Conclusion: Starting as a Melbourne-based SharePoint plug-in for forms creation solution, Nintex1 has grown into a Cloud-based process and workflow automation platform. In the last 18 months, Nintex has leveraged acquisitions of process mapping and robotics automation technologies to expand its offerings. The Nintex platform can now identify, visualise, manage and automate processes, placing it in competition with traditional business process modelling vendors. The firm has reconfigured its sales and marketing to focus on the market for enterprise optimisation – a market traditionally held by the likes of Pegasystems, IBM, Appian and Oracle. IBRS believes that Nintex now has the critical components of a pragmatic, Cloud-based business automation suite. Nintex should no longer be viewed as a niche workflow vendor for Microsoft solutions but should be considered along with other competitive mainstream business process automation solutions such as Red Hat, TIBCO Software, Software AG and K2.

Read more ...

Being prepared: IBRS has created a BCP checklist to help you create and/or update your business continuity plan.

This diagram is to be used in the following ways:

  • A checklist to ensure all BCP steps have been actioned and/or updated as required
  • An easy reminder to update key supporting documents to the BCP to remain current which include:
    • Enterprise risk frameworks
    • Business impact analysis documents
    • Evacuation and lockdown procedures
    • Recovery plans and testing of these plans
    • IT disaster recovery plans
    • Communication plans
    • Regular executive reporting

Read more ...

Conclusion: Cyber security is now one of the top priorities in many organisations. With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to being regarded as a strategic enterprise risk. The role of the Chief Information Security Officer (CISO) has traditionally required strong technology skills to protect the organisation from security incidents. With boards and executives now requiring executive-level cyber leadership and accountability, the role of the CISO must evolve beyond the traditional technology domain to also encompass strategy, stewardship and compliance as well as being a trusted business advisor.

Read more ...

Conclusion: As Australia’s use of consultancy services continues to grow, so too does the need for businesses to obtain value from these engagements quickly and effectively. Key to obtaining this value is the organisation’s ability to easily and rapidly provide consultants and contractors with the specific context of your business, your customers and your unique challenges.

By providing the organisational context quickly, you can mitigate time, scope and budget creep, improve the quality of outputs developed by consultants and ensure that consequent plans are actionable and genuinely valuable for your business.

However, the ability to provide the needed organisational context quickly and effectively to consultants remains a common organisational challenge, and therefore a pitfall for successful vendor engagement. This paper covers how you can overcome this pitfall.

Read more ...

Conclusion: While there is no perfect approach to restructuring an IT services department, there are fundamental principles (set out below) that must be followed, to get it right first time. If these principles are not followed, staff resistance to the changes proposed could impact staff morale.

Read more ...

Conclusions: Patching systems is regularly touted as the panacea for security breaches, yet many organisations continue to struggle with that seemingly simple process. There is obviously more to the problem than just buying and deploying a patch management system.

Most organisations are well-intentioned; it is not that they do not want to patch. As one delves deeper into the tasks around patching, it soon becomes clear that many unintentional, and some intentional, roadblocks exist in almost every organisation.

This note attempts to sort through some of those roadblocks and offer some approaches to diminish their impact. Some resources are identified to help with the design and build of a patch service. There is a real dearth of well-structured information around the patching process overall.

Read more ...

Conclusion: Choosing to simplify the SAP migration project by removing irrelevant KPIs could increase adoption. This is the common thread for organisations that have successfully undertaken the SAP migration from on-premise to the Cloud.

Choosing an SAP certified practitioner with S/4HANA migration expertise helps reduce migration risk and enables a simpler migration strategy. SAP design for the S/4HANA suite replaces the extensive tables structures of the ECC series with a new digital core, in memory processing and reduces data storage costs.

Project risk can be minimised by considering these during the planning stage:

  1. An experienced SAP S/4HANA project team.
  2. Fully engaged executive sponsors and users.
  3. Early user engagement and user training.
  4. Allow testing to increase user confidence and reduce fear of data loss.
  5. Not underestimating the impact organisational issues will have on the project timeline.

Read more ...

Conclusion: Pandemic planning is a strategic approach to business continuity that anticipates and prepares for a widespread outbreak of an infectious disease.

Business continuity planning can have an over-emphasis on short-term technology platforms failing, but as part of business continuity planning consideration needs to be given to the potential risk of an outbreak of a disease that could spread and may not be resolved quickly. The time of risk may go over several months or longer. Some forecasts for the coronavirus speculate it could take 12 to 18 months to come up with a vaccine.

The impact and planning needs to consider both internal and external factors; that is, how the pandemic event may impact employees and the organisation’s ability to keep its business operating. External factors will include the impact of the pandemic event on external service providers, suppliers and customers.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Peter Sandilands, an advisor at analyst firm IBRS, called the discussion paper “a pre-judged survey” that is mostly looking for answers. He also questioned if the resulting recommendations would be published for review and commentary: “Is this window dressing, or are they going to do something out of this?”

The Australian government is charting its next cyber security strategy following an earlier A$230m blueprint laid out in 2016 to foster a safer cyber space for Australians.

In a discussion paper on Australia’s 2020 cyber security strategy, which is being led by an industry panel, minister for home affairs Peter Dutton said despite making strong progress against the goals set in 2016, the threat environment has changed significantly.

Full Story

 

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Conclusion: This month, security issues that concern businesses have been prominent. In particular, high profile security incidents in 2019 have resulted in a greater awareness of challenges faced by vendors and businesses when preparing for and responding to security concerns. One particular vulnerability flagged is that security initiatives and responses have trouble keeping step with new threats, technologies and security frameworks. It is necessary for both vendors and customers to view security as part of a framework that can adapt to change quickly, and accommodate challenges that arise with highly unexpected variables. Security specialists and frameworks can provide a good basis for strategies and response measures, but the capacity to recognise and respond to unforeseen incidents and threats is also critical.

Read more ...

Conclusion: Australian organisations must have strong disaster recovery plans, be it for natural disasters or man-made disasters. The plans need to deal with the protection and recovery of facilities, IT systems and equipment. It is also critical that the plan deals with the human side of the impact of a disaster on the workforce. What planning needs to be done, what testing will be done, what will happen during a disaster and what needs to be done after a disaster?

This planning can be complex and confronting. Whilst testing the failover of IT systems can be relatively straightforward, testing the effectiveness of the workforce side of a plan will be difficult, and may even disturb employees who may prefer to think “surely it will never happen to us”.

Read more ...

Conclusion: As detailed in part one of this pair of notes, the Australian Signals Directorate’s Essential Eight (E8) are detailed technical recommendations for securing an information infrastructure. Implementing them has been touted as being effective against over 85 % of potential attacks. It is hard to ignore that benefit to an organisation’s security stance.

The first note went on to highlight the real-world implications of attempting to implement the E8; in particular, listing the prerequisites for the implementation. Each of the E8 assumes that an organisation has in place the underlying capabilities and information that provide the supporting base for each element of the E8.

While at first glance that appears to put a negative connotation on deploying the E8, in many ways it points to some basic processes and capabilities that any organisation should have in place to use its information infrastructure effectively. This note will explore those implications. It will help any organisation build the basics of an effective security regime.

Read more ...

Conclusion: Two key supporting artefacts in the creation of pragmatic incident response plans are the incident response action flow chart and the severity assessment table. Take time to develop, verify and test these artefacts and they will be greatly appreciated in aiding an orderly and efficient invoking of the DRP/BCP and restoration activities.

Read more ...

Conclusion: Cyber security and data privacy are currently hot topics at both executive and board levels and security incidents feature in the media on an almost weekly basis. CIOs and executive teams will face increasing scrutiny from their boards with a focus on accountability, risk assessment, reporting and organisational resilience to cyber incidents. Boards are genuinely grappling with how to assess risks and how to ensure that the organisation is sufficiently well prepared to protect and respond appropriately to security incidents, within budget and resource constraints. CIOs and CISOs have a unique opportunity to engage with boards and provide the leadership that is expected, as the move to digital accelerates. In this note we highlight the recent trends and outline some of the key recommendations to practical steps to strengthen your organisation’s ability to protect itself holistically from cyber and data loss risks.

Read more ...

Conclusion: The entering of a strategic partnership with a client or prospect by a major vendor, e. g. more than $50k paid p. a., is aimed at convincing them that mutual benefits such as helping them gain a competitive advantage or achieving major cost reductions, will accrue. When pressed on the likely benefits to the vendor, and assuming no financial equity is involved, one tactic some vendors use is to propose participation in a prestigious early software support program to jointly enhance their market image.

Read more ...

Conclusion: Many organisations are interested in next-generation office space designs that leverage technology to promote collaboration and workforce transformation. Leaders in this field incorporate a human-centric approach. However, environmental factors in designing next-generation workspaces are also considered. Workplaces are the intersection between people and place, and both must be considered to enhance productivity.

In 2019, IBRS conducted an extensive study into transformative workplace designs and interviewed Australian organisations that have been successful when implementing next-generation workspaces. IBRS identified common traits for success. This paper details the environmental (built space) aspects of designing a next-generation workplace.

Read more ...

Conclusion: Digital transformation is more than another software development stream to replace legacy systems by mobile applications. Digital transformation includes building a new IT capability that can improve the business bottom line. It requires increasing business performance, reducing the cost of doing business and mitigating business risks in a cost-effective manner. To support digital transformation, IT value management capabilities should be established on the following building blocks:

  • Value creation – Define and create the desired IT value needed by business lines. The IT value is a combination of services and technologies capabilities.
  • Value measurement – Measure the IT value contribution to digital transformation.
  • Value communication – Communicate the IT value contribution to business stakeholders, ensure that their expectations are met and re-adjusted (if needed) to address the business and market emerging imperatives.

Read more ...

Conclusion: A digital strategy and the need for organisations to undertake numerous projects to achieve digital transformation have become the new norm. Digital strategies often require organisations to complete major transformation projects to deliver the outcomes required of the strategy. However, a digital strategy is not just about technology, it is a holistic strategy that involves change across the business processes, to improve both the organisation’s bottom line and the customer experience.

The considerations you must address in development of your digital strategy are much broader than just technology, or indeed just internal business processes or people skills. A digital strategy is about running the business in a smarter, more efficient and effective way, which allows customers improved and faster access to products and services.

For a digital strategy to deliver the best outcomes for the organisation, the customer experience must be the key consideration. Only from the customer’s perspective can the considerations of people, process and technology be best achieved.

Read more ...

Conclusion: When projects start to show early signs that they may be in trouble, it is easy to have a knee-jerk reaction and address the most visible symptom. However, it is critical that CIOs and business executives (project board chairs and project sponsors) understand that early recognition and intervention is often less painful, less costly and less damaging for the organisation.

Read more ...

Conclusion: This month, regulatory frameworks for the ICT industry and their interaction with IT businesses and customers have been prominent. The private sector has been more vocal about the need for government involvement and the government has been searching for industry input in areas of interest. Areas that are vulnerable and require government protocols and standards, as well as regulations, must be flagged. In addition, frameworks that may have negative impacts on local industry or global trade efforts if other market standards conflict must also be considered. It is critical that vendors, agencies and advocacy groups work together when setting frameworks in order to produce new and better business outcomes, as well as support government regulatory functions.

Read more ...

Conclusion: Not knowing where an organisation’s business-critical data is located, and its quality, can lead to many frustrating efforts to respond to management queries. When the converse is true and IT management can respond quickly to queries, say, at a board meeting or in an FOI (freedom of information) request, it enhances confidence in the quality of management of IT generally.

Read more ...

Conclusion: Recognition of revenue and recording of objectively verifiable historical costs are the foundation of globally accepted accounting practices. These practices in turn provide transparency and consistency of reporting to improve the confidence with which enterprises conduct business and undertake trade, nationally as well as internationally.

Unfortunately, many enterprise architectures lack models that address this most critical of elements within an organisation. This absence of cost analysis means the recommendations from enterprise architects (EAs) can lack business credibility, rely on subjective assessments or are stymied by biases, cultural drag and ignorance of the true cost of the technology portfolio. Therefore, EAs must present business leaders with analysis from enterprise architecture (EA) that not only contains cost based on basic accounting practices, but also employs other important economic models, analysis and reporting techniques such as total cost of ownership, activity-based costing and technical debt.

Read more ...

Conclusion: To support the changing workforce, businesses should look at adapting transformative workplace designs to maximise productivity and collaborative efforts. Early adopters of modern workplace designs have tried a variety of approaches in an effort to provide tangible improvements to staff productivity. Unfortunately, in many cases, the high hopes for innovative office designs resulted in the opposite – workplaces that confused, frustrated and distracted staff. IBRS conducted an extensive study into transformative workplace designs and interviewed Australian organisations that have been successful when implementing next-generation workplaces. IBRS identified common traits for success. In this paper, we detail the human aspects of designing a next-generation workplace.

Read more ...

Conclusion: The Essential Eight from the Australian Signals Directorate constitutes a recommended set of strategies to reduce the risk of cyber intrusion. They are said to prevent up to 85% of potential attacks. They are certainly worth assessing as a strategy to apply as an organisation plans out its security strategy.

However, while they may seem simple at first glance, the prerequisites for their implementation are far reaching. These add significant cost and effort to any attempt to take advantage of the E8. In fact, the effort and planning can easily exceed the effort in seemingly just doing the E8.

This will be a two-part article. The first part will explain the question at hand and describe the premise being explored. The second part will work through the implications for an organisation and list the strategies to deal with them.

Read more ...

Conclusion: Most organisations across Australia have implemented project management methodologies to support successful project outcomes in a consistent manner. Project boards exist to provide support for project managers and advocate the business change that is being created by the project. An important role of the project board is to have oversight of progress and to ensure execution is advancing as expected. However, many project boards accept project status updates that include only lagging indicators and play a passive role in project oversight. Project indicators should include both lagging and leading indicators and project boards need to actively review and probe these areas to assess progress and identify early indicators that issues are emerging. Project difficulties often start in the blind spots and can be avoided.

Read more ...

Conclusion: There are many benefits in taking a break during the holidays that go beyond just recharging the batteries. However, along with the seemingly obvious benefits, there are also some traps for the unwary. On the flip side, there are some benefits to working in the office during the quieter periods, so take time to prepare and plan for the holiday period: develop sound strategies for all staff and above all, be authentic with setting expectations.

Read more ...

Conclusion: Cloud services have now been around for over a decade and since that time many of the services available have evolved in both scope and maturity. Most organisations now have a range of services in the Cloud and many have adopted a ‘Cloud first’ strategy for new solutions to business problems. However, this reactive approach runs the risk of not leveraging the full potential of Cloud services and creating fragmented infrastructure and applications which inhibit the rapid response to business problems and increase costs in the longer term. What is required is a deliberate strategy which maps out the transition to Cloud at infrastructure, platform and application levels and is integrated with enterprise IT. Given the scale, scope and risks of the strategy, executive and board alignment is critical as is the implementation of appropriate governance.

Read more ...

Conclusion: Finding technologies that meet print demand across differing personas is challenging. CIOs are being asked to replace printed documents with digital workflows but many formal documents are still printed for boards, corporate stakeholders, consumers and management. The answer can be to reduce the cost of printing and provide greater flexibility rather than simply removing printing. Remote print solutions in the Cloud should be investigated as a viable alternative to on-premise printing.

Remote worker definition is becoming broader as organisations look to reduce their footprint across leased buildings. Workers are looking at flexibility to perform their roles wherever work can be completed. The solution can be remote printing that is secure, easy to use and reliable.

Organisations need to consider print software that is operating system agnostic and allows the workforce to print from any location securely. This could eliminate the need to own or lease print hardware in your business.

Read more ...

Conclusion: Stage gate reviews can be a highly effective governance tool that can materially enhance project outcomes; however, their value can be eroded by poor design, a lack of planning, or if they duplicate the objectives of other governance processes. To ensure stage gates are designed to deliver enhanced project outcomes, four key areas of consideration should be addressed: risk, context and purpose, delivery, and scheduling. Addressing these areas will ensure that stage gates address a defined and unique objective and contribute to overall project success.

Read more ...

Related Articles:

"Being a good customer of consulting Part 1: The importance of a client-side project manager in consulting engagements" IBRS, 2019-11-02 01:24:20

"Being a good customer of consulting Part 2: Driving value and successful outcomes by aligning RFP scope to supplier skills" IBRS, 2019-12-05 05:15:44

Conclusion: IT organisations wishing to migrate to Cloud should adopt a pragmatic approach that strikes a balance between migration cost, Cloud risks and benefits. The bottom line is to avoid the hidden cost (e.g. scope changes), mitigate the migration risks (e.g. effective multi-Cloud management) and realise the benefits that contribute to business performance improvement. Effective governance of the overall Cloud migration is a critical success factor.

Read more ...

Conclusion: Digital strategies often require organisations to complete major transformation projects to deliver the outcomes required of the strategy. A digital strategy is not just about technology, it is a holistic strategy that involves change across people, process and technology. The acceptance of technical debt and inaction around cultural change can have a severe impact on the total cost of ownership of technology for business. The rate of change in technology can make the traditional approach of depreciation against assets an unnecessary negative impact on good strategic thinking.

Organisations need to address the cost of technical debt and cultural change when embarking on strategic transformational programs to improve productivity. Strategies that involve digital transformation must address the business culture (people and process) and ensure change management programs are funded. The strategy must address the true impact of technical debt and ensure that technical assets are not retained just because they have a residual financial value.

Read more ...

Related Articles:

"What does it mean if an IT vendor is a ‘leader’?" IBRS, 2020-01-07 21:32:29

Conclusion: A foundation for virtually all IT vendors is to work to position themselves as a ‘leader’. This might be for a specific set of products, solutions or services.

IBRS client inquiries often include the question: “Which vendor is the leader for a specific solution?” This suggests that if a vendor may be perceived to be the leader then they may also be the best solution. Yet it is not unusual that several competing vendors all have statements or references that point to them being a leader.

Being a leader can mean many different things in terms of competing vendors, and can also be fluid as vendors are always working to improve their offerings and grow their businesses. Buyers need to understand exactly what is meant if a vendor is called a leader and recognise that this is only one factor to consider when deciding which solutions or vendors will best serve their specific needs and for their specific environment.

Read more ...

Conclusion: This month, the launch of plans to develop new data centres have been prominent. The market has experienced a heightened demand for storage and associated services, with adoption driven by increased awareness amongst business users and evolving technologies specifically targeted to perform functions, such as the protection of critical assets and data. New unified technologies to meet a higher demand for the integration of applications, data and management solutions have also prompted growth. It is necessary for vendors to identify market gaps and offer new solutions to customers to stay relevant in an environment that is constantly changing. The development of new solutions to cater to customers who demand new ways to store, manage and use their data is essential, and an ongoing process.

Read more ...

Conclusion: If your organisation has not entered a phase 1 managed print services providers (MPSP) agreement then having a clear understanding of your network connectivity, print assets and security requirements is essential before progressing to a tender. The business case needs to deliver at least 20 % savings on the current arrangements before considering value-add services to justify the request for proposal (RFP) process.

Enterprises entering phase 2 agreements with MPSPs should examine the value-add services and determine how they will contribute to further savings. Vendors will be offering automated workflows, data analytics, security and consulting services to increase the contract value.

If use case benefits are unclear, run a request for information (RFI) to enable comparative analysis of vendor capabilities.

Prior to developing the RFP, consider use cases that look at B2B or B2C workflow efficiency such as:

  1. Integration of print activities with other delivery processes
  2. Reducing resources to deliver improved outcome
  3. Accelerate the shift to digital transformation.

Read more ...

Conclusion: A recent Harvard business review article1 reinforced the view that meetings have increased in length and frequency over time from 20 % to nearly 50 % of the working week. This time does not include the planning, reading and preparation of those meeting. Executives such as CIOs or similar should spend some time assessing how effective meetings are in their organisation to return the valuable commodity of time to all and reap the benefits.

Read more ...

Conclusion: IT organisations challenged with predicting performance requirements of new digital applications should undertake end-to-end stress tests that can detect systems performance problems prior to production release. Test results should be used to define the final release dates, prepare corporate investment justifications for improving the application architecture and influence the ongoing capacity planning practices. Successful execution of the initial performance engineering exercises will result in sound deployment strategies and avoid media embarrassment. The specification of the stress tests should be clearly described in any request for proposals. The chosen vendors should have the capability to scale the new systems to the desired performance specification.

Read more ...

Conclusion: Shifting end users to a digital service delivery channel is more cost-effective for most scenarios and most organisations. The return on investment is through a reduced volume of low-value interactions and an increase in the volume of high-value interactions within high-cost traditional channels. This is a strategic tactic for many organisations and mature ones will have this articulated in a channel management strategy with defined channel migration/shift/uptake targets.

If that channel migration target is not at the centre of the key performance indicator (KPI) design before it gets rolled out to front line staff, organisations run the risk of creating internal tension between their departments which in turn slows down the rate of transformation.

Well thought out and designed KPIs are a critical success factor in the time it takes for an organisation to see a return on the investment in service delivery transformation.

Read more ...

Subscribe

Want to get the latest papers from all our advisors? Subscribe, and we'll send you the information you need.

Invalid Input
Please enter a valid email address
Invalid Input
Please enter your mobile phone number
Invalid Input