Main
Log in

Governance & Planning

Conclusion: Organisations everywhere are implementing Agile as a dynamic approach to speed up the creation of value and improve development of new and improved services and products. Adopting a best practice such as Agile is more than learning a new process and skill and then applying it in a project environment. Implementing Agile in an established organisation means that there are often a number of other frameworks, best practices and procedures that will need to co-exist with Agile. It is critical to consider these elements and adjust them to ensure that Agile is effective in delivering the value and benefits expected and is not another “best practice” fad.

Conclusion: Business leaders should convert recent global interest in AI applications, safety and effectiveness into AI governance guidelines in the exercise of their triple bottom line responsibilities (for profit, social responsibility and sustainability) as outlined in IBRS research note, “The emerging need for IT governance in artificial intelligence”1.

AI includes a very broad range of technologies being applied in virtually all industries. This means that the use of AI in both IT and operational technologies2 (OT) requires C-level attention and supervision.

Conclusion: Project management in organisations is commonplace. Reviews are often undertaken at the end of the project to gain learnings for future projects. Project reviews completed during the life of a project need to ensure that they are inclusive of appropriate stakeholder groups and assessment is targeted at the appropriate focus areas. Active and inclusive review and assurance activities need to be well understood and supported within the organisation so that it is not viewed as an exam that needs to be prepared for and passed. Applying reviews and assurance as a process checkpoint only is ineffective and will not ensure quality project delivery.

Conclusion: The forthcoming General Data Protection Regulation (GDPR) is new legislation being introduced by the European Union, which does have ramifications for organisations worldwide.

Being new, there is still a lot to be learned about what exactly some of the specific requirements will mean in practice and how they will impact organisations in being able to show that they have understood and completely complied with the regulation.

When considering an organisation’s position and defensibility in terms of did they comply or not, organisations will need to develop an understanding on the specific requirements, and how exactly they have implemented “technical and organisational measures to show that they have considered and integrated data protection into their processing activities”1.

Related Articles:

"Understanding GDPR requirements Part 4: Data portability" IBRS, 2018-06-01 04:21:44

"Understanding GDPR requirements – Part 3" IBRS, 2018-05-04 18:57:12

"Understanding GDPR requirements: Part 2" IBRS, 2018-03-31 07:03:46

Conclusion: Consolidating information systems after a MoG change or a company acquisition is not only risky but also likely to be expensive. The problem is compounded when the benefits expected from the merger are out of reach or, in the case of a company acquisition, the buyer has paid too much, and the stakeholders are demanding accountability.

To maximise the probability of a successful merger from a business systems perspective, do not take claims made of the ICT systems’ integrity at face value. Verify them and develop plans to integrate the systems where feasible, while minimising risks and retaining skilled IT and business professionals.

Conclusion: Achieving the ability to comply with the new European General Data Protection Regulation is seen as a costly and burdensome overhead adding a new layer of complexity to how organisations will need to manage and secure Personally Identifiable Information (PII) records kept by them.

However, organisations should view the potential benefits of being able to use obtaining and maintaining the ability to comply with GDPR as an opportunity to justify investments in technologies, process improvements and people to deliver better overall outcomes for the organisation.

Rather than simply focusing on doing what is required to be able to comply, focus should be on using the opportunity to update tools and processes to improve organisational efficiencies, reduce costs, increase customer and employee loyalty, and improve productivity.

Conclusion: AI includes a very broad range of technologies being applied in virtually all industries. AI is being used in new stand-alone services like real-time language translation1 or extensions of existing common IT applications such as the increasing use of chatbots in contact centres or recommendation engines in digital marketing.

This means that the use of AI in both IT and operational technologies2 (OT) requires C-level attention.

Business leaders will need to convert recent global interest and agreements in AI safety and ethics into AI governance guidelines in the exercise of their triple bottom line responsibilities (for profit, social responsibility and sustainability).

Conclusion: Business and IT professionals struggle with how to frame their message so it engages the reader and has immediate impact. To get the reader’s attention, it is important to pose a business problem, or an unacceptable situation that is pre-occupying the reader, and provide a solution on the same page.

Conclusion: Organisations know that they have legal obligations in terms of record retention and privacy. The foundation of good information management governance is an effective record retention schedule (RRS). Organisations need to regularly review and audit their RRS not only in terms of it being current, but also in terms of it being effective and being complied with.

An effective schedule is one that is being complied with, is easy to understand, meets all legal and regulatory requirements and allows for effective record discovery or e-discovery if required.

Effective management of records is an organisational issue, not an IT issue. IT makes a contribution in provisioning solutions to assist in the management of digital records or helping convert non-digital records into digital records as appropriate. IT also needs to determine the best practices for managing data based on its value rather than its volume.1

Conclusion: Organisations are under pressure – pressure to keep limited budgets in check and pressure to deliver more in short time frames. Full time headcount is down and a significant amount of the work undertaken by organisations is project based. This has driven many recruitment practices including the engagement of skilled professionals to deliver on those projects. Induction processes are limited as this is seen as an overhead when it is critical to focus on the desired outcomes. As a result, organisations are limiting their resource pool and the benefit that experience in other sectors can bring. In addition, there is limited focus on what longer-term contribution or skills transfer can be provided for the broader workforce as they transform towards a digital workforce. Unless recruitment and resource management practices change, staff and skills shortages will continue to dominate the CIO risk list.

In the News

Managed security: a big gamble for Aussie IT providers - CRN - 02 August 2018

TechSci Research estimates the Australian managed security services (MSS) market will grow at a CAGR of more than 15 percent from 2018-23 as a result of the increased uptake of cloud computing and...
Read More...

Kids, Education and The Future of Work with Dr Joseph Sweeney - Potential Psychology - 25 July 2018

What is the future of work and how do we prepare our kids for it? Are schools and universities setting kids up for future success? Does technology in the classroom improve outcomes for kids? Should...
Read More...

PageUp starts rebuilding and looks to learn lessons after data breach nightmare - AFR - 27 June 2018

The timing couldn't have been worse for PageUp; two days before Europe's new data protection regime came into force the Melbourne-based online recruitment specialist's security systems detected...
Read More...

Australia is still in the cyber security dark ages - AFR - 28 June 2018

In terms of cyber security years, Australia is still in the dark ages, a period typified by a lack of records, and diminished understanding and learning. We're only a few months into practising...
Read More...

AMP does maths on infosec shortage - ITnews - 18th June 2018

Cyber security and risk advisor at analyst firm IBRS, James Turner, said the cyber skills shortage was prompting a wider rethink around the domain in terms of resourcing for the last few years....
Read More...

Subscribe to IBRS Updates

Invalid Input
Invalid Input
Please enter a valid email address
Please enter your mobile phone number
Invalid Input

Get in-context advice from our experts about your most pressing issues or areas of interest

Make an Inquiry

Sitemap

Already a subscriber?

Login to read your premium content.

        Forgot your password?
Recently Viewed Articles
Related Articles