Interview: The CFO Has Become the Risk Manager

The role of the corporate finance executive is evolving simultaneously with the technology that is available in the market. What are the main risks a CFO faces today in terms of innovation and technology?

Gabriel Baraya, CFO at the Colombian agro-industrial firm Organización Solla, shares his ideas about the risks of technology, the future of the CFO role, his experience working to strengthen cybersecurity, and the best technologies to improve processes and support the business’s strategy. Organización Solla has successfully implemented business intelligence systems and received the Colombian Award for Management Quality and Innovation in 2015.

Q: What is your experience with cybersecurity and what is Organización Solla doing to prevent cyberattacks?

A: It’s becoming increasingly difficult to identify the entry points of cyberattacks. That’s the real difficulty now. For this topic, you first must talk about governance of information security. We are working hard on strengthening our security because that’s the first way to bulletproof against risks.

When we talk about governance and risks, the main tasks are to protect against data loss, theft and access, or altering data. For this we’ve had to use increasingly stronger and more robust firewalls, as well as review our antivirus [software], because we have to share more information with third parties outside of our organization. For example, when we exchange data with a bank, we have to use software to encrypt the data to protect it from being stolen or altered during the process.

We have to be much more careful with the access to our data, both from our own collaborators and third parties who may have access. We have a hierarchy system in place regarding who can give access to a third party, for example to our consultants, and what data is shared. This governance also includes who can authorize, when they can authorize and which specific tools they give access to.

We also have a mandatory protocol in which all workers must change their passwords regularly and increase the security levels of their passwords. We’ve had to designate specific roles so that people only have access to the information they need for their role.

We understand that the end user of the data is the weakest link, so in this aspect we’ve had to work hard in training for the risks they are exposed to and we’ve created roles and positions to help clear up any questions when we suspect we are receiving a message from an untrusted source. In terms of tools, for example for internal communications of the company, we only use Office 365, so we can guarantee the security of the data.

Last but by no means the least important, we’ve designed a contingency plan to recover any lost data.

Q: What technology and innovative procedures are you implementing in the finance department?

A: Innovation is in the DNA of our company as a prime concept that all collaborators must have. Within this concept of innovation, we look for ways to impact the company’s long-term goals and that everything we do has a financial impact on those goals and strategy.

This vision began nine years ago when the finance and IT departments were separate, and I was asked to merge them to use resources more efficiently, as well as speed up the implementation of technologies. From that moment, we began to implement technology starting with the basics, in this case an ERP. We then immediately jumped to business intelligence to be able to make better decisions. We then evolved to big data and artificial intelligence. That’s how we’ve evolved step by step to be able to capture everything in the market in terms of technology and to make it fit within our finance and strategy.

Now we’ve begun using RPAs (robotic process automations). They help us speed up processes that used to take a long time and were prone to errors.

In addition, I believe there is a technology that will be very important for the finance department but still hasn’t taken off—and I hope it does soon—and that is blockchain. I personally believe that this technology will be powerful and create value because of its ability to remove intermediaries from services and processes and use multiple databases. This would help save costs and, naturally, all within a secure environment.

Q: How has the CFO role changed and how do you see it evolving over the next few years?

A: First, you have to see how the finance department has evolved from being traditional to delving into technology. In our case, merging the finance and IT departments has proven to be a success, allowing us to be more efficient and make better use of resources.

Second, and possibly the deepest change, is how the CFO has become a risk manager. A large portion of our time is dedicated to managing risks. Within the finance department, we’ve created departments to provide all risk management technology, and they can even analyze risks that impact the company’s strategy.

Finally, we must learn and explore predictive models, more than traditional planning. A predictive model is so different from a normal planning process because you have to go into a universe of data and be able to improve its prediction.

This interview was conducted by Latin Trade for Council of the Americas.