SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Why the CFO is a Vital Part of Your Compliance Team

Compliance and Certification

Despite years of preparation and billions of dollars in spending, today’s businesses still aren’t prepared for cyber-attacks. Just turn on the evening news and you’ll be greeted with the name of the latest company to suffer an attack.

Identifying possible threats doesn’t rest solely on the shoulders of CEOs and IT executives. For many companies, an unlikely member of compliance teams is the CFO. The CFO’s perspective is a crucial one. They play a major role in an organization’s day-to-day operations, overseeing financial reporting, corporate assets, and working directly with financial analysts. The CFO also fears the loss or corruption of data impacting the company’s financial reporting, whether through internal theft or an outside breach.

If your company’s CFO isn’t a member of your compliance team, here is why they should be:

They are at the financial helm

Not only is your company’s CFO overseeing financial reporting, they also know where all that valuable financial information is held, how it’s secured and who would want to steal it. Knowing the types of data your company has and its location are often the first steps to protecting vital financial assets. For those that have been working with ISO 27001 for some time, talking in terms of assets and risks should be familiar. Unfortunately, many companies take an IT-centric approach to security and compliance by focusing only on the IT systems and infrastructure creating the potential or certain assets and risks to go unidentified or incorrectly prioritized. This is where the CFO’s insight can be invaluable, not only in the identification of assets and risks but in the development of incident response plans should a cyber-attack or breach occur.

In addition to knowing the ins and outs of your company’s financial status and its financial data, the CFO controls the budget. A CFO aware of and on board with a company’s compliance and risk needs can more easily approve the budget necessary to have the proper technology and staff in place.

CFOs are also in a unique position to help evaluate how a cyber-attack or breach can affect your company. They can provide insight on the following risks:

  • The impact to your assets and reputation
  • The types of vulnerabilities your company faces and which attackers may want access to your financial data
  • How your company defends itself and responds in the event of an attack

They can be an advocate

While most CFOs are not considered an integral part of a data security team, they can play a significant role in advocating for and pursuing the critical business investments your company needs to protect its most valuable assets.

The CFO can provide a unique look into where the company has prominently invested and whether that level of investment is appropriate.

Cyber-attacks are increasingly common and costly. As a result, cybersecurity has risen in importance and no longer rests solely with IT. CFOs provide valuable insight into an organization’s threats and assets and can take the steps necessary to ensure your company’s information is protected.

About SCOTT ZELKO

Scott Zelko is a Managing Director at Schellman. Scott leads the Northeast Practice and the ISO Certification service line including ISO 27001, ISO 9001, ISO 20000, and ISO 22301. He works with many of the world’s leading cloud computing, FinTech, and security provider clients. Scott has more than 30 years of experience in the information technology field including IT management, system implementations, attestation and other advisory services and holds multiple certifications in the areas of Security, Privacy and Enterprise Governance. In addition, Scott works with clients to develop unified compliance strategies to meet internal, regulatory and client requirements.