How CFOs can make their IT inheritance less taxing

Introduction

CFOs charged with overseeing the IT function, either directly or indirectly, may confront the kinds of challenges that come with any major inheritance: complexity, tough choices, difficult conversations. The likely absence of any overall framework—in a language that both the CIO and CFO speak—for analyzing IT’s current capabilities and future preparedness can delay any steps to realize value from IT.

Some CFOs are being asked to oversee IT. That inheritance may cause CFOs to feel underprepared and overwhelmed: should you focus on the accuracy, consistency, and monetization of data, the effectiveness of its cybersecurity strategy, or the scalability of its technology environment?

The answer: all of the above—and then some. In the first article in this series, we outlined five of our 10 considerations designed to help CFOs shape their priorities in overseeing IT. Those five covered the following areas: end user computing operating excellence; core modernization and cloud migration; the operating and talent model; business partnership; and the IT value story.

In this edition of CFO Insights, we’ll explore the five remaining considerations, all of which are drawn from our work with CFOs and CIOs, helping devise ways to improve collaboration and to realize the value of technology investments. Taken together, these considerations are designed to aid CFOs in being positioned to get a sharper picture of the IT function’s capabilities, and actively building on that knowledge to help IT create additional financial value.

Five Further Considerations

1. Navigating digital transformations: Many companies are in the midst of digital transformations. Such transformations may include a shift in business and revenue models from the one-time sale of products to subscriptions for digital services; they may be focused on achieving a major performance improvement in finance or other operations; or they could involve digitally redefining the customer or employee experience. As a CFO, you may be enlisted to lead, sponsor, or enable key digital transformations—in Deloitte's North American CFO Signals survey for the second quarter of 2021, 42% of CFOs said their primary role in their companies’ most important efforts was serving as co-leader, with 19% apiece saying they served as enablers or sponsors.¹

If you inherit an existing digital transformation, a starting point is to consider asking if the initiative has a clear transformation ambition—or what outcomes the transformation seeks to achieve and how its success will be judged. Second, it is important to ask how well the transformation effort is proceeding toward its ambition (see “Crafting your transformation ambition,” CFO Insights, March 2020). Is it delayed, overbudget or on-track? Third, it is vital to consider the critical risks to the transformation project. Are there resource constraints (such as budgets, workloads of staff, skills, and data); process constraints (including stakeholder commitments, planning processes, governance, and agile versus waterfall development); behavior and adoption constraints (habit, say, or culture) or third-party risks? Identifying the leading risks in the next six to 12 months can focus risk management and mitigation efforts in transformation execution (see “What’s on your transformation risk checklist?” Part 1 and Part 2, CFO Insights, Oct./Nov. 2020).

The goal should be to balance risk and reward across a portfolio of technology initiatives. In an oversight role, it's key to mitigate the risks while accentuating the impact of these transformations. Sometimes you, as CFO, may need to take a leap of faith on a particular initiative where the risk of failure may be high, but the subsequent reward may also be high.

2. Transforming data into insights: CFOs in many companies are already grappling with data challenges for reporting or planning. These can include shortfalls in data collection, the wide dispersion of data across systems, the inaccessibility of timely data, the use of inconsistent data definitions, and poor data quality. At a company level, data challenges can drive extensive manual work as people try to get access and retrieve the right data to support decisions. It also drives belated and ineffectual decisions made using delayed or wrong data. Indeed, in Deloitte’s CFO Transition Labs™ we have observed that data challenges can constrain growth as well as hinder the efficient scaling prospects of a company.

To grasp data issues, it’s probably helpful to isolate the critical decisions that management needs to make, and explore whether—and to what extent—there is timely and accurate data available to support those decisions. In some cases, critical data from products, services, and customers can lead to additional revenue sources. For example, data from connected cars or connected devices can be a treasure-trove of additional insights and revenue. As companies grapple with internal and external data, those who succeed will find ways to drive insights and monetize the data at their disposal. As the organization wrangles with data, think about the decision areas or requirements driving the most manual data efforts. As data by itself is not as valuable as the business insights derived from it, is there an inventory of critical models that support key decisions—and how effective are they? Currently, what are the company’s greatest data opportunities and deficiencies? Companies take a variety of approaches to improving their data management capabilities (see “Mastering data for better insights—and competitive advantage,” CFO Insights, January 2021). Some appoint chief data officers to bring some order to this space. In other companies, the CFO may sponsor a group of senior executives to determine the critical data requirements going forward and engage them to work with IT to deliver. While there is no single sure-fire approach to managing data, CFOs can play a vital role in convening a data governance group in the organization. This group can determine which critical high value decisions the organization makes, what kind of data is required, and the best ways to acquire, store, and process it. A data governance group can then help prioritize data and model rationalization efforts.

3. Redefining cybersecurity: Major ransomware attacks and numerous corporate data and system breaches have gotten the attention of boards and the C-suite on this critical risk. In fact, our CFO Signals survey for the first quarter of 2022 collected a number of responses that cited cybersecurity as a major IT challenge as well as a value-protecting expense that was potentially crowding out other more value- creating investments in IT. So where should you begin on cybersecurity? A useful first step is to consider using a Zero Trust maturity model to determine the current state of the company’s defenses. Cybersecurity efforts have traditionally focused on controlling the perimeters of an organization. As interconnections between employees, customers, suppliers, and partners have grown across multiple networks and devices, it has become important to adopt a Zero Trust model, which enables organizations to implement a “least privilege” policy that does not assume that parties and devices within the organization’s perimeter are secure. This requires consideration of threats and access controls across multiple levels and across the various data assets in an organization (see “Zero Trust: In the face of escalating cyber-attacks, companies target a new level of security,” CFO Insights, August 2021).

The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, has created a high level Zero Trust maturity model. The model considers security protocols across five key pillars: identity, devices, network environment, application workloads, and data (see Figure 1 in the PDF).

A useful first step is to work with the company’s CIO or CISO to determine your maturity in enabling Zero Trust security around the five key pillars. Then, develop a roadmap to upgrade security around critical resources as needed.

Security hasn’t only become a priority for many CFOs and boards. Recently, the SEC specified disclosure requirements for cybersecurity incidents.² There is no one size fits all solution—and CFOs will have to balance the risk of a cybersecurity breach with the costs of protection. After cataloging the IT function’s needs, CFOs may inevitably have to make trade-offs among the investments on their wish lists, weighing those that maintain existing processes and offerings, for example, against others that drive future growth and are riskier, but could produce significant returns (see sidebar, “How CFOs would improve IT if they could”).

4. Designing a great digital experience: Today customers and employees increasingly interact with companies online. The user’s digital experience, including the interfaces and interactions, shapes their perceptions of the company itself.

As the Internet evolves toward the metaverse, experience design will likely grow in importance to engage stakeholders. How successfully does your company create a great digital experience for your customers, employees, and other stakeholders? What capabilities reside within the company to better understand the neuroscience of experiences and to implement high-quality user interface and user experience design. As IT becomes ubiquitous, user expectations for digital experiences continue to soar. Not keeping up with user expectations can lead them to click over to a competitor’s site.

5. Seizing Innovation: For companies, technology is a moving target with constant innovations and dramatic improvements. How does your IT group keep abreast and harness the right innovations at the right time to create value? Some companies have investments as limited partners in select venture capital firms to sense opportunities from new innovations. Others may participate in critical industry and vendor conferences to learn about upcoming technologies that may unlock value. Determine how well your current team organizes to absorb innovation and frame ways to effectively realize value from marketplace innovations. Similarly, consider how you can unleash innovations with existing IT and business teams to drive value.

Get a running jump-start

The ten areas we’ve identified in this two-part series provide a useful starting point for CFOs to consider the state of their IT inheritance and potential areas for improvement, offering tangible questions, measures, or frameworks to jump-start their assessment of the IT function. Once CFOs have evaluated their inheritance in each of the ten areas, they can begin to prioritize which of them to personally focus on for the highest return. After that, they can create a roadmap to deliver the future IT value story and decide where to commit their time, and devote the team’s resources.

As leaders, CFOs will have to balance resources between maintaining and improving existing competencies and investing in new capabilities. This calculation will differ based the organization’s priorities and the challenges that appear as CFOs continue to explore the IT function they’ve inherited, and begin to make it their own.

To read the first article in this two-part series, click here.

Endnotes

¹ CFO Signals: 2Q 2021, CFO Program, Deloitte LLP
² SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, press release, March 9, 2022

Contacts