Conclusion: This month, discussions regarding the need to strengthen security and recovery solutions have been prevalent. The increased number of breaches which compromise private user data and interfere with business operations has become apparent. While technologies and frameworks can assist with avoiding and recovering from security events, weaknesses still exist when integrating security strategies with company structures and culture. Human error, and the failure to educate or provide all employees with skills to avoid, detect or respond to security events, has been flagged as a particular concern. Any security structure must provide resources that can support employee vigilance and slot into a company’s culture.

Read more ...

Conclusion: Every dollar spent in supporting legacy systems or BAU (business as usual) represents a dollar that cannot be allocated to digital transformation initiatives. Conversely, organisations without legacy systems (digital natives) can be quicker to market with innovative solutions supporting the digital strategy, as there is no residual debt to repay.

Compounding the problem for organisations with legacy systems is that skilled IT professionals supporting them are likely to be fewer each year, as they leave for greener pastures or retire. To back fill, management must pay a premium to engage skilled contractors who will need time to understand the nuances of the legacy systems and become productive.

Read more ...

Conclusion: Acquisitions are a frequent occurrence amongst information and communication technology (ICT) vendors and solution providers. The outcomes of an acquisition or merger will impact clients as well as the employees of the organisations.

Clients and employees should invest in thinking about the announced acquisitions, what the stated goals are for the acquisition, and what exactly might be the reasons and likely outcomes of the acquisition. Whilst clients and employees are unlikely to be able to influence an acquisition being completed, it may be in their interest to take steps to help secure their own position, to either capitalise on the opportunities or reduce the risk of any possible negative outcomes.

Read more ...

Conclusion: As self-service data analytics and visualisation becomes mainstream – due in no small part to Microsoft’s Power BI strategy – traditional data teams within IT groups need to reconsider traditional business intelligence architectures and plan a migration to a new environment. Underpinning the new architecture must be a sharper focus on tools and practices to support data governance, which is not a strength of Microsoft’s portfolio.

Read more ...

 

Conclusion: Artificial intelligence technologies are available in various places such as robotic process automation (RPA), virtual agents and analytics. The purpose of this paper is to provide an AI maturity model in the analytics space. The proposed maturity model can be applied to any type of industry. It provides a roadmap to help improve business performance in the following areas:

  • Running the business (RTB): Provide executives with sufficient information to make informed decisions about running the business and staying competitive.
  • Growing the business (GTB): Provides information about growing the business in various geographies without changing the current services and products.
  • Transforming the business (TTB): Provides information to develop and release new products and services ahead of competitors.

Read more ...

Conclusion: Fraud and cybercrime can both keep key stakeholders in a business awake at night. But these threats are often driven by very different malicious motivations. In the end, the two threats overlap but are very different. Fraud is a crime carried out for financial gain. Cybercrime on the other hand can be executed for many reasons including political, passion and even opportunistically, purely because a vulnerability was there. Aside from reasons/motivation, two other key differences include skill set needed to manage such threats and the delivery method of the event. Organisations need to prepare for both of these threats to be realised and cannot always rely on the controls of one to detect, prevent or manage the impact of the other.

Read more ...

Conclusion: Digital transformation is happening everywhere. It is being included in organisational strategic plans for government service improvements and in commercial organisations to address market challenges and industry disruptors. Digital transformation efforts include a core group of domains including strategy, innovation, experience, automation and trust and these must be addressed in any digital transformation approach. However, a core element of digital transformation is people and the hardest part of digital transformation is the cultural piece.1 Understanding the people elements of digital transformation and appropriately addressing them can mean the difference between success and failure for organisations.

Read more ...

Conclusion: There are many strategies to consider as well as challenges to be aware of when migrating from a traditional waterfall development methodology to an agile methodology. Plan and prepare carefully and be patient during this transition and anticipated benefits will be realised.

Read more ...

Conclusion: In IBRS’s 2018 Top Business Technology Trends Priorities Report, we noted that despite significant media attention on blockchain or distributed ledger technology (DLT) in 2017, the primary concerns of Australia’s Chief Information Officers (CIOs) in 2018 remains focused on the more pressing issues of migration to the Cloud, and its impact on IT operations and staffing.

However, ignoring DLT in the long term is no longer an option. After 10 years since the advent of blockchain, real world and production examples are now emerging from market-influencing players in Australia such as the Australian Securities Exchange (ASX) and Commonwealth Bank (CBA). This, combined with significant investment from credible vendors (both old and new), requires that CIOs and their Enterprise Architects review the implications of DLT becoming a mainstream means for secure, immutable data exchange to enable fully automated multi-party workflows.

Read more ...

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

 IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Conclusion: This month, IT vendor acquisitions and partnerships have been prominent. The incentive for companies with disparate products and services to consolidate has increased, resulting in strategic arrangements aimed at expanding offerings and future company developments. However, this kind of consolidation can result in difficulties when separate entities make efforts to integrate. This type of integration requires an orderly transition and establishing a solid foundation for ongoing operations to maximise benefits associated with new resources. Detailed planning and execution is necessary to establish direct relationships and better understand the resources available, customer base and externals from both companies and allow for a more consistent fit between internal departments as well as a framework for practical and flexible implementation of plans.

Read more ...

Conclusion: The CIO’s role has changed considerably over the past couple of decades, from “keeping the lights on” and working on cost-saving initiatives (automation) to expanding into embracing new technologies and enablers to transform the organisation. The importance of this has created additional roles like the Chief Digital Officer (CDO) to lead this critical activity.

Read more ...

Conclusion: Project management principles and frameworks are now implemented in the majority of organisations, including public, commercial and the not-for-profit sectors across Australia. While project delivery metrics indicate an improvement in successful project execution there is still a concerning level of project failure (approximately 35 %). Project failure is extremely costly and while focus is on the project execution elements, many failures can be traced back to poor governance and decision making. Project boards set the tone and show the way forward for projects by helping to resolve challenges or to provide alternative actions. Their behaviour will be reflected whether the tone is positive or negative and has enormous impact.

Read more ...

Conclusion: When scanning the market to find new solutions or vendors, it is usual to consider who else uses the solutions, the size of the organisation and their customer base. Vendors often publish examples of clients that use their solutions, and particularly like highlighting those clients that represent well-known global or local brands.

Whilst being nice to know, the details provided are usually very shallow, and should never be relied on in terms of influencing a buying decision. It will take a significant effort to get any details that may actually help a project team, and in many cases, the detail will simply not be available.

Read more ...

Conclusion: Microsoft’s portfolio of business intelligence (BI) products now places the vendor in a market-leading position. Over the next three to five years, IBRS expects Microsoft to continue to strengthen its market position in BI, largely through its ability to expose a large number of users to self-service data visualisation and storytelling via some of Power BI’s features being included in Office 365.

Exploring Microsoft’s strategy for Power BI provides several important issues for consideration.

Read more ...

Conclusion: IT organisations wishing to create value should initiate selling processes to define business needs, establish SLAs for mission-critical systems and provide IT solutions to key business issues. This will result in boosting IT staff confidence and managing business lines’ expectations more effectively.

Read more ...

Conclusion: Carried out using reliable cost and performance metrics, a benchmarking exercise can yield significant benefits. Conversely, when costs are unclear and few performance measures are available, IT managers may struggle to justify their budget and enhance service delivery.

Read more ...

Conclusion: Passwords are the weakest link (some might say second to humans) in the enterprise security chain. With compromised credentials (a username and password) being the leading cause of data breach1, passwords and even the stronger passphrases are no longer sufficient to protect users or businesses from unauthorised access to critical data and systems. As such, an additional layer of security, namely two-factor authentication (2FA), is now commonly available. The term two-factor or multi-factor authentication has become commonplace and while it materially reduces a business’s risk to several cyber threats, many end users feel that it is an inconvenience, slows down productivity and prefer not to “opt-in” if that is at all an option. The bottom line is that 2FA is complementary to strong passwords – it is not a replacement for them. Raising education and awareness of the importance of strong passwords is still needed and 2FA is simply another layer of protection, akin to a more secure bolt on the door to our sensitive information.

Read more ...

IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

 IBRSiQ is a database of client inquiries and is designed to get you talking to our advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

Conclusion: This month, discussions regarding enterprise agreements combining products and services to provide highly tailored solutions have been prominent. In particular, market transformation with smaller vendors offering new products, different enterprise consumption models, collaboration and new capabilities have driven growth in this area. A greater demand for flexible customisation and configuration of offerings has also driven growth, as well as vendors offering incentives to utilise products and services, or establishing partnerships in order to support organisations when developing solutions.

Read more ...

Conclusion: Just as one size car does not suit everyone, so one IT management reporting structure will not meet the needs of all firms or agencies. While there is no blueprint for developing an IT management structure, there are guiding principles and workplace change management practices to help get the restructure right the first time.

Due to fluctuating IT investment cycles and business transaction volumes changes, IT management reporting structures are rarely static. Consequently, management must be prepared to change IT management reporting structures quickly in response to business changes or when they are not meeting the purpose for which they were designed.

Read more ...

Conclusion: Whilst many organisations in Australia cite the lack of available IT skills to be a threat to their future growth or ability to complete digital transformation initiatives, Australia has a large often untapped pool of potential employees in candidates on the autism spectrum.

It is estimated that around 60 to 80 per cent of employable adults with autism spectrum disorder (ASD) struggle to find full time or steady employment, and those that do find employment are often underemployed, that is, employed in roles below their educational or professional level1. Recently tech companies have recognised this opportunity, and programs underway in Australia are successfully identifying, recruiting and supporting individuals on the autism spectrum with the potential to excel particularly in testing, data science and cyber security roles. All are high growth areas for employment.

Read more ...

Conclusion: Since CRM modernisation will impact many major functional areas of the organisation, developing a communication plan to ensure the strategy is developed and executed in a consistent and well-supported manner will involve many different roles and responsibilities. Gone are the days when the CRM was primarily the domain of sales and the IT departments.

Read more ...

Conclusion: Organisations either recognised early that digital transformation was essential to meet the competitive demands of their respective markets or accepted that general community expectations had increased where digital transformation of traditional business operations, processes and services was no longer expected and demanded. Digital transformation became the next big thing in organisations and initiatives were launched in earnest everywhere. While there are always success stories, many more have been less than successful and their stories have some very common themes. To make digital transformation work for the long term it is critical to avoid these mistakes.

Read more ...

Conclusion: IT organisations wishing to create value are challenged by long implementation time-scales and inability to change the business perception of IT capability. To address these challenges, IT organisations should adopt an accelerated approach by deploying key processes within a six-month period, to demonstrate service quality and commitment to meet business needs in a rational fashion. Failure to do so will brand IT as a support function, and will make IT desire to earn strategic partner status virtually unachievable.

Read more ...

Conclusion: The differences in roles and responsibilities between an IT professional and line manager are many and need to be understood quickly by the new managers and their peers. Not only will the understanding help both parties make the appointment work but it will also reinforce the selection panel’s appointment decision.

A new line manager must remember that the behaviour and strategies adopted in the IT professional role are unlikely to guarantee success in the new role. This is because the new role is typically a multi-dimensional one in which there are more stakeholders, outcomes are elusive and feedback is minimal.

Read more ...

Conclusion: The role of being a supportive follower is overlooked as compared against the literature of being a leader. Everyone is a follower, yet by a factor of over 1,000 to 11, information is overwhelmingly written about how to be a better leader rather than about being a follower. As a leader, there are many benefits in identifying traits of what is required in a follower. There is also a strong overlap in the behaviours of being an effective leader as there is in being an effective follower. Both roles are just as important as each other and yield significant benefits to the organisation and individuals when realised.

Read more ...

Conclusion: The question of “how much security is enough” often stems from attempts to define ballpark security budgets, meet compliance obligations and scope out security team size and make-up. But how much security is enough depends on a number of factors that an organisation must consider before seeking the endorsement of the security strategy and agreeing on an acceptable risk position.

Read more ...

IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

The CIO Cyber & Risk Network Mandate:

To provide CIOs in Australian organisations with a forum in which to share their issues and approaches to cyber security and risk. The intended outcome is that organisations make better informed decisions to help protect their organisations, staff, customers and the economy.
Introduction
Not all Australian organisations are fortunate enough to have a Chief Information Security Officer. But not having a CISO doesn’t mean the challenge of managing cyber risk goes away. IBRS clients have been telling us that the frequency with which they are being asked to report on cyber security to their boards has increased. Now, four times a year is the minimum, and the board members are asking better, more in-depth, questions. The CIO Cyber and Risk Network is a vendor independent forum for CIOs to share with and learn from each other. 

Who can participate?

The CIO Cyber & Risk Network is a service for CIOs who are accountable for cyber security as part of their role.
To ensure that trusted relationships can develop, and provide an experience of continuity within the group, CIOs invited to participate will not exceed 20
The CIO Cyber & Risk Network is an invitation only forum. This is to ensure that the forum is not swayed by vested interests, and that the participating CIOs are assured of the confidentiality of the discussion.

Format

4 gatherings per year. Each gathering will be for 4 hours; 2 hours as a formal facilitated discussion and a 2 hour informal session which is an opportunity for the CIOs to have the 1:1 and small group conversations to follow up to the formal session.
IBRS will facilitate each gathering.
IBRS will also coordinate any external guests.
All gatherings are closed door, and held under the Chatham House Rule.
A summary of findings is distributed after each gathering
Participate in a distribution list of like minded CIOs
Should a CIO not be available to attend a gathering, sending a direct report is possible but discouraged. If direct reports are sent too often, as determined by the group, the CIOs’ invitation to participate may be withdrawn and no refund will be offered.

Highlights

CIO Cyber & Risk Network August 2018
The Cyber and Risk Network August gathering focused on four areas;
Incident Response & GDPR
Maturing Cyber Security functions - participants highlighted four very different approaches
Scaling Cyber Security functions - participants discussed six different strategies
Validation of Controls
Technical sharing among the participants provided some good market insights into new and established vendors offering security solutions

IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

Conclusion: This month, discussions regarding data-driven products and associated services have been prominent. There has been an increased interest in offerings that facilitate the collection, measurement and quantification of useful data, then translation to optimise business operations or internal processes. These types of offerings are particularly useful when automating functions, identifying and tending to inefficiencies and resolving intractable problems. New regulatory standards, increased competitive pressures, growth opportunities in evolving markets and responding to customer behaviours and preferences are critical issues for clients. Managed service providers need to be sufficiently flexible when providing offerings that incorporate data-driven services that can support changes in a company’s organisational culture, business processes and internal management frameworks.

Read more ...

Conclusion: IT organisations revisiting their service contracts as a result of mergers and acquisitions should establish a federated vendor management arrangement. The rationale is to ensure central consistency while retaining local autonomy to address tactical matters. For example, the central consistency demands leveraging the economy of scale to reduce cost, whilst the local autonomy allows the extension of services scope to cover local requirements without the need to change the local vendor management arrangements. However, the local autonomy should be governed by verifiable policies.

Read more ...

Conclusion: Organisations undertake strategic planning activities on a regular basis, whether it be every three years or a rolling review every 12 months, to establish goals for the following three years. However, a review of many strategic plans and more specifically the resulting programs of work are often developed from the perspective of the project rather than the business benefits being sought. Understanding each investment and plotting that investment within an investment matrix will provide executives with a perspective about the balance of their ICT investment portfolio. Strategic investment goals such as planning an allocation for innovation will support execution of plans and achieving strategic goals.

Read more ...

Conclusion: Organisations planning to transform their business operations using IT must develop a shared vision of how to use IT to enable the transformation. Failure to provide a vision will frustrate attempts to implement the transform agenda, demotivate employees and, if false starts occur, could adversely impact business relationships with suppliers and clients.

Read more ...

Conclusion: Being able to deal with workplace conflict quickly and effectively reaps many rewards. There are different strategies that can be used to deal with the differing types of conflict in the workplace. Being mindful that personality classifications are fluid states of being, i. e. there is no such thing as a pure introvert or extrovert1, in a recent survey2, slightly over 50 % of IT professionals classified themselves as introverts, another 20 % as extroverts and a quarter as “ambiverts” (neither one nor the other). So there is also a requirement to be mindful of what strategies work well (or not) with the differing personality traits of all involved at the time.

Read more ...

Conclusion: Technology leaders in organisations brought together through a merger or acquisition (M&A) play an extremely important role and can significantly impact the potential economic benefits and success of the M&A. IT needs to align with the business units to understand how the business units are going to align or change through the M&A. IT must then develop plans and execute on appropriate IT strategies to support the new organisation.

M&As provide organisations with the opportunity to rationalise, deduplicate, and modernise especially in the areas of applications, data, infrastructure and facilities.

Whilst keeping the existing systems operational, IT should set up specific integration teams, to quickly develop the direction and priorities that will be of most importance and value to the new integrated organisation.

Read more ...

Conclusion: There has been a lot of talk about incident response since the new data breach laws came into effect in Australia and Europe. But the laws alone should not be the driving force to having a response plan in place. Having a plan in place means more than talking about a plan, planning a plan and signing off on a plan. Being prepared puts you way ahead of the curve but being truly prepared means testing your incident response plan through drills and tabletop exercises. A drill provides an opportunity to understand realistic outcomes for risk scenarios and apply the lessons learned to your incident response efforts during a crisis.

Read more ...

Subscribe

Want to get the latest papers from all our advisors? Subscribe, and we'll send you the information you need.

Invalid Input
Please enter a valid email address
Invalid Input
Please enter your mobile phone number
Invalid Input