How Manufacturing CFOs
Can Use Technology to Mitigate Risks


Financial and compliance risk management has long been in the purview of CFOs, but, in more recent times, they also become more involved in addressing cybersecurity risks. The financial damages of ransomware attacks, phishing, digital theft, and fraud can be exorbitant. Cybercriminals are increasingly sophisticated and relentless. Digital attacks on company resources have increased by almost 400 percent since the start of the pandemic, and 68 percent of companies surveyed early in 2021 have experienced increases in fraud.15 When in the past criminals would focus mostly on the largest companies, they are now more and more also targeting mid-sized organizations.

Those developments are also changing the conversations regarding cyber insurance, which Sikich generally recommends to clients. An argument in recent debates was that cyber insurance could help make ransomware attacks pervasive, especially since many of these events are not reported and may thus not even see a response from law enforcement. However, this assertion is not accurate. For one thing, providers of cyber insurance don’t just simply make payouts. They also work with their clients to ensure that they have strong protections and effective data protection policies in place. On the other hand, cyber insurance can be invaluable when it shields companies from costly and reputation-damaging third-party lawsuits and helps them recoup the costs of data breach investigations and remedial efforts.
Also keep in mind that more, especially large customers and trading partners request manufacturers to carry cyber risk or cyber liability insurance. They may also stipulate certain details in insurance contracts.


Today, most manufacturing CFOs and their organizations have an increased awareness of risk; they tend to welcome Sikich consultants who can take sophisticated and thoughtful approaches to helping them mitigate it.


Several other trends require manufacturing CFOs to take a larger role in helping their organizations manage risk, especially when it comes to unexpected changes in the financial status of customers and the costs and complexities of regulatory compliance. Given industry volatility and intense competition as businesses emerge from the pandemic, manufacturers are likely to find that they need to keep closer tabs on their cash flow. Some formerly financially sound customers may turn into credit risks almost overnight. For CFOs, that means cash flow modeling with predictive analytics, sometimes augmented by AI when the number of customers is high, can be immensely valuable in identifying potentially risky customers and cash flow constraints. Many manufacturers use Power BI technology from the Microsoft Power Platform to assess customer-related cash flow risks. Often, they also rely on Power BI to improve their forecasting and budgeting with flexible, realistic, close to real-time modeling. 

Today, most CFOs and their organizations have an increased awareness of risk; they tend to welcome Sikich consultants who can take sophisticated and thoughtful approaches to helping them mitigate it. For example, they have become far more conscientious than at any other time in ensuring the proper segregation of duties and avoid conflicts between roles and privileges. When we deploy an ERP system like Microsoft Dynamics 365 Finance and Supply Chain Management (F&SCM), we can configure the business roles to maintain the appropriate level of segregation, long before people begin working with the software.


Uncompromised regulatory compliance is critical for maintaining the best possible business practices and avoiding financial penalties and other risks. When customers and prospects also request compliance audits as part of their requests-for-proposal (RFP), it can also be instrumental in driving growth.

While IT teams will understand the technical requirements of compliance mandates, many manufacturers choose not to burden IT with the company’s strategic compliance management. Often, that task is best part of a collaboration between the CFO and the CIO or their delegates specializing in the details of compliance. However, most IT departments experience larger and more complex task loads when it comes to implementing compliance in a company’s systems and processes. To a degree, compliance activities may also overlap or complement data protection and risk management measures and initiatives that are already take place in the IT domain.


Some manufacturers may still catch up to relatively recent compliance frameworks like the General Data Protection Regulation (GDPR) for companies doing business with customers in the European Union and the European Economic Area. 

Any company active in the U.S. defense contract supply chain also has to achieve Cybersecurity Maturity Model Certification (CMMC) and thereby prove that it can properly safeguard sensitive, unclassified information in interacting with the Department of Defense. 

Several CMMC levels can apply to manufacturers, which also need to find an authorized and accredited CMMC Third-Party Assessment Organization (C3PAQ) to conduct a CMMC assessment and issue a certificate.

CMMC assessor

Sikich is a CMMC assessor, and we can also help you perform a readiness evaluation to see where you stand right now in terms of the maturity of your cybersecurity. Other Sikich resources are also available to CFOs and manufacturing companies. For example, we can provide a dedicated, virtual chief information security officer (vCISO), a comparable role to a Sikich vCIO. A vCISO is your point of accountability for strategically sound security management. You gain the benefit of rich expertise without having to recruit and hire a fulltime executive position. Without dependable, expert guidance, companies easily misstep by implementing security that applies the most stringent measures not just to the most sensitive and at-risk data, but to all digital information. That can cause unnecessary expenses and get in the way or organizational productivity.


Achieving the right balance between the productivity and security of individuals and teams is part of every Dynamics 365 software deployment project managed by Sikich consultants. It’s also built into our HEADSTART methodology, which provides a completely preconfigured model of the ERP system. HEADSTART comprises a large inventory of technology user roles and thousands of business processes based on industry-best practices and can help companies make high productivity paired with strong security pervasive throughout their business.

HEADSTART gives in-depth treatment to manufacturing, with a wealth of system parameters optimized for such industry segments as engineer-to-order and make-to-order manufacturing, discrete manufacturing, industrial equipment manufacturing, and production companies that also perform wholesale distribution. HEADSTART can greatly reduce the time to go-live, help cut deployment costs, and ensure fast, organization-wide user adoption.

Sikich consultants understand what matters to manufacturing CFOs and which complexities they face every day.