Technology has been transforming business for decades and in recent years CFOs have become increasingly affected by these transformations. Advances in automation, artificial intelligence, and cloud computing are taking over traditional accounting functions, and the continued rise of operational and strategic CFOs has meant CFOs are more likely to have oversight of technical operations for the whole company. In order to control the accuracy and value of the data these advanced systems and processes provide, CFOs must take ownership of this technology and its concomitant security.
Recent studies show that finance departments must provide comprehensive data that can drive decisions. Unfortunately, the tools being used often do not provide digestible and actionable information. Implementing tools that provide real-time metrics, often leveraging the cloud, can come with trade-offs in governance standards or security that carry significant risk. After ensuring that the data is suitably secured, CFOs need to ensure that their teams are creating usable metrics within appropriate contexts.
As if this wasn’t enough to worry about, CFOs in charge of technology must ensure that their data is protected – and the more data you have available, the more data that can be stolen. This requires understanding – at a high level – the moving parts in your technology ecosystem, usually via a subject matter expert you trust. Importantly, technology and information security are separate disciplines, each with their own body of knowledge.
Beyond understanding the technology ecosystem, CFOs must also ensure compliance with privacy laws, breach laws (of which there are 50+), and contractual agreements. Many companies that take credit cards are unaware of the risk that they face by not being compliant with the obligations outlined in their credit card contracts. We often find with new clients that they simply didn’t know that they had to fill out questionnaires and be compliant with (what can be) an extensive list of questions. That means that should data be breached, their companies could face major fines or even lose their ability to take credit cards.
As companies leverage new technology and have to account for increasing regulations, talent management must also evolve – otherwise companies risk a digital skills disconnect that can lead to multiple areas of risk to the organization. Executives must ask themselves:
• Is the team sufficiently trained in how to use these tools?
• Do they know how to interpret the data in these tools?
Can we make informed decisions based upon the data presented?
• Do we have the right team to secure this data?
• Does the front line staff understand the risk of a data breach?
• Are the tools and systems we use compliant with all the necessary privacy and security regulations across multiple jurisdictions?
WHAT TO DO?
Here are some tips that can help you ensure success:
To execute well from the start, you need skilled team members who can support you with an accurate vision of the future. Understanding what your goals are from a data analysis perspective and how to execute is critical in any team member who designs the system. Similarly, your technology and security experts need to have training and real-world experience.
Since you will be likely leveraging multiple cloud solutions, it’s important to remember that your choice of cloud provider definitively impacts how well your data is protected. Only use cloud providers who have appropriate, audited credentials for security. Any provider’s claims of information security should be backed up by an external company that certifies that the security practices are appropriate to the data being stored.
Ensure that your governance, security and privacy considerations are addressed from the beginning – that applies whether you are hiring an IT provider, implementing a new Business Intelligence system, or redoing a process. Governance, security and privacy are very difficult to add in after the system is in place. Getting it right from the beginning, as we all know, is the most effective and efficient way.
David Lam, CISSP, CPP is a partner at Miller Kaplan. For more than 30 years, he has been managing information for small and medium
businesses including custom software development, systems management, and information security. Learn more at millerkaplan.com/information-security.