Bridging Compliance And Cybersecurity In Financial Reporting
Bridging Compliance And Cybersecurity In Financial Reporting
Bridging Compliance And Cybersecurity In Financial Reporting
Guest Article by Marcie Clark ,the Director of Regulatory Services for Donnelley Financial Solutions
Although financial compliance and cybersecurity look like two separate responsibilities to many businesses, they are linked together in several ways. The U.S. Securities and Exchange Commission recently introduced guidelines still in development that would require public companies to disclose their processes to protect financial cybersecurity, as part of regular financial reporting. Since cybersecurity is a critical element of enterprise financial stability, it deserves a prominent role in regular operations. With this guide, cybersecurity professionals will understand the importance of ensuring an effective balance between financial reporting and organizational cybersecurity.
Challenges in Balancing Financial Reporting Compliance and Cybersecurity
Ideally, every team in a business works together to achieve a better outcome. In practice, financial and cybersecurity teams are often at odds. These challenges require careful consideration before building a bridge between these teams’ goals.
Misalignment in leadership
For many organizations, the person in charge of cybersecurity is distinct from the one ensuring financial compliance, and they do not always see eye-to-eye. PwC notes that less than half of companies involve chief information security officers (CISOs) in regular business operations. Effectively, this means that the CISO often lacks context on critical deadlines and other operational requirements. That misalignment can lead to competing goals that create conflict at the point of a system upgrade or submission of a financial report.
Siloed processes
Although automation makes streamlining data collection, processing, and monitoring a much simpler task, many companies still silo their processes. Information silos keep projects, status updates, and timelines separated between teams. This separation causes disjointed communication that can slow progress and introduce errors into the equation, particularly for systems still relying heavily on human data entry and management. With a lack of collaboration, teams cannot work together effectively and often appear at odds with each other’s goals.
Conflict between teams
Financial compliance and cybersecurity are two vitally important functions within an organization, and conflict can make their operations much more difficult. Financial reporting follows a tight schedule on the SEC filing calendar, with little room for delays. Cybersecurity requires regular attention to threats and software updates to mitigate risk. Both teams need to work efficiently to ensure the best outcomes. When they don’t work together, these timelines can collide in ways that interrupt timely submission or introduce security risks.
How to Align Cybersecurity and Compliance Processes
With the SEC’s proposed rule requiring companies to establish and document robust security protocol, it has never been more important for businesses to ensure that their cybersecurity systems work well with their financial reporting processes. These tips can help organizations overcome challenges while meeting critical compliance guidelines.
Build cohesive compliance teams
To avoid a misalignment between the goals of each team, some crossover is necessary. Having the CISO and CFO work together to identify possible conflicts and implement plans to reduce them can improve efficiency and project outcomes. When financial compliance and legal teams are preparing for the next set of reports, a member of the cybersecurity team should be a part of the discussion. This level of collaboration can ensure that each team stays in the loop of the other’s processes and timelines.
Integrate cybersecurity with compliance workflows
Since financial reporting has the strictest deadlines, cybersecurity testing and development should be integrated into the workflow for preparation of reporting. Ideally, data collection, testing, and monitoring happen continuously throughout daily operations to solidify paper trails and audit readiness. Tickets for security issues must receive regular attention to prevent bottlenecks in development and refinement over time. As the reporting deadlines approach, final testing and upgrades should be part of the workflow, so that the compliance and legal teams are not hung up on unexpected downtime or system upgrades.
Utilize automation
Automated processes make a significant difference in increasing the efficiency of lean teams and strict workflows. Automation streamlines the work of collecting information and processing it, so that compliance and cybersecurity teams alike are not left waiting on QA to generate incident tickets or reports about cybersecurity risk. Automated systems can provide continuous monitoring to identify problems and provide useful information about how a failure occurs to promote effective and quick fixes. Streamlining data across departments using automation can decrease the workload of the financial compliance team and increase overall accuracy.
Navigating financial reporting and cybersecurity processes is best when the two are aligned, particularly for regulatory compliance. Integrating workflows and timelines between teams can provide the best chance at protecting the company’s financial security and stability. By following this advice, organizations can avoid common conflicts in compliance without compromising cybersecurity efforts.
Author bio: Marcie Clark is the Director of Regulatory Services for Donnelley Financial Solutions (DFIN). She is a seasoned subject matter expert in SEC rules and regulations with experience navigating complex compliance landscapes. Clark plays a key role in ensuring organizational readiness and alignment with evolving SEC mandates.
SOURCES
https://www.sec.gov/rules-regulations/2023/07/s7-09-22
https://www.alertlogic.com/blog/navigating-the-complex-world-of-financial-services-compliance
https://erdalozkaya.com/?s=Compliance
About Author
