The chief financial officer – chief information officer relationship is becoming closer and more collaborative, with the CFO playing a greater role in four vital IT-related activities, according to an EY global survey, of 652 CFOs and a series of in-depth interviews with CFOs, CIOs and EY professionals. The findings indicate that CFOs are increasingly involved in managing cybersecurity, establishing information management strategies and processes, transitioning to a digital IT function and creating an analytics-driven organization. 

The need for better quality data and improved analytics capabilities is driving collaboration between finance executives and their IT-focused counterparts. However, CFOs' and finance executives' state a lack of understanding of IT issues, and their prevailing view of IT as a cost center, rather than as an asset — pose a significant challenge to the relationship. CFOs also continue to struggle with balancing their responsibility to maintain cost discipline with more strategic ambitions, such as setting the agenda for change. 

Julie Teigland, EY's Europe, Middle East, India and Africa (EMEIA) CFO Program Leader, says: 
"In today's digital economy, the financial well-being of an enterprise is dependent on the health of the CFO-CIO relationship. In order to succeed, organizations must make bold technology investment decisions that are driven by corporate strategy, while managing a range of severe risks, such as cybersecurity and data privacy concerns.

"This mission-critical convergence of technology, investment strategy and risk has elevated the CFO-CIO relationship to new levels of importance."

Cybersecurity is a top priority 
Two-thirds of the CFOs surveyed (66%) say managing cybersecurity is a high or very high priority. They are aware of the growing sophistication of attacks, and in many cases have already been victims. 

Ken Allan, EY's Global Cybersecurity Leader, says: "The more sophisticated attackers are looking at economic manipulation as an objective. This might involve trying to manipulate the company share price. Their aim may extend to devaluing the organization to the extent that it can be acquired at a distressed price to capitalize on its recovery." 

The EY survey also indicates that while most CFOs recognize the scale of the threat, they perceive that a lack of understanding of IT issues prevents them from recognizing what a mature cybersecurity capability looks like, so they can invest in the right initiatives. In fact, this lack of understanding was identified as the top obstacle to a closer working relationship with the CIO, with 44% of CFOs citing it as one of their top three barriers. The tendency for CIOs to discuss cybersecurity issues in technical jargon, rather than business language, can also block fast decision-making and action. 

However, effective cybersecurity management requires organizations to treat it as an enterprise risk management issue, rather than an IT one. Breaches are inevitable, and it is not possible to prevent every attack, or protect every asset. Instead, the CFO should lead the board-level discussion to prioritize which assets are business-critical to protect. The CIO should take the lead in working out how to protect them. 

"Cybersecurity preparation is all about understanding what the business is trying to protect. Some CFOs are trying to understand the technical detail when they shouldn't be," says Allan. "CFOs should also ensure the whole organization has a tested plan in place to ensure they are ready to respond when the inevitable breach occurs."

Digital shift continues 
Aside from the increasing importance of cybersecurity, new digital technologies are demanding a significant change of the IT function and a more agile infrastructure. For the CFO, this means shifting the digital IT investment mindset from one of capital expenditure (Capex) to operational expenditure (Opex). An Opex-focused approach that includes software as a service (SaaS) and the cloud allows organizations to only pay for immediate capacity needs and scale up or down as necessary. Among the 652 CFOs surveyed, just fewer than 50% of those who have made transitioning the IT function to a digital world a very high priority report EBITDA growth of greater than 10% over the last three years. Only 35% of CFOs who have not made transitioning the IT function to a digital world achieved the same level of growth.

But EY warns against allowing IT to drive strategy. Rather, strategy should drive IT. 

David Ryerkerk, Global IT Advisory Leader at EY, says: 
"What most firms are still lacking is a good digital strategy. The firms that are struggling with this most are those who see it as predominantly an IT issue, as opposed to a larger, business one."

Analytics drive collaboration 
CFOs recognize the need for improved analytics and data management capabilities to drive financial and strategic decision-making. It's also the number one reason CFOs say they are working more closely with their CIO. For now, though, the role that CFOs play is relatively limited, as only 53% say they make a significant contribution to determining where analytics can add most value to the organization.  

Chris Mazzei, Global Chief Analytics Officer, EY, says: 
"There's a huge opportunity for CFOs to be a champion for advancing the analytics agenda —not only within finance, but also, given how CFOs are involved in other parts of the organization, for embedding it across the firm."

Opportunity for growth 
The report outlines how CFOs and CIOs can increase the effectiveness of their collaboration:

• Build finance leaders' understanding of IT issues 
• Share responsibility for driving innovation through digital IT 
• Shift the IT operating model emphasis from Capex to Opex 
• Manage risk exposures of new digital technologies 
• Work as peers – despite a still-common reporting line of the CIO to the CFO 
• Make data a fourth pillar of the business, alongside people, process and technology 
• Treat cyber risk as part of enterprise risk management