Why Your CFO and CIO Need to be on the Same Page for Technology Decisions

A typical company would have a number of strategic positions in a company collectively known as the “C-Suite”. They constitute the “Chiefs” that have decision-making power within their area of expertise and have titles like Chief Executive Officer (CEO), Chief Information Officer (CIO), Chief Financial Officer (CFO), etc. In small business enterprises this talent at the top may be more informal and the lines between decision-making authority may become blurred. Nonetheless someone has the primary function for executive decisions, someone else may be assigned the role for financial issues, and someone else needs to be knowledgeable about computer and software options.

For purposes of discussion, in this company structure, there is a natural tension between the CIO and the CFO. This tension forces the company to acknowledge four basic principles. These are “Every Dollar Counts”, “Tech is Everywhere in the Business”, “Security and Compliance are Necessities”, and “ROI Still Counts”.

EVERY DOLLAR COUNTS

Information technology advances quickly, so the CIO can always find some new software or hardware tools that can improve operations and support growth. It is up to the CIO and the CFO to hash out the options. Getting it wrong means they either overspend on tech that doesn’t bring the value they need or they underinvest and risk falling behind their competitors.

TECH IS EVERYWHERE

The exploding market for electronics hardware and software along with concepts like the Internet of Things (IOT), Artificial Intelligence (AI), and Cloud Computing has created a seemingly endless combination of solutions to handle business and operational problems. Giving increasing options also increases the chance of mis-matches or integration problems. It is also vital to define the expected outcome. In other words the IT component must be clearly directed to solve specific problems and the value of solving those problems needs to be part of the critique of the proposed solution.

SECURITY AND COMPLIANCE ARE NECESSITIES

This often is a function that is ignored until you find yourself staring down the barrel of a ransomware attack. The three most common categories of cybersecurity attacks are: Malware, Phishing, and Ransomware.

Malware is a category of attack that can take many forms like viruses, spyware and trojans. The general objective is to infiltrate and disrupt the business.

Phishing is designed to trip somebody up in order to get some identifying information that would allow the perpetrator to gain something of value. This could include social security numbers, credit card numbers, or bank account numbers. They often gain access by posing as a trustworthy vendor like FedEx, Amazon, or Costco who wants to complete a delivery to your account. Their email looks legit but once you click the button to “release your package” you may inadvertently give them access to identifying information. 

Ransomware is a straight out money grab. Having accessed your computer they encrypt all data, making it impossible to read. Your data is held until a ransom is paid. The amount is whatever they think they can get away with. There is a risk that even if you pay the ransom they may not give you the encryption key.

There are a number of trustworthy security applications and I’ll leave the research to you based on your needs and your estimated risks. Regardless of the cost/benefit analyses, one thing that all experts agree on is that educating your employees about how these various attacks work improves the chances that they might identify an attempted attack and cut it off before it infects the whole system.

ROI STILL COUNTS

Return on Investment (or ROI) is still considered to be one of the best measures to quickly assess the relative value of competing proposals. The CFO knows the money side and the CTO knows the tech side. ROI is just the value of a protective or operational objective divided by the time over which that value will be realized. Here’s a simple example. Suppose you have a key account that wants deliveries to arrive exactly on the 15th of the month. The CTO has identified a simple barcode system that gives you better in-house tracking of those orders. It can be programmed to check if orders are on track and it will throw a red flag if they are not. You know from past experience that on average you have missed the delivery date three times in the last year. The customer contract includes a 10% discount for late shipments. If the new bar code system solves the delivery issue, then you will recover that lost 10%. If an order is $100k per month then this solution is worth 3 X $10k = $30k per year.

Too often companies stick to what they know best and don’t wander too far from their “core” contribution as described by their title. But in reality the needs of businesses are not sharply defined and the more you can create cross-functional relationships the more flexible and successful your business can become. This is especially true with small businesses where being nimble just might define the line between success and failure.

Photo Credit: https://images.pexels.com/photos/18512835/pexels-photo-18512835/free-photo-of-a-scrabble-board-with-the-word-yield-written-on-it.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=2