Balancing IT Costs, Risks, and ROI: Expert Insights for CIOs and CFOs

During a recent virtual event hosted by CIO Dive and CFO Dive in October, a significant discussion delved into the complex interplay between IT projects, spending, and risk management. Enterprise technology leaders are continually faced with the challenge of aligning their investment strategies with broader business goals while effectively managing the associated risks. Six industry experts shared their perspectives on navigating these challenges, emphasizing a strategic and collaborative approach.

Balancing Cost Efficiency and Risk Mitigation

A Use-Case Driven Approach to Technology Investments

CIOs are increasingly recognizing that achieving cost efficiency and risk mitigation simultaneously is no small feat. Ryan Downing, VP and CIO of Enterprise Business Solutions at Principal Financial Group, emphasized the importance of a use-case driven approach for technological investments. Rather than allocating funds to abstract new technologies like generative AI, Downing advocated for channeling investments into specific use cases that promise tangible business value. This approach also involves building long-term platform capabilities that can adapt over time.

Downing argued that focusing on practical applications ensures that technological investments directly support business objectives, enhance competitiveness, and equip employees more effectively. This strategy helps avoid the pitfalls of investing in technology for technology’s sake and instead ties expenditures to clearly defined business outcomes. By aligning technology with specific business needs, organizations can better measure returns on investment and justify expenditures to stakeholders.

Measuring ROI from AI Investments

AI has become a ubiquitous topic in technology investments, but the complexity of measuring its ROI remains a significant challenge. Jaime Montemayor, Chief Digital and Technology Officer at General Mills, highlighted that while some benefits of AI are direct and easily quantifiable, such as cost savings or revenue growth, others like improved agility and efficiency are harder to pin down. This ambiguity necessitates a collaborative effort between technology and finance teams to articulate the business value of AI initiatives clearly.

Montemayor pointed out that a nuanced understanding of AI’s impact helps steer investments toward projects that align with the company’s strategic objectives. This approach requires ongoing dialogue with finance teams to develop robust metrics and frameworks for evaluating AI’s contributions. It also underscores the importance of preemptive planning and setting realistic expectations about the outcomes of AI projects. Businesses that manage to overcome these challenges can maximize their AI investments and drive significant value creation.

Addressing Technology Debt and Cyber Risk

The Burden of Legacy Systems on Cyber Spending

Legacy systems, often anchored deeply in an organization’s operational framework, pose a significant challenge that directly impacts cyber spending. John Pearce from Grant Thornton highlighted how these outdated systems are not only costly to maintain but also complicated to replace, creating a form of technology debt that many organizations struggle with. This scenario elevates cyber risks, as older systems may have vulnerabilities that modern threats can easily exploit, thereby necessitating substantial investments in compensating controls.

Pearce emphasized that dealing with legacy systems requires a long-term strategy where businesses must balance the costs of maintaining or upgrading these systems against the cyber risks they pose. Investments in cybersecurity often have to compensate for the deficiencies inherent in legacy infrastructure, demanding more resources for protection measures. This dynamic underscores the importance of progressive updates and a well-planned modernization strategy to mitigate both costs and security risks over time.

Regulatory Demands and Cyber Risk Assessment

The landscape of regulatory demands related to cyber risk is rapidly evolving, with increasing pressure on organizations to enhance transparency and management oversight. Jonathan Fairtlough of KPMG highlighted pressures from regulatory bodies like the SEC and NIS2 in Europe that push businesses to adopt more comprehensive and proactive cyber risk assessment practices. He pointed out that for boards and C-suites, understanding cyber risks without getting bogged down in technical details is crucial for effective governance.

Fairtlough underscored the necessity for executives to communicate effectively about cyber risks, translating technical assessments into business terms that stakeholders can understand. This requires a clear framework to quantify risks in a manner that aligns with business objectives and regulatory requirements. A well-structured approach to cyber risk management not only ensures compliance but also strengthens the overall resilience of the organization. Embracing such frameworks can help mitigate the impact of cyber threats and support a culture of continuous improvement in cybersecurity practices.

Strategic Long-term Technology Initiatives

Trends Towards Integrated Platform Solutions

A notable shift in the market is seen in how organizations are approaching AI-driven software spending. Mark Partin, CFO at BlackLine, discussed a current trend where there is either a pause or reallocation in spending within public markets, indicating a move towards integrated platform solutions over best-of-breed applications. Partin noted that this trend reflects a more long-term approach to digital transformation, aiming for solutions that offer broader capabilities and integration options.

Partin emphasized that the preference for integrated platforms is driven by the need to build cohesive, scalable solutions that align better with long-term business goals. This approach not only supports more efficient operations but also fosters stronger partnerships between CIOs and CFOs, aligning technology initiatives more closely with financial strategies. The trend indicates a shift towards seeking holistic solutions that can grow and adapt with the organization’s evolving needs, rather than piecemeal applications that may offer limited functionality and scalability.

The Importance of Data Quality and Change Management

During a virtual event hosted by CIO Dive and CFO Dive in October, an important discussion unfolded about the intricate relationship between IT projects, financial spending, and risk management. Enterprise technology leaders continuously grapple with the challenge of aligning their investment strategies with overarching business objectives while effectively mitigating associated risks. This balancing act is crucial for driving innovation and maintaining operational efficiency within their organizations.

Six industry experts provided their insights into navigating these challenges, emphasizing the importance of a strategic and collaborative approach. They highlighted the need for a seamless integration between IT and finance departments to ensure that technology investments support the company’s broader goals. The conversation underscored the significance of proactive risk management and the adaptation of agile methodologies to respond swiftly to unforeseen changes. Understanding the evolving landscape of enterprise technology was deemed essential for leaders aiming to foster cross-departmental partnerships and drive sustainable growth in an interconnected business environment.

Explore more

Ethereum Uses AI Swarms to Proactively Patch Network Flaws

The architectural integrity of global decentralized networks has reached a pivotal juncture where the speed of malicious exploitation often outpaces the traditional cadence of human-led security audits. To address this widening gap, The Ethereum Foundation has fundamentally transitioned its security strategy from a reactive model to an automated, proactive defense paradigm that leverages the power of machine learning. This shift

How Is ERP Modernization Driving DLA to Audit Readiness?

The Defense Logistics Agency currently manages an intricate global supply chain that serves as the backbone for the United States military, requiring an unprecedented level of financial precision and operational transparency to meet modern oversight requirements. This massive undertaking involves a transition from aging, siloed legacy systems to a unified Enterprise Resource Planning environment designed to provide real-time visibility into

What Makes Odyssey Infostealer a Global Threat to macOS?

The long-standing myth that macOS remains immune to sophisticated cyberattacks has been decisively shattered by the emergence of the Odyssey infostealer, a highly specialized malware variant engineered to bypass modern system integrity protections. This transition represents a fundamental shift in the threat landscape, where the historical security-by-obscurity advantage once enjoyed by Apple users has entirely vanished. As the adoption of

Can AI Secure Windows Without Compromising Stability?

The sheer scale of modern software development has reached a point where manual code review is no longer sufficient to protect the billions of devices running Windows across the globe. As lines of code multiply and interdependencies become more complex, traditional security measures are struggling to keep pace with the rapid evolution of sophisticated digital threats. In response to this

Xero Launches JAX to Redefine Accounting with Agentic AI

Small business owners have historically spent an exhausting amount of time tethered to spreadsheets and receipts, but the emergence of agentic AI is finally turning those static records into a living, breathing financial command center that operates with minimal human oversight. With more than five million global subscribers now integrated into its ecosystem, Xero is spearheading a movement toward Accountable