Evaluating IT: A CFO's perspective

CFO Insights

Having both a common language and robust governance in place can lay the groundwork for assessing current and future IT architectures.

Ask finance chiefs about their frustrations with information technology (IT), and you are bound to get an earful. Excessive investments made. Multiple deadlines missed. Little return on investment (ROI) achieved. The list goes on.

To complicate matters, many CFOs simply do not know if chief information officers (CIOs) are doing a good job. What exactly does a good IT organization look like anyway? How should IT be evaluated? And what are the trouble signs that the enterprise is not prepared for the future from a technology standpoint?

The answers to these questions take on greater importance given that IT is typically the largest line item in selling, general, and administrative expense (SG&A).1 Moreover, with CIOs reporting to CFOs in greater numbers—a full 45 percent at large North American companies, according to our CFO Signals™ survey2—there is a growing need to effectively manage the CFO-CIO relationship

Evaluating IT is no simple matter. It requires focus on three specific areas—communication, governance, and assessment—to create an overall framework for analyzing current and future IT capabilities. And in this issue of CFO Insights, we’ll discuss how steps taken in these areas can help enhance collaboration between CFOs and CIOs and identify the gaps in IT’s business support capabilities, focus IT investments, and strengthen the future vision of IT value.

Download the CFO Insights

Target communication—and miscommunication

One of the main challenges between finance and IT is communication. CFOs often focus on business financials; CIOs often focus on business capabilities and enabling technology. CFOs often fault their CIOs for not fully aligning IT projects and spend with company strategy and value creation—a dynamic that makes getting a handle on IT priorities and technology spend particularly important for CFOs. CIOs can likewise be challenged by cost-cutting CFOs who may not realize how deferring spend today delays time-to-value and may limit future options. Simply put, this lack of a common point of view and means of communication between CFOs and CIOs can lead to a fundamental disconnect that hinders effectively investing in, and realizing value from, IT.

To address this disconnect, CFOs and CIOs should establish a common language for assessing and communicating how IT creates business value. Specifically, the conversation should focus on how IT improves business processes, such as product development and pricing, rather than just talking about a specific technology or system. And for each critical process, CFOs and CIOs should agree on the value of both the “I” and the “T.” To wit:

Target relevant information. On the “I” side, how does information enable better process outcomes or decisions in the process? Is the information generated by specific systems to support the process timely, accurate, insightful, and relevant to enable value creation?

Agree on the appropriate technology. On the “T” side, how does the technology enable automation and reduction in manual effort to save costs? Is there sufficient transparency for the cost of providing IT services? Does it enable business areas to make important trade-off decisions? Will the technology choices enable scalability of process outputs dialing up or down to meet businesses demand efficiently? Will the technology be interoperable with other technologies at low costs? Is the technology reliable, leading to high availability of the process with low maintenance? How soon will technology obsolescence have to be addressed?

By focusing on how improvements in “I” and the “T” enable value and mitigate risks in tangible business processes, CFOs and CIOs can establish a shared language for evaluating IT. As many CFOs typically assign performance metrics to specific business processes, those measures can become another component of the language needed to assess IT.

Establish effective IT governance

CFOs and CIOs can help to improve the evaluation of IT by establishing broad, organization-wide governance models for major IT spend decisions. Such a model—with the appropriate stakeholders—can lead to joint ownership and better resource allocation, commitment to, and execution of, IT projects.

Effective governance models are likely to have two levels: one for strategic IT governance around long-term strategic initiatives and the other for individual projects. The first level should address how IT will support the business in the future and enforce discipline around large-scale IT investments that position the company for competitive advantage. Responsibility for this level of IT portfolio governance should be shared between the businesses and the CIO. CFOs can help CIOs to establish effective governance systems that serve their mutual interests for effective and efficient delivery of IT capabilities to the enterprise. To judge the effectiveness of the governance system, CFOs should be guided by the following questions:

  • Are you as CFO and other members of the C-suite involved in determining IT spend and development priorities?
  • Do major IT projects have a clear ROI that is documented, measurable, actively managed, and do they improve delivery of specific processes?
  • Do approved IT projects help with both our long-term business—and long-term IT—objectives?
  • Are our IT initiatives creating (or at least sustaining) competitive advantage?

A second level of governance needed is for individual projects. Such tactical IT governance allows CIOs to get the relevant users onboard for specific projects and keep them on track. Moreover, such oversight at the project level allows problems to be identified—and fixed—in a timely fashion. Finance can be a partner with IT on this level of governance.

To determine if the governance model on the project level is effective, consider the following three questions:

  1.  Are the appropriate levels of technical practitioners and business users assigned to the project? 
  2. Are both the development methodology and controls environment adequate to protect systems from errors and data issues? 
  3. Are there regular status reports that provide project progress and costs available?

In addition, while both levels of governance should be complementary, the CFO and CIO should be clear about which projects are long-term and require portfolio review. And if there are other initiatives that businesses have not sponsored, they need to be reviewed on the project level to make sure they are creating value or cancelled. Overall, however, there should be very few IT projects without strong business sponsorship.

Having a common process language and robust governance in place can lay the groundwork for assessing current and future IT architectures—from a business process standpoint. To make that assessment for your current environment, start by benchmarking 5 or 10 important processes, From there, develop a heat map to frame how well IT supports each of those projects, using questions that focus on the “I” and the “T.”

As mentioned earlier, the first set of those questions addresses the quality of information supporting each business process. For example, is the information timely? Is it relevant? The second set targets applications and technical infrastructure that run the organization’s business processes. For example: How well do current applications support the business processes? How standardized is the application portfolio and associated processes? The third set targets technology risks. For example: What risks do we have from potential technology obsolescence? How prepared are we to recover from outages and disasters?

(For the full list, see: “Framing your IT and process heat map.”)

Equipped with a heat map of IT capabilities and vulnerabilities at the process level, CFOs and CIOs can develop a shared view of critical gaps they need to consider fixing as well as how IT can drive the business impact through improving processes. Before spending money to address the gaps, finance should sit down with the process owners and the CIO to determine the business value and the cost-benefit of improving specific gaps in a business process. CFOs should ask their CIOs and process owners what it will cost to fix specific gaps, as well as what it will cost if the gaps are not addressed. Opportunity cost is a critical piece of IT-spend governance.

The last critical area that needs to be governed is what the future architecture should actually be. In IT, knowing what the end will look like can fend off cost overruns and major disappointments. But that future architecture often looks different to different people. Your vendors, for example, might offer the rallying cry of “one ERP system.” On the other hand, your CIO may believe that it is too early to tell. After all, the technology required to execute your specific strategy may not be invented yet.

As CFO, you may need to determine if funding the unknown or a big-bang solution is actually prudent. That’s even more critical considering that the benefits of evolving your current architecture may be more than enough already. Often, the systems you choose to fix typically offer an added benefit: stability.

If you accept the reality that there will probably be cuts and bleeds involved in IT, then an iterative improvement solution is maybe the best a company can hope for. The CIO’s choices can frame what they are optimizing to—a completely rational architecture or one that can drive increasing stability in the organization. It may not be radical. It may not be world-class. But, in some cases really good may be good enough. The funding challenge for CFOs is to determine when really good enough works versus the need for radical overhaul or replacement of existing systems.

Framing your IT and process heat map

Building a heat map of IT capabilities and vulnerabilities involves asking a series of questions of IT and business-process owners focused on the “I” and the “T.” Answering these questions creates opportunities to use IT to create value in critical processes.

The first group of questions should address the quality of information supporting each business process. For example:

  • Is the information timely? Relevant? Accurate? Insightful? 
  • Are we leveraging external data to our advantage?
  • Do we have a common data model with consistent definitions so that one version of the truth exists throughout the organization?

The second group of questions targets the applications and technical infrastructure that run the organization’s business processes. For example:

  • How well do current applications support the business processes? What is the range of coverage? What level of process automation have we achieved?
  • How standardized is the application portfolio and associated processes? What opportunities exist to drive operational efficiencies from greater standardization?
  • How efficiently are we using IT assets?

The third group of questions targets technology risks to the organization. For example:

  • What risks do we have from potential technology obsolescence?
  • In the event of a merger, are there any significant barriers to integrating other IT systems? 
  • How prepared are we to recover from outages and disasters? Do we have recovery plans defined? Are they tested regularly? 
  • What are the biggest business exposures if IT systems experience unplanned outages?
  • What risks exist with major IT suppliers?

Is IT working well?

There can be several warning signs that IT is not functioning as well as it should. Some useful questions of IT include:

  1. Have you tested your disaster plan? Many IT departments may say that they have a disaster plan, and as CFO you may very well have been involved in finalizing it. But you might be surprised if you asked a very simple question: Have we tested the backup facility? While the nuts and bolts of a disaster plan may look good on paper, some IT departments are not regularly testing backups. 
  2. Who own the IT budgets? A traditional view would be that it makes sense for the IT budget to be controlled by IT. But while the technology pertinent to core infrastructure should be IT driven, the application side may be better controlled by business units. Such a structure also allows for decisions to be processed through the IT governance committee, which can referee disagreements among business units over IT priorities. At the same time CFOs should work with CIOs to balance the risk of proliferating non-standard applications across business units.
  3. Is the release schedule of your systems readily available? As CFO, do you or specific members of your staff know the release schedule of your systems? Is it handily available on your or their computers? Since such releases can impact everything from on-boarding new employees to remaining in regulatory compliance, you need to know what is coming down the pike and when. 
  4. Does your vendor-management strategy guard against critical knowledge being lost? Vendors may be integral to your IT strategy, but you need to take steps to prevent them from minimizing future flexibility. Outsourcing of critical systems can especially lead to losses of critical workers and know-how from the company. Outsourcing technology demands an effective vendor and project management organization in IT, supported with the applicable funding and oversight. A strong vendor management capability is essential to effective delivery of services. It can also be an area of opportunity for CIOs to generate future savings and partner with CFOs.


1 Deloitte Global Benchmarking Center, 2013.
2 CFO Signals survey, US CFO Program, 1Q2011 Deloitte LLP.

About Deloitte’s CFO Program
The CFO Program brings together a multidisciplinary team of Deloitte leaders and subject matter specialists to help CFOs stay ahead in the face of growing challenges and demands. The Program harnesses our organization’s broad capabilities to deliver forward thinking and fresh insights for every stage of a CFO’s career–helping CFOs manage the complexities of their roles, tackle their company’s most compelling challenges, and adapt to strategic shifts in the market.

For more information about Deloitte’s CFO Program, visit our website at:  

Did you find this useful?