The Next Step–Resilience

Bill Schneider, CPA, CGMA, Director of Accounting, Corporate Accounting Policy, and Executive Compensation Accounting, AT&T | September 30, 2014 |

First we had Enron, Worldcom and Parmalat and the world responded with internal controls over financial reporting. A well-controlled business reporting process was hailed as the way to ensure investors didn’t get hurt and companies wouldn’t go bankrupt. It didn’t work out that way because the focus on was on controls to eliminate risk of bad reporting; that left the door wide open for businesses to do stupid things and take enormous operational risks as long as they reported them accurately.

So after the financial crises of 2008 we all focused on risk management. Now the focus moved from controlling/eliminating bad results to managing risk. The reality is that too often managing risks means trying to avoid or control them and you can only manage risks you think of and know about. The failures of risk management are already laying the ground work for the next crises which will be unexpected events taking down businesses. In fact that is already happening, just not on the scale of the first two crises yet.

The solution is to take the next step to becoming a more resilient organization. A resilient organization understands that it was created to take risk in pursuit of its objectives and without risk taking it won’t be able to deliver growth in profits, employment and returns to stakeholders. It also understands that risk cannot to be eliminated, but should be understood and managed. Finally, it understands that it can’t possibly plan for all unexpected events because it has no idea what all of those risks are.

Instead, a resilient organization sets itself up as an organization with the right processes to get early warning when events happen that create a threat for the organization. This way there is time for the organization to react before the effects become insurmountable. The resilient organization understands that it can’t possible plan for and manage every risk so, instead, it makes itself agile and adaptable so it can react quickly to events and take the appropriate actions to minimize damage and, more importantly, take advantage of the situation to grow and expand.

Resilient organizations are coming, if only because non-resilient organizations will disappear; there are only two questions. Will it take another crisis for resiliency to be widely adopted and will your organization be the one that becomes resilient or will it be left behind by those that became resilient first?


This article originally appeared as a blog on the website of the Texas Society of Certified Public Accountants (September 29, 2014) and has been reproduced with permission from the author and the Texas Society of Certified Public Accountants.

Join the Conversation

To leave a comment below, login or register with

Thank you for your interest in our publications. These valuable works are the product of substantial time, effort and resources, which you acknowledge by accepting the following terms of use. You may not reproduce, store, transmit in any form or by any means, with the exception of non-commercial use (e.g., professional and personal reference and research work), translate, modify or create derivative works or adaptations based on such publications, or any part thereof, without the prior written permission of IFAC.

Our reproduction and translation policies, as well as our online permission request and inquiry system, are accessible on the Permissions Information web page.

For additional information, please read our website Terms of Use. ALL RIGHTS RESERVED.