Thursday, January 18, 2024

How IT security teams do more with less when economies rapidly change

T
he next BriefingsDirect IT security best practices discussion examines how a leading German home builder has adjusted to a major economic market disruption. Germany’s home building demand has recently reversed, putting pressure on builders to reduce IT costs while remaining secure.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

Stay with us to learn how a large, distributed workforce can be best supported by IT -- even as business conditions change and budget requirements lead to broad consolidation.

 

Here to share how an efficient security team helps the shift from managing surging growth to optimizing around necessary contraction is Johannes Hammen, Information Security Officer at DFH Gruppe in Simmern, Rheinland-Pfalz, Germany. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:


Gardner: DFH Gruppe is a major maker of prefab homes. How has the market contraction in the real estate construction business there changed your business?


Hammen: DFH Gruppe is the largest maker of prefab houses in Germany. In 2021, we created more than 3,200 houses. We have more than 1,300 employees in Germany and the Czech Republic who help us build houses.


Hammen

We had quite a high level of throughput. But as you may have learned from the news, there were changes in the past months that triggered changes inside our company. From our customers’ perspective, to get a mortgage for a house, there’s an increase in the requirements, such as higher equity, higher interest rates, and fewer subsidies by the state. On the other hand, material costs were rising, and the politics were shifting toward multi-family housing.

 

So, this changed a lot for us. We had to react. We had many years of with very high growth, up to a rate of 3,200 houses per year. But we needed to consolidate and adapt to the new situation. Of course, this also affects IT and security spending.

 

Gardner: How has your business and IT adjusted to the need for doing more with less?

 

Take advantage of downturns to adjust

 

Hammen: During a period of very high growth, there were other priorities than security and structuring processes in such a way that they are very efficient and very stable. You have to keep pace with the throughput in the company and you have to implement systems and fix issues so that new houses can be constructed.

 

Now, we have an opportunity to do consolidation, to breathe again, and take a step back. We can look at our processes, increase the efficiency, and implement new tools, which we did not have time to do before.

 

Gardner: Many times, in the past when we’ve had disruptions either from growth or rapid changes or interaction, we try to work smart and use some technology to its best advantage.

 

How have you been able to do that, given you have a large, distributed workforce in the field. You work with many partners, and you have a large supply chain?

 

Hammen: As you said, we have quite a distributed workforce. We are focused on the German market, but that doesn’t mean that we are doing everything in-house. You can imagine that to design and construct a house is quite a large process that needs to involve a lot of experts.

 

For example, we have more than 650 sales contractors spread across Germany, who are working independently. They guide our customers in the process of buying and building a home.

We need to coordinate and manage all of these contract partners across the whole process. Every external partner has different rules, policies, mindsets, and backgrounds. It's really hard to keep everyone on the same page.

We also have many different types of skilled handymen who construct houses. We have more than 260 partners of all sizes, from small companies, with two or three handymen and someone in the back office, to very large companies with 500 to 1,000 employees who support us on different steps in the house-building process -- such as heating, electricity, and so on.

 

We need to coordinate and manage all of these contract partners across the whole process. Every external partner has different rules, different policies, a different mindset, and a different background. So, it’s really hard to keep everyone on the same page, especially with respect to security.

 

Gardner: It sounds as though there’s a great diversity, particularly among the types of IT, as well as the workforce style and culture. That means that you’re the hub on a multi-spoked wheel. How can you impose security without alienating or slowing people down? That must be a difficult balance.

 

Hammen: It is. We try to consider everyone’s needs and requirements in the whole process. Also, we see it more as an opportunity for everyone, not as a slow-down mechanism as some people view it.

 

Security is a door opener for so much process optimization and so many innovative ideas. If, for example, you try to implement security in part of a process, you have the chance to remodel the process to be more efficient in general -- or to create a new business model out of it.

 

This is the story that we want to tell everyone. We try to not spend too much time on the complicated things, and to hide those things from our users and our partners. We want to build a platform, a solution that everyone can use.

Why should a sales expert, for example, have to think about IT security topics? We in IT just implement a solution and provide it as a service to our internal customers and to our employees. It’s a good tradeoff between having a high level of security and also not slowing down the business.

 

Gardner: You are re-engineering processes by taking advantage of technology. What was it about the technology you were using before that made it difficult to achieve your goals?

 

Hammen: Everyone knows that there have been lot of huge technology advancements in the past months and years regarding artificial intelligence (AI) and all that. But even before that, our focus during our high-growth phase was not on security; not on getting the latest, most innovative technology. We had just enough security and IT infrastructure that was working fine and was fulfilling the needs of the business.

 

But in the last one to two years, we looked to the IT and security vendors for new concepts. There were a lot of transformations, especially with respect to security, such as getting to zero trust, for example. This is quite a new concept and we needed to rethink a lot of our past decisions.

 

Gardner: Part of the ability to control security means getting more data about systems, which you can also use to then be more productive. Is your IT organization using security improvements as an accelerator to better productivity overall?

 

Collecting security data is good business

 

Hammen: We are currently working on this and on getting transparency for this larger aspect of security. What we have achieved already is that security is a good vehicle to transport the key performance indicator (KPI) approach into other departments and areas of the company.

 

In security, and also in IT, we try to measure everything. We try to measure up-time, we try to measure incidents, and so on. You can transform or adapt these concepts to more business-related processes.

 

I think this is a huge advantage that we are currently trying to transport and market to our colleagues. We have seen this in software development, but in IT in general, some concepts such as how to do projects, how to achieve high quality in very complex environments -- these are very good concepts in IT that we can adapt to business.

 

Gardner: Yes. The productivity isn’t just about technology and IT productivity, but overall business productivity, which is so important when you’re trying to do more with less.

 

By being more data-driven and KPI-oriented, by measuring, testing, and verifying the results, what do you need to put in place to do that? How do you get the information and also protect it?

 

Hammen: It’s very important. We are implementing an information security management system (ISMS). The main concept of this system is that everything should be risk-oriented. And to measure for risk accurately, you need the data.

 

You need the performance indicators so that you can determine whether one risk is higher than another, or to know the trends and direction of risks. Let’s say 1,000 incidents happened, but in the other one, only 20 have happened. This is why we need the data.

We have used a lot of tools that were doing the job, but they came from an earlier age of IT. The KPI-driven approach had not yet been implemented. It was hard to get the data.

We have used a lot of tools that were doing the job quite well, but they came from an earlier age of IT. This performance indicator or KPI-driven approach had not been implemented. So, it was very hard to get any data out of it in an aggregated way.

 

Currently, for all new solutions and concepts that we are implementing, we are also considering what data can we get out of it and how can we use this data to drive further decisions.

 

Gardner: To make those prioritizations, you also need to become more predictive and be able to get out in front of these trends.

 

Have you been able to, in a sense, reduce the amount of time that it takes to react so that you’re not doing a backward-looking analysis, but doing forward-looking implementation of fixes and improvements?

 

Hammen: Yes. It is part of ISMS to also consolidate and streamline these processes. For example, in the past we were spending a lot of time on day-to-day activities, such as rolling out an endpoint security solution or rolling out an update of an endpoint security solution to a client.

 

This was using up a lot of our time in IT. After streamlining all of these very basic tasks, it shouldn’t require an investment of more than a few minutes, in my opinion. Streamlining all of these tasks creates a lot of new time in the budget that we can implement in looking for new solutions, looking for optimizations for already-existing products, looking for integrations between products that we already have, and between processes that we already have. Currently, this is our main focus.

 

Gardner: When you have a limited budget for new hiring -- and skills are hard to come by in the best of times -- you want to look to the technology to take the repetitive tasks away from the people so that they can focus more on the analytics, on the innovation, on the business-level productivity.

 

Do you see in the use of security technology now that capability to offload some tasks and free up human capital to do what it does best?

 

Hammen: Yes. Based on AI, there are a lot of tasks that we can shift toward automation or to automate in some way.  Another example is if you take an average endpoint security solution from today, every solution has a cloud sandbox or something like it, with automatic execution and analysis of a suspicious file.

 

In the past, one expert from our company or from a contractor had to invest the time to analyze this suspicious file to be sure that it is not harmful. Now it’s just happening in the background. At some time you get the feedback on how it’s malicious or not and that’s all.

But you save a lot of time and money by automating this stuff now and even more in the future. There are a lot of other topics, such as network detection response and so on, which is just building. It’s only the start of what we can do with security automation. Also, it’s not only that we do not have the personnel anymore, but also, we want to have high quality results at the end.

 

Gardner: Going back to the fact that you have a large, distributed workforce, they’re out at these sites putting these homes together. They’re organizing with many contractors from many different destinations. If you can make their jobs easier, they’re of course going to be happy to work with you and adopt your approaches. Security can be seen not as, “Oh, we have to go through these arduous tasks in order to be secure,” but that in fact you’re helping them.

 

Do you find that the user buy-in is shifting? Are you getting a sense that when you do this well, when security becomes an accelerator to productivity, and that you get people’s cooperation and even eagerness to adopt your tools and processes?

 

Security is much more than passwords

 

Hammen: Yes. We have one advantage now that we didn’t have, maybe three or five years ago, because a lot of people are used to some security measures, such as multifactor authentication. Everyone knows this from their personal accounts at online shops, at different vendors and so on.

 

So, there is some base work that has already been done in the consumer market. I think a lot of companies were affected by cyber attacks that caused business disruptions. A lot of people were also feeling the result of not investing in security, not collaborating with security.

A lot of companies were affected by cyber attacks that caused business disruptions. A lot of people were feeling the result of not investing in security, of not collaborating with security. 

That’s a good starting point. Also, we have to get this distributed workforce, with very different levels of understanding and backgrounds regarding IT and security, invested in this topic and also have them participate. But on the other hand, my colleagues and I also have to make sure that we take their opinions and their special needs into consideration in all of our decisions.

 

We cannot consider every requirement, of course. Some people just want to make it easy, easy, so no password, nothing. We still have to try to consider that different people use different mechanics or have different working habits.

 

Gardner: We’ve been putting this just through the lens of security, but there’s also requirements for compliance, privacy, documentation, auditing, etc. General Data Protection Regulation (GDPR), of course, comes to mind.

 

We all have to do things that we might think are difficult or put more of a burden on people. Have you able to bring this sense of productivity, automation, and intelligence to your requirements around compliance as well?

 

Hammen: On the one hand, it’s easier to show others that you are being compliant if you get all the metrics out of the software. If you have transparency in the technical and business processes, then you can easily show everyone who is interested.

 

We can show what we are doing. With respect to this documentation, every worker understands what we are doing and whether it’s compliant or not. I think in the past, it was more like a black box. So, I think this is a very good thing in the end.

 

Gardner: It sounds like there’s a multiplier effect. If you do the due diligence for security, then you get the means to adhere to the compliance requirements, which then leads you to be able to further automate and take the load off of the humans, which then leads back to more technology.

 

Is there an adoption virtuous cycle? Is that something you’re already seeing?

 

Hammen: Yes, and this is also what we try to enforce. If this positive cycle is started, it’s easy to keep it alive and keep it running. This is what we try to achieve.

 

Gardner: In order to get that cycle ramped up, you want to have proof points and metrics. So, are there any ways that you measure how you’re improving security and therefore also improving business productivity that will cut costs and improve and optimize the business results? Any measurements or examples that you can provide how this is helping your organization?

 

The proof is in the productivity

 

Hammen: We do not have absolute numbers that we can share. But there are a lot of what I call soft metrics, gathered from different conversations with colleagues.

 

For example, we are doing the total risk management process being part of an ISMS and, in this whole process, there are a lot of results coming out that at least have the possibility to help the business to run more efficiently, the chance to do more with less.

 

Currently, we are trying to measure it and also build up a KPI framework for measuring all of these things. But it’s very, very complex, especially when you have a distributed company and workforce.

 

Gardner: Are there any what we would call low-lying fruit indicators, perhaps a number of calls to your help desk, trouble tickets, less time on security administration, anything like that that you can point to and say, “Aha, we are getting payback on our investments, and we are achieving higher productivity while remaining secure”?

 

Hammen: Yes, there’s two KPIs I can share. One is our endpoint security solution that we switched to at the beginning of last year. With the new solution, we estimated that about 40 percent less time was spent on the security administration tasks such as this roll out, the patch management of this solution and so on.
 

Two, there’s been around 90 percent fewer security-related trouble inquiries since we have implemented this solution, because now we have one dashboard. It’s very easy for us to react to false positives if there are any and drag them down and do the follow-up steps to clean them up and not trigger them again in the future.

 

Gardner: Johannes, how in the future do you expect to be able to further this analysis, this positive feedback improvement cycle?

 

Do you think that having more analytics in the cloud, and using outside suppliers as a security operations center (SOC), is in the works? What do you foresee in the next three to five years regarding how security can continue to be an accelerant to productivity?

 

Hammen: One thing that we need to consider is it’s still quite hard to get skilled IT and security personnel.

 

If you are a security expert, you probably want to work for the very large companies with large SOCs, and maybe not for a construction company. There is very high level of competition in the job market.

 

In the next years, in order to achieve a higher-level of security while also maintaining this current level of security, we need to focus on what we can do with the workforce that we have, with our partner network, and with our internal colleagues. We need to get the best out of what we can do from the inside and also from well-thought-through outsourcing.

Using a managed detection and response (MDR) service or a managed SOC ... This is something a lot of companies still need to adapt to. ... You need to open up to these new concepts.  

As you mentioned, for example, using a managed detection and response (MDR) service or a managed SOC. So, everything that you can’t do perfectly in-house because you don’t have the resources, or the workforce, you can outsource, but control it well and have good visibility into it.

 

This is something a lot of companies still need to adapt to. Yet some of the companies we work with have been very, let’s say, on-premises and very protective. But they have to open up.

 

A lot of vendors are driving toward cloud and cloud-only, of course. As a company, you need to open up to these new concepts, for new collaboration between your internal workforce or internal experts, and also to the external experts for specific topics, such as the SOC.

 

Gardner: That changes the nature of your supplier from vendor to services partner, right?

 

Hammen: Correct, long-term partner.

Listen to the podcast. Find it on iTunesRead a full transcript or download a copy. Sponsor: Bitdefender.


You may also be interested in:

Monday, November 13, 2023

How accounts payable automation and agility drive long-term business productivity

The next BriefingsDirect business modernization discussion focuses on how optimizing and automating accounts payable (AP) functions gives businesses improved insights and levers to better transform.

We’ll examine how improved control and management over cash flow, payables, and related fiduciary functions elevate overall financial situational awareness.

Via adoption of intelligent automation, such new awareness -- and the greater efficiency it produces -- will further support the expected consolidation and convergence of financial operations within the typical office of the Chief Financial Officer (CFO).

  Listen to the podcastFind it on iTunes. Read a full transcript or download a copy.

Here to show how and share his insights as a business operations efficiency veteran and expert is our guest, Jason Kurtz, Chief Executive Officer (CEO) at Basware. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.


Here are some excerpts:


Gardner: Jason, let’s put some context around our discussion. What are some of the major trends shaping the need for better accounts payable automation, and why is there an imperative to add intelligence and automation to overall back-office business operations?

 

Kurtz: The imperative is we’re dealing in truly unchartered waters here for a lot of CFOs. If you think about what’s going on in our world, if you think about the macro-environment, we have potential recessions in some areas of the world. We have higher inflation rates, higher interest rates, and all that affects us in our businesses in various ways. If you think about supply chains, for example, we still -- believe it or not -- haven’t fully recovered from supply-chain disruptions from the pandemic.

 

Kurtz

These trends impact CFOs, and what’s going on in our world. We still have people working in hybrid or remote environments. We still have companies that can’t fill the jobs they have open, including in AP. Then we also have countries such as France, Germany, Poland, and Spain that are adding regulatory requirements for how you should send and receive an invoice.  Countries like Mexico and Brazil are changing their regulations on a regular basis.


Never before have we seen so many things impacting CFOs at the same time. You think about people like me, I’m in my mid-50s, I’ve never worked in an environment where there’s a recession plus high interest rates, plus inflation. You throw that in, and we’ve never seen this before. For many of us in these roles, it’s a unique time in history -- and in our careers -- that we’re dealing with so many challenges at once.

 

Gardner: Because there’s so much that’s unprecedented happening at once, it’s hard to look at the historic record and say, “Okay, I know what’s going to happen next.” There’s very little clear visibility as to what we’re going to be dealing with in terms of our top-line and needed constraints on spending over the next six to 12 months.

 

Kurtz: That’s 100 percent right. We are living with uncertainty right now. Few companies have great data and information to help them navigate such uncertainty. But one of the key documents, key pieces of information and data, is the invoice. If you can get that right, and gather great data from your invoices, man, that makes your job as a CFO a lot easier.

 

Gardner: To get that look at the full record and all of the data, that usually means more intelligence and automation around vital business processes. So, on the micro-level, what are the challenges facing businesses to gain more tactical and strategic control over their finance operations?

 

Kurtz: There are some really interesting challenges that you wouldn’t believe are still challenges. For a lot of businesses, we want to improve profitability in uncertain times. We want to unlock working capital. What’s one of the biggest barriers to that? Over 90 percent of companies say they can’t pay an invoice on time because they don’t have it approved in time.

You need automation and tools that can embed your policies and procedures into your workflow and your processes. You can't do that in a manual world. This is the reality for a lot of the companies we deal with.

Because they have bad data, because they haven’t enabled their suppliers, and because they’re often dealing with scanning and optical character recognition (OCR) documents of poor quality --  and it takes time to manage difficult exceptions – those are all critical hurdles. So, it’s important to solve these to unlock lots of hidden value.

 

Another challenge we talked about; companies don’t have a full staff in AP -- sometimes people are working remotely. How do you make sure those new people are trained, are more efficient, and effective? How do you know they’re following the policies and procedures for your company? How do you quality check the work they’re doing via remote work?

 

Because you want to do more with newer and fewer employees, you need automation and tools that can embed your policies and procedures into your workflow and your processes. You can’t do that in a manual world. So those are just a couple of examples, but this is the reality for a lot of the companies we deal with. From an AP perspective, they need improvements because these really are barriers to their success right now.

 

Gardner: Jason, both you and I have been in this business long enough to have seen wave upon wave of new technologies and approaches. And that was great, to use the best-of-breed solutions as they came online. But it has left many organizations with a scattered and disruptive mix of apps and silos that come from different eras.

 

Invoice intervention imperative

 

Kurtz: Yes, without question. We joke a lot about an earlier era of scanning paper docs using OCR, right? That’s just one example of what you’re talking about. For a lot of companies, scanning and OCR checked the box on adopting electronic invoicing. “We’ve done it.” But you and I know that that’s not really the case, right? You don’t get any good data out of that.

 

You have to have manual intervention. It slows your processes down. It’s like using a pay phone, right? Or a fax machine. And no one uses those anymore. But there are still lots of people who have that as their e-invoicing solution, which is crazy.

Keep up with global compliance requirements using this interactive map.

And, to your point, lots of companies have layered different technologies onto their environment over time. Maybe it was a procurement solution, or a sourcing solution, or their enterprise resource planning (ERP) suites, and they’re trying to figure out, at least in AP, “How do I make all of that work? My invoices come and originate in different places.”

 

They ask, “How do I put something on top of that that is modern, usable, and purpose-built for me in that kind of an environment that’s very fragmented and has lots of different offerings and capabilities?” They need something that sits on top of that to make it all more efficient and effective for the AP department. So, again, you hit the nail on the head. There’s a lot of complexity in the companies that we work with.

 

Gardner: Part of the good news, as you alluded to earlier, is that the modern invoice has a beneficial role to play. When you go fully digital, you can layer into that resource lots of metadata, you can bring added processes to bear, and you can use that asset as a powerful tool to usher in benefits across other applications, data, and processes. When you do this right, and you unlock the superpowers with your invoice workflows, how does that set off cascading benefits?

 

Invoice data insights reap rewards

 

Kurtz: One that we haven’t talked about yet, when you get that invoicing data right and you have good data from across your suppliers, that gives you aggregate insights into what you bought from whom, how much you paid, and what the commerce trends are. That gives you the basis for accurate spend analytics.

 

In the current uncertain macro-economic environment, we’re trying to save money and use that money to fund growth where we can find it, or put it away in the bank for profitability, then spend analytics is a great place to start to optimize, right? But you have to have that invoice data first to fully understand what it is you bought from whom, the pricing, and all the added details. So that’s one.

Two, the other part of the invoice data goodness, comes from unlocking working capital. Many companies now discount payment terms so the buyer receives a two percent discount on the net invoice amount if they pay within 10 days. Otherwise, the full invoice amount is due within 30 days. But, if they can’t pay something in 10 days, they can’t get the benefit.

But imagine if we could unlock literally billions of dollars in potential early-payment discounts or working-capital benefits that we could then use to invest in our growth or direct to areas where our acute business needs are. But, again, you must have a working invoice with good data, well-structured and in a timely manner, to be able to handle that management of working capital optimization. Yet, lots of companies still can’t do that.

 

I think those are a couple of examples where the modern invoice can unlock a lot of economic benefits for companies in these uncertain times.

 

Gardner: It has only gotten more important to best manage cash flow now that we’re up to five percent or more on overnight interest rates. The imperative to get fast and detailed cash flow data, and bring that organizational efficiency and agility to bear in real time, is higher than at any time in at least the last 15 years, right?

 

Kurtz: That’s 100 percent correct, and so intelligence is more valuable for us as an organization, and for our large customers. That’s because, in many cases, they have billions of dollars in spend, so that they can unlock millions – even hundreds of millions -- in working-capital dollars due to those higher interest rates.

Such intelligence is also important for our customers' suppliers because their cost of capital is going up, too. When supply chains are still disrupted, who gets what when and at what terms? 

But that intelligence is also important for their suppliers because their cost of capital is going up as well. In this world, where we still have some limited supply chains, suppliers can’t always deliver 100 percent of what they did three years ago. They may still be at only 85 or 90 percent.

 

Who then gets what when and at what terms? Who gets that 85 or 90 percent instead of the requested 100 percent? I would hypothesize -- and our customers are telling us this -- those good payers, the people who pay on time for timely delivery, become the customers of choice. If there’s a limited supply, they may get more of their fair share. There are a lot of benefits for doing this well, being able to pay when you and your suppliers want to pay for the right reasons.

 

Gardner: You’re teeing up some of the changes needed in CFO-required skills. Whereas due diligence, operational integrity, and process efficiency may have been top of mind when it came to bringing new people into the office of CFO, now you’re talking about more analytical, entrepreneurial, and innovative skills. We need a different kind of person in these strategic thinking and data analysis roles, right?

 

CFO role encompasses more analytics 

 

Kurtz: Yes, absolutely. In almost every role in the finance department now, comfort with data and analytics is becoming more critical. Those are the skills that help with automation and gaining insight into how you best manage your resources and capital. Those two skill sets -- comfort with technology and proficiency with data and analytics -- are probably two of the most important.

The other thing we’re seeing is the office of the CFO is broadening its responsibilities, too. They’re taking on more operational responsibilities and further impacting their organizations. So, that means being consultative and being good influencers and educators. Those are all part of the skill sets that a good finance organization has to have right now.

 

Gardner: There is no closing the door to the back office and then only coming out once a quarter with an audit or report anymore, right?

 

Kurtz: That’s right, you can’t do that. You just can’t do that.

 

Gardner: Let’s put some meat around some of these solutions in practical terms. How are these AP automation solutions paying off in brass tacks?

 

Productivity, processing, profits -- all up

 

Kurtz: We’re seeing incredible benefits. When we see automation in the AP function, you go from a company on average processing maybe 5,000 to 7,000 invoices per full-time annual employee equivalent (FTE) to companies processing, 30,000 to even 50,000 invoices a year per FTE. So, that’s a massive productivity benefit. You see the level of electronic invoices from your suppliers going from, on-average for most companies at 34 percent to some of Basware’s best-in-class customers attaining 99 to nearly 100 percent.

OCR is no longer the answer to processing PDF invoices, but AI-powered solutions are.

So, again, that plays into the benefits of accessing great structured data around an invoice. If, for example, you examine invoice processing time, most companies average around 11 days for AP functions. But Basware’s best-in-class AP customers are looking at hours or minutes, certainly less than a day, for processing. And that’s part of what you need to do to unlock the working-capital benefits. And you see companies with 20 to 30 percent of their invoices being touchless -- meaning you never physically have to manually have an intervention into an invoice from receipt through payment – are up from formerly around 21 percent. But again, Basware best-in-class customers are gaining with more than 90 percent being touchless.

 

These are the kind of metrics and value that AP automation solutions, and in particular Basware, customers are able to achieve.

 

Gardner: Can you apply these tactical metrics to also measure improvement in overall business productivity and financial returns?

 

Kurtz: Sure. Take a look at a customer of ours like Heineken. They implemented Basware’s AP automation solution. It streamlined invoice processing, reduced manual efforts, and improved data accuracy and efficiency. All of that resulted in greater than 40 percent reduction in their cost to process invoices within their function as a whole. So more than 40 percent reduction in overall AP team and organization costs by implementing an AP automation solution.

We can be really impactful. The same kind of thing happened at Toyota Industrial, another customer of ours, where they saw similar benefits from streamlining the invoice processing, reducing manual work, and getting suppliers to send invoices electronically. They attained better data, but also significantly reduced cycle times and earned invoice processing time savings. And that lead to better spend visibility and access for a well more than 50 percent reduction in the cost of processing within accounts payable as a whole.

Those are some of the benefits. I think the order of magnitudes are really incredible and transformational. We’re talking about literally millions of savings in hard dollar savings and then tens of millions of dollars in potentially in working-capital benefits as well.

 

Gardner: You can’t define productivity much better than that, right?

 

Kurtz: I like to think so.

 

Gardner: Okay, we have those direct, hard number AP improvement benefits. But as we alluded to earlier, there are some burgeoning types of benefits that come from having the data analytics and capability to innovate on larger strategies for buying, spending, and paying. Let’s talk a little bit about some of the ancillary benefits that come when you automate, when you go truly digital, and when you explore innovations around how the business itself operates.

 

Tech-savvy, budget-aware people thrive

 

Kurtz: Yes, there are a bunch of benefits. Let’s not underestimate the people benefits, right? So many of us are working in hybrid working patterns and remote working environments. I think one of the real benefits is to be able to onboard our people faster and have better productivity from them that much faster than you can in a non-automated world. So that’s one.

 

Two, you can attract a higher level of quality of candidate, particularly -- not to stereotype -- younger generations who are attracted to the technology that we need to incorporate into finance functions over time. They’re attracted to great technology and purpose-built technology. So, that’s another interesting example of ancillary human capital benefits of modernizing AP operations.

So many of us are working in hybrid working patterns and remote work. A real benefit now is to be able to onboard people faster and gain better productivity from them much faster by being in an automated environment.

Another one is clearly the savings visibility, right? And we have customers who are using that spend data that you get from invoices that we talked about to identify tens of millions of dollars in savings from having better data associated with invoices.

 

Toyota, again, is a good example. If you think about the overall finance function, one of the things they use our AP solution for and can gain from improved invoices data is the capability to rapidly monitor budgets. By improving their budget awareness, and having better conversations sooner in their fiscal quarters, they get a head start on performance metrics to know where they stand relative to budgets -- and being able to then act swiftly. They tell us that’s one of the really big benefits.

 

Again, that fits in with the overall CFO theme of being more consultative, being more of a business partner. That comes in large part from being able to see data, gain insights, track trends – all much earlier in the process. You simply can’t do that if it takes you 11 days to process an invoice, or you retain only 50 percent of the data, or you get garbage for data because it’s scanned, and then you have to go back and manually figure out what it is.

 

All of those are some of the ancillary yet impactful benefits that we’re seeing.

 

Gardner: Given the ongoing tight labor market, it sounds like the role of the finance people can now better help innovate for other parts of the organization, such as human resources. Better tracking payments and processes can help exploit a gig economy of contractors or use different forms of labor while tracking the costs in full.

 

So, is there an elevation that we should expect to see in terms of the status and impact that the finance office can have across the business?

 

CFO: From counter to consultant

 

Kurtz: Without question that’s the case. Here at Basware, our CFO is becoming more of a consultant, business partner, and adviser to other functions within the organization. That is a very common trend and theme we’re seeing as CFOs have broad influence and more operational span of control. They are changing from being the counter to being the financial consultant.

 

These new types of CFOs are bringing the insights from all of that data that we’ve talked about and helping the whole business operate better and deliver on expectations of profitability, growth, or whatever it is that that function is focused on.

Move from manual ways of working to the most automation AP processes possible.

And then, if we want to be really provocative about where this leads, you might have AP organizations that become profit centers. Because of the cost-reduction elements that they can take out, the working-capital benefits that they can unlock, and the ability to attract more supply -- all of those things help with investment, innovation, and growth. We might someday be looking at finance functions that are profit centers instead of cost centers.

 

Gardner: Interesting! Well, that’s a good segue to the last part of our discussion, which is what can we expect next? What’s in the future when we exercise true and pervasive AP automation? When will we be able to further avail ourselves of tools like machine learning (ML), artificial intelligence (AI), and instill an analytics culture within our businesses? What does your crystal ball show you coming for the modern accounts payable impact when we do it right?

 

Kurtz: We’re going to see a world in the not-too-distant future where in 95 percent-plus of the time, an AP person won’t ever have to touch an invoice. We will have better data from an invoice. Using AI, we will gain the capability to match and handle nearly all exceptions. We already have this today, but it’s going to keep getting better and better.

Soon more than 95 percent of the time an AP person won't ever have to touch an invoice. And we will have better data from that invoice. Using AI, we'll handle nearly all exceptions ASAP.

And you’re going to see these AP teams become much less, “How do I manage this exception? How do I go track down who the buyer was; what happened?” and all of that, to more of, “Hey, now I can think about what’s the best way to deploy my working capital. How do I take this data that we’re getting and spot impactful trends in it?”

 

As we become more touchless and automated, it’s going to free up value-added time to enable CFOs to be the business optimization partners, to spot trends, to understand better what’s happening in the business, and to bring ideas, solutions, and creativity to the rest of the organization. That will, in turn, fund the innovation that we want, fund the growth that need, and not just be a cost of doing business that we’ve been in the past.

 

Gardner: Yes, no better way to get a sign-off on something then when you can tell them it’s going to pay for itself, right?

 

Kurtz: That’s right. That’s exactly right.

 

Gardner: Jason, where can people go to learn more about these trends and solutions? Where do you look for good analysis and information about these trends, markets, and solutions?

 

Kurtz: At Basware, we do our best to be educational and share what we see happening in the industry as well as track industry trends and benchmarks. You can go to Basware.com to see that or follow us on LinkedIn. We post a lot of content on our LinkedIn page.

I like to read a lot of the industry analyst content that comes out. I think there is some really good stuff. I know recently I’ve done some good reading on benchmarks from Ardent Partners. They’d done some really interesting studies. Forrester has interesting studies that I’ve been reading about as late. So, those are two great examples.

 

Basware is also a founder and innovator around EESPA, one of the leading associations of invoice and AP automation providers across Europe. We’re constantly working together to bring forth ideas and innovation on how to bring more automation to the industry.

See how your organization stacks up on the top AP metrics comparisons.

And then frankly, Dana, most folks joke about me being a Chief LinkedIn Officer, and I’m a LinkedIn addict. I think there’s all kinds of great data that I find around LinkedIn and I’m constantly looking on there and finding interesting articles and information. So, just a few thoughts on where we can find some interesting insights.

Listen to the podcastFind it on iTunes. Read a full transcript or download a copy. Sponsor: Basware.


You may also be interested in: