A new white paper from the Association of Chartered Certified Accountants (ACCA), “Rethinking Risk for the Future”, argues that “accountancy is playing an increasingly larger role in navigating organizations through the urgent problems and interconnected risks they now face” from cyber threats to pandemic to climate change.
“Accountants need to measure these not-so-easy-to-quantify risks and provide boards and senior management with the narratives needed to plan and prepare,” the ACCA says.
By extending their traditional role of analyzing and communicating data in financial terms, accountants can elevate measurement and reporting on risk in terms the business understands. “Accountants are in a unique position to provide the insights and predictive analyses needed to shape sustainable business strategies for the future.”
FAIR Institute President and RiskLens CEO Nicola (Nick) Sanna contributed to the white paper. The section on “Building trust in the digital society” phrases the challenge in some FAIR™-like language:
“As digital capabilities become increasingly vital to most business models…[this] requires a new level of risk awareness and mitigation where accountants could be helping their organizations better distinguish between risks and their consequential loss events and outcomes; for example, productivity loss, reputational damage and response costs.”
Learn cyber risk quantification in FAIR training approved by the FAIR Institute.
The white paper echoed some of the points Nick made in a related webinar hosted by the ACCA, Digital Transformation Risks: Round-table for ACCA European Markets.
“We see companies grapple with a new type of digital risk which is at the intersection cybersecurity and operational risk,” he said. “They are realizing that, as we put all our assets online, we face a new type of risk.”
Nick gave as an example a recent conversation with a mining company operating driverless trucks now at risk to hackers. “The company is now asking, what are the risks to production but also other implications, such as reputational loss. It’s the same thing in the financial sector, as companies are thinking about moving applications and data to the cloud…
“The landscape really changed, and we need to be disciplined how we think about it. We need to distinguish between what are the possible loss events that can impact our company and what are the possible consequences, because the business will relate to both.”
NACD Cyber Risk Oversight Handbook Endorses Quantification