CFO’s guide to risk management: 8 risk mitigation strategies

From Rate Hikes to Cybersecurity, Here’s How to Mitigate 8 Potential Hazards

Effective risk management has always been a pillar of good governance. Yet myriad disruptions over the past several years and their ensuing economic knock-on effects have heightened its importance. Leaders are now being forced to evaluate, monitor, and offset a wide range of risks while still capitalizing on opportunities. This guide will overview the top risks for businesses in 2022, including inflation and a possible recession, materials shortages, and cybersecurity, and provide strategies for finance teams to proactively prepare and address potential impacts. With the right approach, most risks can be mitigated and, in some cases, harnessed to advance the business.

Chapter 1

8 Risk Mitigation Strategies

As you work alongside your executive team to navigate a tumultuous risk landscape, there are tactics that can shore up the company’s defenses. Here are our top strategies to mitigate current risk.

  1. Hedge Your Rate Risk

The type of risk you need to hedge against depends on your industry, and there’s a wide variety of hedging instruments. The areas seeing quite a bit of activity now are around commodities and interest rates.

With prices around energy, metal and commodities surging, many companies are choosing to use tools like futures and options contracts to protect against potential price increases in the future.

  • Futures contract: An agreement to buy or sell an asset at a predetermined price at a set date in the future.
  • Options contract: Similar to a futures contract but differs in that it gives the right, not the obligation, to buy a specified asset before a set future date.

Companies are also working to hedge against interest rate risk. Reducing the effect of uncertainty related to interest expenses and unfavorable movements in interest rates through hedging makes cash flow more predictable and can help protect a business’s profitability.

The more variable-rate debt your company has, the more exposed it is to inevitable fluctuations. Some of the most common instruments to guard against this include swaps, caps and collars.

  • Interest rate swap: A forward contract where one stream of future interest payments is exchanged for another, switching from a variable rate to a fixed rate or vice versa.
  • Interest rate cap: This derivative limits how high the interest rate on your loan can go. Note that a separate hedging fee is charged for the interest rate cap, which is determined based on cap level and period of validity, as well as the amount of the loan hedged.
  • Interest rate collar: An interest rate collar designates a range that the reference rate on your loan must stay between, using an interest rate cap and then a lower limit. There is no separate hedging fee for an interest rate collar.

Like some of the other strategies we’ve mentioned, using hedging instruments to protect against risk has an inherent risk/reward trade-off. Hedging costs money and bears the chance of a significant loss if the cost of goods or interest rates are lower down the line. However, it provides predictability into future costs and cash flow — and predictability is a tough thing to find these days.

  1. Cut Costs — and Reinvest Wisely

As companies face higher input costs from disruptions across the board, ensuring sufficient cash flow becomes a top priority. We recommend projecting the likelihood that your company will face a cash shortfall, and at what level, and developing corresponding tiered cost cutting plans. Some areas to include:

  • Sales: Reduce or eliminate expensive sales tools and channels where other effective, and less expensive, options exist. For instance, a tier 1 cut might be to stop sending sales people around the country to sell face-to-face where a call, email or video chat will work. Take a look at costs of in-house sales versus any channels you sell through, and consider new outlets, like online B2B marketplaces.
  • Marketing: Too-deep cuts in marketing are not advisable. When facing cost pressures, the last thing you want to do is go silent and let your competitors create relationships with current and potential customers. But do consider lower-cost, modern options, such as implementing or building up a referral program, increasing social media marketing and embracing other inexpensive brand-awareness drivers.
  • Real Estate: With many companies embracing a remote or hybrid approach to work, it’s time — if you haven’t already — to analyze real estate costs. There may be opportunities to better tailor real estate to the company’s new normal through tactics like lease renegotiation, sales and leasebacks while cutting expenses in the process.
  • Labor: Cutting strong talent isn’t the move. Good, committed staff are hard to find and even harder to train. However, if there is the opportunity to automate some tasks instead of hiring in a competitive labor market, take it. Upskill any staffers whose time has been freed up through automation to meet other immediate needs.
  • Product Offerings: Cleaning up your product and service portfolio can be the right move to reduce complexity and costs. Extensive portfolios can paralyze an organization as teams work to maintain product lines and manage associated risks. Instead, cut the products that do not align well with strategy or contribute to profitability.

Thinking strategically about capital allocation and reducing investments in poorer performing parts of the business can also mitigate risk around cash flow.

“You need to think like an investor,” said Greg Milano, CEO and founder of Fortuna Advisors. “You should be investing more money in the businesses that create a lot of value and much less in the businesses that don’t.”

While CFOs tend to think they do that already, Milano’s research has found that in fact, many end up reinvesting in less profitable parts of the business or spreading out the money evenly.

“Starting to think like an investor is about disproportionately plowing resources behind the good parts of the business and not toward the bad parts,” said Milano. “Smearing a little bit around feels easier because it’s placing a lot of little bets, but that’s not as good as concentrating investment where you’re having more success.”

Milano cited one example where Fortuna Advisors helped cut costs from the low-performing business areas of a client and reallocated some of the cash to high-performing areas. For every dollar reallocated, the business earned three in return.

“[Analyzing the ROI of investments] is a strategic exercise that far too many companies just don’t go through, which leaves a tremendous amount of money on the table,” said Milano.

  1. Reevaluate Your Funding

The Federal Reserve is now in the early stages of an interest rate hike cycle that will likely include further increases through the rest of 2022, and possibly beyond.

That makes money now as cheap as it will be for a while. So, it’s best to get needed funding sooner rather than later. If you’re looking for a loan, get it quickly and at a fixed rate to protect against future increases. If you currently have a loan with a variable interest rate, consider refinancing to a fixed-rate note.

If you have fixed-rate loans, it may not be wise to pay them down quickly. Payment on a loan with a rate under 8% might seem like a great deal by this time next year. Holding cash in reserve and paying a low interest rate loan as you go could actually help with cash flow.

Expanding credit lines now can also be a good option as interest rates remain relatively low. It can also help supplement cash flow as higher costs, slowing consumer demand and the possibility of late payments continue to impact businesses.

  1. Get Serious About Cybersecurity

Strong cyber protection is more important than ever. Attacks aren’t only more numerous, they are also more sophisticated and difficult to defend against.

“Things like cybersecurity and ransomware are hot topics today, and they will continue to be in the future,” said Trip Tripathy, principal at CPA and advisory firm Kaufman Rossin. “So as a CFO, you need to ensure that you are addressing cybersecurity needs, making sure you’ve got the right type of risk insurance in place and managing your risk profile. I think those are really crucial.”

Getting the “right” risk insurance in place is more complicated than it sounds. Research shows that a significant number of companies have opted to purchase some sort of cybersecurity insurance to help protect against the burgeoning threat. However, as ransoms become higher and threats proliferate, the relatively nascent cybersecurity insurance sector is running into a problem: There might not be enough money to cover losses, particularly if state sponsored attacks from Russia increase.

Let’s look at the numbers: According to research conducted by PCS, which compiles and reports estimates of insured losses, companies with at least $200 million in cyber insurance account for slightly more than 20% of what is believed to be $5 billion in global cyber insurance premiums – which amounts to about $1.1 billion in premiums. With around 250 companies buying at least $200 million in protection, it would only take five insured losses of a bit more than that amount to wipe out an entire year’s premium payments.

To address the exposure issue, some cyber insurance companies are making tweaks to the fine print. Insurers have ramped up efforts to refine policies to exclude state-sponsored acts, like a retaliatory attack by Russia for sanctions, specifically amending clauses around “war exclusion” and “hostile act exclusion.”

Global insurance provider Lloyd’s of London recently added language to its cyber insurance policies that excludes coverage for state-sponsored attacks. To reduce their overall risk, some cyber insurers are considering broad exclusions for attacks alleged to emanate from Russia and Ukraine.

While cybersecurity insurance remains a good idea, you should review the company’s policies to understand what is covered. Also look at where your insurer has paid out and where it hasn’t.

It’s also important to note that every cybersecurity insurance policy requires your organization to meet a minimum set of expectations regarding common IT processes, such as asset inventory, patching, vulnerability management and incident response. If you don’t follow the policy requirements exactly, you won’t be covered, so check in with IT to ensure that those boxes are checked.

  1. Map Out the Supply Chain

Fully comprehending your company’s supply chain ecosystem is imperative, particularly given current risk conditions. For many companies, supply chains could be more exposed than they think.

For instance, according to a recent supply chain analysis by Interos, an AI-powered supply chain risk management platform, more than 2,100 US based companies have at least one tier 1 supplier in Russia, and more than 450 US companies have tier 1 suppliers in Ukraine. However, more than 15,100 firms in the US have tier 2 suppliers based in Ukraine, and more than 190,000 have Russian or Ukrainian suppliers at tier 3.

If you haven’t done so already, map out your tier 1, tier 2 and tier 3 suppliers and ask detailed questions about their own supply chains and risks. It’s not always easy information to get from suppliers, but be persistent. Those that aren’t transparent may have issues they don’t want you to know about. Give special focus to identifying any relationships that have operations, assets or dependencies in Russia, Ukraine or China — regions currently rife with risk.

After mapping out your ecosystem, work to mitigate risk by first evaluating required levels of inventory and labor in the short-to-medium term, then discussing business continuity plans with key suppliers. For essential products or services, or supply chains that look particularly risky, you and your supply chain managers should be preparing to switch to, or qualify, alternative sources.

“CFOs need to think through the intricacies of what is happening to their supply chains,” said Tripathy. “Do I need to switch sources of supply to domestic sources or to different international markets? And how do I need to think about things like building an inventory of critical supplies?”

CFOs didn’t have to think much about these issues pre-pandemic, because most companies were running just-in-time international systems. That’s largely changed. “CFOs and their companies have to ask themselves how they will manage this on an ongoing basis, because both inflation and supply chain issues seem to be here to stay for a little while,” he said. Balancing risk with expense will be key when reworking your company’s supply chain. The Fed’s interest rate hike, and assurance of more coming, means carrying excess inventory will hurt cash flow even as it smooths bottlenecks in the supply chain. The right balance depends on your needs. Sourcing closer to home is more manageable, but also more expensive. Work alongside your supply chain managers to stabilize pipelines without significantly damaging profits.

  1. Strengthen Relationships

Squeezed in the middle because you don’t have a good relationship with your customer and you’re subject to whatever your supplier provides is the worst place to be in a difficult economic situation.

“The No. 1 thing that people should be doing is building up partnerships with their entire ecosystems and all the stakeholders of their businesses,” said Russ Porter, CFO and senior vice president of strategy, technology and analytics at the Institute of Management Accountants (IMA). “So, when those dynamic shots come around, small to middle market companies are not getting squeezed from both directions. Instead, they can work collaboratively with suppliers and clients to figure out how to balance the risk and the impact of inflation or supply chain issues on the total value chain.”

Strong relationships with suppliers have been proven to provide cost savings, improved efficiency and smoother operations. You may be able to negotiate contracts that reduce volatility via mechanisms like fixed pricing or scaled increases in exchange for lengthier contract terms, minimum order levels or other qualifying criteria.

In turn, strong relationships with customers are just as important to reduce attrition and enhance loyalty, brand perception and the overall customer experience — particularly crucial in times of higher costs and market volatility.

Additionally, consider building up relationships in a trade association or other business organization.

“Keeping in touch with the ecosystem, with the stakeholders of your enterprise, I think is really valuable,” said Porter. “You can share ideas and concepts, as well as field questions to other businesses. Like, ‘What are we doing with this industry? What do we see as the risks on the horizon? And how are we reacting to those?’”

  1. Create Playbooks for Potential Risks

Proactivity is the key to risk management. Being prepared for a wide range of potential events will lessen the impact should they occur. If the past few years have shown us anything, it’s that finance teams need to be more creative in visualizing the scope of risks their businesses may face — and that necessitates a strong understanding of operations as well as possible impacts and mitigation strategies for various scenarios.

“You need to know what the critical value points are in the end-to-end process,” said IMA’s Porter. “Start upstream with suppliers and go downstream to the clients, understanding that whole process and being creative about where those key risk nodes are in the process. And then think creatively about what things could affect those risk nodes that would have an opportunistic or detrimental impact on your business.”

He notes the importance of thinking about the upside of risk as opposed to just negatives, allowing the company to capitalize on an opportunity that may be presented.

“The follow through is really important,” said Porter. “It’s asking, ‘Once we’ve identified the risk, and once we know the continuum of risks that we might face, which ones have the biggest potential impact on us? And how do we build up the mitigation? How do we avoid the downside or even hedge against downside risks, while not sacrificing the opportunities that may present themselves to us? If this risk materializes, here’s how we address it. If we want to prevent this risk from having any impact on us, how would we do it?’”

That forethought can be extremely valuable to business because a specific risk might not materialize, but a related one might. In that case, you can use the playbook that you developed to respond quickly; you’ve positioned yourself to take advantage of an opportunity.

“There’s a limit to scenario planning,” said Tripathy. “You can’t predict every single thing that might happen tomorrow. But you can predict and plan for your behavior as a CFO and as a team. And if a situation does happen, it’s like emergency planning. What is the process? When there’s an emergency, who do you reach out to? What do you do? Who are the recognized experts?”

Process and planning are important.

  1. Explore Mergers and Acquisitions

M&A has been booming lately, and for good reason. With easy access to capital, low interest rates and a recovering global economy, worldwide M&A volumes hit record highs in 2021, exceeding $5 trillion for the first time. And, in a survey by KPMG, only 7% of executives said they expect deal volume to decline in their industries in 2022.

However, M&A’s recent popularity can also be attributed to its utility as a risk mitigation tactic. In the KPMG survey, one third of executives surveyed said that they wanted to use M&A to acquire more talent in 2022. From a strategic risk perspective, more than half of executives said that they would look to acquire entire companies to diversify their commercial portfolios. Almost 60% said that they were seeking access to new products, services and technologies.

For those with cash to spend, M&A can provide an opportunity to diversify risk through new revenue streams and suppliers. It can also mitigate risk through economies of scope and scale, access to more talent, increased market share and other good things.



Know Your Numbers

The current risk landscape is volatile, with high-stakes consequences for executives who lack the data needed to make timely, well-informed decisions.

For example, both cutting costs and trimming your company’s roster of offerings require a deep, granular view into financial, operational and transactional data across the organization. That view allows leaders to determine what investments are working and which need to be cut or redirected for the time being, instead of relying on “gut feeling” or cutting indiscriminately across the board.

A business management solution, like an ERP system, provides an in-depth look into business activity, starting with accounting and possibly including order processing, inventory management, production, supply chain and warehouse operations. That way, decision-makers throughout the company have access to dashboards with the metrics most relevant to them, like net sales, gross margin, EBITDA, net profit, working capital, revenue by product, cash flow projections and much more.

Dashboards can also provide transparency into and facilitate collaboration with other parts of the business; think working with supply chain managers using a dashboard that displays average shelf time by product, shipping costs by country, ontime delivery rate and other relevant metrics. That visibility allows for quick, data-based decisions in light of rapidly changing conditions. Bottom line, to effectively enact any sort of risk mitigation strategy, you need data visibility.


The 22/23 Risk Landscape

The current risk landscape is so broad that it isn’t making mitigation efforts easy. Reverberations from the onset of COVID-19, the continuing pandemic waves and repercussions from the conflict in Ukraine, just to name a few, continue to present new and interrelated risks. As these implications continue to develop, you want mitigation efforts in place for each.


What was previously deemed transitory inflation is now long-term. The consumer price index for February rose 7.9% year over year, the fastest annual growth since January 1982. That level is largely reflective of the disruption caused by the COVID-19 pandemic and its fallout. The Russian invasion of Ukraine did not occur until February 24, meaning that the figure does not largely capture the ensuing surge in energy and food prices. Economists estimated inflation would peak in March, but recent developments in Europe will likely push the peak further out.


In response to persistent inflation, the U.S. Federal Reserve raised interest rates by a quarter of a percentage point in March and started to reduce its balance sheet. This is just the start, with the Fed indicating that there would be more hikes throughout the year, some potentially more aggressive. While the Fed is hoping for a soft landing, recession risks are “uncomfortably high and moving higher,” said Moody’s Analytics chief economist Mark Zandi in an interview with CNN. CFOs not already monitoring the Fed’s GDPNow forecasts may wish to subscribe.

Increased Commodity Prices

In a global economy already overloaded with supply chain snarls, pandemic-related shutdowns, inflation and shortages, the Russian invasion of Ukraine dealt another blow to commodity prices. A broad swath of goods have risen in price in relation to the conflict, most notably crude oil, natural gas, metals and grains. The S&P GSCI, a benchmark tracking the prices of commodities futures from precious metals to livestock, climbed 34% in the first quarter of 2022, on pace for its biggest gain since 1990. Energy prices have outpaced inflation, with fuel oil prices alone rising 40% compared to 2019.

From a larger GDP perspective, the Conference Board generated three possible scenarios for what might lie ahead. The first has oil prices averaging $105 per barrel in Q2 2022 before gradually falling. The second has oil prices averaging $125 per barrel in Q2 2022 before gradually falling, and the third includes oil prices averaging $150 per barrel in Q2 2022 before, again, gradually falling. All three of these scenarios show global economic growth being hindered, though it varies by region.

Materials and Subassembly Availability

Materials and subassemblies also face shortages and higher prices. Paper, glass, plastic, aluminum and other raw materials are in short supply, forcing many companies to seek alternatives. Subassemblies, particularly electric components, continue to be scarce, perhaps best exemplified by the worsening semiconductor chip shortage.

Ukraine produces about 70% of the xenon and neon gasses required globally for manufacturing semiconductor chips — and 90% of the semiconductor-grade neon used in the United States. Additionally, Russia supplies around 40% of the world’s palladium, which is used in sensor chips and certain types of memory chips.

Fortunately, many chip makers stockpiled key materials ahead of Russia’s invasion of Ukraine, enough for roughly six months. Semiconductor manufacturers have searched for alternative suppliers, such as noble-gas manufacturers in China, but any new supplier would take at least nine months to increase production. Should the conflict in Ukraine persist for a longer period, chips will become even more expensive and difficult to procure.

Higher Transportation Costs

High shipping demand continues to outweigh tight, and disrupted, capacity. According to the Producer Price Index report delivered by the Bureau of Labor Statistics, there was an 18.3% jump in shipping by truck costs and a 29% surge in ocean freight costs from January of last year, the largest 12-month increases on record.

The cost of shipping by rail was up by the most since 2011, and air cargo inflation was the highest in a decade. Let’s also keep in mind that was compared with January 2021, not exactly a time of smooth sailing (pun intended).

Ripple effects from the war in Ukraine are being felt around the globe. Shippers are seeing higher fuel costs as a result of the conflict. Carriers that continue to service ports in the affected region have introduced war risk surcharges for these shipments. And, with airspace over Ukraine shut and airlines avoiding Russian airspace, air cargo capacity has been reduced as air freight carriers are forced to carry extra fuel, leading some to add “war charges.”

Supply Chain Bottlenecks

In tandem with higher costs come delays as issues like labor shortages, high demand, port congestion, misaligned capacity and inflation continue to strain supply chains. However, continuing pandemic related disruptions and those related to the Ukrainian conflict add an additional layer of complexity. What originally seemed like an inconvenient blip on the radar has now brought up a question with long-term implications: Are the risks of global supply chains starting to outweigh the rewards?

China is periodically instituting strict lockdown measures that affect shipments. And, with Russia’s invasion of Ukraine, diverted ships and ocean carriers from the region could cause congestion and pile-ups at origin ports in Europe and elsewhere. Jet cargo carriers being forced to circumvent restricted airspace at reduced capacity will be taking longer routes, resulting in more time added. Trains that used to go from Europe through Russia no longer do, and cargo must move by sea due to sanctions.

The list of impacts goes on, while on the horizon, companies bear the risk that continuing COVID-19 outbreaks and new variants could force more lockdowns, domestically or internationally, that could cause bottlenecks. Additionally, there are reports of a possible strike by 22,000 dockworkers at West Coast ports this summer, which could be another shock to the global economy.

Talent Flight and Shortages

A difficult labor market continues to be top-of-mind for financial executives. In Deloitte’s fourth quarter 2021 CFO Signals report, surveyed CFOs ranked talent/labor retention as their top internal risk. Numerous other talent-related risks, including hiring, retention, attrition, burnout, employee wellbeing and professional development, also rank among CFOs’ leading concerns.


The AFP Risk Survey report lists cybersecurity as the most challenging risk to manage. With the FBI estimating that cybercriminals stole nearly $7 billion in 2021, the prevalence of concern is understandable. Cyberattacks have become more numerous, complex and costly, making them difficult to guard against.

Change in Product Demand

As consumers face the same disruptive pressures as businesses, demand could prove prone to fluctuation. US inflation-adjusted consumer spending declined in February, suggesting the fastest pace of price increases in four decades is starting to temper demand as consumers continue to bear the burden of high gas, food and housing costs. Other likely scenarios, like the spread of a new COVID-19 variant, bring the risk of impacting demand for certain offerings.

Increasing Cost of Money

The Federal Reserve’s interest rate hike in March and planned hikes throughout the year mean that the cost of capital will rise as well. Higher interest rates raise the cost of doing business as companies face more expensive financing and potentially issues with expanding their operations and funding payrolls.

Quantitative Tightening

At the beginning of April, the Federal Reserve indicated that it would start shrinking the central bank’s asset portfolio. These asset holdings, mostly Treasuries and government-backed mortgage bonds, increased during the pandemic from around $4.2 trillion to $8.9 trillion. Fed officials have discussed shrinking the balance sheet at a maximum monthly pace of $60 billion in Treasuries and $35 billion in mortgage-backed securities. This is nearly double the peak rate of $50 billion per month we saw the last time the Fed trimmed its balance sheet, from 2017 to 2019.

Some CFOs will recall that when the Fed implemented quantitative tightening in 2017 for the first time, the markets did not react as expected. Instead, stocks and bonds dropped. The negative market conditions — including the S&P 500 Index tumbling almost 16% over three weeks in December 2018 — pushed central banks to discontinue quantitative tightening in 2019.

There is no way of knowing what will happen this time around. However, the Fed has taken precautions to prevent a similar outcome, including the introduction of a standing repo facility, committing to keep “ample” reserves in the system and permitting The Federal Reserve Bank of New York to mount unscheduled domestic repurchase agreements.

Some side effects of quantitative tightening are beginning to manifest. Because quantitative tightening takes money out of the financial system, some borrowing costs are going to rise. Quantitative tightening is expected to drive interest rates up as well, as we saw in the first quarter of 2022 where expectations for significant interest rate hikes alongside the Fed’s contracting balance sheet saw Treasury yields jump. Ten-year rates climbed about 0.83 percentage points, with further increases in early April taking them above 2.6% for the first time in almost three years.


Bottom Line

Businesses that continue to wait for things to return to normal may not want to hold their breath. “Instead of the new normal, I use the term the new abnormal,” said Tripathy. “That’s what we have to deal with. There’s always going to be a new abnormal — that’s the new norm. And we have to learn how to deal.” CFOs are in a position to help their companies become more resilient and agile, proactively prepared for any future shocks that come their way.

To read the full article please visit Brainyard.

N.K. Tripathy, MBA, CPA, CGMA, is a Strategy, Talent & Boards Principal Emeritus at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.