In this interview recorded on the sidelines of the GRC 2014 conference, Steve Biskie of High Water Advisors sits down with Steve Sussman to discuss the changing role of the CFO in today's enterprise. Topics discussed include:
- The changing involvement of the CFO in the planning function
- The CFO's increasing involvement in the IT function
- How to start on the CFO path without incurring risk
- The changing role of the auditor within the organization
- How to turn around projects that have gone off-track
- The benefits of integrating SAP EPM and GRC in the enterprise
Biskie: Hi, I’m Steve Biskie, managing director of High Water Advisors, here at the SAP GRC conference in 2014. And I’m here with Steve Sussman from Column5, Steve is the vice president of global sales and marketing for Column5, an organization that specializes in implementing and optimizing the SAP EPM, Enterprise Performance Management and Business Planning and Consolidation packages. Steve, great to see you again!
Sussman: Yeah, good seeing you!
Biskie: We first met at, about a year and a half ago, at another GRC conference in Milan where it was combined with the business intelligence and as an auditor, I’d never really explored some of the capabilities of the EPM suite in SAP and I was fascinated by some of what I was hearing from you and your other team members out there. Can you talk a little bit about the changing role of the CFO these days?
Sussman: Sure. I mean for us, focusing on the Enterprise Performance Management suite, more often than not it’s absolutely the CFO’s organization that kind of is focused on the process side of improving planning, forecasting, financial close-type activities. And I think those are the ones primarily the EPM suite is focused on addressing, helping to automate, helping to improve those processes. For CFOs, in terms of what’s changed, I think over the last several years, I think we’re seeing more and more emphasis, not just on the traditional finance and accounting functions inside an organization, but the CFO being forced into a situation where they’re almost an advisor to the business in a much broader sense. So where traditionally, maybe something like planning, was viewed as a very finance-centric function; today, more often than not, companies are forced to really look at planning as a full, integrated business-type process. So not just the financial plan, but the strategic plan, the operational plan, the sales plan, all tied together across the organization. CFOs may still have some responsibility over that planning function, but now he’s required to really work across the organization, different departments, and pull that feedback together so they can more effectively plan across the organization.
Biskie: Wow, so big change in just the function of the CFO.
Sussman: I think so, right, that’s what we’re seeing in most of our customers, more often than not we’re also seeing IT becoming part of the organization that’s rolling into the responsibility under the CFO. The CFO now, not just focused on the finance and accounting operations, some of those broader business functions, but now also IT, so how do you leverage technology across the organization to address some of these issues?
Biskie: So, traditionally CFOs tend to be a pretty conservative bunch, kind of the nature of being a CFO.
Sussman: Yes, yes.
Biskie: How does someone get started down this path without exposing themselves to too much risk, what’s the right place to get started and how do they set their framework for a successful program?
Sussman: That’s a great question, Steve, and I know from your perspective, having spoken to you and partnered with you folks, you’re focused a lot on the risk management aspect, and the audit side as well, so I’ll be interested in some of your feedback on this. But more often than not, when we’re coming into an organization, they’ve already identified maybe a particular process that they need help with, perhaps it’s taking too long to close the books. Financial close process taking too long, maybe they went through some acquisitions that are driving complexity into that process, and they’re looking for some process improvement, perhaps they’re looking to increase the frequency of planning or forecasting cycles and their ability to model scenarios in the business and respond to different changes, so a lot of times we’re being brought in to look at a particular area, and when we help customers address that, more often than not once you dig into those details you start seeing the other impacts of an inefficient process, even one aspect, and it just helps expose a lot of the risk in other parts of the organization, maybe they’re making a lot of these decisions based on inaccurate data, inconsistent data, and that’s just driving a tremendous amount of risk for them because they’re making decisions based on inaccurate information.
Biskie: And that was the piece the auditor in me is, when we were talking in Milan, that was the piece that I latched into, that similar to the CFO, audit organizations are going through a lot of change these days, the role of the auditor is also changing to more of a business partner, one that’s providing intelligent insight into what’s happening in the organization and not hindsight to the things that have already happened. And I think there are some technologies that can help us on something like the EPM implementation but going back to something else Steve I know you’re also involved a lot in, for lack of a better term, troubled project turnaround, with that, where organizations have progressed down this path and maybe not done things well or appropriately. Tell us a little bit about the types of things you’ve seen in these projects, what have caused the risks, what have been the behaviors that resulted in them having a project that needs to be turned around to begin with?
Sussman: I think there’s a, you know, there are a few things that we encounter in those troubled projects and sometimes it’s easy for companies to maybe point the finger at the product, the technology. An interesting thing is it’s rarely the product itself, a lot of times when you unravel how they went through their initial implementation there are key things that we saw during that process that absolutely contributed to maybe a failed implementation from their perspective. And another thing that typically happens, and we see this a lot in the SAP world, is historically IT has played a very very strong role in the overall implementation of, say, ERP systems, even on the GRC side. When it comes to EPM, it’s increasingly important, it’s critical, to have very heavy involvement from the business side.
Sussman: So unless you have those advocates on the finance side, for example, that are contributing direct input into the requirements and the ongoing implementation and building up their own sufficiency, in terms of supporting the application, and their involvement, you’re going to run into risk because you may have heavy IT involvement in a traditional implementation, gather those requirements, build it out, roll it out, if you don’t have that tight collaboration with the business during an EPM implementation, it’s basically doomed, because you’re not going to have that buy-in from the actual users at the end. A lot of times we do see that, it’s a training issue, it’s a lack of collaboration, and they didn’t necessarily build up that self-sufficiency, so as their needs are changing, they don’t have the competency to go ahead and leverage the solution to change with the organization.
Biskie: So on that topic of risk, Steve, I know we’ve been talking recently about the opportunity organizations have to leverage some of the SAP GRC suite to help improve some of these. What percentage of your customers or how many of your customers are kind of thinking in that direction at this point, versus customers that really haven’t put that piece of the puzzle together?
Sussman: Yeah, I think less than 10% of our customers today are really starting to think that way, proactively, so we’re trying to encourage them a little bit, I know we’re doing some webcasts coming up in the next few months to help stimulate some of that thought. I think there is a lot of opportunity to bridge the gap between the audit and the risk management world and what we’re doing in the EPM world in terms of automating, planning, forecasting, and financial close processes, you know some of the SOX-type initiatives that you need, that the compliance issues there—that it’s a natural blend when you’re looking at the financial close but there’s a lot more that we’ve talked about exposing to customers and kind of stimulating that thought for them to start discussing.
Biskie: Yeah, I absolutely agree, it’s interesting because I know EPM is a widely popular tool in SAP and GRC is as well and yet we’re also not seeing a whole lot of integration between the two. And, it’s natural, a lot of people when they think about GRC, they’re thinking about Access Control, and that one’s a bit of a no-brainer, we know that there can be some functions in the EPM software that someone might have that, combined with some other functions in SAP ERP, could be problematic. But you know, in our discussions, it just for me highlights opportunities around the risk management piece of the GRC suite and how both on that implementation process as well as when you’re talking about sensitivities in dealing with those in the budget planning process and how we can link those into the risks of the business.
Biskie: And then the SAP Process Control solution as well, to be able to begin monitoring those conditions to say are we continuing to use EPM right, I think there’s just a wealth of opportunity for companies to begin leveraging the benefits of tying these applications together and it just hasn’t been realized by many organizations yet.
Sussman: I completely agree. I mean, when I was at SAP several years ago, initially when SAP kind of brought the worlds together a little bit, the EPM and GRC side, you could see the opportunity but I think it was a little early, perhaps, for customers to start embracing that and now given some of the things we’ve been talking about here in terms of the rapid pace of change, the changing role of the CFO, the increased complexity of the business, which also contributes to higher risk, I think it’s a perfect time to start working customers towards this, and huge benefits at the end there.
Biskie: And you know when I think, again, the changing world of audit as well, to be able to provide that insight as opposed to the hindsight with what’s going on and being able to link into more strategic initiatives of the organization, as opposed to some of the tactical things that audit’s historically focused on. I’m pretty excited about working with you and Column5 as we continue to get organizations exposed to the opportunity they can really realize by linking these two applications together.
Sussman: Yeah, same here Steve, I think there are some exciting times coming up!
Sussman: Looking forward to working with some more customers with you.
Biskie: Well Steve, thank you very much for your time, I appreciate it.
Biskie: Signing off, from SAP GRC 2014.