The Risk-Intelligent Company

Growing integration of corporate governance, risk management and compliance (GRC) is pulling the finance function's attention away from the past and turning it to the future. Instead of waiting until disaster strikes and then asking, "Why did that happen?" leading finance departments are facilitating collaboration with other corporate functions to ask, "What if it happens?" Together they're identifying companywide risks and potential governance and compliance shortcomings and evaluating ways to address and manage them.

"Addressing corporate governance, risk and compliance needs has become part of the function," notes Brian Reilly, CFO of Allied Building Products Corp., a roofing and custom sheet metal fabrication business in East Rutherford, N.J. "Traditionally, finance has been a scorekeeper after the fact; now it is assuming a more proactive role."

Reilly believes that the corporate accounting scandals, the passage of the Sarbanes-Oxley Act, and the difficulties that many organizations experienced in responding to unexpected interruptions -- such as those caused by Hurricane Katrina -- have sparked a widespread reexamination of GRC processes and oversight within U.S. companies.

That effort has influenced Reilly's work on Allied Building Products' numerous acquisitions over the past several years. As soon as the potential for an acquisition arose, Reilly and his executive-team colleagues considered the business process integration challenges -- including those surrounding business continuity management and insurance coverage. In the past, initial assessments of post-acquisition integrations focused on people and facilities; business process considerations were addressed later in the operation. "We have learned to ask better questions earlier in the process," Reilly notes.

Companies that ask the right questions -- "What are the risks? What will it cost to mitigate them? And how can the organization ensure adherence to our risk-management strategy at the operational level?" -- can create assessments that strengthen GRC decision-making.