technology governance: the cfo’s role - fms inc
TRANSCRIPT
Technology Governance:The CFO’s RoleTuesday, June 18, 2013 11:30 AM – 12:30 PM
Presented by:Christina ChurchillManagerMcGladreyOne Galleria Tower13355 Noel RdDallas, TX 75240P: 972.764.7049E: [email protected]
www.fmsinc.org | 800-ASK-4FMS
Presented by:Christina ChurchillManagerMcGladreyOne Galleria Tower13355 Noel RdDallas, TX 75240P: 972.764.7049E: [email protected]
Overview• Evolution of the technology function and role of the
CFO
• Importance of an effective technology steeringcommittee− Key components to a successful technology plan
• Measuring return on investment
• Effective IT budgeting
• Technology’s impact on enterprise risk management
www.fmsinc.org | 800-ASK-4FMS
• Evolution of the technology function and role of theCFO
• Importance of an effective technology steeringcommittee− Key components to a successful technology plan
• Measuring return on investment
• Effective IT budgeting
• Technology’s impact on enterprise risk management
slide 2
Traditional CFO Roles• Direct line of communication to the CEO• Management of the financial components of
the organization– Accounting– Accounts Payable– Fixed Assets– Financial Reporting (Internal/External)– Insurance– Human Resources– Audit/Compliance – Dashed to Board
www.fmsinc.org | 800-ASK-4FMS
• Direct line of communication to the CEO• Management of the financial components of
the organization– Accounting– Accounts Payable– Fixed Assets– Financial Reporting (Internal/External)– Insurance– Human Resources– Audit/Compliance – Dashed to Board
slide 3
Why is the RoleChanging?
• Financial and regulatory pressures• Evolution of technology• Increasing technology investments
require greater financial oversight andinvolvement
• Inability to find a CIO• Growing organization, not quite large
enough for a CIO
www.fmsinc.org | 800-ASK-4FMS
• Financial and regulatory pressures• Evolution of technology• Increasing technology investments
require greater financial oversight andinvolvement
• Inability to find a CIO• Growing organization, not quite large
enough for a CIOslide 4
Models of Change
• Increased committee responsibilities– Working directly with the CIO for
budgeting, decisioning and regulatoryrelated issues
• Direct reporting lines– CIO reports to the CFO
• Defacto CIO– CFO filling the role of CIO
www.fmsinc.org | 800-ASK-4FMS
• Increased committee responsibilities– Working directly with the CIO for
budgeting, decisioning and regulatoryrelated issues
• Direct reporting lines– CIO reports to the CFO
• Defacto CIO– CFO filling the role of CIO
slide 5
45% of CFOs surveyed had IT as a directreport, and about 25% more as a dotted linereport.
“That’s a big organizational shift, and many ofthe CFOs I work with are struggling with that
change,” says Bob Comeau, a principal with DeloitteConsulting LLP.
Evolving the CFO Role
www.fmsinc.org | 800-ASK-4FMS
45% of CFOs surveyed had IT as a directreport, and about 25% more as a dotted linereport.
“That’s a big organizational shift, and many ofthe CFOs I work with are struggling with that
change,” says Bob Comeau, a principal with DeloitteConsulting LLP.
*Source: 2011 Deloitte CFO Signals, 1st Quarter 2011
slide 6
Defacto CIOResponsibilities
• CFO is responsible for:– Bridging the gap between IT and the business
units– Developing and tracking performance metrics for
the IT function and managing ROI for technologyinvestments
– Leading and executing all strategic decisions– Reducing overall IT costs– Aligning the financial and data models
www.fmsinc.org | 800-ASK-4FMS
• CFO is responsible for:– Bridging the gap between IT and the business
units– Developing and tracking performance metrics for
the IT function and managing ROI for technologyinvestments
– Leading and executing all strategic decisions– Reducing overall IT costs– Aligning the financial and data models
slide 7
Benefits
• No more arguments over funding• Better insight into the organization• Better understanding of the
organization’s economic situation
www.fmsinc.org | 800-ASK-4FMS
• No more arguments over funding• Better insight into the organization• Better understanding of the
organization’s economic situation
slide 8
Drawbacks
• Review of IT spending requests• Ability to spend adequate time focusing
on each role• Lack of experience in one of the roles• Challenging to keep up with technology
advances
www.fmsinc.org | 800-ASK-4FMS
• Review of IT spending requests• Ability to spend adequate time focusing
on each role• Lack of experience in one of the roles• Challenging to keep up with technology
advances
slide 9
"It's difficult for me to champion dollars forIT infrastructure when as CFO I'm
involved with the politics of dollars spentin marketing, advertising, operations
and so on."~ Jeremy Hopkins, CIO and CFO
World Telecom Group
www.fmsinc.org | 800-ASK-4FMS
"It's difficult for me to champion dollars forIT infrastructure when as CFO I'm
involved with the politics of dollars spentin marketing, advertising, operations
and so on."~ Jeremy Hopkins, CIO and CFO
World Telecom Group
slide 10
Challenges to SeparateCIO
• Finding the right resource to fill the role• Credibility with staff• Internal controls, segregation of duties
www.fmsinc.org | 800-ASK-4FMS
• Finding the right resource to fill the role• Credibility with staff• Internal controls, segregation of duties
slide 11
How to succeed?
• Become a tech savvy CFO• Learn about new technologies• Focus on IT security, infrastructure and
metrics• Incorporate changes to productivity,
capacity and business performance• Collaborate with IT leaders
www.fmsinc.org | 800-ASK-4FMS
• Become a tech savvy CFO• Learn about new technologies• Focus on IT security, infrastructure and
metrics• Incorporate changes to productivity,
capacity and business performance• Collaborate with IT leaders
slide 12
IT Questions CFOsNeed to Ask
1. Are you using the full functionality and capacity ofyour existing systems?
2. Are you struggling to integrate key systems witheach other?
3. Have you postponed implementing keyfunctionalities due to lack of time and resources?
4. Do you continue to use manual processes that wereoriginally meant as temporary stop-gap measures?
5. Are you running outdated versions?6. Has it been more than a couple of years since you
last explored outsourcing?
www.fmsinc.org | 800-ASK-4FMS
1. Are you using the full functionality and capacity ofyour existing systems?
2. Are you struggling to integrate key systems witheach other?
3. Have you postponed implementing keyfunctionalities due to lack of time and resources?
4. Do you continue to use manual processes that wereoriginally meant as temporary stop-gap measures?
5. Are you running outdated versions?6. Has it been more than a couple of years since you
last explored outsourcing?
*Source: McGladrey, Eight Areas to Boost Performance, May 2013
slide 13
Importance of an EffectiveTechnology Steering
Committee
www.fmsinc.org | 800-ASK-4FMS
Importance of an EffectiveTechnology Steering
Committee
slide 14
Why Have One?
• The FFIEC all but mandates thiscommittee;
• The FDIC strongly encourages it;• Auditors recommend it; and• It provides a mechanism to address
many of the most difficult examinationquestions.
www.fmsinc.org | 800-ASK-4FMS
• The FFIEC all but mandates thiscommittee;
• The FDIC strongly encourages it;• Auditors recommend it; and• It provides a mechanism to address
many of the most difficult examinationquestions.
slide 15
Importance of a TechnologySteering Committee
Oversight is critical because:• Technology is the most expensive
resource in the organization, outside ofhuman capital.
• It is the backbone of the organization’sability to conduct business.
• Technology safeguardscustomer/member information.
www.fmsinc.org | 800-ASK-4FMS*Source: Forrester Research, October 2011
Oversight is critical because:• Technology is the most expensive
resource in the organization, outside ofhuman capital.
• It is the backbone of the organization’sability to conduct business.
• Technology safeguardscustomer/member information.
slide 16
Technology CommitteeMission
• The banking technology steering committee isresponsible for overseeing the technology relatedfunctions of the Bank with particular attention tooperational risk management. The committee isresponsible for setting the information technologystrategic direction, recommending informationtechnology policies, procedures and standards;reviews and recommends priorities for thedevelopment of applications and for capital requests;and serves as an information-sharing forum.
www.fmsinc.org | 800-ASK-4FMS
• The banking technology steering committee isresponsible for overseeing the technology relatedfunctions of the Bank with particular attention tooperational risk management. The committee isresponsible for setting the information technologystrategic direction, recommending informationtechnology policies, procedures and standards;reviews and recommends priorities for thedevelopment of applications and for capital requests;and serves as an information-sharing forum.
slide 17
Technology CommitteeResponsibilities
• The Committee will have the responsibility to:– Review and approve the organization's technology planning and
strategy.– Review significant technology investments and expenditures.– Monitor and evaluate existing and future trends in technology that
may affect the organization's strategic plans, including monitoringof overall industry trends.
– Request reports from management concerning the organization'stechnology operations.
– Oversee the risks associated with technology, including riskassessment and risk management.
www.fmsinc.org | 800-ASK-4FMS
• The Committee will have the responsibility to:– Review and approve the organization's technology planning and
strategy.– Review significant technology investments and expenditures.– Monitor and evaluate existing and future trends in technology that
may affect the organization's strategic plans, including monitoringof overall industry trends.
– Request reports from management concerning the organization'stechnology operations.
– Oversee the risks associated with technology, including riskassessment and risk management.
slide 18
Technology CommitteeMembers
• Should be representatives from each of thevarious business units– Administration– Branch operations– Deposit operations– Finance– Loan operations– IT Leaders– Mobile banking– Marketing
www.fmsinc.org | 800-ASK-4FMS
• Should be representatives from each of thevarious business units– Administration– Branch operations– Deposit operations– Finance– Loan operations– IT Leaders– Mobile banking– Marketing
slide 19
IT vs. Business OwnerPerspectives
www.fmsinc.org | 800-ASK-4FMS*Source: Forrester Research, Changing State of IT Operations, October 2012
slide 20
Components of aSuccessful Technology Plan• Technology plan should follow overall strategic plan
– Accounting for major business goals and objectives
• Technology plan typically includes:– Needs assessment– Initiative descriptions, goals, justification, timeline– Measurable objectives– Hardware, software and facility needs– Training and staff development plan– Budget and rationale, evaluation method, timeline
www.fmsinc.org | 800-ASK-4FMS
• Technology plan should follow overall strategic plan– Accounting for major business goals and objectives
• Technology plan typically includes:– Needs assessment– Initiative descriptions, goals, justification, timeline– Measurable objectives– Hardware, software and facility needs– Training and staff development plan– Budget and rationale, evaluation method, timeline
slide 21
Planning Considerations• Windows XP, Office 2003, Exchange 2003 and SQL
2000 will not be supported after April 2014
• Converged infrastructure – Continue to own thehardware/software while allowing for easy expansionand growth along with true DR and fault tolerance
• Business continuity / DR assessments
• Technology / Security assessments
• Outsourcing IT helpdesk, monitoring and support
• CIO Outsourcing
www.fmsinc.org | 800-ASK-4FMS
• Windows XP, Office 2003, Exchange 2003 and SQL2000 will not be supported after April 2014
• Converged infrastructure – Continue to own thehardware/software while allowing for easy expansionand growth along with true DR and fault tolerance
• Business continuity / DR assessments
• Technology / Security assessments
• Outsourcing IT helpdesk, monitoring and support
• CIO Outsourcingslide 22
IT Trends
www.fmsinc.org | 800-ASK-4FMS*Source: Gartner Agenda Overview for Banking and Investment Services, January 2013
slide 23
Barriers to MeasuringROI
• ROI on technology projects isn’t clear cut• Most projects have both an indirect/direct
portion• Both new and old systems are involved in
single processes• Have to account for the people factor
www.fmsinc.org | 800-ASK-4FMS
• ROI on technology projects isn’t clear cut• Most projects have both an indirect/direct
portion• Both new and old systems are involved in
single processes• Have to account for the people factor
slide 25
ROI Measurement Basics
• Develop a business case outline– Utilize for new projects– Standardize questions and calculations
• How will the project benefit the business?• How will it decrease expenses, increase
efficiency?• Cost to maintain the project long-term?
www.fmsinc.org | 800-ASK-4FMS
• Develop a business case outline– Utilize for new projects– Standardize questions and calculations
• How will the project benefit the business?• How will it decrease expenses, increase
efficiency?• Cost to maintain the project long-term?
slide 26
ROI Measurement Basics
• Define tangible scores– Customer satisfaction– Response speed– Available/timely reporting
• How do we “measure” intangible scores• Develop a tracking mechanism• Report on a regular basis
www.fmsinc.org | 800-ASK-4FMS
• Define tangible scores– Customer satisfaction– Response speed– Available/timely reporting
• How do we “measure” intangible scores• Develop a tracking mechanism• Report on a regular basis
slide 27
Key Matrix
www.fmsinc.org | 800-ASK-4FMS*Source: Forrester Research, Changing State of IT Operations, October 2012
slide 28
2013Top Five Priorities
Management Priorities IT Priorities
Increasing Enterprise Growth Analytics & BusinessIntelligence
Delivering Operational Results Mobile Technologies
www.fmsinc.org | 800-ASK-4FMS*Source: Top 10 Business & IT Priorities for 2013, Gartner 2013
Reducing Enterprise Costs Cloud Computing
Attract & Retain New Customers Collaboration Technologies
Improve IT application andinfrastructure
Legacy Modernization
slide 30
Establish IT Priorities• Start your budgeting process by defining your
next year IT priorities by reviewing thefollowing:– Strategic plan– Technology plan– Day-to-day operations– BCP/Disaster recovery– Operational efficiency / Revenue generation
www.fmsinc.org | 800-ASK-4FMS
• Start your budgeting process by defining yournext year IT priorities by reviewing thefollowing:– Strategic plan– Technology plan– Day-to-day operations– BCP/Disaster recovery– Operational efficiency / Revenue generation
*Source: McGladrey, 8 Areas to Boost Performance, May 2013slide 31
Review Known Expenses
• Existing software licenses• Equipment depreciation• Hiring and payroll• Third party services• Audits and compliance
www.fmsinc.org | 800-ASK-4FMS
• Existing software licenses• Equipment depreciation• Hiring and payroll• Third party services• Audits and compliance
slide 32
Account forAnticipated Items
• New equipment (remember new hires)• Upgrades of legacy equipment• Third party services• New technologies
www.fmsinc.org | 800-ASK-4FMS
slide 33
Evaluate your Efficiency
• Compile a list of all of your key technology systems –both in-house and outsourced
• Determine the main purpose of each listed systemand if there is overlap between the capabilities of thesystems
• Survey system users to identify the user’s data entryprocess to identify if data is being re-entered intomultiple systems
www.fmsinc.org | 800-ASK-4FMS
• Compile a list of all of your key technology systems –both in-house and outsourced
• Determine the main purpose of each listed systemand if there is overlap between the capabilities of thesystems
• Survey system users to identify the user’s data entryprocess to identify if data is being re-entered intomultiple systems
*Source: McGladrey, 8 Areas to Boost Performance, May 2013
slide 34
Budgeting Considerations• Strategic/Technology plan initiatives• Software end-of-life• Out of date equipment• Provider contracts• Product/process efficiencies
www.fmsinc.org | 800-ASK-4FMS
• Strategic/Technology plan initiatives• Software end-of-life• Out of date equipment• Provider contracts• Product/process efficiencies
slide 35
2012 IT Budgets byActivity
www.fmsinc.org | 800-ASK-4FMS*Source: Forrester Research, October 2012
slide 36
2012 IT Spendby Category
www.fmsinc.org | 800-ASK-4FMS*Source: Forrester Research, October 2012
slide 37
Technology’s Impact onEnterprise
Risk Management (ERM)
www.fmsinc.org | 800-ASK-4FMS
Technology’s Impact onEnterprise
Risk Management (ERM)
slide 38
What is ERM?
• Risk management practices that providea holistic view of all material risks of afinancial institution integrated within keydecision-making processes across theenterprise
www.fmsinc.org | 800-ASK-4FMS
• Risk management practices that providea holistic view of all material risks of afinancial institution integrated within keydecision-making processes across theenterprise
*Source: McGladrey, Scaling ERM to fit community banks, November/December 2012
slide 39
What is the benefit?
• An enterprise-wide view of risk can helpfinancial institutions improve profitabilityand ensure an efficient use of limitedcapital resources.– This can be accomplished by comparing
returns to risks and using this informationto target business lines or portfoliosegments with the highest returns.
www.fmsinc.org | 800-ASK-4FMS
• An enterprise-wide view of risk can helpfinancial institutions improve profitabilityand ensure an efficient use of limitedcapital resources.– This can be accomplished by comparing
returns to risks and using this informationto target business lines or portfoliosegments with the highest returns.
*Source: McGladrey, Scaling ERM to fit community banks, November/December 2012
slide 40
The ERM ProcessStrategic PlanWhat are our
goals?
Risk AppetiteWhat risk are wewilling to accept?
MonitoringWhat are the key
indicators?
www.fmsinc.org | 800-ASK-4FMS
Risk AppetiteWhat risk are wewilling to accept?
RisksWhat are the risks
we face?
ControlsHow do we limit
our risk?
slide 41
Key Concepts
• To identify controls you must know whatrisks are present.
• To know the risks you need tounderstand the objectives being sought.
www.fmsinc.org | 800-ASK-4FMS
• To identify controls you must know whatrisks are present.
• To know the risks you need tounderstand the objectives being sought.
Objectives Risks Controls
slide 42
Getting Started
• Establish a risk culture• Define your risk appetite• Develop your line of defense
– Business line employees– Risk oversight committees– Internal audit
• Keep open lines of communication• Establish a forward-looking approach
www.fmsinc.org | 800-ASK-4FMS
• Establish a risk culture• Define your risk appetite• Develop your line of defense
– Business line employees– Risk oversight committees– Internal audit
• Keep open lines of communication• Establish a forward-looking approach
*Source: McGladrey, Scaling ERM to fit community banks, November/December 2012
slide 43
Develop your KRIs• Review the key activities in your business lines, remember to
include operational areas• Determine which of those activities are critical and measurable
• Network Uptime• Security Breeches• System/Subsystem integration issues• Timeliness of Updates• User / Customer Issues• BCP Preparedness/Testing• Exam Results
• Based on your risk appetite determine the acceptable rangefor risk
• Consistently monitor and report – watch the trends!
www.fmsinc.org | 800-ASK-4FMS
• Review the key activities in your business lines, remember toinclude operational areas
• Determine which of those activities are critical and measurable• Network Uptime• Security Breeches• System/Subsystem integration issues• Timeliness of Updates• User / Customer Issues• BCP Preparedness/Testing• Exam Results
• Based on your risk appetite determine the acceptable rangefor risk
• Consistently monitor and report – watch the trends!
slide 44
Monitor your KRIs
• Create a tracking method• Define:
– Responsibility– Frequency– Risk range– Tolerance– Trending
www.fmsinc.org | 800-ASK-4FMS
• Create a tracking method• Define:
– Responsibility– Frequency– Risk range– Tolerance– Trending
slide 45
KRI Tips
• Create a reasonable number of KRIs• Make them meaningful• Think about how these impact other
areas within the organization• Communication and accountability is
vital
www.fmsinc.org | 800-ASK-4FMS
• Create a reasonable number of KRIs• Make them meaningful• Think about how these impact other
areas within the organization• Communication and accountability is
vital
slide 46
Regulator Hot Topics
• Cyber security• Mobile banking• Risk management• Fraud prevention/detection
www.fmsinc.org | 800-ASK-4FMS
• Cyber security• Mobile banking• Risk management• Fraud prevention/detection
slide 47
Technology Governance:The CFO’s Role
Presented by:Christina ChurchillMcGladreywww.mcgladrey.com
P: 972.764.7049E: [email protected]
www.fmsinc.org | 800-ASK-4FMS
Presented by:Christina ChurchillMcGladreywww.mcgladrey.com
P: 972.764.7049E: [email protected]
slide 49