EDGAR Online's financial data, analytics and disclosure management services help companies manage their enterprise risk and compliance, governance and regulatory needs. The company's CFO and COO, David Price, recently took time to discuss the ways in which companies, including his own, are addressing these needs.
Price, whose background includes work in the pharmaceuticals and financial services industries as well as early auditing experience, also offers some eloquent tips to fellow CFOs, including this one: "Pontificating can be a death knell."
Eric Krell: What is the role of a chief financial officer (CFO) in managing enterprise risk management (ERM) and governance, risk management and compliance (GRC)?
David Price: The role of CFOs in ERM and overall company governance is one of participation. Currently, GRC operations are seen primarily as IT activities, but CFOs, legal departments and executive management are increasingly becoming involved. CFOs are the primary owners of the data used in ERM processes, which includes the financial disclosure filings submitted quarterly to the Securities and Exchange Commission (SEC).
CFOs need to fully embrace ERM, understanding that it is an important aspect of their daily activities. ERM should not be viewed as a yearly exercise done to appease the board of directors. It is not a lengthy document that is created and then tucked into a drawer. Rather, ERM is a mindset that must be embraced by all executives.
For instance, EDGAR Online's executives, or operating committee, convene once a month to discuss the operations of each department and the risks associated with these activities. It is a fluid dynamic where collectively looking at risk is an easier way to manage it, to take action and to minimize it.
You've mentioned a "risk management curve" before. What is it and why should CFOs pay attention to it?
Price: Basically, the risk management curve forms because as the level of complexity of operations increases and organizations evolve, so does the level of risk. Companies cannot afford to avoid implementing an ERM framework. They must be prepared for the surprises that will inevitably arise.
CFOs have a unique role in ERM and GRC management. They are responsible for creating the financial disclosures required by regulatory bodies to ensure compliance, while also gathering the same details on their competitors, shareholders, supply chains and other parties that may impact a company's operation. As a company grows and expands these networks, so does the body of information that a CFO must collect, analyze and share internally to properly manage risk.
How do disclosure management processes play a role in GRC management?
Price: Information is at the root of all decision-making. Disclosures -- or SEC-mandated financial filings -- are a wealth of information. And with the implementation of the XBRL technology standard, CFOs now have instant access to accurate data on all aspects of a public company's operations. CFOs may easily take this data and turn it into a decision-making tool.
On the flipside, CFOs need to comply with the SEC mandate to fulfill the requirement of the GRC framework. Regulatory compliance and proper filing of company data with the SEC and other regulating bodies are important aspects of the CFO's job. It comes down to structure and processes. You need to put processes and structure in place to ensure timely compliance.
Last month, EDGAR Online reported 2011 revenue growth of 43 percent over 2010, and you projected 2012 revenue growth would increase 35 percent. What tips can you provide to fellow CFOs on how to manage an organization's growth and the risk associated with growing too quickly?
Price: First, CFOs of high-growth organizations must understand that the biggest risk is going out of business due to the speed of growth. Companies go out of business because account receivables grow, but the funds are not coming in. When cash flow is neglected, it leads to businesses closing their doors.
Pontificating can be a death knell, as well. Oftentimes, the finance team takes so long to ensure the data is perfect that it misses opportunities. Waiting until you have the perfect information and answers to all the questions is not possible anymore. Failure to act is a decision in itself, and companies can open themselves up to additional risk as a result.
To be successful and impact revenue, CFOs need to link the budget planning process to the strategic direction of the company. They must become partners with CEOs to create company strategy, linking that to financial planning, and then effectively communicating this plan throughout their firms.
Please talk a little bit about your approach to helping the executive team make better -- and more risk-savvy -- decisions.
Price: In my role as a CFO of a public company, I first had to build a team and structure in which to process information and handle issues. A CFO can't be afraid to make a decision. If you make 100 decisions in the next quarter and 51 of these are the right ones, then you are two up on the positive side.
Additionally, I have made it a point to turn EDGAR Online's finance department into a forward-thinking, strategic function of the company. It's not enough for the finance team to look at the budget and the year ahead only once in a while. To be successful and impact revenue and profits, CFOs need to link the budget planning process to the strategic direction of their companies for the next one to three years. At EDGAR Online, the monthly operating committee meeting allows us to effectively communicate financial planning. This process of linking the financial plan to the company's strategy execution lowers our overall risk.
Explain how enterprise risk management is a component of an organizations' governance, risk and compliance framework?
Price: By nature, ERM is a component of GRC. Organizations leveraging GRC processes want to leverage a regulatory framework for satisfying governance requirements, tracking how they are complying with these governance requirements, and effectively evaluating risk across their enterprises. GRC and ERM go hand in hand within an organization to deal with uncertainty and associated risk and opportunities while enhancing the capacity to build value.