Technology Governance: The CFO’s Role - FMS Inc

Technology Governance:The CFO’s RoleTuesday, June 18, 2013 11:30 AM – 12:30 PM

Presented by:Christina ChurchillManagerMcGladreyOne Galleria Tower13355 Noel RdDallas, TX 75240P: 972.764.7049E: [email protected]

www.fmsinc.org | 800-ASK-4FMS

Presented by:Christina ChurchillManagerMcGladreyOne Galleria Tower13355 Noel RdDallas, TX 75240P: 972.764.7049E: [email protected]

Overview• Evolution of the technology function and role of the

CFO

• Importance of an effective technology steeringcommittee− Key components to a successful technology plan

• Measuring return on investment

• Effective IT budgeting

• Technology’s impact on enterprise risk management


• Evolution of the technology function and role of theCFO

• Importance of an effective technology steeringcommittee− Key components to a successful technology plan

• Measuring return on investment

• Effective IT budgeting

• Technology’s impact on enterprise risk management

slide 2

Traditional CFO Roles• Direct line of communication to the CEO• Management of the financial components of

the organization– Accounting– Accounts Payable– Fixed Assets– Financial Reporting (Internal/External)– Insurance– Human Resources– Audit/Compliance – Dashed to Board


• Direct line of communication to the CEO• Management of the financial components of

the organization– Accounting– Accounts Payable– Fixed Assets– Financial Reporting (Internal/External)– Insurance– Human Resources– Audit/Compliance – Dashed to Board

slide 3

Why is the RoleChanging?

• Financial and regulatory pressures• Evolution of technology• Increasing technology investments

require greater financial oversight andinvolvement

• Inability to find a CIO• Growing organization, not quite large

enough for a CIO


• Financial and regulatory pressures• Evolution of technology• Increasing technology investments

require greater financial oversight andinvolvement

• Inability to find a CIO• Growing organization, not quite large

enough for a CIOslide 4

Models of Change

• Increased committee responsibilities– Working directly with the CIO for

budgeting, decisioning and regulatoryrelated issues

• Direct reporting lines– CIO reports to the CFO

• Defacto CIO– CFO filling the role of CIO


• Increased committee responsibilities– Working directly with the CIO for

budgeting, decisioning and regulatoryrelated issues

• Direct reporting lines– CIO reports to the CFO

• Defacto CIO– CFO filling the role of CIO

slide 5

45% of CFOs surveyed had IT as a directreport, and about 25% more as a dotted linereport.

“That’s a big organizational shift, and many ofthe CFOs I work with are struggling with that

change,” says Bob Comeau, a principal with DeloitteConsulting LLP.

Evolving the CFO Role


45% of CFOs surveyed had IT as a directreport, and about 25% more as a dotted linereport.

“That’s a big organizational shift, and many ofthe CFOs I work with are struggling with that

change,” says Bob Comeau, a principal with DeloitteConsulting LLP.

*Source: 2011 Deloitte CFO Signals, 1st Quarter 2011

slide 6

Defacto CIOResponsibilities

• CFO is responsible for:– Bridging the gap between IT and the business

units– Developing and tracking performance metrics for

the IT function and managing ROI for technologyinvestments

– Leading and executing all strategic decisions– Reducing overall IT costs– Aligning the financial and data models


• CFO is responsible for:– Bridging the gap between IT and the business

units– Developing and tracking performance metrics for

the IT function and managing ROI for technologyinvestments

– Leading and executing all strategic decisions– Reducing overall IT costs– Aligning the financial and data models

slide 7

Benefits

• No more arguments over funding• Better insight into the organization• Better understanding of the

organization’s economic situation


• No more arguments over funding• Better insight into the organization• Better understanding of the

organization’s economic situation

slide 8

Drawbacks

• Review of IT spending requests• Ability to spend adequate time focusing

on each role• Lack of experience in one of the roles• Challenging to keep up with technology

advances


• Review of IT spending requests• Ability to spend adequate time focusing

on each role• Lack of experience in one of the roles• Challenging to keep up with technology

advances

slide 9

"It's difficult for me to champion dollars forIT infrastructure when as CFO I'm

involved with the politics of dollars spentin marketing, advertising, operations

and so on."~ Jeremy Hopkins, CIO and CFO

World Telecom Group


"It's difficult for me to champion dollars forIT infrastructure when as CFO I'm

involved with the politics of dollars spentin marketing, advertising, operations

and so on."~ Jeremy Hopkins, CIO and CFO

World Telecom Group

slide 10

Challenges to SeparateCIO

• Finding the right resource to fill the role• Credibility with staff• Internal controls, segregation of duties


• Finding the right resource to fill the role• Credibility with staff• Internal controls, segregation of duties

slide 11

How to succeed?

• Become a tech savvy CFO• Learn about new technologies• Focus on IT security, infrastructure and

metrics• Incorporate changes to productivity,

capacity and business performance• Collaborate with IT leaders


• Become a tech savvy CFO• Learn about new technologies• Focus on IT security, infrastructure and

metrics• Incorporate changes to productivity,

capacity and business performance• Collaborate with IT leaders

slide 12

IT Questions CFOsNeed to Ask

1. Are you using the full functionality and capacity ofyour existing systems?

2. Are you struggling to integrate key systems witheach other?

3. Have you postponed implementing keyfunctionalities due to lack of time and resources?

4. Do you continue to use manual processes that wereoriginally meant as temporary stop-gap measures?

5. Are you running outdated versions?6. Has it been more than a couple of years since you

last explored outsourcing?


1. Are you using the full functionality and capacity ofyour existing systems?

2. Are you struggling to integrate key systems witheach other?

3. Have you postponed implementing keyfunctionalities due to lack of time and resources?

4. Do you continue to use manual processes that wereoriginally meant as temporary stop-gap measures?

5. Are you running outdated versions?6. Has it been more than a couple of years since you

last explored outsourcing?

*Source: McGladrey, Eight Areas to Boost Performance, May 2013

slide 13

Importance of an EffectiveTechnology Steering

Committee


Importance of an EffectiveTechnology Steering

Committee

slide 14

Why Have One?

• The FFIEC all but mandates thiscommittee;

• The FDIC strongly encourages it;• Auditors recommend it; and• It provides a mechanism to address

many of the most difficult examinationquestions.


• The FFIEC all but mandates thiscommittee;

• The FDIC strongly encourages it;• Auditors recommend it; and• It provides a mechanism to address

many of the most difficult examinationquestions.

slide 15

Importance of a TechnologySteering Committee

Oversight is critical because:• Technology is the most expensive

resource in the organization, outside ofhuman capital.

• It is the backbone of the organization’sability to conduct business.

• Technology safeguardscustomer/member information.

www.fmsinc.org | 800-ASK-4FMS*Source: Forrester Research, October 2011

Oversight is critical because:• Technology is the most expensive

resource in the organization, outside ofhuman capital.

• It is the backbone of the organization’sability to conduct business.

• Technology safeguardscustomer/member information.

slide 16

Technology CommitteeMission

• The banking technology steering committee isresponsible for overseeing the technology relatedfunctions of the Bank with particular attention tooperational risk management. The committee isresponsible for setting the information technologystrategic direction, recommending informationtechnology policies, procedures and standards;reviews and recommends priorities for thedevelopment of applications and for capital requests;and serves as an information-sharing forum.


• The banking technology steering committee isresponsible for overseeing the technology relatedfunctions of the Bank with particular attention tooperational risk management. The committee isresponsible for setting the information technologystrategic direction, recommending informationtechnology policies, procedures and standards;reviews and recommends priorities for thedevelopment of applications and for capital requests;and serves as an information-sharing forum.

slide 17

Technology CommitteeResponsibilities

• The Committee will have the responsibility to:– Review and approve the organization's technology planning and

strategy.– Review significant technology investments and expenditures.– Monitor and evaluate existing and future trends in technology that

may affect the organization's strategic plans, including monitoringof overall industry trends.

– Request reports from management concerning the organization'stechnology operations.

– Oversee the risks associated with technology, including riskassessment and risk management.


• The Committee will have the responsibility to:– Review and approve the organization's technology planning and

strategy.– Review significant technology investments and expenditures.– Monitor and evaluate existing and future trends in technology that

may affect the organization's strategic plans, including monitoringof overall industry trends.

– Request reports from management concerning the organization'stechnology operations.

– Oversee the risks associated with technology, including riskassessment and risk management.

slide 18

Technology CommitteeMembers

• Should be representatives from each of thevarious business units– Administration– Branch operations– Deposit operations– Finance– Loan operations– IT Leaders– Mobile banking– Marketing


• Should be representatives from each of thevarious business units– Administration– Branch operations– Deposit operations– Finance– Loan operations– IT Leaders– Mobile banking– Marketing

slide 19

IT vs. Business OwnerPerspectives

www.fmsinc.org | 800-ASK-4FMS*Source: Forrester Research, Changing State of IT Operations, October 2012

slide 20

Components of aSuccessful Technology Plan• Technology plan should follow overall strategic plan

– Accounting for major business goals and objectives

• Technology plan typically includes:– Needs assessment– Initiative descriptions, goals, justification, timeline– Measurable objectives– Hardware, software and facility needs– Training and staff development plan– Budget and rationale, evaluation method, timeline


• Technology plan should follow overall strategic plan– Accounting for major business goals and objectives

• Technology plan typically includes:– Needs assessment– Initiative descriptions, goals, justification, timeline– Measurable objectives– Hardware, software and facility needs– Training and staff development plan– Budget and rationale, evaluation method, timeline

slide 21

Planning Considerations• Windows XP, Office 2003, Exchange 2003 and SQL

2000 will not be supported after April 2014

• Converged infrastructure – Continue to own thehardware/software while allowing for easy expansionand growth along with true DR and fault tolerance

• Business continuity / DR assessments

• Technology / Security assessments

• Outsourcing IT helpdesk, monitoring and support

• CIO Outsourcing


• Windows XP, Office 2003, Exchange 2003 and SQL2000 will not be supported after April 2014

• Converged infrastructure – Continue to own thehardware/software while allowing for easy expansionand growth along with true DR and fault tolerance

• Business continuity / DR assessments

• Technology / Security assessments

• Outsourcing IT helpdesk, monitoring and support

• CIO Outsourcingslide 22

IT Trends

www.fmsinc.org | 800-ASK-4FMS*Source: Gartner Agenda Overview for Banking and Investment Services, January 2013

slide 23

MeasuringReturn on Investment


MeasuringReturn on Investment

slide 24

Barriers to MeasuringROI

• ROI on technology projects isn’t clear cut• Most projects have both an indirect/direct

portion• Both new and old systems are involved in

single processes• Have to account for the people factor


• ROI on technology projects isn’t clear cut• Most projects have both an indirect/direct

portion• Both new and old systems are involved in

single processes• Have to account for the people factor

slide 25

ROI Measurement Basics

• Develop a business case outline– Utilize for new projects– Standardize questions and calculations

• How will the project benefit the business?• How will it decrease expenses, increase

efficiency?• Cost to maintain the project long-term?


• Develop a business case outline– Utilize for new projects– Standardize questions and calculations

• How will the project benefit the business?• How will it decrease expenses, increase

efficiency?• Cost to maintain the project long-term?

slide 26

ROI Measurement Basics

• Define tangible scores– Customer satisfaction– Response speed– Available/timely reporting

• How do we “measure” intangible scores• Develop a tracking mechanism• Report on a regular basis


• Define tangible scores– Customer satisfaction– Response speed– Available/timely reporting

• How do we “measure” intangible scores• Develop a tracking mechanism• Report on a regular basis

slide 27

Key Matrix

www.fmsinc.org | 800-ASK-4FMS*Source: Forrester Research, Changing State of IT Operations, October 2012

slide 28

Effective IT Budgeting


Effective IT Budgeting

slide 29

2013Top Five Priorities

Management Priorities IT Priorities

Increasing Enterprise Growth Analytics & BusinessIntelligence

Delivering Operational Results Mobile Technologies

www.fmsinc.org | 800-ASK-4FMS*Source: Top 10 Business & IT Priorities for 2013, Gartner 2013

Reducing Enterprise Costs Cloud Computing

Attract & Retain New Customers Collaboration Technologies

Improve IT application andinfrastructure

Legacy Modernization

slide 30

Establish IT Priorities• Start your budgeting process by defining your

next year IT priorities by reviewing thefollowing:– Strategic plan– Technology plan– Day-to-day operations– BCP/Disaster recovery– Operational efficiency / Revenue generation


• Start your budgeting process by defining yournext year IT priorities by reviewing thefollowing:– Strategic plan– Technology plan– Day-to-day operations– BCP/Disaster recovery– Operational efficiency / Revenue generation

*Source: McGladrey, 8 Areas to Boost Performance, May 2013slide 31

Review Known Expenses

• Existing software licenses• Equipment depreciation• Hiring and payroll• Third party services• Audits and compliance


• Existing software licenses• Equipment depreciation• Hiring and payroll• Third party services• Audits and compliance

slide 32

Account forAnticipated Items

• New equipment (remember new hires)• Upgrades of legacy equipment• Third party services• New technologies


slide 33

Evaluate your Efficiency

• Compile a list of all of your key technology systems –both in-house and outsourced

• Determine the main purpose of each listed systemand if there is overlap between the capabilities of thesystems

• Survey system users to identify the user’s data entryprocess to identify if data is being re-entered intomultiple systems


• Compile a list of all of your key technology systems –both in-house and outsourced

• Determine the main purpose of each listed systemand if there is overlap between the capabilities of thesystems

• Survey system users to identify the user’s data entryprocess to identify if data is being re-entered intomultiple systems

*Source: McGladrey, 8 Areas to Boost Performance, May 2013

slide 34

Budgeting Considerations• Strategic/Technology plan initiatives• Software end-of-life• Out of date equipment• Provider contracts• Product/process efficiencies


• Strategic/Technology plan initiatives• Software end-of-life• Out of date equipment• Provider contracts• Product/process efficiencies

slide 35

2012 IT Budgets byActivity


slide 36

2012 IT Spendby Category


slide 37

Technology’s Impact onEnterprise

Risk Management (ERM)


Technology’s Impact onEnterprise

Risk Management (ERM)

slide 38

What is ERM?

• Risk management practices that providea holistic view of all material risks of afinancial institution integrated within keydecision-making processes across theenterprise


• Risk management practices that providea holistic view of all material risks of afinancial institution integrated within keydecision-making processes across theenterprise

*Source: McGladrey, Scaling ERM to fit community banks, November/December 2012

slide 39

What is the benefit?

• An enterprise-wide view of risk can helpfinancial institutions improve profitabilityand ensure an efficient use of limitedcapital resources.– This can be accomplished by comparing

returns to risks and using this informationto target business lines or portfoliosegments with the highest returns.


• An enterprise-wide view of risk can helpfinancial institutions improve profitabilityand ensure an efficient use of limitedcapital resources.– This can be accomplished by comparing

returns to risks and using this informationto target business lines or portfoliosegments with the highest returns.


slide 40

The ERM ProcessStrategic PlanWhat are our

goals?

Risk AppetiteWhat risk are wewilling to accept?

MonitoringWhat are the key

indicators?


Risk AppetiteWhat risk are wewilling to accept?

RisksWhat are the risks

we face?

ControlsHow do we limit

our risk?

slide 41

Key Concepts

• To identify controls you must know whatrisks are present.

• To know the risks you need tounderstand the objectives being sought.


• To identify controls you must know whatrisks are present.

• To know the risks you need tounderstand the objectives being sought.

Objectives Risks Controls

slide 42

Getting Started

• Establish a risk culture• Define your risk appetite• Develop your line of defense

– Business line employees– Risk oversight committees– Internal audit

• Keep open lines of communication• Establish a forward-looking approach


• Establish a risk culture• Define your risk appetite• Develop your line of defense

– Business line employees– Risk oversight committees– Internal audit

• Keep open lines of communication• Establish a forward-looking approach


slide 43

Develop your KRIs• Review the key activities in your business lines, remember to

include operational areas• Determine which of those activities are critical and measurable

• Network Uptime• Security Breeches• System/Subsystem integration issues• Timeliness of Updates• User / Customer Issues• BCP Preparedness/Testing• Exam Results

• Based on your risk appetite determine the acceptable rangefor risk

• Consistently monitor and report – watch the trends!


• Review the key activities in your business lines, remember toinclude operational areas

• Determine which of those activities are critical and measurable• Network Uptime• Security Breeches• System/Subsystem integration issues• Timeliness of Updates• User / Customer Issues• BCP Preparedness/Testing• Exam Results

• Based on your risk appetite determine the acceptable rangefor risk

• Consistently monitor and report – watch the trends!

slide 44

Monitor your KRIs

• Create a tracking method• Define:

– Responsibility– Frequency– Risk range– Tolerance– Trending


• Create a tracking method• Define:

– Responsibility– Frequency– Risk range– Tolerance– Trending

slide 45

KRI Tips

• Create a reasonable number of KRIs• Make them meaningful• Think about how these impact other

areas within the organization• Communication and accountability is

vital


• Create a reasonable number of KRIs• Make them meaningful• Think about how these impact other

areas within the organization• Communication and accountability is

vital

slide 46

Regulator Hot Topics

• Cyber security• Mobile banking• Risk management• Fraud prevention/detection


• Cyber security• Mobile banking• Risk management• Fraud prevention/detection

slide 47

QUESTIONS?


QUESTIONS?

slide 48

Technology Governance:The CFO’s Role

Presented by:Christina ChurchillMcGladreywww.mcgladrey.com

P: 972.764.7049E: [email protected]


Presented by:Christina ChurchillMcGladreywww.mcgladrey.com

P: 972.764.7049E: [email protected]

slide 49

Documents

Technology Governance: The CFO’s Role - FMS Inc