Conclusion: With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to a strategic enterprise risk. While many organisations have enterprise crisis management and business continuity plans, specific plans to deal with various types of cyberattacks are much less common, even though many of the attack scenarios are well known. Every organisation should have an incident response plan in place and should regularly review and test it. Having a plan in place can dramatically limit damage, improve recovery time and improve the resilience of your business.

Read more ...

Conclusion: With cases of the novel coronavirus (COVID-19) emerging across Australia, many businesses are or should bewell into pandemic planning to ensure they maintain essential services. Teleworking, remote working, or working from home, is a centrepiece of those efforts and will increasingly be implemented by organisations. Cybercrime activity is rising rapidly with actors seeking to exploit the fear and uncertainty in the community. The use of remote working technologies presents additional cyber security challenges that can be different from the more secure on-premise environments. Below is a list of considerations to help guide businesses through these challenges.

Read more ...

Conclusion: Increasingly, organisations are looking to improve customer experiences through effective business processes. A ready portfolio of electronic services is expected by the market which offers services using online processes. SAP is often at the core of these ecosystems due to its scalability and interconnection with other specialised applications. This type of interconnection of systems has become the new norm.

Data collection, processing, security and privacy are but some of the concerns of customers. Systematic collection of data including seamless integration and extension of processes across multiple applications are part of the customer’s expectations, albeit unseen.

Once SAP forms the core of the ICT ecosystem, the ROI concerns will not stop once SAP integration is complete. Instead, organisations carrying a large SAP licensing investment would naturally dwell on maximising the ROI. Let us explore the risks associated with achieving this ROI now SAP has shifted the definition of user licensing.

Read more ...

Conclusion: Organisations will typically have employees of different cultural backgrounds. As teams expand and organisations become more global, managers may find themselves managing whole teams based in countries other than their own. A lot of the time, management will by necessity have to be done remotely.

Managers need to be very aware that management cultural diversity needs to be considered, especially in areas such as communication, decision making, coaching, support and dealing with any issues or conflicts. Trust is a key element of successful manager/employee engagement and is critical when managing remote teams who may have significant management cultural differences.

Read more ...

Conclusion: An ERP implementation can be one of an organisation’s biggest investments when considering implementation services, licences, hosting and support. ERP implementations and major version upgrades continue to be endorsed the world over, suggesting ROI continues to be positive. In scenarios where an ERP tool has been implemented or upgraded but has not been reviewed for years, especially in a changing operating environment, the intermediate step of a health check can drive significant value through adjusting and performing minor upgrades to the system for less investment than a new implementation or major upgrade.

As health checks are a periodic activity outside of business-as-usual, they often benefit from a different perspective, so organisations often use external consultants. While health checks should yield outputs that consider risk and value, ensuring the accuracy of findings is paramount in ensuring targeted value creation. To do this, organisations should consider several factors in the setup, execution and output of health checks.

Read more ...

Conclusion: Organisations that are nearing the end of life for their current voice platforms or have a compelling event to hinge the replacement of their voice service, need to review their use of voice before replacing the technology. IBRS recommends organisations look to leverage voice as an application to operationalise the processes within the organisation, and improve customer satisfaction.

Today the newer technology offerings allow your organisation to get a better return from voice. However, the use of these new technologies will impact business processes and offer greater innovation for your customer interaction. It will not be a simple replacement of boxes.

The key is understanding the power of voice. It is now an application driven by smart software. Businesses need to assess their use of voice to determine the cost benefit of the changes in the technology stack now on offer.

Read more ...

Conclusion: A common pitfall experienced by service-orientated organisations is the disconnect between its digital efforts and its marketing program. In good practice, marketing efforts should underpin your digital strategy. This can be achieved by unifying marketing’s focus on customer and staff engagement, communications and promotion with the leveraging of digital channels to conduct these activities.

Read more ...

Conclusion: Being Cloud-based, Microsoft’s Office 365 includes features that would traditionally be considered backup. According to the Microsoft Office Trust Center, Microsoft establishes itself as a data processor with a primary focus on data privacy and management. It is not responsible for compliance or backup, but reliability and availability. As a result, Microsoft may not be able to provide security and protection to data in a way that meets an organisation’s compliance requirements.

Read more ...

Conclusion: Covid-19 has already had severe global impacts even though the total impact is yet to be fully dimensioned. Further restrictions are foreseen in Australia. Its implications will be long term and disrupt the way we conduct business in future and the way we interact socially and a ‘new normal’ will emerge. No business will be immune and during this dislocation both challenges and opportunities will arise.

At IBRS we believe that it is critical to take the long view on how the crisis will evolve and be prepared for the waves of change which will follow.

Download your COVID-19 Survival Kit Covid-19-Survival-Kit.pdf

Is your Working From Home Policy causing you grief?

Most organisations’ Working From Home policies are created under the assumption that people would be seeking permission to remote work. As a result, they focus on things that are simply not applicable to, or even blockers for, mandated working from home and self-isolation. 

Worse, many policies have clauses that are impossible to enforce during this pandemic, go against government recommendations and potentially open the organisation up for workplace challenges. At the very least, older WHF policies can confuse and worry staff.

To help, IBRS has created a template for a simple, practical WHF policy, written in staff-friendly language. You can quickly customise and download this policy template as a Microsoft Word file.

Click here to create your Working From Home Policy template

 

IBRS workforce transformation advisor Joseph Sweeney said many government departments had to navigate difficult IT environments that were only part-way through their digital transformations, with some systems in the cloud, and other legacy software still on premise.

Full Story.

With the outbreak and continued spread of the recent Coranavirus, or COVID-19, your business continuity plan (BCP) may need to be put in motion.

IBRS has created the Business Continuity Planning: Pandemic Scenario template to test your BCP using the potential COVID-19 pandemic.

Download and use this template to ensure your organisation is well prepared.

Read more ...

"There is more security work to go round than there are resources. So I don't think the market is that crowded. It's important to remember that security is not something you buy and then it's done; it is an ongoing evolution within any organisation and requires constant care and feeding," IBRS adviser Peter Sandilands said.

"The big four has done a lot of their security work using fresh grads. They can use the tools but don't necessarily understand the real world implications."

Full Story.

NewsIBRS advisor Dr Joseph Sweeney has been tracking the three major Cloud vendors capabilities in AI and said Google is right to believe it has an edge over AWS and Microsoft when it comes to corpus (the data that 'feeds' certain AI applications) and also in AI application infrastructure cost and performance. However, he said this advantage was not materialising into significant gains in the Australian market.

Full Story.

Conclusion: This month has seen a surge in merger and acquisition transactions, and discussions regarding the increased level of acquisitions in the past year. A growing trend of private equity firms investing in service providers was also flagged. This represents a shift in the market, as vendors become more established, profitable and more attractive to private equity investors. The opportunity to drive greater profitability, and demand for specialised technologies and services, also act as incentives for investment and provide vendors with resources to develop and offer a wide range of targeted, high-quality services to their customers.

Read more ...

Conclusion: Once a project is in trouble and the first response of escalation of commitment in terms of allocating time, budget and resources in an attempt to recover the project has not been successful, the project can be considered as not just troubled but in real crisis. Recognition of a project in crisis is the first step to recovery and often the most difficult. Next steps involve putting the project into triage and preparing the project for the detailed assessment phase which provides critical information, options and the potential important decision to kill the project or recover.

Read more ...

Conclusion: The increased proliferation of critical digital services has resulted in ransomware attacks becoming one of hackers’ means to make money. As a consequence, many organisations have become the victims of such attacks. IT organisations should implement a full recovery strategy to restore IT services in the event of ransomware attacks. The recovery strategy should become an integral part of the disaster recovery plan. This will raise business stakeholders’ trust in the service security and reduce the spread of this type of IT organised crime.

Read more ...

Conclusion: A Cloud strategy can take many forms. Whether you select a private Cloud, hybrid Cloud (on-premise with Cloud elements), native Cloud or a multiCloud implementation will impact the framework of your strategy. The success of your strategy will be driven by the motivation your organisation has to elect the move.

If your only motivation is the perceived cost model where you reduce capital in favour of operational expense, and potentially see savings based on usage, you are unlikely to succeed. The need to have a clear business strategy on why Cloud, what opportunities it may bring the business, and how to transition, manage and exit the Cloud is essential to see the true benefits.

Key to a successful strategy is to use an effective framework that allows your organisation to migrate to, operate and govern the engagement, and exit the engagement. A Cloud strategy is a commercial arrangement. Understanding the business benefits of entering into a Cloud contract engagement and being able to measure success factors is equally as important as the selection of providers for functionality and cost. It is important that you step into Cloud with your eyes wide open.

Read more ...

Conclusion: Starting as a Melbourne-based SharePoint plug-in for forms creation solution, Nintex1 has grown into a Cloud-based process and workflow automation platform. In the last 18 months, Nintex has leveraged acquisitions of process mapping and robotics automation technologies to expand its offerings. The Nintex platform can now identify, visualise, manage and automate processes, placing it in competition with traditional business process modelling vendors. The firm has reconfigured its sales and marketing to focus on the market for enterprise optimisation – a market traditionally held by the likes of Pegasystems, IBM, Appian and Oracle. IBRS believes that Nintex now has the critical components of a pragmatic, Cloud-based business automation suite. Nintex should no longer be viewed as a niche workflow vendor for Microsoft solutions but should be considered along with other competitive mainstream business process automation solutions such as Red Hat, TIBCO Software, Software AG and K2.

Read more ...

Being prepared: IBRS has created a BCP checklist to help you create and/or update your business continuity plan.

This diagram is to be used in the following ways:

  • A checklist to ensure all BCP steps have been actioned and/or updated as required
  • An easy reminder to update key supporting documents to the BCP to remain current which include:
    • Enterprise risk frameworks
    • Business impact analysis documents
    • Evacuation and lockdown procedures
    • Recovery plans and testing of these plans
    • IT disaster recovery plans
    • Communication plans
    • Regular executive reporting

Read more ...

Conclusion: Cyber security is now one of the top priorities in many organisations. With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to being regarded as a strategic enterprise risk. The role of the Chief Information Security Officer (CISO) has traditionally required strong technology skills to protect the organisation from security incidents. With boards and executives now requiring executive-level cyber leadership and accountability, the role of the CISO must evolve beyond the traditional technology domain to also encompass strategy, stewardship and compliance as well as being a trusted business advisor.

Read more ...

Conclusion: As Australia’s use of consultancy services continues to grow, so too does the need for businesses to obtain value from these engagements quickly and effectively. Key to obtaining this value is the organisation’s ability to easily and rapidly provide consultants and contractors with the specific context of your business, your customers and your unique challenges.

By providing the organisational context quickly, you can mitigate time, scope and budget creep, improve the quality of outputs developed by consultants and ensure that consequent plans are actionable and genuinely valuable for your business.

However, the ability to provide the needed organisational context quickly and effectively to consultants remains a common organisational challenge, and therefore a pitfall for successful vendor engagement. This paper covers how you can overcome this pitfall.

Read more ...

Conclusion: While there is no perfect approach to restructuring an IT services department, there are fundamental principles (set out below) that must be followed, to get it right first time. If these principles are not followed, staff resistance to the changes proposed could impact staff morale.

Read more ...

Conclusions: Patching systems is regularly touted as the panacea for security breaches, yet many organisations continue to struggle with that seemingly simple process. There is obviously more to the problem than just buying and deploying a patch management system.

Most organisations are well-intentioned; it is not that they do not want to patch. As one delves deeper into the tasks around patching, it soon becomes clear that many unintentional, and some intentional, roadblocks exist in almost every organisation.

This note attempts to sort through some of those roadblocks and offer some approaches to diminish their impact. Some resources are identified to help with the design and build of a patch service. There is a real dearth of well-structured information around the patching process overall.

Read more ...

Conclusion: Choosing to simplify the SAP migration project by removing irrelevant KPIs could increase adoption. This is the common thread for organisations that have successfully undertaken the SAP migration from on-premise to the Cloud.

Choosing an SAP certified practitioner with S/4HANA migration expertise helps reduce migration risk and enables a simpler migration strategy. SAP design for the S/4HANA suite replaces the extensive tables structures of the ECC series with a new digital core, in memory processing and reduces data storage costs.

Project risk can be minimised by considering these during the planning stage:

  1. An experienced SAP S/4HANA project team.
  2. Fully engaged executive sponsors and users.
  3. Early user engagement and user training.
  4. Allow testing to increase user confidence and reduce fear of data loss.
  5. Not underestimating the impact organisational issues will have on the project timeline.

Read more ...

Conclusion: Pandemic planning is a strategic approach to business continuity that anticipates and prepares for a widespread outbreak of an infectious disease.

Business continuity planning can have an over-emphasis on short-term technology platforms failing, but as part of business continuity planning consideration needs to be given to the potential risk of an outbreak of a disease that could spread and may not be resolved quickly. The time of risk may go over several months or longer. Some forecasts for the coronavirus speculate it could take 12 to 18 months to come up with a vaccine.

The impact and planning needs to consider both internal and external factors; that is, how the pandemic event may impact employees and the organisation’s ability to keep its business operating. External factors will include the impact of the pandemic event on external service providers, suppliers and customers.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Peter Sandilands, an advisor at analyst firm IBRS, called the discussion paper “a pre-judged survey” that is mostly looking for answers. He also questioned if the resulting recommendations would be published for review and commentary: “Is this window dressing, or are they going to do something out of this?”

The Australian government is charting its next cyber security strategy following an earlier A$230m blueprint laid out in 2016 to foster a safer cyber space for Australians.

In a discussion paper on Australia’s 2020 cyber security strategy, which is being led by an industry panel, minister for home affairs Peter Dutton said despite making strong progress against the goals set in 2016, the threat environment has changed significantly.

Full Story

 

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Conclusion: This month, security issues that concern businesses have been prominent. In particular, high profile security incidents in 2019 have resulted in a greater awareness of challenges faced by vendors and businesses when preparing for and responding to security concerns. One particular vulnerability flagged is that security initiatives and responses have trouble keeping step with new threats, technologies and security frameworks. It is necessary for both vendors and customers to view security as part of a framework that can adapt to change quickly, and accommodate challenges that arise with highly unexpected variables. Security specialists and frameworks can provide a good basis for strategies and response measures, but the capacity to recognise and respond to unforeseen incidents and threats is also critical.

Read more ...

Conclusion: Australian organisations must have strong disaster recovery plans, be it for natural disasters or man-made disasters. The plans need to deal with the protection and recovery of facilities, IT systems and equipment. It is also critical that the plan deals with the human side of the impact of a disaster on the workforce. What planning needs to be done, what testing will be done, what will happen during a disaster and what needs to be done after a disaster?

This planning can be complex and confronting. Whilst testing the failover of IT systems can be relatively straightforward, testing the effectiveness of the workforce side of a plan will be difficult, and may even disturb employees who may prefer to think “surely it will never happen to us”.

Read more ...

Conclusion: As detailed in part one of this pair of notes, the Australian Signals Directorate’s Essential Eight (E8) are detailed technical recommendations for securing an information infrastructure. Implementing them has been touted as being effective against over 85 % of potential attacks. It is hard to ignore that benefit to an organisation’s security stance.

The first note went on to highlight the real-world implications of attempting to implement the E8; in particular, listing the prerequisites for the implementation. Each of the E8 assumes that an organisation has in place the underlying capabilities and information that provide the supporting base for each element of the E8.

While at first glance that appears to put a negative connotation on deploying the E8, in many ways it points to some basic processes and capabilities that any organisation should have in place to use its information infrastructure effectively. This note will explore those implications. It will help any organisation build the basics of an effective security regime.

Read more ...

Conclusion: Two key supporting artefacts in the creation of pragmatic incident response plans are the incident response action flow chart and the severity assessment table. Take time to develop, verify and test these artefacts and they will be greatly appreciated in aiding an orderly and efficient invoking of the DRP/BCP and restoration activities.

Read more ...

Conclusion: Cyber security and data privacy are currently hot topics at both executive and board levels and security incidents feature in the media on an almost weekly basis. CIOs and executive teams will face increasing scrutiny from their boards with a focus on accountability, risk assessment, reporting and organisational resilience to cyber incidents. Boards are genuinely grappling with how to assess risks and how to ensure that the organisation is sufficiently well prepared to protect and respond appropriately to security incidents, within budget and resource constraints. CIOs and CISOs have a unique opportunity to engage with boards and provide the leadership that is expected, as the move to digital accelerates. In this note we highlight the recent trends and outline some of the key recommendations to practical steps to strengthen your organisation’s ability to protect itself holistically from cyber and data loss risks.

Read more ...

Conclusion: The entering of a strategic partnership with a client or prospect by a major vendor, e. g. more than $50k paid p. a., is aimed at convincing them that mutual benefits such as helping them gain a competitive advantage or achieving major cost reductions, will accrue. When pressed on the likely benefits to the vendor, and assuming no financial equity is involved, one tactic some vendors use is to propose participation in a prestigious early software support program to jointly enhance their market image.

Read more ...

Conclusion: Many organisations are interested in next-generation office space designs that leverage technology to promote collaboration and workforce transformation. Leaders in this field incorporate a human-centric approach. However, environmental factors in designing next-generation workspaces are also considered. Workplaces are the intersection between people and place, and both must be considered to enhance productivity.

In 2019, IBRS conducted an extensive study into transformative workplace designs and interviewed Australian organisations that have been successful when implementing next-generation workspaces. IBRS identified common traits for success. This paper details the environmental (built space) aspects of designing a next-generation workplace.

Read more ...

Conclusion: Digital transformation is more than another software development stream to replace legacy systems by mobile applications. Digital transformation includes building a new IT capability that can improve the business bottom line. It requires increasing business performance, reducing the cost of doing business and mitigating business risks in a cost-effective manner. To support digital transformation, IT value management capabilities should be established on the following building blocks:

  • Value creation – Define and create the desired IT value needed by business lines. The IT value is a combination of services and technologies capabilities.
  • Value measurement – Measure the IT value contribution to digital transformation.
  • Value communication – Communicate the IT value contribution to business stakeholders, ensure that their expectations are met and re-adjusted (if needed) to address the business and market emerging imperatives.

Read more ...

Conclusion: A digital strategy and the need for organisations to undertake numerous projects to achieve digital transformation have become the new norm. Digital strategies often require organisations to complete major transformation projects to deliver the outcomes required of the strategy. However, a digital strategy is not just about technology, it is a holistic strategy that involves change across the business processes, to improve both the organisation’s bottom line and the customer experience.

The considerations you must address in development of your digital strategy are much broader than just technology, or indeed just internal business processes or people skills. A digital strategy is about running the business in a smarter, more efficient and effective way, which allows customers improved and faster access to products and services.

For a digital strategy to deliver the best outcomes for the organisation, the customer experience must be the key consideration. Only from the customer’s perspective can the considerations of people, process and technology be best achieved.

Read more ...

Conclusion: When projects start to show early signs that they may be in trouble, it is easy to have a knee-jerk reaction and address the most visible symptom. However, it is critical that CIOs and business executives (project board chairs and project sponsors) understand that early recognition and intervention is often less painful, less costly and less damaging for the organisation.

Read more ...

Subscribe

Want to get the latest papers from all our advisors? Subscribe, and we'll send you the information you need.

Invalid Input
Please enter a valid email address
Invalid Input
Please enter your mobile phone number
Invalid Input