CFO: Better Your Relationship with the CIO and CISO
Digitisation is high on the agenda for most companies, leading to increased investment needs and greater focus on data security. Consequently, the importance of a well-functioning collaboration between key roles in finance, IT, and security is on the rise.
Effective cooperation and partnership between the CFO, CIO and CISO help companies avoid unnecessary costs, negative impacts from unexpected events, generate revenues, and can further support the company's tech transformation work.
Ensuring the Collaboration between CFO and CIO
According to Gartner, a strong and well-functioning relationship between the CFO and CIO entails a 51 percent higher likelihood of securing funding for digital initiatives, a 39 percent higher chance of keeping digital expenses within budget, and an 18 percent increased probability of achieving intended business outcomes.
Despite the significance of effective collaboration between the CFO and the executives responsible for IT and digitisation, less than a third of CFO-CIO relationships can be described as "a strong digital partnership".
- 94 percent of CIOs believe that they understand how technology impacts the company's finances, but only 62 percent of CFOs agree.
- 80 percent of CFOs believe they understand how financial management needs to be adapted to support the company's digitisation, but only 55 percent of CIOs concur.
To establish effective cooperation, CFOs and CIOs need to ensure they speak the same language, use commonly defined concepts, and have a good and shared understanding of the company's overarching goals and how digital initiatives help the company achieve these goals collectively.
Gartner provides five specific tips for more productive conversations about financing digital initiatives:
1. Get comfortable with financing "digitally" differently. Focus on long-term value creation (e.g., international scalability or future revenues) and avoid getting too stuck in traditional thinking (capital expenditure versus operating expenses).
2. Redefine expectations of success for digital investments. Often, the metrics within IT differ from those used elsewhere in the business, which may struggle to understand technical measures of success. There are often indirect benefits that are difficult to capture financially. Agree on the metrics and redefine what "success" in digitisation means.
3. Use a shared framework for performance management. Ask yourselves what evidence-based facts and key figures you can agree on and translate these facts into business effects that the stakeholders in the business understand and engage in.
4. Involve the finance department early in the technical roadmap. CFOs (and the business at large) can benefit from being involved early in planning the roadmap as it creates opportunities to form shared expectations on how technology should be used to advance the company's strategy and how digital investments impact the company's financial results.
5. Ensure transparency in the digital cost structure. CFO-CIO partnerships that exhibit strong collaboration are 21 percent more likely than others to be transparent in their digital cost structure and understand how digital initiatives contribute value relative to their costs.
How the CFO can build partnerships with the CISO
As digitalisation becomes increasingly prominent within operations, the importance of security grows correspondingly. This is reflected in the introduction of new competencies and decision-makers. In some organisations, the role of the CISO (Chief Information Security Officer) has a place in the management team.
In the same way that a CFO needs to build strong and effective relationships with a CIO, a similar cooperation with the company's CISO is required.
An efficient CFO-CISO relationship contributes to the integration of a data security mindset as part of the working method in each function of the organisation. Experts indicate this is largely achieved through recurring reviews between the Chief Financial Officer and the IT Security Chief.
Continuous engagement and dialogue linked to potential cyber threats and IT-related risks will contribute to creating continuity around these issues in the operation. A CFO thus has much to gain by being informed about and understanding the risks in order to prioritise correctly.
The conversation should begin as early as the strategic planning stage and then take place quarterly (or as is suitable given the nature of the business) as the security situation changes. This places new demands on you as a CFO to also be familiar with cyber security trends and the investments made in your organisation's IT security.
From a CFO's perspective, the focus within IT security is often on risk and weighing how much risk can be taken relative to the costs that security initiatives entail. The allocation of the budget should therefore be based on a chosen level of risk-taking.
According to experts, it's possible to break this down into an expense range based on several areas; expenses per employee, expenses as a percentage of network infrastructure costs, or expenses as a percentage of salary costs.
However, try not to view IT security as a cost, but rather as a way to develop the business, surpass industry colleagues, and a shared responsibility that should be ingrained in every policy and process.
5 questions for recurring meetings between CFO and CISO:
See these questions as tools to focus on the right issues in the meetings:
1. How secure are we as an organisation?
2. What are the greatest IT security threats and risks in our industry?
3. How do we ensure that the cyber security team and CISO are involved in business development?
4. What do the risks look like compared to potential costs? (This is linked to potential security incidents. For example, how much it costs to protect against a DDoS attack compared to the potential cost of the attack.)
5. Do employees understand information security and do they successfully implement security protocols?
10-minute video demo of Hypergenes solution: