Conclusion: This month, discussions regarding technologies used to facilitate highly specialised business functions have been prominent. Tailored solutions which focus on the performance of tasks, such as case outcome predictions, automated insurance claims, water monitoring for farms, sensors in apartment foundations to identify faults early and health risk identification, are amongst those discussed. These new solutions and frameworks can be beneficial for customers by automating tasks to address resource and skills shortages, as well as being cost-effective. However, these can be sensitive markets, performing very delicate functions that do warrant a certain degree of caution for vendors and customers when adopting, and a great deal of diligence afterwards. Investment in infrastructure because of expanding platforms, networks or associated equipment, training and consolidation with existing business operations are amongst the issues that may arise. Wrapping new solutions and service elements around other core services and operations can become a complex task. While customers do demand advanced offerings, vendors must find ways to increase value to clients by ensuring they acquire or have access to resources and skills that can be leveraged to support these new function-based solutions and associated issues.

Read more ...

Conclusion: Analysts in general are correct to identify the challenges in the industry to develop appropriate skills, meet the demands of digitisation and to counter the security threats. When it is distilled down it is all about the business. The CIO is supporting business outcomes which will need specific technology solutions, which will, in turn, drive ICT strategy. The key to success is defined by how the CIO drives the outcome. The CIO, therefore, must possess soft skills as well as technical knowledge to deliver success.

The key to success for CIOs is mastering four soft skills that allow them to achieve control of the ICT environment. Effective control will allow the CIO to deliver exemplary services in support of business today, whilst gaining support from the executive for the ICT strategy to meet the demands of tomorrow. Sounds simple but as experience has found, it is easier said than done.

The secret lies with good networking within the executive and key stakeholders, situational awareness of the ICT environment, the ability to effectively delegate with clear direction of what is to be achieved, and a communications strategy which allows for engagement by all stakeholders and escalation of issues through both technical and management channels without fear or favour.

Read more ...

Conclusion: Deterministic1 project budgets do not convey any information about the range of possible outcomes for a project, or the associated risk factors driving the range. The ability to communicate the risk-weighted range of possible project outcomes can lead to much clearer expectations and understanding of project outcomes, especially for project sponsors. Modelling these ranges can be performed with relative ease, using basic Excel add-ins and high-level estimates of risk applied to the components that make up a project2.

Read more ...

Conclusion: The adherence to the recently introduced guidelines under ISO:31000 20181 is key to every ICT manager’s responsibilities and leadership remit as they are key in driving and leading the adoption of risk management guidelines across an organisation due to the overarching responsibilities of creating and protecting value. These new risk management guidelines have been deliberately rewritten to be simplified and based around a new reviewed set of principles, framework and processes. Greater emphasis is now placed on leadership to ensure risk management is more integrated and to ensure more actions and controls are in place at critical stages of projects as well as business operations.

Read more ...

Related Articles:

"Risk management – Tips and techniques" IBRS, 2017-10-02 22:35:45

"Testing your business continuity plan" IBRS, 2019-05-31 13:39:29

Conclusion: Since the advent of the title of chief information officer (CIO), the reporting line for this critical role and those it has since spawned, such as the chief technology officer and chief digital officer, has been the subject of debate. The reality is that there is no right or wrong answer, but rather the reporting relationship of the CIO and his or her IT organisation is a function of the current value of IT to delivery of outcomes at a particular given point in time.

The reality is that the value of IT to delivery of business outcomes, despite the pervasiveness of technology in the modern enterprise, is not static and changes over time. Yet many CIOs and aspiring IT leaders see IT value as a function of organisational or IT maturity, relying on capability maturity models (CMM) to demonstrate value by looking ‘internally’ within the IT function. Instead, contemporary savvy IT leaders must look for alternative models that explain the organisational context external to IT itself and use that to align services that will be valued now such as the “IT Hierarchy of Needs”1.

Read more ...

Conclusion: Many organisations are finding themselves being defrauded, especially when making or receiving payments electronically. It is not that the end systems are compromised but rather the payment information itself is being subverted in between the payer and the payee.

This is hard to defeat via technical means as the messages themselves look the same as any other payment request or invoice. A quality email filtering service will remove many of the clumsy attempts thus allowing more focus on the well-constructed efforts.

This article aims to help improve understanding of the threat and identify effective strategies to lessen the possibility of a business being impacted. Security defence consists of more than just technology. A well-rounded defence is composed of people, process and technology. Defeating business email compromise (BEC) is primarily achieved by the people and process segments.

The staff of a business are in the best position to detect attempts to compromise a payment, provided they have been armed with some knowledge of the types of attacks and permission to halt and question the details.

Many fraud attempts can be prevented by implementing a simple business process that allows all staff to question transactions that change payment details and use secondary channels to confirm those details.

Read more ...

Conclusion: Successfully hiring new employees can bring lots of benefits to an organisation – improved productivity, employee morale or business outcomes, to name just a few. Equally, poor hiring decisions can be extremely costly to an organisation. Having to dismiss someone who was recently hired but proves to not be a good fit for the role can impact the organisation in many ways, and usually at a higher cost than the direct costs associated with the actual recruitment process.

HR tech is a rapidly growing field of software solutions that are designed to help improve the recruitment process, with the ultimate goal of helping organisations improve their hiring outcomes.

Organisations wishing to improve their hiring effectiveness or efficiency should consider the emerging new recruiting solutions and how they may help address any identified problem areas in their current recruitment efforts. But caution needs to be taken, especially for artificial intelligence (AI) solutions that may be built on historical data that results in bias, for example giving preference to particular genders.

Read more ...

Conclusion: Dropbox’s announcement of a new interface may seem trivial, but its repositioning of ‘folders’ heralds the next disruptive phase of information management. By changing folders from being an approach for hierarchical organisation of information to being a ‘digital workspace’ for collaboration, Dropbox is leading the charge to drop the ‘paper metaphor’ in favour of collaboration. The impact on traditional information management lifecycles and information management will be both significant and challenging.

Read more ...

Conclusion: Increasing the IT literacy of business managers and professionals has sharpened their interest in buying off-the-shelf software to meet immediate business needs, but potentially without the expertise to implement and support it, often leading to unexpected requests for IT support. When the request is a surprise, and there is a compelling business priority, IT workforce plans must be put to one side and changed to find the resources needed. When the dust has settled and the surprise element is a thing of the past, the IT governance group is bound to ask, ‘How did this surprise occur and what can be done to ensure it does not happen again’? It is a reasonable question and one that needs a cogent response.

Read more ...

Conclusion: While release and change management processes have been contributing to good service availability during the last 20 years, the increased service architecture complexity caused by adopting multiple Cloud and digital services has demonstrated that release and change management methods used to date are inadequate for the new world. As a result, end users have been experiencing unscheduled downtime that has impacted their business operations and led to embarrassment in the media. This research publication provides guidance on how to raise the maturity of release and change management processes to address these critical issues.

Read more ...

Conclusion: Reimagining the ERP strategy will require IT and business collaboration to ensure requirements are clear. Retaining the 5–10 year old ERP system1 may serve back office functions but this may impede innovation. ERP customisation is being replaced by vendors who deliver regular updates to their SaaS ERP model. This provides innovation which could reduce the need for complex business cases.

ERP vendors have signalled sunset on support for older ERP systems to challenge organisations to embrace modernisation in the next five years2. This seems far away but experience suggests laggards could see skills shortages and higher costs as the deadline approaches.

ROI measures successful ERP migrations but SaaS models will challenge this. Organisations will need to hold regular conversations to understand these competing parameters. Business leaders will question business requirements; however, innovation should not be ignored during the development of the new ERP strategy.

Read more ...

Conclusion: This month, there has been increased discussion regarding security services; in particular, the growth of the Australian security service provider industry and benefits associated with procuring locally. Now that customers recognise security as a basic function, a strong local security services sector has evolved. Local vendor expertise within the Australian market, regulations, customer demands and the security environment as it pertains to Australian businesses is invaluable when establishing mechanisms to avoid and respond to security incidents. Security is a necessity, but vendors must be prepared, and more importantly understand the local market, as well as businesses, to ensure customers can avoid, continually educate staff about and respond to security incidents effectively.

Read more ...

Conclusion: Agile approaches are being applied to a wide range of projects and activities within organisations including infrastructure upgrade projects of known tools and devices and across existing customer bases. Focusing on the technology elements and progressing quickly to build and test can uncover blind spots due to a high degree of familiarity and assumptions. Areas such as stakeholder engagement, vendor management, integration and the need for discovery and design can be glossed over as it is assumed that most of the details are known. The result is a discovery and gaps are discovered at the end of the test phase, just prior to release or even after release to production.

Read more ...

Conclusion: In an age-diverse workforce, it is important that IT managers and professionals understand the different expectations and management styles of stakeholders and accommodate them to gain their support for IT-related initiatives being proposed.

Without understanding the management styles and expectations of age-diverse stakeholders, a level of disconnect may occur and business relationships could slip from being of mutual benefit to transactional and ineffective.

Read more ...

Conclusion: Email is one of the most pervasive IT applications spread throughout organisations of all sizes. It is hard to imagine any employee in any organisation not having an email account. It is critical that all organisations have a formal Email Policy that clearly spells out what every employee’s responsibilities are in terms of usage of their email accounts, as well as what is not allowed or inappropriate usage. Additionally, the use of social platforms (for example, LinkedIn, Facebook and Instagram) has given rise to the need for organisations to also have policies that incorporate acceptable and unacceptable usage of social platforms, especially in terms of representing the organisation.

It is also important to establish guidelines for the expected etiquette and best practices around email and social platform usage; for example, when not to use email when another form of communication would be more effective, such as a phone call or conducting a meeting.

It should not be assumed that all employees know what is expected of them in terms of usage of these platforms, or how best to manage the information they handle every day.

Read more ...

Conclusion: The aim of IBRS’s CRM modernisation series of advisory papers is to help organisations create a contemporary CRM strategy, not to advocate for specific solutions. Many organisations are considering two powerful players in the CRM space as part of their modernisation efforts: Salesforce and Microsoft. These two vendors are the most encountered local players when talking about CRM systems at the high end of the market.

We have selected these two vendors to illustrate the nuances in the pricing structure for licensing and total costs of services.

Comparing the two vendors’ solutions is complicated by the fact that each packages different aspects of the modern CRM in different modules, and prices them in different ways. This paper strives to provide clarity for organisations attempting to evaluate the two solutions. More importantly, it is an example of how the ‘devil is in the detail’ when it comes to total cost of service of SaaS-based solutions.

Read more ...

Conclusion: The apocryphal ‘three envelopes’ story about the executive starting a new role is a cynical view of leadership transition. However, at its core, there are some uncomfortable truths about how people respond to crises early in their leadership. Digging deeper, there are lessons to be learned from these scenarios, suggesting more productive ways to deal with these issues as they arise.

It is critical for transitioning digital leaders to understand that people, culture and politics are the most powerful forces in an organisation. An ability to manage change and form collaborative relationships is a much stronger predictor of success in a digital transformation role than any digital or technical experience.

Read more ...

Conclusion: Despite being first published over 10 years ago, ITIL service design remains a pain point for both project delivery and service operations teams respectively. The former claims the latter requires the creation of additional deliverables at the point of service transition, while the latter expresses frustration at the lack of attention paid to service design during early stages of project delivery.

The reality is responsibility for IT service design extends beyond both these teams with all functions across IT having a role to play, from strategy all the way through to operations. When all aspects of the IT organisation contribute to the design of new, and modification of existing, services the artificial hump of service design can be avoided. The key is identifying who should be capturing and sharing what information to support service design – an outcome that can be achieved by adopting an end-to-end process integration model for the business IT.

Read more ...

Conclusion: The notifiable data breach regulations have had an impact on business priorities. For any organisation subject to the regulations, protection of personal information should have become a priority. One security technology, data loss prevention, could have offered some assistance. But it has had a mixed reception in the past due to many issues in both implementing and operating the service.

The continued move to SaaS for office systems such as document creation and email is also changing the market. Many capabilities that have been previously offered as standalone products are now being subsumed into the SaaS offerings as just adjunct functions. 

This simplifies the selection of the products and their ongoing management. A prime example of this is data loss prevention which is now being offered as a check-box selected capability in several SaaS offerings.

This could put data loss prevention within reach of small to medium businesses as a component of their personal information protection strategy.

Read more ...

Conclusion: The ICT Disaster Recovery Plan (DRP) is, more often than not, focused on technology providing for redundancy of infrastructure and systems, including data back-up and data recovery. Whilst these components are important and necessary, we often oversimplify the need for business resumption of the ICT business, which in turn will impact ICT availability. The need to ensure people are part of the planning is critical to success. Often the disaster, whether it be a technology issue, a business issue, such as a fire or denial of access to key sites, or an environmental issue such as a flood or storm, can equally affect the need for expanded operations centres and larger than normal help desk support functions.

Effective planning and testing of the plan, for all aspects of a probable disaster scenario and the ICT Business Resumption Plan (BRP) to support the business as a whole, is necessary. Effective testing of the DRP and BRP for ICT must be a high priority for any CIO to ensure service levels are maintained. Failure to do so will increase the risk of ICT to the business.

Any test of your DRP and ICT BRP should include business and customer involvement to provide your organisation confidence that all known risks have been successfully mitigated. The oversight of the testing of these plans must be planned and conducted by an independent body (preferably a consultancy that has knowledge in the organisation business world, or your ICT advisory service).

Read more ...

Conclusion: When engaging the market for suppliers, the objective of the procurement process is to select the supplier with the most suitable approach, who is able to accurately define the scope, and deliver in an effective and risk-mitigated way. In the context of a full project, for a proportionally minor investment, and a comparable amount of time and effort from key stakeholders, a competitive and paid discovery phase, involving multiple prospective suppliers, can yield significantly better outcomes for projects than through request for proposal (RFP) alone. The benefits include the ability to trial the delivery team, more accurately define scope, validate assumptions and hybridise the best of several informed approaches.

Read more ...

Conclusion: ERP SW licensing or Software-as-a-Service (SaaS) has many permutations and influences one of the largest IT investments for most organisations. Vendors aim to integrate, at a minimum, shared corporate data from financial data, HR, operations and sales. The benefits of aligned data, reporting and processes helps C-level decision makers track and improve organisation performance.

The most common arguments for implementing an ERP system are the cost savings and productivity improvements1. Effective SW governance is essential to avoid eroding expected cost savings or efficiencies.

Large government departments, local government authorities, public listed corporate entities or privately owned entities are all likely to have significant investment in an ERP and will need continued investment in the ERP if ongoing value is to be extracted. Small to medium organisations tend to be more agile and may be able to migrate to a SaaS solution to take advantage of lower migration costs and more cost-effective licensing arrangements.

Either way, modernisation or migration programs are opportunities to renegotiate SW licensing costs provided the pros and cons have been assessed.

Read more ...

Conclusion: The increased use of technical point-solutions has created the need for establishing an in-house core team of generalists capable of defining a coherent set of services that can improve the overall business performance. The key obstacle to building these strategic skills is the IT managers’ attitudes towards assigning work to existing staff. For example, IT managers tend to heavily exploit the existing skills of the technical staff to address specific requirements. Managers rarely give staff the chance to build new strategic skills that are beneficial to themselves and to their business.

Managers should strike a balance between strategic skill building and technical skill exploitation. This requires helping staff to acquire a deep understanding of the business operations, gain awareness of industry latest trends and offerings, and becoming capable of defining ICT solutions that can fix critical business problems.

Read more ...

Conclusion: This month, attention has been drawn to vendors and managed service providers requiring customer transformation or migration to new frameworks and associated customer reluctance to do so. For instance, platform enhancements may necessitate migration to new systems or upgrades because of an inability to support ageing systems. Old platforms may simply not be compatible with newer resources, technologies or procurement models. However, these types of enhancements can be disruptive or costly for customers if they are not prepared for changes. Further difficulties can arise with existence of intertwined, hybrid systems within enterprises or systems which perform critical functions if changes interfere with business operations. Simply removing the capacity to access ageing systems and associated support is not sufficient. Businesses must prepare in advance when investing in products and services, in conjunction with vendors. The development of strategies and sharing responsibility for forward planning, education and engagement, as well as support for shifts, are necessary. The provision of other resources or advice from vendors, or obtaining services from third-party specialists dedicated to transformation strategy development and implementations, can also be beneficial. Whilst vendors must evolve, customers must also be prepared to make these changes and understand what kind of impact it can have on their operations.

Read more ...

This document provides a template of specifications and requirements for a modern CRM, categorised by several key areas

Read more ...

Conclusion: With Software-as-a-Service (SaaS) deployments the fastest growing and most deployed Cloud service globally, particular attention should be given to evaluation and selection approaches that align to the solution being selected. When evaluating SaaS solutions, greater confidence in the applicability and value of a solution can be gained via a rapid demonstration and trial-based evaluation versus the same level of time and cost committed to a full request for proposal (RFP) process.

Read more ...

Conclusion: Given the reality of shrinking budgets, organisations can struggle deciding what new products to purchase or techniques to implement. They hope the new capabilities will enhance their security posture, but new tools often need additional staff to operate them. Employing skilled security staff can itself be a challenge. A simple but pragmatic approach is to leverage IT operation’s budget and skills to improve operational hygiene and hence, overall security hygiene.

Read more ...

Conclusion: ICT health checks enable organisations to better understand risks and prioritise activities to both maintain and improve the performance and reliability of ICT in support of business outcomes.

ICT health checks can be conducted as a light touch in the first instance, with detailed in-depth health checks being conducted as follow-up activities in specific areas where and when necessary.

An effective ICT health check strategy will be business-focused and not based on technology alone. Implanting health checks as part of your annual ICT budget planning will provide timely advice on the organisation’s ICT health and provide in-built regular reviews of ICT health to ensure business outcomes are achieved without unnecessary risk.

Read more ...

Conclusion: Despite market hype around the role of data scientists and in-house developers for the successful exploitation of artificial intelligence (AI), organisations are increasingly looking to their vendor partners to provide ready-made solutions. Both business and technology leaders are expecting solutions to be based on the vendor’s ability to leverage their customer base across various industries to create AI features such as machine learning models.

Vendors are responding by increasingly incorporating these features into their offerings, along with a new breed of vendors that are producing pre-trained or baseline machine learning models for common use cases for specific industries.

However, organisations must be prepared to contribute to this AI product development or continuous improvement process which in practical terms means giving major vendors access to data. Without access to good data the result will be sub-optimal for both parties.

Read more ...

Conclusion: IT auditors typically consult with, and report their findings to, the board’s Audit and Risk Committee. Their POW (program of work) or activities upon which they will focus may or may not be telegraphed in advance to stakeholders, including IT management.

To avoid getting a qualified audit report for IT, e. g. when internal (systems) controls are weak or IT risks are unmanaged, business and IT management must first get their house in order, by tightening controls and addressing risks before the possible arrival of the audit team. Failure to get the house in order, before an audit, could be career limiting for IT and business managers.

Read more ...

Conclusion: The three largest service providers in Australia for mobile phone services, Telstra, Optus and Vodafone, have all committed to providing 5G networks. 2019 has seen the introduction of 5G networks and devices; however, the coverage is still limited. Initial coverage by the service providers will focus on areas with the highest population density, providing coverage to a greater number of potential users. In 2019, it is estimated that coverage should be available to about 4 million potential subscribers.

The jump in speed and reduction in network latency will open up opportunities for new services and customer experiences that would not be practical using existing 3G or 4G networks. There is a large potential economic upside and organisations should be planning for future use cases.

Read more ...

Conclusion: Business ethics is not a new topic. It is as old as business itself and many of the issues and questions posed during ethical considerations are just as old. Digital ethics takes a fresh look at many of these issues from a new perspective, that of a technology-enabled society and the business community. Digital capabilities introduce new complexities and challenges to the business environment. Many ethical issues arising from technology advancements cannot be solved simply. However, without addressing these matters, the business community puts itself, its customers and the community at risk. Viewing ethical issues with a technology focus and adherence to ethical principles can mitigate some of these risks.

Read more ...

Conclusion: Asset management can be described as ‘the life cycle management of physical assets to achieve the stated outputs of the enterprise’. To achieve the appropriate level of asset management maturity, investment in people, processes and technology all increase the likelihood of developing an effective asset management system. Under-investment could result in asset leakage or increased maintenance costs, thus diminishing the expected returns of the assets.

Where asset management maturity model reaches the level of being ‘integral part of everything we do’, organisations can seek accreditation of the asset management framework using ISO 55000:2014.1

Where the common question is often ‘why waste our time on asset management’ then assets are usually at risk of leakage or poor customer satisfaction ratings. Outages and incidents may occur regularly. The risk of business collapse increases without recognition and change. Here organisations need to consider the steps to commence a review using the asset management model.

Read more ...

Conclusion: ICT disaster recovery plans (DRPs) have been in place for many years. Fortunately, invoking these plans is rare, but just like insurance plans, it is wise to ensure the fine print is valid, up to date and tested on a regular basis to minimise restoration of business services reliant on the complex range of IT enablers in place. Adoption of general Cloud services and the ever-changing ICT asset landscape requires careful alignment with the DRP to be ready when the restoration is required.

Read more ...

Conclusion: Running IT-as-a-Service requires emulating vendors’ account management function by creating a business relationship manager (BRM) role. The role’s rationale is to provide strategic advice to business stakeholders and act as a single point of coordination between IT groups and business lines. BRM’s focus is to manage the relationship with business strategists and recommend IT solutions relevant to business performance improvement and cost reduction initiatives where applicable.

Read more ...

Conclusion: Organisations everywhere have been embracing agile as a project delivery approach, agile for creativity and product development and even agile and lean for new business models. Seeking to fast-track their way to value often means embracing the minimum viable product (MVP) method. MVP is often bandied about but rarely is this method being utilised as intended. The reasons are many and varied and understanding what MVP really is and how to leverage the method effectively can provide significant value for teams and organisations alike.

Read more ...

 IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Shadow IT sounds like a covert — quite possibly dark — force. And to some people it may well be. But the truth is both far simpler and more complex.

According to Cisco, Shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organisation.

“Shadow IT is a term that originally came from people having little apps they brought into the business themselves. Dropbox is the classic one, but there are plenty of them,” says Dr Joseph Sweeney, advisor at leading Australian IT research firm, IBRS.

“Today, shadow IT extends beyond consumer apps to the as-a-service delivery of enterprise business capability, such as Human Capital Management.”

Full Story

Conclusion: This month, the high activity in mergers and acquisitions has continued. However, there has been additional discussion on the impact of these acquisitions on the industry in general, as well as the high volume, and whether this type of activity could have a negative effect on the Australian market – in particular, if the current regulatory frameworks governing mergers and acquisitions are sufficient to protect competition and avert potential misuse of market power. It is critical that regulators are aware of industry trends and how new practices may affect the market, as well as be open to feedback from vendors that have direct experience with circumstances regulators may not be familiar with.

Read more ...

Conclusion: Organisations understand that implementing projects is part of the natural workflow. Delivering projects that meet organisational expectations is expected and demanded. Project management offices (PMOs) have been established to support project management activities and provide some key elements such as project management methodologies, documentation, project manager recruitment and organisational reporting.

While many organisations have implemented a PMO, there are nearly as many organisations that continue to struggle with some key elements such as resourcing, benefits and prioritisation, and the PMO has an opportunity to provide real value to the organisation in addressing these areas.

Read more ...

Subscribe

Want to get the latest papers from all our advisors? Subscribe, and we'll send you the information you need.

Invalid Input
Please enter a valid email address
Invalid Input
Please enter your mobile phone number
Invalid Input