Mike Mitchelmore is an IBRS advisor specialising in the areas of ICT strategy, program and project management, ICT service delivery and telecommunications. Mike has more than 40 years of experience in the ICT industry during which he has successfully led engagements in the design and deployment of a global telecommunications networks and IT platforms, negotiated managed telecommunications services, introduced new capabilities for call centres and consolidated ICT systems to focus on service delivery for citizen facing services. Mike has also assisted clients in ICT strategy, support planning, system design and architecture, and procurement strategies. Mike is a graduate of the Australian Army Command and Staff College, and the Royal Military College of Science (UK). He holds a degree in Social Science (human resource development), and graduate diplomas in Management Studies and Telecommunications Systems Management. Mike is a certified PRINCE 2 Practitioner and an ITIL (V2) Manager.
Conclusion: Digital strategies often require organisations to complete major transformation projects to deliver the outcomes required of the strategy. A digital strategy is not just about technology, it is a holistic strategy that involves change across people, process and technology. The acceptance of technical debt and inaction around cultural change can have a severe impact on the total cost of ownership of technology for business. The rate of change in technology can make the traditional approach of depreciation against assets an unnecessary negative impact on good strategic thinking.
Organisations need to address the cost of technical debt and cultural change when embarking on strategic transformational programs to improve productivity. Strategies that involve digital transformation must address the business culture (people and process) and ensure change management programs are funded. The strategy must address the true impact of technical debt and ensure that technical assets are not retained just because they have a residual financial value.
- Security Leadership
09 January 2020
Conclusion: In this day and age, customers expect to be able to complete a transaction across multiple touch points and for each touch point to be aware of where they are in the transaction process, and complete the transaction in real time. That is, not having to wait for batch processing or human interaction to be completed before they see a result. To achieve a great customer experience in the digital world, organisations need to build IT systems that support their business processes, allowing customers choice of channel, including the traditional face-to-face and asymmetric processes, like paper and email.
The value proposition for the customer is for the supplier to provide an automated online service that is, from the customer’s perspective, fast, reliable, inter-connected and secure. The improved omni-channel approach will drive customer adoption and allow reduced costs associated with the continued face-to-face and asymmetric channels.
- Operations & Service Delivery
05 December 2019
Conclusion: Identity has historically been a thorny problem with concerns over identity theft and the need for verification. Now that biometrics are becoming so accessible to register and verify customers and clients, the business rules used to define the purpose of any identity and access management system should be reassessed in the broader context of business integrity. That is, to assess identity management in three dimensions of first, who the entity claims to be (person, business or thing), second, where the entity exists (geographically and digitally), and third, the entity’s behaviour.
By taking a broader view of identity to address the flow of an entity from a business integrity viewpoint, identity ceases to be just a token and becomes a life cycle. As a result, bona fide customers and clients can access services and products easily and safely, and non-bona fide customers and clients can more easily be isolated and denied access.
- Security Leadership
02 November 2019
Conclusion: Analysts in general are correct to identify the challenges in the industry to develop appropriate skills, meet the demands of digitisation and to counter the security threats. When it is distilled down it is all about the business. The CIO is supporting business outcomes which will need specific technology solutions, which will, in turn, drive ICT strategy. The key to success is defined by how the CIO drives the outcome. The CIO, therefore, must possess soft skills as well as technical knowledge to deliver success.
The key to success for CIOs is mastering four soft skills that allow them to achieve control of the ICT environment. Effective control will allow the CIO to deliver exemplary services in support of business today, whilst gaining support from the executive for the ICT strategy to meet the demands of tomorrow. Sounds simple but as experience has found, it is easier said than done.
The secret lies with good networking within the executive and key stakeholders, situational awareness of the ICT environment, the ability to effectively delegate with clear direction of what is to be achieved, and a communications strategy which allows for engagement by all stakeholders and escalation of issues through both technical and management channels without fear or favour.
- Governance & Planning
02 October 2019
Conclusion: The ICT Disaster Recovery Plan (DRP) is, more often than not, focused on technology providing for redundancy of infrastructure and systems, including data back-up and data recovery. Whilst these components are important and necessary, we often oversimplify the need for business resumption of the ICT business, which in turn will impact ICT availability. The need to ensure people are part of the planning is critical to success. Often the disaster, whether it be a technology issue, a business issue, such as a fire or denial of access to key sites, or an environmental issue such as a flood or storm, can equally affect the need for expanded operations centres and larger than normal help desk support functions.
Effective planning and testing of the plan, for all aspects of a probable disaster scenario and the ICT Business Resumption Plan (BRP) to support the business as a whole, is necessary. Effective testing of the DRP and BRP for ICT must be a high priority for any CIO to ensure service levels are maintained. Failure to do so will increase the risk of ICT to the business.
Any test of your DRP and ICT BRP should include business and customer involvement to provide your organisation confidence that all known risks have been successfully mitigated. The oversight of the testing of these plans must be planned and conducted by an independent body (preferably a consultancy that has knowledge in the organisation business world, or your ICT advisory service).
04 September 2019
Conclusion: ICT health checks enable organisations to better understand risks and prioritise activities to both maintain and improve the performance and reliability of ICT in support of business outcomes.
ICT health checks can be conducted as a light touch in the first instance, with detailed in-depth health checks being conducted as follow-up activities in specific areas where and when necessary.
An effective ICT health check strategy will be business-focused and not based on technology alone. Implanting health checks as part of your annual ICT budget planning will provide timely advice on the organisation’s ICT health and provide in-built regular reviews of ICT health to ensure business outcomes are achieved without unnecessary risk.
05 August 2019
Conclusion: The development of a strategic relationship between suppliers and public government agencies needs to be approached differently to that in the private commercial world. Government bodies are bound by procurement rules which require government agencies to regularly market-test provision of services, where value for money is the primary consideration. Government agencies cannot therefore have a strategic partnership with suppliers in the same manner as a commercial strategic partnership. The relationship must therefore be timeboxed to meet procurement policies such as the Commonwealth Procurement Rules and cannot be open-ended1.
Strategic vendors for government agencies are either critical to the delivery of business outcomes or are influential in the development of future business opportunities.
For strategic vendor management to be successful in government, both the government agency and the vendor need to commit to effective governance of the relationship and agree to share knowledge on business strategies and product development.
05 July 2019
Conclusion: Successful businesses need their people to be productive and to perform well. Effective communication may assist i.e.suring they do. Effective communication is about thought leadership, defining a purpose, informing tasking and priorities and, most importantly, listening. Opportunities that impact productivity and the fiscal performance of organisations are often lost or not fully prosecuted due to poor communication. Poor communication will result in less than optimal planning or reduced time to react, causing the need to compromise. This, in turn, results in poor prioritisation, and i.e.erything is urgent, nothing gets the appropriate focus.
To communicate effectively at the personal, work unit and organisational levels requires a level of discipline in adherence to the basic principles of effective communication, which will lay the foundation for success.
Effective communication will improve productivity, reduce risk, reduce costs and reduce time to market. Effective communication will deliver line of sight for your strategic outcomes and in doing so will be a combat multiplier for your business.
- Sourcing & Staffing
03 June 2019
Conclusion: Telecommunications services and the supporting infrastructure have historically been complex, costly and difficult to change. The modern technology landscape now allows for greater flexibility in the design of networks, and the telecommunications services of voice, video and data they deliver.
The use of software defined networking (SDN), Cloud-based standard operating environments (SOE) with unified communications (UC) and Cloud-based call centre solutions are now mature, secure and commonplace in the market.
These changes with the significantly reduced cost of physical connectivity (lines and links), which are now viewed as a commodity, enable the telecommunications landscape to be agile to each organisation’s business needs and delivered at greatly reduced costs.
29 April 2019
Conclusion: The Agency Head/CEO is responsible to accredit the ICT system for use at the PROTECTED level. The accreditation process is specific to the services being delivered for the organisation. The Australian Signals Directorate (ASD) certification process is a generic process that assesses the Cloud Service Provider’s (CSP) level of security only.
The Agency Head/CEO remains responsible as the Accreditation Authority (AA) to accredit the security readiness for the services to be delivered for their organisation. In practice the CIO/CISO will lead the accreditation process on behalf of the CEO.
ASD’s role as the Certifying Authority (CA) for PROTECTED Cloud services provides the agency/organisation using the CSP with independent assurance that the services offered meet government Information Security Registered Assessors Program (IRAP) requirements and vulnerability assessment requirements at the PROTECTED level. The certification process provides a consistent approach to the cyber risk assessment of the CSP’s environment only. The PROTECTED Cloud certification does not cover security assessment related to the design and maintenance of the customers’ services and/or software to be run on the PROTECTED Cloud platform.
The adoption of a PROTECTED Cloud solution will still require a regular review of the security posture. ASD will conduct regular reviews of their processes as the certifying authority (CA), and the Agency Head/CEO will be required to regularly review the accreditation of the service as a whole.
05 April 2019