Transitioning to a digital IT function 4. Manage digital IT risk exposures as part of the enterprise For example, as marketing responds to ever-changing customer needs, risk management framework research has shown that CMOs now spend approximately 15% to 20% of their 6 If the associated risks are not managed, the value that digital technology budget on technology. brings can be undermined. The result may be greater speed to market, but the danger is that systems and infrastructure become increasingly fragmented. Questions CFOs and CIOs should be able to answer about cloud risk: And because this spending happens in silos, many CFOs do not know exactly 1. Does our cloud environment have the appropriate controls to protect what has been spent, whether it is aligned with strategy or whether there are the confidentiality, availability and integrity of systems and data in any potential associated threats. This creates potential for wasted investment the cloud? and unmanaged risks. 2. Are there appropriate procedures in place to protect data at rest, in transit and in use? “ Spend on technology is moving outside of the 3. Can we trust our cloud environment to be resilient to adverse events? control of the CIO. The CFO and the CIO have a 4. Have we stress-tested our cloud environment? mutual interest in bringing this technology under 5. Is our environment audit-ready and certified to meet specific closer control.” legislation and regulation in our industry? 6. Do we have documented evidence about the protections in place that Laurence Buchanan, EMEIA Digital Advisory Leader, EY we can use for compliance purposes? The CFO has an essential role to play in ensuring that exposures from digital Rebooting the IT function is crucial to value creation IT are addressed as part of the wider enterprise risk approach. The risk tolerance needs to be agreed upon, vulnerabilities assessed against it and a Digitalization offers organizations opportunities to rethink the customer transformational road map developed to bring security to the appropriate level. experience, and reassess their ways of working and their business model. Senior teams need to review digital IT risks on a regular basis, as changes in This puts the IT function under growing pressure to deliver the required new business strategy, or to the regulatory and competitive environments, create enabling technologies and to do so at speed. CFOs are becoming increasingly new vulnerabilities. engaged in the IT function. They will need to go further in helping to reinvent this function, as its key role as a driver of organizational value becomes 5. Unite against digital IT fragmentation increasingly recognized. In a digital environment, strategic spend control has been loosened as different parts of the business respond to fast-moving threats and opportunities. 6. Laura McLellan, High-Tech Tuesday Webinar: Profile of Marketing as a Technology Buyer, Gartner Research, 25 October 2012, © 2012 Gartner, Inc., http://www.gartner.com/id=2213817. Partnering for performance Part 3: the CFO and the CIO 32