Main
Log in

Governance & Planning

Conclusion: Consolidating information systems after a MoG change or a company acquisition is not only risky but also likely to be expensive. The problem is compounded when the benefits expected from the merger are out of reach or, in the case of a company acquisition, the buyer has paid too much, and the stakeholders are demanding accountability.

To maximise the probability of a successful merger from a business systems perspective, do not take claims made of the ICT systems’ integrity at face value. Verify them and develop plans to integrate the systems where feasible, while minimising risks and retaining skilled IT and business professionals.

Conclusion: While there was significant media attention on artificial intelligence and blockchain in 2017, the primary concerns of Australia’s CIOs remain focused on the more pressing issues of migration to the Cloud, and its impact on IT operations and staffing. Where discussions of artificial intelligence play a role is in automation processes and workforce transformation.

Conclusion: Achieving the ability to comply with the new European General Data Protection Regulation is seen as a costly and burdensome overhead adding a new layer of complexity to how organisations will need to manage and secure Personally Identifiable Information (PII) records kept by them.

However, organisations should view the potential benefits of being able to use obtaining and maintaining the ability to comply with GDPR as an opportunity to justify investments in technologies, process improvements and people to deliver better overall outcomes for the organisation.

Rather than simply focusing on doing what is required to be able to comply, focus should be on using the opportunity to update tools and processes to improve organisational efficiencies, reduce costs, increase customer and employee loyalty, and improve productivity.

Conclusion: AI includes a very broad range of technologies being applied in virtually all industries. AI is being used in new stand-alone services like real-time language translation1 or extensions of existing common IT applications such as the increasing use of chatbots in contact centres or recommendation engines in digital marketing.

This means that the use of AI in both IT and operational technologies2 (OT) requires C-level attention.

Business leaders will need to convert recent global interest and agreements in AI safety and ethics into AI governance guidelines in the exercise of their triple bottom line responsibilities (for profit, social responsibility and sustainability).

Conclusion: Business and IT professionals struggle with how to frame their message so it engages the reader and has immediate impact. To get the reader’s attention, it is important to pose a business problem, or an unacceptable situation that is pre-occupying the reader, and provide a solution on the same page.

Conclusion: Organisations know that they have legal obligations in terms of record retention and privacy. The foundation of good information management governance is an effective record retention schedule (RRS). Organisations need to regularly review and audit their RRS not only in terms of it being current, but also in terms of it being effective and being complied with.

An effective schedule is one that is being complied with, is easy to understand, meets all legal and regulatory requirements and allows for effective record discovery or e-discovery if required.

Effective management of records is an organisational issue, not an IT issue. IT makes a contribution in provisioning solutions to assist in the management of digital records or helping convert non-digital records into digital records as appropriate. IT also needs to determine the best practices for managing data based on its value rather than its volume.1

Conclusion: Organisations are under pressure – pressure to keep limited budgets in check and pressure to deliver more in short time frames. Full time headcount is down and a significant amount of the work undertaken by organisations is project based. This has driven many recruitment practices including the engagement of skilled professionals to deliver on those projects. Induction processes are limited as this is seen as an overhead when it is critical to focus on the desired outcomes. As a result, organisations are limiting their resource pool and the benefit that experience in other sectors can bring. In addition, there is limited focus on what longer-term contribution or skills transfer can be provided for the broader workforce as they transform towards a digital workforce. Unless recruitment and resource management practices change, staff and skills shortages will continue to dominate the CIO risk list.

Conclusion: Most organisations do not know the extent of shadow or departmental IT. It is likely to range from using complex SaaS (Software-as-a-Service) solutions for core business systems to use of spreadsheets for simple applications, such as managing grants for local sporting organisations.

Unless there is a filter to assess requests for and identify non-compliant software, e. g. with inadequate security processes or using unapproved technical architecture, management conflicts are inevitable.

Conclusion: The range of channel and customer engagement tools needs thorough and continuous evaluation. There are two challenges to this objective. Firstly, the initial impediment is to gather data from various sources. The second problem is to apply a coherent and durable methodology to all of it.

The greater complexity of technologies and increased channel support means organisations must have a path to understand how their technologies perform. The most common assessment of return on investment can be applied to all data sets but it lacks sophistication. Developing a use-case will help establish a secure methodology which will make clearer the real value of customer satisfaction.

Conclusion: Despite repeated audits pointing to failures by IT to deliver expected outcomes, organisations continue to publish IT plans that do not adequately address the fundamental dimensions of IT planning, being the IT Business Plan, IT Strategies and IT Program of Work.

These elements are often developed as a single composite document, but this approach fails to recognise that each dimension:

  • requires a different method of creation
  • is owned by different stakeholder groups
  • has a different purpose and audience
  • requires renewal on different cycles.

Failure to ensure that all dimensions are addressed presents risks to implementation both in terms of effective up-front investment selection as well as ongoing IT governance arising from gaps in critical decision-making information.

To avoid these risks, organisations should maintain the content of each IT planning element as a separate deliverable even if the desire, or requirement, is to regularly produce an “annually” updated composite document.

In the News

Managed security: a big gamble for Aussie IT providers - CRN - 02 August 2018

TechSci Research estimates the Australian managed security services (MSS) market will grow at a CAGR of more than 15 percent from 2018-23 as a result of the increased uptake of cloud computing and...
Read More...

Kids, Education and The Future of Work with Dr Joseph Sweeney - Potential Psychology - 25 July 2018

What is the future of work and how do we prepare our kids for it? Are schools and universities setting kids up for future success? Does technology in the classroom improve outcomes for kids? Should...
Read More...

PageUp starts rebuilding and looks to learn lessons after data breach nightmare - AFR - 27 June 2018

The timing couldn't have been worse for PageUp; two days before Europe's new data protection regime came into force the Melbourne-based online recruitment specialist's security systems detected...
Read More...

Australia is still in the cyber security dark ages - AFR - 28 June 2018

In terms of cyber security years, Australia is still in the dark ages, a period typified by a lack of records, and diminished understanding and learning. We're only a few months into practising...
Read More...

AMP does maths on infosec shortage - ITnews - 18th June 2018

Cyber security and risk advisor at analyst firm IBRS, James Turner, said the cyber skills shortage was prompting a wider rethink around the domain in terms of resourcing for the last few years....
Read More...

Subscribe to IBRS Updates

Invalid Input
Invalid Input
Please enter a valid email address
Please enter your mobile phone number
Invalid Input

Get in-context advice from our experts about your most pressing issues or areas of interest

Make an Inquiry

Sitemap

Already a subscriber?

Login to read your premium content.

        Forgot your password?
Recently Viewed Articles
Related Articles