In a constantly changing business environment, the role of the Chief Financial Officer (CFO) continues to expand. Today, finance leaders are accountable for much more than shepherding the budget and overseeing financial reporting, as is traditional. They’re likely focused on making sure major technology investments pay off while helping drive business transformation and modernising the finance function.
To help achieve value from system transformations — including migrating from legacy apps to the cloud or implementing foundational systems like enterprise resource planning (ERP), customer relationship management (CRM) and enterprise reporting systems — CFOs should work with leaders across the business, including chief information or technology officers (CIO/CTO), chief information security officers (CISO) and relevant business unit leaders. They may also need to involve the board.
Collectively, leaders should address new risks that come with these transformations. The risks can include those related to data, systems security and controls, issues that crop up when certain business processes are not updated or automated and skills gaps resulting from the transition away from legacy systems. Inadequate or incomplete change management overall can pose a notable risk, particularly managing changes to the internal control environment. There are financial risks too, such as cost overruns and “technical debt,” suboptimal systems that are costly to maintain.
Why executive teaming matters
Mitigating risks starts with establishing the ‘why’ behind transformations — the business case and expected outcomes such as enhancing operational efficiency, as well as other fundamentals like timeline, resourcing, rollout plans and so on. When transformations go forward without execs on the same page, there can be serious consequences. These can include a ‘new’ system that performs just like the old one, system integration challenges, more onerous business processes that could negatively impact customers and serious compliance issues.
When executive alignment is closely connected with strong governance, it helps your organisation execute complex system implementations more effectively and put the right people in place to integrate applicable monitoring, controls implementation and other risk management mechanisms.
While you may be working with a system integrator (SI) on an ERP or system transformation (or if you’re having custom or cloud-native apps developed), your in-house team should concentrate on four key areas:
1. Align on business value — and be specific
Agree on what value — that is, specific business outcomes — you expect your new ERP or other system to achieve. This can include identifying and tracking program benefits and developing a holistic, outcomes-based definition of success aligned with corporate strategy that includes planned benefits for key stakeholders. Clear goals help you establish appropriate risk and controls frameworks.
2. Agree on organisational impacts and risks
Often the move to a new ERP or other system requires business change alongside the technology implementation. When moving to cloud in particular, simply ‘lifting and shifting’ existing applications and processes likely won’t be sufficient. Instead you’ll likely need true application modernisation.
3. Focus on data security and integrity
Agree on data security and quality assurance requirements, including any access management protocols or add-ons that will likely be required.
In addition to safeguarding data, data quality is paramount. Data needs to be in shape before it can be usefully used. For example, deploying generative AI at scale requires data that is relevant, complete, compliant, reliable, secure, up-to-date and risk-managed. Lifting and shifting data from an old system to the new one can introduce errors, missing data and other data-related risks, such as data sitting in functional silos that should be more generally (but securely) accessible to the new system.
Taking a hands-off approach to data can be costly. When a global company replaced a legacy system, for example, its leaders were not as involved in the data-transfer planning and execution phases as they had been during earlier parts of the project. As a result, the cleansing and transfer of data was not thoroughly reviewed. The resulting data problems were so significant that they required manual intervention to process every transaction, causing shipping and billing delays. Aside from the negative impact on customers, the data problems forced the company to extend the post go-live support period, increasing project increased costs.
4. Align across functions for stronger security and controls
Security and controls can be foundational to the success of a system implementation, and you may find that you need additional help to get them right. While many SIs have a solid understanding of system functionality, it’s likely less common that they will have a deep enough background in controls and compliance requirements to be able to adequately advise your organisation on leading practices.
A controls mindset helps you assess your future state end-to-end processes, so they can be aligned on business value and established in the context of organisational impacts and risks. This in turn helps you more effectively identify system functionality that may be enabled (for example, three-way matching, credit limit holds or others). Likewise, you may want to consider opportunities to customise the environment to align with strategic priorities — such as building a custom guardrail in the cloud tenant to monitor compliance. These actions will make the system compliant by design.
Addressing security risks includes forming a holistic and thoughtful upfront design. This considers not only what employees will likely need to do their job and what data should be segregated, for example, but also any backdoor or default access that could introduce unnecessary risk.
By having a workstream dedicated to controls and compliance during the project and making controls a focal point throughout design and testing, you can curtail problems that may come up after the system goes live.
Assess outcomes — and learn from mistakes
The CFO may not be the person pressing all the buttons, but can drive transformation value. Identify risks early so that mitigation can be built into the project plan, and learn from setbacks to avoid them in the future.
This is an abridged version of an article that originally appeared in PwC’s TechEffect. If you would like to learn more about how we can help drive value through system-enabled transformation for your business, please contact Mathea Beck.
