It’s easy to find articles talking about how the role of the CIO is becoming more closely linked (in some cases consumed) by the CFO. The collaboration is generally attributed to the importance of IT in every aspect of corporate profitability.
While the financial success of an enterprise requires cooperation across the entire C-suite, today technology innovations like cloud and mobility can touch every aspect of business from operations and customer experiences to driving the core business model. Where to invest in tech is more than choosing the right tools for the job, it’s aligning corporate strategy and risk. Evaluating ROI of big projects, determining threat potential and picking vendors can be decisions in situations where getting it wrong could shutter the company.
In the study by Ernst & Young, CFO-CIO: a growing collaboration, CFOs say they are working more with the IT agenda and CIOs, but there are some concerns about the relationship.
from CFO-CIO: a growing collaboration |
Managing costs and profitability is seen as the greatest contribution brought to the table by the CFO, but they struggle with strategic functions like setting the agenda for change. Secondly, the apples & oranges differences (maybe bits & bytes versus dollars & cents differences?) between the average CIO and CFO leave the CFOs feeling like they have an insufficient understanding of IT issues.
What do you consider to be the main barriers preventing a closer relationship with the CIO? |
What about cybersecurity?
What kind of reporting are we talking about? The article, Cybersecurity Breach: Are Board Members at Risk? on the Above the Law website recommends that from the IT perspective, the CIO would be responsible to pass the following information about plans and policies to the board:
- Inform executives and the board of what data the business is collecting and where it is stored, assuming the executives and the board are not asking those questions;
- Use encryption methods for confidential data, if possible;
- Create “firewalls” or separately store confidential data from other business systems;
- Password protect confidential data systems and limit access to them to a select few;
- Immediately notify executives and the board of any suspected data breach; and
- Determine, in advance, whom to contact to conduct a forensic data review in the event of a cybersecurity breach