Conclusion: All organisations need to identify the value of their procurement portfolio. That is, to document and regularly review the portfolio to understand both the criticality of the contracts to business and the triggers that decide whether the technology is meeting the need and when actions need to be put in place to limit the risk to the business in the acquisition process.

With an improved situational awareness of the procurement portfolio, organisations then need to ensure alignment with the business strategy. The alignment can only be achieved with regular independent reviews, and by effective governance processes to ensure that the risk associated with procurement planning is contained.

Read more ...

Conclusion: SAP ECC on-premise versions required ownership of ERP infrastructure and multi-year licensing. The business cases for such investments considered ERP systems essential to remain competitive in IT service industries, logistics and resource-intensive sectors.

The next stage of the SAP journey recognises that Cloud infrastructure associated with S/4HANA can remove the large capital investment and reduce operating costs. Even with this infrastructure saving, the data migration risk remained with CIOs looking to identify a reliable data migration method. Any data migration considered to be high risk should be avoided in the current environment. Many are unfamiliar with the best method to migrate from on-premise SAP solutions to SAP S/4HANA in the Cloud.

SAP and its partners are now making this data migration journey not only more transparent but achievable in a timeframe that is measured in months not years. This is being achieved through Cloud platforms that can interrogate and integrate legacy data, then present migration paths in real time whilst retaining the data integrity before, during and after the migration.

Read more ...

Conclusion: ‘Voice of the customer’ (VoC) programs often involve the collection and analysis of data through feedback, research and analytics. This can provide an organisation with a strong view of customer desires, pain points, improvement opportunities and new product opportunities. However, this approach does not provide insight into whether these desires, pain points and ideas are shared by your employees. It also does not tell you whether these ideas are easy to implement or if they are achievable. In part, these are the reasons why only 24 % of large firms think they are good at making changes to the business based on insights captured through their VoC programs1.

Many organisations invest in employee engagement programs and initiatives, without realising the full benefit (i. e. action) of this investment2. This paper explores how, by capturing the voice of your staff as a component of your VoC program, organisations can increase the practical value of insights collected, expedite the road to implementation and focus on targeted, achievable action.

Read more ...

Conclusion: At the start of 2020, businesses had carefully-devised strategies in place which had been put together the year before. The onslaught of the global pandemic has either put these strategies to the test or caused them to be scrapped completely. The coronavirus has imposed changes everywhere we look and across different industries. Some businesses were forced to close shop. Others have been on a path of fast-tracked innovation and transformation. Before the pandemic, organisational behaviour had been structured to usher in growth and expansion. Although these are still valid goals, another factor has been added and that is survival.

With an economic crisis looming, consumer behaviour will inevitably change. Building and rebuilding the business requires its executives to be resilient and agile. A change in mindset is key. Alternative perspectives are relevant in pivoting in this new normal. After the period of adjustment has set in, managing IT may look different from how things were previously done.

Read more ...

Conclusion: As organisations strive to enhance customer experience, complemented by marketing and sales activities, success will be contingent on IT and business professionals using data literacy skills and being able to implement systems that make it easy to do business with them and understand their buying patterns.

Unless IT and business professionals acquire the data literacy skills needed, and make the right data available, efforts to better engage with customers and prospects will fail to achieve expectations and opportunities will be wasted.

Read more ...

Conclusion: Security breaches by insiders, whether deliberate or accidental, are on the increase and their consequences can be just as catastrophic as other types of security incidents. Organisations are typically reluctant to disclose insider security breaches and as a result, these breaches receive relatively little media attention. The insider threat may therefore be perceived as being of secondary importance in an organisation’s cyber security program. However, given the consequences, organisations need to ensure that this risk is given sufficient executive attention and resourcing.

Read more ...

Conclusion: Passwords will continue to be part of the landscape for the foreseeable future. Organisations, driven by the concepts of defence in depth, must implement techniques that enhance the security of the authentication process. Both products and processes can be enabled or added to help secure the creation, use and storage of passwords.

Each of the techniques mentioned can be used on their own to enrich the security. Some or all of them can be combined to further build the security. Most of them have little associated costs apart from deployment and perhaps training, but the cumulative impact on the robustness of the authentication process is significant.

Read more ...

IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Conclusion: Cyber incidents and the protection of information have now taken enterprise and national significance. 

Organisations will need to learn to operate securely in a zero trust world. With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to a strategic enterprise risk. The risk of a compromise for most organisations is increasing with the acceleration of digital transformation, adoption of technologies such as Cloud services, analytics and IoT. The threat landscape is further compounded by increased regulatory and compliance requirements.

A cyber compromise is almost inevitable and organisations are now focusing on improving the resilience of their organisation to a cyber incident. Many organisations now have cyber resilience programs in place which not only protect and defend their key information assets but are also well placed to respond should a cyber incident occur. Our cyber strategy, roadmap and implementation advisory are designed to assist on your cyber resilience journey.

Read more ...

Conclusion: As-a-Service solutions offer organisations agility, flexibility and scalability but the graveyard of unused software piling up should ring alarm bells. Neglected software utilisation and compliance will be factors that should drive a new Software Asset Management (SAM) investment. The impact of an unmanaged Cloud SaaS or IaaS solution will be quickly revealed during audits. At a time when management is a focus, this should be an easy win.

Organisations will need to quickly identify if they are running single or multi-tenanted instances and whether production and non-production environments are being managed efficiently for the purposes of SAM product selection.

Selecting a SAM tool should be proportionate to the cost of non-compliance. Unmitigated software licence costs can be eye-watering. Consider these factors when selecting your SAM product for Information Technology Asset Management (ITAM):

  1. Data points
  2. Software overspend
  3. Inefficiency
  4. Compliance

Read more ...

Conclusion: Governance committees face a number of challenges that can undermine their effectiveness. These challenges include groupthink, a focus on individual responsibilities rather than organisation-wide benefits, trust issues and a lack of knowledge of emerging issues and opportunities. Appropriately qualified and experienced independent external advisors can play an important role in overcoming these challenges.

Read more ...

Conclusion: People are and will be using passwords for the foreseeable future despite the numerous efforts underway to dispense with them. Managing them and particularly resetting them are ongoing costs for organisations.

Passwords are also a significant contributor to breaches. They are either captured during credential-grabbing efforts, leaked in a data breach or just too easy to guess.

Yet there are excellent guidelines in existence to assist people to minimise the possibility of passwords being cracked or guessed. Some involve implementing good policies, and most involve making it easier for users to create, remember and use passwords.

Read more ...

Conclusion: In the modern world, no organisation has ICT entirely in-sourced. As a result, procurement, contract and vendor management have become strategic processes that allow organisations to align their ICT capability with the business strategy to achieve the desired outcomes, both now and into the future.

It is often the case that effective planning for the procurement of technology capability is compressed or constrained such that procurement is not able to effect ‘big step’ change. Or the commercial approach means the agreement is based on a fixed term, which results in the procurement not being a strategic exercise. More often than not, the procurement delivers constraints that limit the business’s ability to achieve the desired outcomes. These constraints limit the business’s ability to be agile in terms of elasticity, or how well it can respond to disruption in the market.

The technology options to meet business demand are not the same today as they were yesterday, and they will undoubtedly differ tomorrow. The challenge is to ensure ICT procurement is responsive to the business strategy, and that vendors share in the advantage a strategic alliance brings to the business. Procurement needs to be effectively planned and clearly aligned to the business strategy to ensure the strategy is delivered effectively.

This paper is the first in a four-part series on how to ensure procurement meets the business need, gain an understanding of strategic versus tactical procurement, and will define the steps necessary to avoid the pitfalls that cause procurements to under-deliver.

Read more ...

Conclusion: Many organisations are engaged in implementing digital transformation programs to provide enhanced customer services, e. g. with new products or to reduce operating costs, or both. Unfortunately, many programs fail, sometimes repeatedly, until they achieve their set objectives. What is important though is when failure occurs, use the lessons learned to try again.

Delivering a transformed organisation is hard as it is inevitably accompanied by:

  • Redesigning business processes to meet today’s business imperatives
  • Implementing enhanced information systems
  • Encouraging employees to acquire new skills and be innovative
  • Actively minimising the business risks

Read more ...

Conclusion: Growing use of SaaS-based, low-code application development platforms will accelerate digital process innovation. However, embracing citizen developers (non-IT people who create simple but significant forms-based applications and workflows) creates issues around governance: including security, process standardisation, data quality, financial controls, integration and potentially single points of failure. There is also a need for new app integrations and service features for its stakeholders that need to be addressed before the potential for citizen developers can be fully realised.

If governed properly, low-code platforms and citizen developers can accelerate digital transformation (or at least, digitisation of processes) and in turn alleviate the load on traditional in-house development teams.

Read more ...

Conclusion: This month, there has been an increased focus on the impact of external environments and customer demands on managed services providers and their offerings. An increased demand for hybrid working solutions, remote operations and connectivity solutions has driven a greater demand for associated services such as security, Cloud and platforms. Customers have been searching for targeted and combined solutions to help address business needs and increase operational efficiencies. For those vendors that put an emphasis on meaningful customer relationships and interactions, maintaining open and clear communications and the capacity to adapt to client needs is critical. A customer with a heavy reliance on legacy systems for key business processes may find this raises challenges or is simply no longer feasible in the current climate. Service providers must be ready to work with clients that need to adapt or completely overhaul in order to provide the necessary support in difficult times. 

Read more ...

Conclusion: As a result of the COVID-19 outbreak in Australia, many businesses’ income has been reduced, approximately 800,000 people have been made redundant and the IT budget has been significantly cut. IT organisations are left with no alternative but to improve their internal efficiency to continue meeting their committed service levels while facing a constant drop in headcount. To survive under these budget limitations during the next two years, IT must focus on efficiency quick wins that opt to reduce costs, automate highly manual activities and mitigate critical risk that may lead to service breakdowns, which in turn require significant human effort to rectify. The quick wins should be implemented within 18 months to realise the desired effect. An efficiency improvement task force should be established to make it all happen. 

Read more ...

Conclusion: The coming global recession will see ICT budgets cut, or at least constrained, in the 2021 financial year through to 2023. CIOs are now inundated with advice that boils down to this singular direction for efficiency and mostly, for survival. Although sound, this advice does not take into consideration that many CIOs have long been practising cost-efficiency. Many IT shops are already cut to the bone.

IT projects will be on the chopping block. Hence, it is crucial to prioritise now – before the cuts are mandated – which IT projects can be shelved for a few years without unacceptable risks to the organisation. It is important to note here that postponing or cancelling projects is being framed as a business risk decision. The CIO’s role is to put forward the risks of delaying or killing off a project, not to be the sole arbitrator. 

Read more ...

Conclusion: In August 2020, IBRS ran a roundtable on the issue of Microsoft Support service, and specifically options for obtaining services in the most effective manner. 

The replacement of Microsoft's traditional Premier Support programs for its Unified Support program is well underway. For many organisations, the new program is a strong fit, offering a wide range of services and unlimited reactive support inquiries for a fee that is directly proportional to their Microsoft software and platform investment.  

However, for others, the program is not an ideal or cost-effective fit. During the roundtable, 16 peers shared their stories of how they have approached Microsoft support in the new era and a set of practical recommendations was developed. 

Read more ...

Conclusion: Estimating the workdays for an agile- or waterfall-based IT project is not a simple task. However, with effort and a disciplined people-focused approach, it can be turned from an art into, as close as possible, a science.

When the effort is made, management will become more comfortable with the resources needed to complete projects and avoid the unpleasant task of asking for more resources than expected due to flawed estimating.

Read more ...

Conclusion: The massive shift to working from home since the start of the COVID-19 pandemic has led to upsides for employees: more flexibility, no commute and greater productivity. Many executives have been publicly extolling the virtues of remote working. However, a number of management, cultural and work design issues are now starting to emerge. Organisations need to review their current workplace design and practices and prepare for a hybrid home-office workplace post-pandemic.

Read more ...

Conclusion: The COVID-19 pandemic has resulted in prolonged lockdowns and quarantines, limiting economic activity and resulting in closure of businesses and many people losing their jobs. Various institutions around the world are unanimous in predicting that a recession is on its way, if not already here. Unless a vaccine is developed in the immediate future, the uncertainty will continue to rise in the days and months to come. However, businesses can turn this situation into an opportunity to examine their current operations.

A review of the events of the recent global recession – the global financial crisis of 2007–2008 – reveals that six recession-seeded trends, when acted upon promptly, provided business advantage. Although the trends for the anticipated COVID-19-led recession are still to be established, CIOs can benefit from re-examining the lessons of the past recessions and exploring a recession’s potential to deliver organisational efficiencies and savings. The outcome may be selective adoption of technology or deferral of projects, but the potency of these trends cannot be ignored.

Read more ...

Conclusion: To respond to the digital world challenges, many organisations are transforming their operations to multi-Cloud to reduce cost, improve service efficiency and contain business risks. As a result, the multi-Cloud availability has become a critical success factor. In some cases, multi-Cloud complex architecture weaknesses have resulted in service outages and allowed ransomware attacks to severely impact business operations. The new generation ITSM tools provide effective backup and recovery facilities that are worth investigation to mitigate multi-Cloud exposures to failure.

Read more ...

Conclusion: For the last two decades, the market for ruggedised computing has been led by emergency, policing and military needs. The advent of lower-cost wireless networking, 4G and now 5G has prompted a sharp rise in field workers using devices and mobile-ready solutions to streamline operations. Unfortunately, legacy thinking about the type of devices to be used has prevailed: either staff get consumer devices (iOS or Android) or military-spec ruggedised devices.

There is an opportunity to rethink this polarised view of devices. Rather than seeing devices as either consumer or rugged, it is better to view devices on a spectrum of needs, including ruggedness, based on the work contexts in which they will be used.

Read more ...

Conclusion: Identity and access management is a crucial component of an organisation’s security posture. At its most basic, it is how an organisation determines whether an individual can access resources or not. In today’s world, it is also becoming the basis of how applications first identify then communicate with each other.

Assurance of identity is the cornerstone of managing access to information. An organisation must be confident in that assurance. One method of bolstering the strength of that assurance could be the deployment of multi-factor authentication – at a minimum to privileged users, but ideally to all users of the services and applications whether those users are staff or not.

As organisations move from office-bound networks to distributed workforces combined with Cloud-based Software-as-a-Service (SaaS) applications, identity will evolve to be almost the sole element used to assess and grant access. Identity is certainly a central element of zero trust environments.

Read more ...

Conclusion: The need to see value from an enterprise architecture (EA) framework is essential, if for no other reason than to justify the cost. However, the business benefit of EA is not just the cost. It will also provide reduced risk and improved agility for the business in its use of ICT.

Many organisations struggle with how success or failure of EA should be measured. This paper provides the reader with guidance and advice on what to measure EA against and how that measurement could be presented as a key performance indicator (KPI).

In establishing KPIs for the EA framework your organisation has adopted, both business and ICT will jointly have a better understanding of the value EA brings to the enterprise, and be able to provide governance on the continuous improvement of your EA framework to achieve even better value.

Read more ...

IBRSiQ is a database of client inquiries and is designed to get you talking to our advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Conclusion: This month has seen a rise in mid-high level IT management appointments and departures. These types of shifts are especially prominent in times of change and uncertainty when companies search for staff to provide new skills, experiences to support critical IT and business operations. With an impetus to expedite digital transformation and other projects, companies must focus on increased standards for selecting, deploying and managing infrastructure and highly skilled professionals to implement plans. Vendors must be prepared to support customers when leaders with different priorities or focused on streamlining and enhancing business operations are brought in.

Read more ...

Conclusion: The Digital Ready Workforce Maturity Model serves as a tool to help organisations measure the digital readiness of their workforce. It provides the baseline for organisations. This insight then informs strategic planning, policies and capability development priorities for organisations to guide and subsequently monitor maturity and capability.

Read more ...

Background: The federal government has finally unveiled its cyber security strategy. The Australia’s Cyber Security Strategy 2020, released on 6th August will see $1.67 billion invested in a number of already-known initiatives aimed at enhancing Australia's cyber security over the next decade. IBRS provides their key takeaways from the strategy.


Most of the funding for the Strategy 2020 is from July’s announced $1.35 billion cyber enhanced situational awareness and response (CESAR) package much of the Strategy details will be contained in legislation to be put before parliament.

Read more ...

Conclusion: This month, the first anchor tenant signed up to the new Sydney Innovation and Technology Precinct. The NSW Government first announced plans for the Tech Central precinct, located in Sydney’s CBD, in 2018. The precinct is expected to provide 50,000 square metres of space for startup and scale-up businesses and promote industry expansion, innovation and collaboration. These types of initiatives are critical to stimulating the ICT service industry, and ensuring the ongoing development of offerings and delivery models that shift quickly and are sensitive to external influences, such as new technologies or the pandemic. The Tech Central precinct is expected to facilitate the evolution of the industry in Australia and allow for high quality and advanced products and services that customers demand, and vendors require to remain relevant in a highly competitive environment.

Read more ...

Conclusion: The traditional IT service management (ITSM) tools have allowed IT organisations to automate key IT processes (e. g. incident management), promote service management disciplines and meet service levels in the majority of cases. However, they were not designed for multi-Cloud management. The new generation ITSM tools address the essential multi-Cloud requirements by offering:

  • Asset discovery
  • Performance management
  • Multi-platform Cloud cost forecasting
  • Integrated Cloud security and compliance verification
  • Mechanisms to orchestrate applications workflow across platforms
  • Backup/recovery

IT organisations should assess the cost-effectiveness and relevance of the new ITSM offerings to business operations improvement1.

Read more ...

Conclusion: Due to the pandemic and economic decline, politically astute IT managers will need all their selling skills to get one-off IT infrastructure proposals approved. Not only is this due to a decline in earned revenue or grants, but also because procurement involves paying cash to vendors.

IT managers may need to ‘walk the talk’ to convince decision makers to support IT infrastructure investment proposals. In an environment where demand exceeds supply, and competition for scarce resources is high, the need to sell the proposal is probably an organisational political necessity.

Read more ...

Conclusion: Ransomware attacks are becoming increasingly common and Australian organisations have experienced several high-profile incidents in 2020. While the preferred option is to recover from backups, organisations may find that this is not feasible either because of the scale of the compromise or that backups themselves are compromised. While the decision to pay a ransom is complex and poses significant risks, it should be explored in parallel with the recovery from backup.

Read more ...

Conclusion: Working remotely has become the default option for most companies in the new normal setup. Although this has led to rising demand in technological tools and IT systems, it is unlikely the tech industry will be spared widespread job cuts – already such cuts are being seen in some industry sectors. With the world bracing for recession, companies are cutting down on costs and tightening budgets wherever they can.

Understandably, the current state of job insecurity is creating anxiety in employees who have retained their jobs. IT staff are justifiably feeling insecure and this is likely to affect some employees’ work performance. Such anxiety is a major issue that needs to be recognised and addressed quickly and effectively in order to enable the company to maximise its existing resources both during the economic downturn and as it starts to grow again.

Read more ...

Conclusion: IBRS has identified five areas of governance overlooked in the rush to deploy Teams. Organisations now need to ‘back-fill’ these areas to ensure the organisation meets its compliance obligations and reaps the full benefits of the digital collaboration environment.

Read more ...

Conclusion: Many organisations have integrated enterprise architecture (EA) into the business processes, whilst many have not. To some, it is a religious argument as to why the ICT group even needs to have people with ‘architect’ in their name; for others, the EA group is the watchdog of the system, ensuring both new capabilities and changes to existing capabilities will be fit for purpose.

Like most things in business, the cost versus benefit analysis to justify why any activity is a priority is essential before committing effort and resources to it. EA should be no different. Organisations should complete a business case assessment to justify why EA is necessary for their business model, and what form it should take.

In doing so, both business and ICT will jointly have a better understanding of the value EA brings to the enterprise, be able to manage expectations on what EA can deliver and judge its effectiveness.

Read more ...

Philip Nesci, IBRS adviser and former CIO, has warned that agencies will need to get their information management sorted out to capitalise on the new rules.

‘‘Agencies need to identify their high-value data sets and where they are located.’’ 

Full Story.

IBRS advisor Dr. Joseph Sweeney discusses why it falls to individuals to look at improving their work in a post-COVID world. Dr. Sweeney comments on the need to build a culture of innovation that empowers employees to understand where improvement is needed in their job.

Full Story.

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Subscribe

Want to get the latest papers from all our advisors? Subscribe, and we'll send you the information you need.

Invalid Input
Please enter a valid email address
Invalid Input
Please enter your mobile phone number
Invalid Input