Your first 100 days as a CFO

Reviewing risks – take charge before they take over

Ben Langford
By:
Ben Langford
12 Mar 20263 min read
insight featured image
30‑second take on navigating risk as a new CFO:
  • Focus on identifying the risks that matter mosts – no one can manage a universe of risks; identify the handful that could materially impact the business or your function early.
  • Pin down ownership early – meet the key stakeholders for each major risk and check whether the Board has the insight and expertise to challenge them.
  • Understand the tone at the top – stated risk appetite matters, but how leaders (including your predecessor) actually talk about risk shapes behaviour. Get a read on the real culture.
Contents

This is one of nine insights in our guide to navigating your first 100 days as a new CFO. Discover more insights here.

Your first months as CFO aren’t for diving into the detail of every minor risk; they’re for getting a picture of the business' risk appetite and what truly matters. How you prioritise and communicate risk early sends a powerful signal to your team and across the business, as well as to Board and investors, about your leadership.

Use your early days in role to pinpoint key financial risks, clarify who owns them now, and check that the right processes and controls are in place. 

Here are four key questions to focus on findings answers to in your first 100 days:

1. What are the 'killer' risks? 

No one can manage a universe of risks, let alone the actions needed to address them. Successful risk management is about focusing on what really matters and enhancing knowledge and actions, rather than lists and process.

Make sure you are aware of the ≈5 top financial risks that could have a material impact on your finance function and business.

2. Pin down ownership 

Whether your business has a Head of Risk or not, you will need to identify and meet with the main stakeholders for each of the above risks, and to identify whether the Bord has sufficient expertise and infromation to challenge the management of them. Are there any gaps?

3. What is the tone at the top?

How leadership talk about risk shapes how the business behaves, but you won’t always have full insight into how your predecessor communicated risk. Spend time understanding the current tone so you can shape it intentionally. Every business handles this differently, so make sure you leave any assumptions at the door.

Throughout your conversations, try to identify:

  • Is risk talked about openly, or only after something goes wrong?
  • Do people escalate early, or only when the issue becomes unmanageable?
  • Is risk part of everyday decision‑making, or a box-ticking afterthought?
  • Do messages from the top align, or do functions hear different priorities? 

Risk culture is rarely written down, but it’s felt. If needed, you can start to shift it by openly modelling the transparency and behaviours you expect, and by ensuring there is a shared understanding of what ‘acceptable risk’ actually looks like in your context.

4. Validate crisis readiness

Unexpected issues are inevitable. What matters is the quality of the organisation’s response across communication, people, technology, and recovery.

Are there robust systems in place to manage the impact of low-probability-high-impact events, and have they been tested?

Ask yourself after these conversations: If a major issue were to hit tomorrow, do you have clarity on who speaks, who decides and who does what... or would you be debating it in the moment? 

If the answer is still unclear, that’s a risk in itself. 

TAGS  
Authors
  • Ben Langford
    Ben Langford I am an experienced risk and internal audit professional having worked for more than 25 years with large global groups in all areas of governance, risk and control. View Profile