How Controllers Can Capture Digital Benefits While Managing Risks

But aligning cyber and risk within the finance function can help companies lead the charge into the future. By harmonizing finance and accounting with cyber-enabled transformation and a future-ready cybersecurity model, organizations can leverage cyber-enabled transformation while maintaining security, compliance, and trust within the finance ecosystem.

To do this, it is beneficial to first understand the growing risks and expectations around cyber as well as the benefits of a transformative cyber strategy. From there, companies can activate a new cyber strategy in the controllership and finance function utilizing some key enablers to help advance transformation.

A Rising Threat Level

Cyber-related issues are business risks that can impact the entire organization. Digital transformation can introduce a new set of cyber-related risks to the business, and the finance function is an especially common and growing target for cyber incidents. With the move to digital, companies need confidence in the security of their assets and a better understanding of how cyber events might disrupt the business.

In addition, as finance becomes more of a target of these threats, regulatory requirements and expectations from board and audit committees are becoming commonplace. For example, the Securities and Exchange Commission has proposed rules on cyber disclosures, and boards and audit committees need cyber frameworks and more cyber updates.

The elevated cyber risk environment requires that cybersecurity needs also expand fast—at the speed of data. At the same time, this environment creates an opportunity to lean into and benefit from a forward-focused cyber environment as cybersecurity activities are implemented within the finance function.

Embedding cyber in controllership and expanding its role in internal audit and across the finance function should involve key enablers that coordinate both cybersecurity needs and the drivers of value-added transformation. Prioritize them as follows:

Data and analytics. Harness rich operational, financial, and external data in a harmonized common information model to leverage data-driven analytics and interpret results for critical decision support. A controlled, centralized data model implements a single source of truth with consistent data elements—driving data security, quality, and organizational data standards throughout the organization.

Protecting critical data with the common information model is at the core of a more cyber-secure function, one that creates additional benefits across the business. For example, the approach can enable new business models supported by compliant data and foster more strategic decision-making with optimized data and analytics. Coordinating a new data model with next-gen tools can also support additional insights and flex analysis to drive further transformation, agile business decisions, and forward-looking strategies.

Process and technology. Leverage technology and agile processes to improve financial integrity, operational performance, insight and foresight generation, and risk intelligence. Technology like cloud-based enterprise resource planning (ERP), automation tools, and cognitive innovation creates opportunities to simplify processes, reduce error, and free up finance professionals to concentrate on delivering business insights and drive more value. For example, new ERP tools that enable a centralized data and common information model provide end-to-end connectivity of the data process, risk-controlled process mining tools for real-time monitoring, and opportunities for continual improvement. IT functions may also leverage software as a service (SaaS) and cloud-based services to focus priorities on core capabilities that drive value.

Governance, risk, and control. Navigate risk and governance proactively to deliver compliant financial stewardship with an integrated approach to risk management that emphasizes risk intelligence and analysis. Shifting governance and controls to an integrated risk management structure with heightened analysis may support more accuracy, completeness, insight, and operational resilience. While this may require more of an overhaul to the finance operational structure, organizations might consider initiating some “start small and build” actions to begin integrating cybersecurity with governance and control.

Consider adopting a three-line-of-defense, or layered, cybersecurity structure with clearly set roles and responsibilities. Once the structural components are in place, define metrics and reporting cadence for internal and external stakeholders, determine a risk appetite, and align cyber threats with business risk and with audited and managed processes within the secure IT corridor of governance.

Rising Benefits of a Cyber-Focused Transformation

The value of technology and data in finance and controllership will continue to increase as they expand throughout the function. Here are just a few possibilities:

• Risk reduction, remediation improvements, and better control processes

• Real-time data for continuous reporting in volatile environments and an “always on” focus that empowers agility

• Improved financial integrity, operational performance, and regulatory compliance

• Intelligent insight and foresight of emerging risks and delivery of forward-looking cyber insights

• Real-time, risk-intelligent advice and leading practices for strategic priorities such as product launches, new technology plays, and other digital transformations for the business.

Explore additional benefits and insights into harmonizing cyber within finance and controllership in our Dbriefs Controllership Perspectives webcast series: Cyber’s growing role within the finance organization to enable transformation.

—by Beth Kaplan, managing director for the Center for Controllership^TM, Deloitte & Touche LLP and Temano Shurland, a principal and US Health care Finance Transformation leader with Deloitte & Touche LLP