With the growing responsibilities of managing company security and assets, today’s controllers are expected to look beyond the areas of accounting and compliance and take on new levels of expertise within their companies. And, now, more than ever, they must think like CFOs and be able to establish themselves as risk experts.

On November 11, The Boston Controllers Leadership Council presented Enterprise Risk Management, a panel discussion focusing on the operational and financial risks that many controllers face, as well as the best strategies for developing an action plan to address company exposures.  

Our speakers included:


Here are their tips and words of advice:

To step up as a controller and tackle company risks, you must evaluate all areas of your organization while considering your goals and objectives. As one of our panelists stated, don’t start with a blank piece of paper. Look at the risk mitigation activities that you already have in place, tailor them, and use them as strategies.   And, as you assess, identify, and implement a risk management plan, it is important to think holistically as you strive for success with the following tactics:

  • Consider worse case scenarios and balance them off with proposed cost benefits and solutions.
  • Develop a vision beyond a financial perspective, giving specific attention to information technology and the potential loss of your company’s strategic position.
  • Set up contracts focusing on limitations of liability, governing laws, technology licensing, indemnities, and counter party objectives.
  • Carefully contemplate how much risk is too much for your organization and, from that point, determine the amount of leverage to take on. It was stated that some of the most successful companies manage only five to seven risks.
  • Ensure that you have strong board governance in place for processes and decisions.
  • Address the potential for fraud by obtaining an outside whistleblower hotline program and requiring signatures for wire transfers and sales transactions.
  • Contemplate how a merger and acquisition could change your risk profile.
  • Pay close attention to human resources compliance issues by utilizing the expertise of payroll vendors and seeking legal advice for white papers and regulatory changes. And, as you look ahead, think about the long term strategic risk of losing key players.

As for general advice, take the opportunity to be a student of your organization. But, just as important, be cognizant of your external communication, as anything that you put in writing can become part of a document potentially used in a lawsuit. And, overall, be sure that you have top level support for all of your strategic goals. Then, once your processes are in place, you must be the one to make sure that they are executed and sustained.

If you have any questions, comments, or suggestions about this topic or future events, please contact us. We would love to hear from you.