It’s easy to find articles talking about how the role of the CIO is becoming more closely linked (in some cases consumed) by the CFO. The collaboration is generally attributed to the importance of IT in every aspect of corporate profitability.

While the financial success of an enterprise requires cooperation across the entire C-suite, today technology innovations like cloud and mobility can touch every aspect of business from operations and customer experiences to driving the core business model. Where to invest in tech is more than choosing the right tools for the job, it’s aligning corporate strategy and risk. Evaluating ROI of big projects, determining threat potential and picking vendors can be decisions in situations where getting it wrong could shutter the company.

In the study by Ernst & Young, CFO-CIO: a growing collaboration, CFOs say they are working more with the IT agenda and CIOs, but there are some concerns about the relationship.

from CFO-CIO: a growing collaboration

Managing costs and profitability is seen as the greatest contribution brought to the table by the CFO, but they struggle with strategic functions like setting the agenda for change. Secondly, the apples & oranges differences (maybe bits & bytes versus dollars & cents differences?) between the average CIO and CFO leave the CFOs feeling like they have an insufficient understanding of IT issues.

EY - What do you consider to be the main barriers preventing a closer relationship with the CIO?
What do you consider to be the main barriers preventing a closer relationship with the CIO?

from CFO-CIO: a growing collaboration

What about cybersecurity?

Grant Thornton LLP and Financial Executives Research Foundationpublished a study on the CFO-CIO relationship that determined when it comes to cybersecurity, a collaborative effort is the most reasonable.
While the buck for cybersecurity usually stops with the CFO, it’s the CIO that owns implementation. The CFO assesses cybersecurity risk and aligns cybersecurity strategy with business strategy. The increasing cost of data breaches has everyone’s attention, moving IT security from a technology issue to a larger business risk. General counsel is usually involved as well, advising senior management and board members on legal responsibilities.

The study says that while the CFO and CIO almost equally split the function of reporting to the board on cybersecurity, it falls to the CFO to get buy-in from the board on necessary cybersecurity investments.

What kind of reporting are we talking about? The article, Cybersecurity Breach: Are Board Members at Risk? on the Above the Law website recommends that from the IT perspective, the CIO would be responsible to pass the following information about plans and policies to the board:

  • Inform executives and the board of what data the business is collecting and where it is stored, assuming the executives and the board are not asking those questions;
  • Use encryption methods for confidential data, if possible;
  • Create “firewalls” or separately store confidential data from other business systems;
  • Password protect confidential data systems and limit access to them to a select few;
  • Immediately notify executives and the board of any suspected data breach; and
  • Determine, in advance, whom to contact to conduct a forensic data review in the event of a cybersecurity breach
Just like the risks of—and responses to—cybersecurity threats are constantly evolving, in today’s environment of massive breaches (both federal and enterprise data) the playbook is still being written. One thing that is clear is that silos separating CFOs and CIOs are falling. For years, technology has been morphing from software and hardware expense to strategic investments. Cybersecurity threats are accelerating things as each side must bring their strengths to the table to keep up with a dangerous world.