Becoming a strategic risk adviser

How CPAs can move from compliance to strategy
By Bonnie V. Hancock and Mark S. Beasley, CPA

Becoming a strategic risk adviser
Illustration by carlacastagno/iStock

Accountants typically have significant training and experience in managing risks related to internal controls, financial reporting, and other compliance matters—traditional skills they can leverage to become strategic risk advisers for their organizations.

Pamela Short Jenkins, CPA, vice president of audit services at US Foods in Rosemont, Ill., said she plays a crucial role in assessing strategic risks as her company seeks growth opportunities in the marketplace. US Foods distributes more than 350,000 products to restaurants, hospitals, and governmental and educational institutions.

“The knowledge and skills of our financial team, including our internal audit function, play a significant role in helping facilitate consideration and communication of risks on the horizon that may affect our core business model and strategy,” Jenkins said. “As facilitator of our company’s enterprise risk oversight process, I am heavily engaged in the identification and discussion of our organization’s most significant strategic risks, which our team summarizes for monitoring by senior management and the board of directors.”

Risks that threaten an organization’s strategic plan and execution, such as competitor moves, emerging disruptive innovations, changes in customer demographics, and new regulations, can significantly affect an organization’s long-term value as is shown by the declines of former corporate giants such as Blockbuster, Circuit City, and Kodak.

But the fact that accountants have traditionally focused more on loss prevention than on risks impacting an enterprise’s strategic direction and success poses challenges as CPAs take on new roles in risk oversight. Mastering these challenges, however, offers them a chance to become strategic risk advisers for their organizations.

The challenges for accountants

Accountants assemble financial statement data to identify, record, and report key financial information for periods that have already passed. Focusing on what has already emerged tends to put accountants in a position of reacting to risks rather than proactively navigating risks before they occur.

Other responsibilities reinforce accountants’ attention to compliance, such as operational audits performed by internal audit and requirements of Section 404 of the Sarbanes-Oxley Act of 2002, P.L. 107-204. Section 404 involves evaluating the effectiveness of internal controls and whether any deficiencies might trigger the potential of a material misstatement in the financial statements.

While important, these compliance responsibilities do not foster thinking about risks emerging from macroeconomic events, emerging geopolitical shifts, emerging technologies, competitor moves, and other important strategic concerns.

To change the perception that they are mostly risk-averse, accountants should focus on appropriately balancing risk-taking with expected returns.

The opportunity for accountants to become strategic advisers

Accountants have a unique understanding of an organization’s financial position (assets, liabilities, and capital) and what drives revenue and expenses. That allows them to add value in the context of strategic risk management. This is illustrated in Exhibit 1 for a for-profit organization. The red rectangle on the far right focuses on the organization’s long-term strategic objective of growing shareholder value. The orange rectangles in the center illustrate examples of existing drivers of shareholder value that will continue to be important to the business. These drivers are the organization’s “crown jewels.” The light blue rectangles illustrate new strategic initiatives contained in the organization’s strategic plan that will be implemented in the future to drive additional shareholder value.

Exhibit 1: Start with understanding key value drivers

Having a rich understanding of what drives the business and what is on the horizon related to new strategic initiatives is an important first step toward becoming an effective participant in broader, more-strategic enterprisewide risk management processes.

When the Girl Scouts–North Carolina Coastal Pines Council developed an ambitious strategic plan in 2013 that included boosting training of volunteers, recruiting more alumnae, diversifying funding, and focusing on underserved regions, the accounting and finance department led the risk management process. Cathy Stipe, CPA, the council’s CFO, said she and her team were able to zero in on the potential risks to executing that plan, and how the organization could stay on top of those risks to either prevent their occurrence or minimize the consequences should they occur.

“In addition, our group was able to evaluate potential downside scenarios to ensure that our organization would be able to weather potential negative events,” Stipe said. “This gave us the confidence to take on some ambitious goals and objectives.”

Wake Forest University in Winston-Salem, N.C., aims to give appropriate levels of attention to risk events that could impact the university’s ability to be successful with core operations, critical value drivers, and new initiatives that complement the strategic plan, said Brandon Gilliland, assistant vice president for finance and controller.

“This [allows] university leadership to prioritize risk mitigation activities that are most critical to the achievement of our ultimate strategic objective of enhancing the mission and brand of Wake Forest University,” Gilliland said.

Techniques to advance the strategic lens of accountants

Accountants should brainstorm potential risk areas such as competitor moves, significant legislative or regulatory changes, demographic shifts, or technology breakthroughs. These types of risk events can have significant and lasting effects on organizations, and yet are much more difficult to envision than common risks.

For example, consider the first core business driver in Exhibit 1—“Proprietary technologies.” To pinpoint the most critical risks to retaining and enhancing the strategic value of the entity’s proprietary technologies, the accountant should first answer two questions:

What must go right for our organization to continue deriving value from our proprietary technologies? What are the key processes, technologies, people, and other factors that must continue to work effectively to preserve the value we obtain from these proprietary technologies? For example, one critical success factor that must continue is our ability to protect and enforce patents related to our technologies.

What assumptions are we making about our ability to continue deriving value from our proprietary technologies? What is the basis of our assumptions? Are they still accurate, and how are we monitoring conditions that might impact the viability of our assumptions? For example, we may be assuming that our customers’ use of the technology will continue for the foreseeable future and that other providers will be unable to disrupt our proprietary technologies.

These kinds of questions help CPAs understand what is critical to the ability of each of the current core business drivers and new strategic initiatives to sustain and grow shareholder value. With the answers to these questions in mind, accountants are positioned to pinpoint issues triggering risks that emerge and threaten the processes that must go right for a business driver or new strategic initiative to derive value for the organization. Using that information, the accountant is then positioned to consider internal or external events that might prevent the processes, technologies, and people from functioning effectively to obtain value out of proprietary technologies.

Consider events that:

  • Prevent key internal processes from functioning consistently and accurately.
  • Prevent technology software and systems from being reliable and secure.
  • Cause the loss of critical employees with knowledge and skill.
  • Disrupt demand from customers for key products or services.
  • Disrupt the ability to comply with regulatory and political requirements that might affect core drivers.

Accountants should also focus on evaluating how significant the organization’s assumptions about the future might be as sources of risks for the enterprise. For example, a company may assume customers will continue to need its most popular product. A question to ask in that example would be, “What could change that would cause our customers to no longer need our product?” Asking this type of question can help identify less-obvious risks.

Another area where accountants can take a fresh look is the process of evaluating new strategic initiatives. This sort of thinking is often referred to as the risks of a strategy. That is, what is the risk to the rest of the enterprise of undertaking and/or being successful with a particular strategy? Also, what is the risk of not implementing a strategy?

Key considerations might include assessing whether the launch of a new service line would:

  • Potentially dilute or damage the brand;
  • Alienate key customers; or
  • Concentrate risk in one critical area.

This is where an enterprisewide view is particularly important to understanding and identifying those critical interrelationships.

Don’t stop with risk identification

Accountants also have to be prepared to suggest how to manage these risks. Organizations must take risks to earn returns for their stakeholders. The purpose of a strategic risk analysis is not to avoid all risks but rather to manage risks to gain greater assurance of reaching organizational goals. To that end, accountants have to be particularly careful that they are not perceived as just saying “no,” or they will be unwelcome in the strategic planning process.

Many financial techniques for measuring and managing risks may already be in the accountant’s toolbox, such as budgeting, forecasting and earnings modeling, hedging techniques, and other forward-looking analyses. Accountants can help keep that risk-and-return relationship top of mind by implementing tools and techniques that look at goals based on risk-adjusted returns. In this case, areas of the business or product or service lines that are riskier should be earning higher rates of returns. Those return requirements can be developed by looking at cost-of-capital comparisons to other industries or companies that have similar businesses. Once rates of return have been set, they can be applied to capital employed in those businesses to set net income goals by business. Putting the focus on risk-adjusted return targets and then monitoring performance against those targets will help ensure the organization fully appreciates the risk it is taking and appropriately measures the returns it expects to achieve.

Accountants can use their training with internal controls and their knowledge of profitability drivers to help facilitate the development of “triggers” or “stop loss” limits that set the boundaries for the financial losses an organization is willing or able to withstand. To do this, start with the expected results for a new initiative and then set trigger points where action must be taken if actual results stray too far from the plan.

As an example, Company X is launching new Product Y in 2015, and it expects to sell 100,000 units within six months of its launch and 300,000 units during the entire year. A trigger point could be set to reevaluate the product launch if it does not achieve sales of 50,000 units (less than 50% of the goal) by the end of the six-month period. Of course, the accounting records will measure the sales, but where the accounting team can add value is with the decision-making process once the trigger point is hit. The accountant will have an important role in reassessing the projections for sales and costs of the new product, determining the potential impact on overall results for the year, identifying viable options for addressing the shortfall in profits overall, and evaluating options for the future direction on the new product.  

Taking hold of the opportunity

Accountants have a great foundation of skills and experience to apply to strategic risk management. The key to the accountant’s success is to link his or her risk thinking to what drives the organization’s long-term success. To do so, the accountant needs to understand what makes the business “tick” and use that understanding to challenge the organization’s thinking about what might emerge that would impact its ability to continue to generate value from those key business drivers. From there, accountants can help manage those risks so that the organization’s key value drivers stay on track for achieving stakeholder objectives. The opportunity is there—the challenge is grabbing hold of it.


Traditionally, CPAs have focused more on loss prevention than on the risks impacting an enterprise’s strategic direction and success. But CPAs who use their experience and skills to move beyond compliance can help their organizations navigate risks before they occur.

The first step to becoming a strategic risk adviser is to understand what drives the business, what is on the horizon related to new strategic initiatives, and what internal or external events might prevent strategic initiatives from deriving value for the organization.

The next step for CPAs is to suggest ways to manage strategic risks. For example, accountants can use their training with internal controls and their knowledge of profitability drivers to help facilitate the development of “triggers” or “stop loss” limits that set the boundaries for the financial losses an organization is willing or able to withstand.

Bonnie V. Hancock ( is the executive director of the ERM Initiative at North Carolina State University in Raleigh, N.C. Mark S. Beasley ( is the Deloitte Professor of Enterprise Risk Management and director of the ERM Initiative at North Carolina State University.

To comment on this article or to suggest an idea for another article, contact Sabine Vollmer, senior editor, at or 919-402-2304.


E-newsletter article

Improve Your Change Leader Effectiveness,” Corporate Finance Insider, Aug. 5, 2010


  • Becoming a Trusted Business Advisor: How to Add Value, Improve Client Loyalty, and Increase Profits (#090440, paperback; #090440e, ebook)
  • Case Studies on Enterprise Risk Management Implementation (#PCG1202E, ebook)
  • Integrating Social and Political Risk Into Management Decision-Making: Management Accounting Guideline (#030004PDF, online access)
  • Smart Risk Management: A Guide to Identifying and Calibrating Business Risks (#PCG1401P, paperback; PCG1204E, ebook)

For more information or to make a purchase, go to or call the Institute at 888-777-7077.

Where to find May’s flipbook issue

The Journal of Accountancy is now completely digital. 





Implementing lease accounting

FASB’s Codification (ASC) 842, Leases, requires companies to make significant changes in the way they report operating leases. But one of the initial challenges might be simpler than you think … find out more with this report.