I spent two days last week in a class called “Accounting and Finance for Non-Financial Managers” at UT Austin’s Texas Executive Education program. The assigned reading (a book of the same name as the class) was informative but I still felt like it was too advanced for me right off the bat.
My main goal for the class was to learn how my role can have a financial impact as well as an information security impact. It’s fairly common for people who work in information security to provide additional evidence that their recommendations are sound. After all, we may be recommending something that impacts productivity, communication, or the financial bottom line.
The class itself was superb. We started with accounting on the first day and we were surprised to see how much we all actually knew about accounting already. Dr. Hirst explained how accounting is an art more than a science and that learning the vocabulary would allow us to understand more of what’s happening within our own company.
He took the time to pull some balance sheets from 10K’s of various companies represented in the room by their employees. We were able to dissect end of year balance sheets, income statements, and cash flow statements from companies like Solvay Chemicals, Omnicell, Apple, and Rackspace. Dr. Hirst took us through several accounting failures and this helped to not only make it more real, but it drove home the idea that proper accounting is integral to the success of the firm. I’d never realized how Worldcom fell apart, but he was able to summarize it in accounting terms in a few sentences.
The second day was centered around finance and Dr. Nolen led the class. He gave us a model (the DuPont Formula) for understanding a firm’s return on equity that made sense. As he broke the model apart, he showed us what all of our C-level executives care about:
- CEO: return on equity
- COO: asset efficiency (net income over assets)
- CFO: leverage (assets over shareholder equity)
In short, the CEO is looking to bring more profitability from less investment, the COO is looking to increase sales with fewer assets, and the CFO is looking for borrowing leverage to increase assets without increasing shareholder equity.
We also learned about the right and wrong times to raise capital and how to manage the cost of capital. The most head-scratching part of the course for me was around net present value. Long story short, the whole idea behind NPV is that a dollar gained a year from now is worth less than one gained today (think about inflation and what you could do with that dollar today before next year).
Dr. Nolen reminded us that although creative finance people often get promoted, creative accountants usually find themselves in jail. Also, the banks always get paid back first before shareholders.
So how does this all tie back into information security?
You have the potential to improve your firm’s finances through information security improvements. As you reduce risk to the firm, you might find that you need to purchase less insurance, or the potential for fines for losing data might decrease. That reduces your liabilities and increases your return on equity.
On the flip side, if you’re able to talk to your customers about the advances in information security that your company has taken, you might end up increasing sales. Offering additional security products or security enhancements to existing products could also increase revenue.
If you get the opportunity to spend some of your training budget next February, try to get in on this class at UT Austin. The pace is fast and the knowledge is extremely useful. Knowing what’s going on behind the scenes in your company’s finance and accounting departments may give you the edge to push your next project to completion.