging the data.”
Powers noted that he has seen a few paths to failure. “Risk programs will fail if they are just a ‘check the box’ exercise where managers go through the motions instead of really analyzing their operations. This tends to happen when risk is considered a simple compliance task rather than really integrating it into their business.”
Download Increasing FP&A's Effectiveness by Integrating Risk Management here.