Treasury & Risk sat down with Temano Shurland, a principal in Deloitte Risk & Financial Advisory's finance transformation group, to discuss the poll results.

Treasury & Risk:  What do you make of the fact that, in 1 in 10 companies, finance and cybersecurity teams don't collaborate at all?

Temano Shurland:  Historically, cybersecurity and IT have been separate and distinct from the finance organization. Events such as acquisition deep dives or an ERP [enterprise resource planning] implementation might result in collaboration. But this webcast poll focused on consistent interactions between those groups.

T&R:  So, what are best practices in this area? How much interaction should finance and accounting groups have with their security teams?

TS:  What I've seen in leading organizations is a constant interaction between finance and accounting and cybersecurity, as the business models in most industries continue to evolve and as financial data becomes more and more valuable. With constant interaction, the collaboration is less about an event and more about having continuous communication back and forth. The accounting and finance teams receive advice and counsel from the cybersecurity group, which helps ensure that data stays secure as it moves through their core systems, as well as when it moves from those systems through some integration layer to another system.

Having regular communication helps finance make the best use of the company's internal expertise around the steps that are needed to protect financial data. To me, it seems obvious that finance would leverage the expertise of the cybersecurity team, especially if finance and accounting are more focused on helping operate the business and report on transactions in the business. It's a match made in heaven.

PLEASE NOTE:  Treasury & Risk is currently conducting a survey of our treasury and finance readers on the topic of payment fraud. To participate, click this link. All survey respondents will receive a copy of the survey's final executive summary, and the first 75 respondents will each receive a $10 Amazon gift card.

T&R:  In the companies that you work with, what does that communication look like? Is it a regularly scheduled meeting between the two groups?

TS:  It's a combination of regular interactions, such as a standing committee meeting, and having cybersecurity work as an internal consultant, serving as a sounding board anytime finance is deploying new systems, making upgrades, or modifying processes. It's often beneficial to have someone from the outside take a look, to help finance achieve the best end state that works for both parties.

T&R:  It seems that having close relationships between finance and cybersecurity staff would also be highly beneficial in the event of a security incident.

TS:  Ideally, those relationships would help prevent security incidents from happening, because that constant interaction and advice would lead to constant hardening of the finance group's defenses. But then secondarily, if there is an incident, there's a relationship there that helps the company resolve issues much faster. Individuals on both sides of the fence are a lot more astute and knowledgeable about their counterparts who sit in other parts of the organization.