We had the pleasure this week of participating in a CFO Forum hosted by TechAmerica, along with representatives from Microsoft, Softlayer and SOURCE, on the topic of “Navigating the Cloud.” The overall discussion focused on the benefits of the rapidly expanding universe of cloud services, along with key risk, compliance and security considerations for CFOs. During the panel discussion and audience Q&A, it became apparent that CFOs wear three different hats when thinking about the cloud:
CFO as Cloud User – like everyone else, CFOs are potential users of cloud services, primarily via ERP and F&A-related SaaS offerings. Discussion in this area focused on several topics:
- Cloud ERP and accounting solutions from vendors like NetSuite and Intacct have been traditionally focused almost exclusively on SMBs. Though still early, enterprise options are emerging from cloud-focused vendors such as Workday. CFOs need to keep on top of the rapidly evolving set of alternatives that exist for the F&A function.
- New cloud deployment models are emerging for ERP, such as the ability to run SAP on virtualized private clouds, and availability of select modules through public multi-tenant models. CFOs need to realize that it’s not just SaaS or nothing – new models are being introduced that capture virtualization and private cloud benefits without the perceived risks of moving sensitive financial data to the public cloud.
CFO as Cloud Buyer – the second major relationship CFOs have with the cloud is as a buyer, given the ownership they have over corporate and IT budgeting processes and spend. Points mentioned during the Forum included:
- CFOs should give strong consideration to “Cloud First” policies such as one recently announced by Vivek Kundra, CIO of the United States, who is seeking to move 25 percent of the Federal Government’s IT budget to cloud services. The policy doesn’t say that cloud should be adopted whenever available, but rather that it be strongly considered “whenever a secure, reliable, cost-effective cloud option exists.” Sounds like a smart policy for the private sector as well.
- CFOs should also work with CIOs and business owners to ensure that a comprehensive assessment has been made of the potential value of migrating to cloud services at the SaaS, IaaS (infrastructure-as-a-service) and PaaS (platform-as-a-service)levels, and that an overall transformation plan exists. Many experiments currently exist, but there is little understanding of where adoption goes after that.
CFO as Fiduciary – the panel also explored the impact of the cloud on CFOs fiduciary responsibilities for the organization.
- Duke Skarda, CTO of Softlayer, described the four categories of risk in the cloud that CFOs need to evaluate: compliance, governance, security, and disaster recovery. As with cloud services overall, there’s no one right answer – organizations need to understand their risk posture, requirements, vendor capabilities, and supporting SLAs and contractual agreements. It was also noted that, in some cases, cloud services can actually serve to decrease organizational risk profiles.
- CFOs need to understand any potential impacts of applicable compliance or data privacy regulations (especially in Europe) on where and how they can leverage cloud services.
- IT policies and controls themselves don’t necessarily change with cloud services, but how they are implemented likely will. CFOs need to ensure IT has taken the right steps to implement appropriate governance and control of cloud services.
Overall, it was a great discussion, with interesting questions and comments from a very engaged CFO audience.