Do you have the tools and resources in place to eliminate a growing list of operational risks?
Once a purely financial and strategic planning role, the responsibilities of CFOs have expanded to include anything from operations and IT to human resources. Notably in startups, the first CFO hire often takes on lots of operational responsibilities alongside managing cash flows, modeling revenues, processes expenses, and helping fundraise.
As their responsibilities increase, so does their exposure to risk, with compliance laws holding CFOs personally liable if those duties aren’t executed to perfection. Here are five operational risks facing today’s CFOs and ways to protect themselves against them.
Operational risk #1: Personal legal liability
While actions taken on behalf of the corporation are usually protected by limited-liability designations, an officer of the company who breaches their fiduciary duties and puts their interests ahead of the corporation can be held legally liable. This includes things like fund misappropriation, creative bookkeeping, and embezzlement.
All of that is common sense, but the U.S. Securities and Exchange Commission (SEC) is not just targeting CFOs for their own white-collar crimes but for crimes committed by others under their watch as well. CFOs can be held personally liable for incorrect financial statements they signed off on, even if they weren’t knowingly a party to any wrongdoing. This means that if one of your employees misappropriates funds without your knowledge, you could face heavy fines or even jail time.
How to mitigate your likelihood of becoming an SEC target:
- Maintain strict oversight and documentation. If the SEC comes after a CFO with a control-person claim, the burden falls on the defendant to show they acted in good faith by maintaining and enforcing a proper system of supervision or control. You’ll need to show you did everything within reason to keep tabs on your employees.
- Create a culture of compliance among your employees. Make expectations clear and establish an easy way for employees to report suspected wrongdoings to internal auditors or to the board. Establish and diligently maintain a system of control by creating a paper or electronic trail of communication as you go about your supervisory activities. Make sure important conversations and sign-offs are recorded in writing and that protocols are followed to the letter. That way, if regulatory action occurs, you can demonstrate that you took all the proper steps to curtail fraud.
Operational risk #2: Tax noncompliance
While failing to properly file or pay taxes is bad news for a corporation, it can also create personal liability issues for the CFO and others. Designed to keep businesses from shirking their tax obligations, “responsible person laws” pass the responsibility onto private individuals within the company.
This risk doesn’t fall solely on the CFO’s shoulders, however. The responsible person or people could also include superiors or direct reports, but it’s the officer’s responsibility to make sure the company stays tax compliant. If they don’t, and the company cannot pay its taxes, they could be held personally responsible for paying some of that tax burden out of their own pocket. This is true even if the company declares bankruptcy.
If a company is unable to pay up, CFOs may also find themselves personally liable for 401(k) or other employee benefit withholding, and even unpaid payroll. This is a powerful incentive to make sure the books stay balanced.
How to deliver detailed documentation to internal and external auditors:
- Invest in the right accounting software. To protect themselves and their employees, CFOs should require strict internal reporting and accountability to ensure that taxes are properly paid. Move away from old-fashioned spreadsheets and invest in powerful cloud-based accounting software so that you can manage the books from anywhere while minimizing data-entry mistakes.
- Then, centralize it within a system of truth. As you grow, consider an enterprise resource planning (ERP) system to help organize payroll, sales, accounting, and more, all in one place.
Operational risk #3: Contract mismanagement
Many small organizations don’t have in-house legal departments, so the responsibility of creating and managing contracts can fall on the CFO. Even if a lawyer helps draft the official contract, it’s still the CFO’s responsibility to manage some of the inherent risks that go along with contracting to an outside source.
Contractors and vendors pose some of the greatest risks to a company because they are not as invested in the company’s success as employees are. In a worst-case scenario, contractors and vendors could expose the company to legal liability. Their actions could hurt the company financially or cause a major public relations issue.
Mitigate some of this risk through smarter contract management:
- Clearly defined documentation and verifications. Well-written contracts should clearly assign responsibilities, include indemnification clauses, and specify insurance and liability requirements. In addition to writing the contract, CFOs should verify contractors’ insurance documents and licenses.
- Transparency and tracking with contract software. It’s best to have contract software that allows you to track when they’ve been opened and signed. You’ll also need to ensure you receive a copy of the contract along with the audit trail of actions leading up to the signature. And of course, you’ll then need to store that contract in a safe place where it can no longer be altered. Using a lot of contractors? Consider starting a designated risk management department to oversee the risks involved.
Operational risk #4: Fundraising fails
In the past, potential investors were primarily concerned with the return they could expect to get on their money, to the exclusion of almost everything else. Now, investors want to know everything they can about a business, from accounting procedures to cybersecurity protocols, before entering into a relationship.
CFOs not only prepare a lot of the documents throughout the due diligence process, but they also provide the data being used to convince investors that their money will be secure. The stakes are high—their ability to verify the company’s viability with reassuring answers can make or break a fundraising deal.
Due diligence reporting for investors is also a lot more work than it used to be. Questionnaires that used to be two or three pages can now stretch to 30 or more in addition to supporting documentation. Compiling and delivering so much information can consume a CFO’s time and a company’s resources. Pulling together this information requires up-to-date, in-depth knowledge about a number of operations within the company.
How to manage a faster, more efficient due diligence process:
- Consider outsourcing to consultants or reporting services. It’s no longer possible for CFOs in even small companies to operate as the sole source of knowledge behind the data. Instead, they will need to outsource the information-gathering and other operational functions to third parties.
- By outsourcing some of this reporting burden to consultants or reporting services, CFOs can hand over more insightful and detailed information than what they might create on their own. They can complete due diligence forms faster and more comprehensively, thereby ensuring that potential investors feel confident moving forward.
Operational risk #5: Board material miscommunications
Boards increasingly rely on CFOs for expert guidance on how to best navigate complex financial landscapes. Yet, many CFOs, coming from accounting or finance backgrounds, often have less experience translating financial information in a way that’s both informational and persuasive.
Effective board management is more than sharing a list of monthly performance metrics—CFOs need to explain what the operating figures actually mean for the business and why. How is the company doing? Is it better or worse than expected? What conditions are affecting the numbers, and how might they change?
If the CFO can’t communicate the company’s progress well enough, they and the company risk greater scrutiny from the board. There’s also the chance of antagonizing venture-capitalist board members who are looking to exit. If a lack of confidence causes investors to pull their funding too early, the results could be catastrophic for the company.
How to eliminate some of the most common friction points:
- Create a relationship built on communication and trust. To do this, CFOs need to translate complicated financials into easy-to-understand, actionable insights. Don’t assume that board members understand financial acronyms or jargon that may be second nature to you. Make CFO reports clear and narrative-driven so board members without finance backgrounds can understand the company’s position. Write effective and thoughtful board meeting minutes to build trust with your board. Get a jumpstart by using our complimentary board meeting minutes template.
- Keep security and organization top of mind at all times. Communicating with the board means sending out sensitive materials, such as financial statements and waterfall tables. If these board pack materials fall into the wrong hands, it could cause a major security breach or PR issue for the company. Always send materials using secure document sharing with password protection.
Eliminating unnecessary risks with the right moves
When it comes to security, information-sharing, and compliance, even small compromises can lead to devastating outcomes for CFOs and businesses alike. By combining the right tools, resources, documentation, and oversight within a culture of compliance and trust, CFOs can protect themselves and their companies against these avoidable risks.
From board meetings to investor relations, raising capital, and more, CFOs use DocSend to securely share highly sensitive financial and company documents. Learn more about how you can use the DocSend platform to better protect you and your company from risk.