Aligning cyber to a controllership of the future

Expanding the role of cyber in finance and accounting

As technology and data increasingly play a critical role across finance, the growing risks and expectations around cyber are expanding along with potential opportunities in the alignment of cyber with finance and controllership. Organizations can leverage key enablers for digital transformation while maintaining security and compliance by empowering finance and accounting with a future-ready cybersecurity model.

December 13, 2022

A blog post by Beth Kaplan, Deloitte & Touche LLP

As companies navigate through both business-as-usual and marketplace disruption, the need to anticipate the complexities and volatility of this emergent dynamic elevates the critical role technology and data increasingly play across finance—driving value, mitigating risk, and sharpening competitive advantages for the business. However, as the role of technology continues to expand within the finance function, cyber risks and security will also have a growing impact across an organization.

As the role of cyber expands, so do the risks—but aligning both of these within the finance function may help companies lead the charge into the future. By harmonizing finance and accounting with cyber-enabled transformation and a future-ready cybersecurity model, organizations can leverage cyber-enabled transformation while maintaining security, compliance, and trust within the finance ecosystem.

To do this, it is beneficial to first understand the growing risks and expectations around cyber and the benefits of a transformative cyber strategy. From there, you can activate a new cyber strategy in the controllership and finance function utilizing some key enablers to help drive transformation.

Understanding the growing impact of cyber on finance and controllership

Cyber-related issues are business risks that have an impact on the entire organization. However, digital transformation introduces new risks, and the finance function is an especially common and growing target for cyber incidents. With the move to digital, companies need confidence in the security of their assets and a better understanding of how cyber events might disrupt the business. In addition, as finance becomes more of a target of these threats, regulatory requirements and expectations from board and audit committees are also becoming commonplace. For example, the Securities and Exchange Commission has proposed rules on cyber disclosures, boards and audit committees need cyber frameworks and more cyber updates, and digital transformation creates new and growing cyber risks.

The elevated cyber risk environment indicates cybersecurity needs are expanding fast—as quickly as the speed of data. It also creates an opportunity to lean into and benefit from a forward-focused cyber environment by implementing finance cybersecurity operations within the finance function.

Activating cyber in controllership and finance functions

Embedding cyber in controllership and expanding cyber’s role in internal audit and across the function should involve key enablers that coordinate both cybersecurity needs and drivers of value-added transformation—starting with data and analytics, processes and technology, and risk and control governance.

Data and analytics

Harness rich operational, financial, and external data in a harmonized common information model to leverage data-driven analytics and interpret results for critical decision support.

A controlled and centralized data model implements a single source of truth with consistent data elements—driving data security, quality, and organizational data standards throughout the organization. Protecting critical data throughout the organization with the common information model is at the core of a more cyber-secure function. It also creates additional benefits across the business. For example, it may enable new business models supported by compliant data and foster more strategic decision-making with optimized data and analytics. Coordinating a new data model with next-gen tools may also support additional insights and flex analysis to drive further transformation, agile business decisions, and forward-looking strategies.

Process and technology

Leverage technology and agile processes to improve financial integrity, operational performance, insight and foresight generation, and risk intelligence.

Technology like cloud-based enterprise resource planning (ERP), automation tools, and cognitive innovation creates opportunities to simplify processes, reduce error, and free up finance professionals to concentrate on delivering business insights and drive more value. For example, new ERP tools that enable a centralized data and common information model provide:

  • End-to-end connectivity of the data process.
  • Risk-controlled process mining tools for real-time monitoring.
  • Continuous improvement opportunities.

IT may also leverage SaaS and cloud-based services to focus priorities on core capabilities that drive value.

Governance and risk and control

Navigate risk and governance proactively to deliver compliant financial stewardship with an integrated approach to risk management that emphasizes risk intelligence and analysis.

Shifting governance and controls to an integrated risk-management structure with heightened analysis may support more accuracy, completeness, insight, and operational resilience. While this may require more of an overhaul to the finance operational structure, organizations might consider initiating some “start small and build” actions to begin integrating cybersecurity with governance and control. Start by adopting a three line, or layered, cybersecurity structure with clearly set roles and responsibilities. Once the structural components are in place, define metrics and reporting cadence for internal and external stakeholders, determine a risk appetite, and align cyber threats with business risk with audited and managed processes within the secure IT corridor of governance.

Key takeaways: The potential benefits of a cyber-focused strategy for finance transformation

The value of the roles, technology and data in finance and controllership will continue to grow as the roles expand throughout the function. Here are just a few possibilities:

  • Risk reduction, remediation improvements, and better control processes
  • Real-time data for continuous reporting in volatile environments and an “always on” focus that empowers agility
  • Improved financial integrity, operational performance, and regulatory compliance
  • Intelligent insight and foresight of emerging risks and delivery of forward-looking cyber insights
  • Real-time, risk-intelligent advice and leading practices for strategic priorities such as product launches, new technology plays, and other digital transformations for the business

Explore additional benefits and insights into harmonizing cyber within finance and controllership in our Dbriefs Controllership Perspectives webcast series: Cyber’s growing role within the finance organization to enable transformation.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?