Conclusion: Medium and large sized enterprises are complex, socio-technical systems that comprise many interdependent resources – including people, information and technology – that must interact with each other and their environment in support of a common mission1. These complex entities undergo varying levels of transformation throughout their useful life in a continual quest to remain capable of fulfilling the business mission and achieving their desired business outcomes.

A mature enterprise architecture (EA) practice is extremely beneficial in supporting and enabling a business to transform in a considered manner, to formulate and execute their evolving strategies. Whether in response to traditional business, modern digital or the emerging AI-enabled transformation agendas, the case for adoption of EA remains as strong as ever.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Conclusion: This month, discussions regarding offshoring initiatives have been prominent following announcements by two vendors that plans are in progress to send work overseas. Though offshoring can be beneficial in terms of cost and the ability to obtain talent not available in the local market, the approach can cause difficulties for organisations. For instance, local protest or a loss of customer confidence can arise due to perceptions that offshoring practices are simple cost-cutting efforts which come at the expense of quality service. However, offshoring initiatives can be critical to meet demands for vendors to provide new, quality offerings in a highly competitive environment. The need to go beyond the local market is driven by more than mounting staff costs. Although risks associated with cultural barriers or customer backlash exist, benefits can be significant when providing unique and high-quality offerings. Vendors must achieve a balance between local and overseas services, as well as maintaining a positive view of offshoring as more than a simple cost-cutting exercise which results in low quality service, to an exercise that can enhance offerings resulting in improved services.

Read more ...

Conclusion: The blending of different corporate cultures can be a huge risk factor that can significantly impact the success or failure of an acquisition. Maintaining multiple corporate cultures is extremely difficult to do, and the chances of failure are high. Cultures usually have upsides and downsides. When trying to keep cultures separate, employees tend to only see the “upsides” of what their peers have, and downside issues undermine employee morale due to feelings that they are not being treated fairly or equally.

It is IBRS’s view that ultimately efforts to have two conflicting corporate cultures coexist after an acquisition are likely to fail over time. The most dominant culture will ultimately be the culture of the organisation and employees who did not sign up for that culture will look for exit opportunities.

Read more ...

Conclusion: Organisations need to plan to quickly and successfully recover business operations by creating and updating business continuity plans (BCPs) supported by disaster recovery plans (DRPs). However, there are many challenges to overcome in order to keep these plans useful in readiness when business disruption eventuates.

Read more ...

Conclusion: Unless software testing practices are rigorous and enforced, system defects will continue and compromise meeting of service delivery objectives. Whilst defect-free code, and clean vendor software patches, are an objective, their realisation may be as elusive as the so-called paperless office.

To significantly reduce defects, and minimise risks, IT management must implement a program that elevates quality ahead of expediency and pragmatism, even if it is at the expense of the project’s schedule.

Read more ...

Conclusion: Over the past decade, the role of the Chief Information Security Officer (CISO) has risen to be one of great importance in many large and mid-sized organisations. While this remains the case, protecting information assets is more likely to be successful through ensuring all threats are managed under the same set of policies and principles. Managing threats to organisations can no longer be separated between departments or siloed out to service providers. With data in the Cloud and people on the ground in new geographies, the need to evolve the relationship between logical and physical controls has increased. The key to holistic security is to bring all aspects of security under one umbrella to ensure all bases are covered.

Read more ...

Conclusion: Media played up the impact of Artificial Intelligence (AI) and Digital Transformation in 2018. However, the potential AI remains underestimated and its limitations misunderstood. In short, AI is reaching peak hype with investments sporadic and confused. In contrast, Digital Transformation remains a primary driver for investment, though it means very different things to different organisations and even different stakeholders within organisations.

Australia’s CIOs remain focused on tactical issues: upgrades of core systems, adoption of hybrid Cloud (as opposed to simply Cloud migration, which was a dominant theme in early 2018) and changing the culture and structure of the ICT group to support “as-a-Service” operational models entity

It is important to note that these tactical priorities of CIOs all have one thing in common: they are aimed at providing a technological infrastructure for the organisation to adopt “Digital Transformation”. In this sense, Digital Transformation is being used as a way to secure agreement and investment in more fluid, responsive and modern tech infrastructure and operations, rather than a specific, measurable business outcome.

In 2019, Digital Transformation is a rallying call, more than a discrete program of work with measurable outcomes. This rallying call will be heard by all stakeholders, but interpreted differently. The challenge for senior ICT executives will be to leverage the short opportunity the Digital Transformation call has to deliver genuine long-term benefits and update infrastructure and operating models to be more flexible and responsive to changing business needs.

Read more ...

Conclusion: There are two broad groups of digital strategies – bold and defensive. Companies that choose bolder strategies tend to be more successful. However, there are good reasons why certain enterprises should consider choosing more conservative defensive digital strategies as there are still benefits to be gained from this approach. Strategy selection depends on a variety of factors, including industry forces and other factors which make each enterprise unique. It is important not to be half-hearted about digital ambition – defensive strategies are not sufficient in the long run. Strong and committed leadership at the top and throughout the organisation is still crucial to the successful implementation of digital initiatives.

Read more ...

Conclusion: Innovation is a growing key competency for organisations in the public sector and seemingly an imperative for the commercial and not-for-profit sectors to grow or maintain market share and relevance in a continuously dynamic marketplace. Although innovation is included in nearly all current strategic plans, both business and technology, organisations still struggle to actually adopt innovation in practice. Only by recognising how not to innovate can organisations ensure that change to their actions and behaviours supports innovation and does not kill it.

Read more ...

Conclusion: What to monitor and how you respond to the data is often poorly documented and not fully understood until after a failure occurs. In this world of “no surprises”, effective monitoring is a key success factor. If an organisation’s ICT monitoring strategy is to be successful it must be structured around the organisation’s business outcomes. The monitoring strategy framework is achieved through the alignment of the organisation’s critical-business functions, the ICT high-level design, the ICT architecture and the priorities set out in the organisation’s disaster recovery plan (DRP) as the primary influencing factors.
Key to an effective DRP is a clear understanding of the system architecture and design, with sound knowledge of the risks and weaknesses it brings in support of critical business functions. When the ICT monitoring strategy is based on this framework it will deliver a near real-time health status of the organisation’s ICT environment, allow for planning future capacity, and in the investigation of incidents when they occur. An effective monitoring strategy will be business-focused and not monitoring for monitoring’s sake.

Read more ...

Conclusion: The IT organisation in most enterprises suffers from the “Cobbler’s Children” syndrome – they give great advice but do not practise what they preach. A prime example is when IT does not apply Enterprise Architecture approaches and capabilities to the business of IT itself1 and yet expects other departments to apply such principles. Sadly, a new deficiency is emerging in IT as increasingly the role of analytics is democratised across the business – leading to the lack of data analytics capability for IT itself.

As organisations embrace data science, artificial intelligence and machine learning to generate increasingly sophisticated insights for performance improvement, IT must not let itself be left behind. This means ensuring that within a contemporary IT-as-a-Service operating model, space is created for the role of IT Data Analyst. This should be an inward-facing function with primary responsibility for the generation and curation of the IT organisation’s own core information assets in the form of data relating to the portfolio of IT assets, services and initiatives, including curation of operating data from Cloud providers and other partners.

Read more ...

Conclusion: Some ICT strategies are technology-centric while others are business-centric. The technology-centric strategies are usually developed without business stakeholders’ involvement resulting in limited business buy-in. Business-centric strategies are based on business strategies but have a short life-span. This is because market forces require business strategies to change frequently. IBRS recommends that ICT strategies be derived from business and IT guiding principles.
The rationale is that guiding principles have a longer life-span than business strategies and can deliver the desired outcome such as:

  • leveraging new technology
  • involving business stakeholders in the development process
  • realising business value in a timely and cost-effective manner.

Read more ...

IBRSiQ is a database of client inquiries and is designed to get you talking to our advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Conclusion: This month, security issues and responses to threats specific to managed service providers have been discussed. Attacks on vendors can be particularly serious because of provider interaction with customer environments and access to information. These difficulties can be exacerbated by other issues facing vendors, such as obtaining additional resources from contractors, inexperience or lack of expertise with complex, unfamiliar environments. Recent attacks on service providers have raised concerns because of threats to customer environments, as well as flow-on effects such as uncertainties relating to vendors and difficulties establishing trust with customers. New programs, education and vendor collaboration have been launched to address provider-specific security issues. It has been recognised that establishing best practices and protocols to help avert, detect and respond to security threats is required in the industry.

Read more ...

Conclusion: Organisations develop unique cultures. It may be a deliberate and conscious effort of the executive team to define and put in place a culture which will influence the way the organisation works, its priorities and its attitudes. Or it may just be something that has evolved over time as an organisation has grown, added more employees, expanded its business, or entered new markets or geographies.

Acquisitions often occur based on external opportunities, such as growing market share, improving product offerings or gaining a competitive advantage. But it can be the internal issues of how similar or dissimilar the two corporate cultures are that can really impact the potential success of the acquisition.

If the corporate cultures are very different, care needs to be taken to understand this, and develop specific action and change management plans to support the merging of the cultures. This is significant as the impact of a culture change may hurt the acquired organisation which could reduce the capability of the acquired organisation, and perhaps the morale of the employees, resulting in high employee turnover.

Read more ...

Conclusion: “C-suite” leaders including CIOs and IT managers must continually adapt and change their mindset to be digitally savvy in order to keep pace and influence the digital revolution at the workplace12. Failure to do so will increase risks to implement initiatives whilst harming their own careers and those under their care.

Read more ...

Conclusion: Agile teams will struggle to deliver a viable solution (or product) unless they can tap into the business knowledge of an astute product owner who can communicate the objectives of the product and work with the scrum to ensure it meets the stakeholder’s requirements. Without a proficient product owner, the Agile team may lack direction which would put successful outcomes at risk.

Read more ...

Conclusion: Cloud offerings are now commercially available, allowing CIOs to engage the technology offerings with a high degree of trust that the service is secure and responsive at reduced cost to in-house solutions.

CEOs have an obligation to ensure their organisation’s IT systems are cost-effective and meet the security accreditation defined by government (or their Board). PROTECTED Cloud services can reduce cost of operations and meet many of the CEO’s obligations for accreditation (and review) of services, and therefore better manage risk, to meet government and best practice commercial security requirements.

All PROTECTED Cloud data centres certified by ASD are physically located in Australia. Depending on your needs, they all meet Australian Government data sovereignty requirements and offer low latency and in-country technical support teams to assist clients. Provision of PROTECTED Cloud services allows the CIO to restructure IT, moving to a more agile and potentially lower cost option to provide the appropriate security approach.

Read more ...

Conclusion: Public Cloud is not the solution to all IT organisations’ technology and services problems. This is because most IT organisations use a portfolio of environments such as legacy systems, in-house and outsourced services, customised IT service management tools and standard applications (e. g. email) that cannot be all retrofitted in a public Cloud architecture without major rework. As a result, hybrid Cloud has become the preferred direction because it allows the multiple environments to co-exist in a cost-effective manner. However, a convincing business case is needed to gain business and IT senior executives’ sponsorship to adopt hybrid Cloud. While Cloud migration benefits and risk mitigation are critical success factors, the deployment-hidden cost is a major contributor to failure. The objectives of this research note are to provide a framework1 to develop the business case and to ensure its cost includes the following:

  • Hybrid Cloud strategy development,
  • Risks identification and mitigation,
  • Go-to-market strategy, providers’ selection and contract negotiation, and
  • Ongoing governance to realise the desired business benefits. This can reach up to 7 % of the yearly cost.

Read more ...

Conclusion: Australians have become increasingly concerned not only with what data is being held about them and others, but how this data is being used and whether the resulting information or analysis can or should be trusted by them or third parties.

The 2018 amendments to the Privacy Act for mandatory data breach notification provisions are only the start of the reform process, with Australia lagging a decade behind the US, Europe and UK in data regulation.

Therefore, organisations seeking to address the increasing concerns should look beyond existing data risk frameworks for security and privacy, moving instead to adopt robust ethical controls across the data supply chain1 that embodies principles designed to mitigate these new risks. Risks that include the amplification of negative bias that may artificially intensify social, racial or economic discord, or using data for purposes to which individual sources would not have agreed to.

Early adopters of effective data ethics will then have a competitive advantage over those who fail to address the concerns, particularly of consumers, as to how their data is used and if the results should be trusted.

Read more ...

Conclusion: Throughout the year, most businesses invite in a third party to conduct an information security risk assessment – as per best practice. Often this is a compliance exercise, other times it is just good housekeeping. Assessors are paid to find gaps in security controls based on the threat landscape and risk profile and provide recommendations for how to better secure the organisation with appropriate controls. With a thud-worthy report in hand, those charged with remediation must prioritise the recommended tasks to best use their resources to appropriately protect the organisation.

Read more ...

Conclusion: Agility has been introduced into organisations as part of their approach to increase the cadence, or velocity, of design, development and implementation cycles for project delivery. Increased levels of activity and visibility are also integral to many social media solutions and their approach to online presence. However, strategic planning processes evolve slowly and for many organisations this critical business and technology planning activity is lagging behind and no longer supports the business objectives in the digital era. 

Read more ...

Conclusion: Digital transformation is top of the agenda for most companies in 2019. Many organisations have initiated digital transformation programs and are seeing success with small-scale pilots. However, these activities do not easily scale across the enterprise or ecosystem, limiting an organisation’s capacity to fully realise the benefits of their digital transformation investment.

The biggest barrier to scaling is not technology. It is culture. The established culture in a stable and successful organisation is likely to resist disruption. Existing remuneration and recognition frameworks tend to reward existing behaviours. Individuals and groups will resist change if they do not believe the “digital vision”. A clear, compelling narrative is needed.

Effective scaling of digital initiatives must be led with a commitment from the top, intense communication at all levels and a clearly articulated vision of the future. Organisations that recognise this and can source the right capabilities to deliver large-scale digital transformations will have higher success rates than those which do not.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

 
 IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

Conclusion: Relying on third parties to succeed in business has become the norm. Cost limitations and workforce requirements mean that businesses need to find efficient ways to achieve their goals. This regularly includes creating an ecosystem of organisations that offer technology, consulting and support services that can be leveraged when required for a fraction of the cost of employing a person or service in-house to the same end. This is great from a business perspective; however, engaging with third parties brings significant risk. Businesses are effectively opening their door to a perfect stranger and inviting them into their organisation to look around, share some data and stay a while. Managing the risk of having a third party connected to an organisation is important. An organisation’s security controls become meaningless once data is transferred to a third party. At the end of the day, if a cyber-attack occurs via a third party, there will be more than one reputation on the line in the eyes of current and future business partners, customers and clients. 

While the impact of a third-party data breach cannot be completely prevented, the key to resilience, detection and management of connections is awareness, being upfront about the security expectations and educating the workforce.

Read more ...

Conclusion: This month, there has been a range of company acquisitions, consolidations and partnerships in the managed services industry. These types of purchases can allow vendors to obtain resources necessary to adapt to emerging industries and new offerings. Purchasing providers can be beneficial, expanding and enhancing a firm’s products and services with the successful integration of companies. This has resulted in trends including more targeted purchases such as company assets, or the amalgamation of a number of vendors with very different specialties to provide new offerings and adapt to market shifts. Failure to adapt offerings and business structures which allow for these changes can impact on vendor credibility and is critical in a market where proactive, innovative and highly specialised providers are required by customers.

Read more ...

Conclusion: Developing a digital strategy or embarking on a digital transformation program is now a common business narrative. For some organisations it is a process of recasting existing IT strategy and continuing in more or less the same manner. For others it involves initiating a technology project as a way to learn new processes and update platforms and skills. Understanding the business readiness of the organisation is a critical element for any change but is key to digital transformation.

Read more ...

Conclusion: Keeping the executive informed on how the ICT function is performing while advising it how to take advantage of changes in business technology is an ongoing challenge for every CIO or ICT manager.

Astute CIOs know that to get traction with the executive (or equivalent) they must deliver services required by stakeholders while contributing to strategy debates on how to use new technologies to meet the challenges of the future. Getting traction starts with presenting the right ICT-related information to the executive at the right time.

Read more ...

Conclusion: Given the frequency of acquisitions within the information technology (IT) sector, it is prudent that clients of the organisations involved spend time to consider the possible outcomes or consequences of the acquisition, and in particular if the outcomes are likely to be good or bad news for them.

Acquisitions are likely to always involve changes in staff. The staff most at risk of being made redundant are usually in non-client-touching administration roles, such as finance, supply or HR. What clients do need to think about are possible changes to key technical or product development teams, as well as key staff that they deal with on a regular basis.

The other area where impacts may be felt is in the future direction of ongoing product development, with outcomes that can again be positive or negative for clients.

Read more ...

Conclusion: The 2018 CIO survey1 revealed that the CIO’s influence is stalling, with fewer CIOs on executive boards. However, improving business processing is still the #1 operational priority. To address this priority, CIOs and IT managers should use everyday tools such as calendars to better collaborate with their staff by exploiting and promoting the features of the tools at their fingertips.

Read more ...

Conclusion: Increasingly, IT departments are looking for ways to divest their operations of undifferentiated activities – that is, activities that are common among most organisations. One technology that is ubiquitous across every organisation, in every vertical sector, is end-user computing. Theoretically, it should be an easy area of IT to be deployed via a fully managed service. In reality, IBRS has seen more failures in the space than successes.

The reasons why fully managed (aka “as-a-Service”) end-user computing initiatives fail is a result of the initial rationale for the go-to-market strategy and the resulting request for proposal (RFP).

Read more ...

Conclusion: While the current artificial intelligence (AI) initiatives are data-driven, there are instances whereby the current data is insufficient to predict the future. For example, answering the following questions might be challenging if the available data is only of a historical nature irrelevant for forecasting purposes:

  • Q1: What will be the effect on sales if the price is increased by 10 % as of the next quarter?
  • Q2: What would have happened to sales had we increased the price by 10 % six months ago?

The purpose of this note is to provide a framework that can be used to derive sales principles to answer the above questions. The same approach can be used to derive other business processes principles such as procurement, customer service and client complaints tracking.

Read more ...

Related Articles:

"Analytics artificial intelligence maturity model" IBRS, 2018-12-03 09:44:43

Conclusion: Increasingly, leaders in the field of AI adoption are calling out the limitations of the current machine learning techniques as they relate to knowledge representation and predictive analysis.

Organisations seeking to adopt machine learning as part of their AI-enabled transformation programs should ensure they fully understand these limitations to avoid unproductive investments driven by hype rather than reality by expanding their definitions of machine learning to include the use of graph networks and social physics solutions.

Read more ...

Conclusion: CIOs should consider the environments for their PROTECTED information, both when building new capability and/or when renewing older infrastructure and services. The need to have cost-effective infrastructure services (in-house or IaaS), accredited security of services and responsiveness for clients using the service are three key deliverables for any CIO.

The Australian Government has identified PROTECTED ratings be applied where systems and data are at risk and where the systems or data are critical to ensuring national interest, business continuity and integrity of an individual’s data. Critical business functions are a combination of the IT systems they run on and the data they consume.

Defining what should be afforded a PROTECTED rating and therefore adequately protected is an ongoing challenge. The Australian Government’s Information Security Manual (ISM) and recent legislation “Security of Critical Infrastructure Act 2018” detail the requirements and framework for reporting, on government-run IT systems and critical infrastructure. Using this framework as a base, organisations should assess whether the data or IT environments that support critical business functions should be treated as PROTECTED.

Read more ...

  IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

 
 IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Subscribe

Want to get the latest papers from all our advisors? Subscribe, and we'll send you the information you need.

Invalid Input
Please enter a valid email address
Invalid Input
Please enter your mobile phone number
Invalid Input