Redefining the job of the IT financial manager in government.

• Author: Schafer, Steven
• Position: Information technology

Every jurisdiction that provides, buys, or uses information technology services has someone who oversees the finances for those services. This function might be part of a much larger set of responsibilities, or it could be a full-time position with oversight of a large team and the job description of a chief financial officer. Either way, the routine tasks of budgeting--paying the bills, buying goods and services, and tracking assets--are extremely important, and extremely time-consuming. And like Gulliver, tied down by a thousand strings, IT financial managers in the public sector must break loose from all the daily chores and take on a broader role.

As information technology becomes increasingly important to the effectiveness, efficiency, accountability, and transparency of government, the IT financial manager needs to take a broader role and bear more responsibility. Finance is often a crucial component of decisions relating to information technology, and financial managers have insights and knowledge gained from their exposure to the entire organization, along with access to the top echelon of leadership.

FREEDOM FIGHTER AND MORE

Jeremy Hope, a well-regarded writer of books about improving financial management, favors an expanded role for financial managers, arguing that they have much more to contribute than just keeping the ledgers. (1) In one of his books, Hope listed seven critical functions: freedom fighter, analyst and advisor, architect of adaptive management, warrior against waste, master of measurement, regulator of risk, and champion of change. And while each of these tasks is important, three have special relevance for those involved with IT: analyst, regulator of risk, and champion of change.

The IT financial manager as analyst can bring a unique combination of knowledge, skills, and insight to bear on the challenges facing an organization. This includes contributing ideas for improvement, spreading financial knowledge and decision-making capabilities, and providing an independent view on investment decisions.

The regulator of risk helps departments and technical teams expose, prevent, and mitigate potential problems, as well as identifying the financial impact if something goes wrong. When disaster strikes--a fire, hacked servers, a software audit--so do the second-guessers. In the public sector, the local media happily trumpet the seemingly simple steps that would have prevented the problem in the first place. The successful regulator of risk minimizes this dynamic.

Champion of change is a broad category that provides many opportunities to be useful, including finding financial solutions for nurturing new IT services or additional investments in IT that will be valuable to the organization. This might be an innovative rate structure, for jurisdictions with cost recovery systems for IT, or economic analyses that help with decisions on IT investments.

Considering ways the role of CFO can be reinvented is exciting, but the realities of the job are ever-present, with barriers to action that include lack of authority, tools, and a playbook. Fortunately, there are ways of dealing with these challenges. The rest of this article explores three disciplines and multiple resources the IT financial manager can tap for assistance.

COSO FRAMEWORK

A great source of material, especially regarding authority for getting involved in areas outside the usual purview of finance, is the Committee of Sponsoring Organizations of the Treadway Commission. COSO, as it is commonly known, is a joint initiative of five private-sector accounting and auditing organizations that provides guidance on internal controls, risk management, and related subjects. Its recently updated Internal Control--Integrated Framework explains internal control as "a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance."

The framework presents three categories of objectives that apply to all organizations: the effectiveness and efficiency of operations; internal, external, and non-financial reporting; and compliance with laws and regulations. As implemented in financial systems, internal controls help prevent mistakes and fraud, but COSO also gives IT financial managers license to raise questions about adequate internal controls for preventing IT problems that would disrupt operations and possibly cause...