Conclusion: This month, the large outsourcing agreement between Thales and the Department of Defence/Airservices Australia has been the subject of discussion. Whilst the contract value is high, more significant are the complex project objectives which resulted in a lengthy contract negotiation period. Initially, agencies involved anticipated an off-the-shelf solution to replace national air traffic control systems. However, it became apparent that a customised solution to support system functions was required, given the large and technically complex nature of the project. In order to reduce risks associated with contract failure, a two-year negotiation period was undertaken to ensure delivery responsibilities and specifications were well-defined. Project oversight and monitoring frameworks, vendor incentives to stay within project budgets and meet fulfilment targets were also described in detail within agreements. Although concerns were flagged regarding the delay in finalising this agreement, extra care was warranted given the critical functions the system will support, as well as the high value and complex system foundations. By adopting this approach, all parties have a sturdier agreement which can provide value for money, performance incentives, frameworks for contract execution as well as a better chance of project success.

Read more ...

Conclusion: UpGuard, Nuix and WithYouWithMe each have a proven capability to address an important aspect of the cyber defences of Australian organisations. WithYouWithMe is about people, UpGuard is about ensuring process is adhered to and exceptions are visible, and Nuix delivers technology which, through a data processing engine, enables organisations to make sense of large amounts of unstructured data.

Read more ...

Conclusion: The General Data Protection Regulation (GDPR) legislation being introduced by the European Union (EU) in May has ramifications to organisations worldwide.

Australian organisations that have already invested in ensuring that they comply with the Australian Privacy Act 1988, and have a robust privacy management framework in place, may find that they already comply with aspects of the EU’s GDPR. However, GDPR does have more stringent requirements including requirements that are not within the Australian requirements, so effort and investment will be required by organisations that need to comply with GDPR.

When considering an organisation’s position and defensibility in terms of whether they complied or not, organisations will need to develop an understanding of the specific requirements, and how exactly they have implemented “technical and organisational measures to show that they have considered and integrated data protection into their processing activities”1.

Read more ...

Conclusion: When multiple application software vendors claim they have the solution to an organisation’s requirements, challenge them to prove it by demonstrating their product’s differentiators and ability to process use cases.

To make the right buying decision, clients must insist the demonstration stretch the software’s functionality and the vendor’s grasp of its nuances. If this is not done, the likelihood of a wrong buying decision looms.

Vendors that do not know their software’s capabilities intimately, or are ill prepared to demonstrate them, should be rated accordingly and, unless there are mitigating circumstances, omitted from the final round in the procurement process. Vendors that are comfortable in demonstrating the software’s functionality and its ability to meet an organisation’s requirements should be seriously considered for inclusion in the final round of the procurement exercise.

Read more ...

Conclusion: Selecting the most suitable candidate is a critical responsibility. Take the time upfront to prepare for hiring the person required. Choosing the right person will reap rewards in many ways, such as improving the workplace, increasing revenue and a host of other goals.

Conversely, the pain and effort in employing the wrong person can have disastrous consequences in terms of loss of productivity and loss of reputation to the business, and it creates many issues for the team or individual who made that recruitment error.

Read more ...

Conclusion: Business continuity and disaster recovery plans are largely developed in isolation. The result is ineffective recovery arrangements that do not meet the fundamental business needs. With the variety of Cloud service continuity solutions, IT organisations should initiate a unified business and IT continuity project to intimately involve business units in defining and deploying complete service recovery facilities, including mitigating the risks such as ransomware attacks and the lack of SaaS escrow1 services. This will tightly couple recovery services to business imperatives. The use of Cloud for service continuity (which was not available eight years ago) will reduce the overall cost of recovery.

Read more ...

Conclusion: Current approaches to knowledge management are being disrupted by a wave of new working practices that replace the paper-based metaphor which pre-dates the computer revolution, with a digital-only metaphor. While this change has been brewing for over a decade, it should not be confused with simple “digitisation” of paper processes. It is a fundamental shift in thinking about knowledge as a digital asset.

This disruption is already seeing tensions for organisations embracing new collaborative workplace productivity suites, such as G Suite and Office 365. Likewise, vendors of enterprise content management (ECM) solutions are struggling to find relevance, or are fundamentally rethinking their future offerings.

Understanding the differences between the current paper-metaphor approach to knowledge management and the (still evolving) digital-only metaphor is a vital set to a workable knowledge management for the future, and for planning future investments in ECM solutions – which will not be anything like the ones of the past.

Read more ...

Conclusion: Driving cultural change and managing the impact of change across an organisation when implementing a new business application is a key challenge for the leadership, including the CIO. By adopting change management practices, a business can increase its projects’ rate of success and user adoption of the new technology and business processes from 16 % up to 96 %1.

With the implementation of business applications or tools such as a new ERP finance system, HCM/HRIS payroll system or a new CRM system, the business users’ roles and day-to-day business processes can be significantly changed. Assessing and addressing the change impact with the employees during the planning phase and during the project implementation will increase the user adoption rates.

Read more ...

Conclusion: Organisations everywhere are implementing Agile as a dynamic approach to speed up the creation of value and improve development of new and improved services and products. Adopting a best practice such as Agile is more than learning a new process and skill and then applying it in a project environment. Implementing Agile in an established organisation means that there are often a number of other frameworks, best practices and procedures that will need to co-exist with Agile. It is critical to consider these elements and adjust them to ensure that Agile is effective in delivering the value and benefits expected and is not another “best practice” fad.

Read more ...

Conclusion: The development of AI-based solutions is heavily dependent on various types of data input in the form of either:

  • Large data sets used to conduct experiments to develop models and algorithms for predictive analytics, optimisation and decision recommendations; or
  • Enriched and tagged corpuses of images, audio, video and unstructured text used to train neural networks using deep learning techniques.

While at first the data management needs of AI-based solution development might leverage both data scientists and their existing business intelligence platforms to exploit these types of data, the actual lifecycle management needs of AI developers will expand quickly beyond the boundary of the traditional enterprise data warehouse.

Therefore, like the source code and configuration data underpinning transactional business applications, the raw data and algorithms of AI solutions must be managed by evolving DevOps practices towards a comprehensive “DataOps” model.

Read more ...

IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

Do not mistake cyber security for being merely a technical discussion about IT problems to be fixed. Cyber security is now, and always has been, purely a response to risk. The risks have changed dramatically over the last 20 years, but the way many people view security is stuck in the 1990s.

Here in Australia, we're now under the Notifiable Breach Disclosure scheme and it's worth using this as a barometer to understand how well executives actually appreciate that they run digital companies working in a digital economy, with all the risks that come with hyper-connection and digital interdependence.

How well an organisation understands itself and its ability to work through responding to a suspected data breach is a direct reflection of how well it understands its business, as well as its dependence on technology and data. In other words, how well does the company understand and manage risk? Yeah, governance, that old chestnut.

People talk about digital transformation and disruption as though these were destinations to get to. But, digital transformation is a continual process and risk management is a necessary component. There is no finish line for transformation or risk management, there are only companies that will cease to be competitive.


Full Story

IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

Conclusion: Business leaders should convert recent global interest in AI applications, safety and effectiveness into AI governance guidelines in the exercise of their triple bottom line responsibilities (for profit, social responsibility and sustainability) as outlined in IBRS research note, “The emerging need for IT governance in artificial intelligence”1.

AI includes a very broad range of technologies being applied in virtually all industries. This means that the use of AI in both IT and operational technologies2 (OT) requires C-level attention and supervision.

Read more ...

Conclusion: This month, discussions regarding digital transformation efforts have been prominent. Plans to upgrade, improve and modernise internal ICT frameworks are critical for effective value creation and faster results delivery. Customers need to invest in technological change in order to establish a set of digital products which address stakeholder needs and integrate with business operations and functions. Customers often struggle with identifying and evaluating vendor risks and establishing appropriate audits and controls for service providers. Whilst customers are familiar with issues such as contract compliance and security, obtaining a managed service provider with a deeper understanding of business requirements can be difficult. However, this understanding is critical when developing digital transformation solutions, and vendors need to augment skills, develop more detailed strategies and address concerns specific to particular customers in order to deliver business value during digital transformation efforts.

Read more ...

Conclusion: The foreseeability of cyber incidents is widely accepted, but many organisations still have not done the work to identify their own exposures and ascertain what they would do in a crisis. The openness of shipping giant Maersk in talking about the impact of the NotPetya malware on the organisation should be viewed through the lens of “what would that look like if it happened to us?” The business impact of NotPetya on Maersk is clear, but so too are many of the risk mitigations that should be put in place before a cyber incident – and many of these are not directly related to technology. Finally, risk management is just as much about recovering from an incident as trying to prevent one.

Read more ...

Conclusion: Project management in organisations is commonplace. Reviews are often undertaken at the end of the project to gain learnings for future projects. Project reviews completed during the life of a project need to ensure that they are inclusive of appropriate stakeholder groups and assessment is targeted at the appropriate focus areas. Active and inclusive review and assurance activities need to be well understood and supported within the organisation so that it is not viewed as an exam that needs to be prepared for and passed. Applying reviews and assurance as a process checkpoint only is ineffective and will not ensure quality project delivery.

Read more ...

Conclusion: BYOD strategies need to be updated regularly to keep pace with the evolving nature of not just the devices themselves but also the increasing challenges and complexity to stay secure; all this needs to occur while offering increasingly flexible services to a 24/7 mobile workforce operating on-premises and offline. It is valuable to engage key stakeholders within the organisation’s leadership team, employee champions and also industry peers to ensure the BYOD strategies are as relevant and acceptable as initially reported in an earlier IBRS article in 20081 when personal electronic devices (PED) were being introduced into corporate networks.

Read more ...

Conclusion: The forthcoming General Data Protection Regulation (GDPR) is new legislation being introduced by the European Union, which does have ramifications for organisations worldwide.

Being new, there is still a lot to be learned about what exactly some of the specific requirements will mean in practice and how they will impact organisations in being able to show that they have understood and completely complied with the regulation.

When considering an organisation’s position and defensibility in terms of did they comply or not, organisations will need to develop an understanding on the specific requirements, and how exactly they have implemented “technical and organisational measures to show that they have considered and integrated data protection into their processing activities”1.

Read more ...

Conclusion: Although online digital platforms are in ready supply, organisations remain unable to avoid the receipt of critical information in the form of paper documents or scanned images. Whether from government, suppliers or clients, organisations are faced with written correspondence, typed material, completed forms or signed documents that must be consumed. For a variety of reasons, it may be unreasonable or impractical to expect this information to be sent in machine-readable form.

However, machine-readable content from incoming information, both past and future, is emerging as a prerequisite to exploit artificial intelligence and machine learning as part of digital transformation. Therefore, organisations need to re-examine their data ingestion strategies and move proactively to the use of optical character recognition on incoming paper- and scanned image-based information.

Read more ...

Conclusion: Many IT organisations have adopted business transformation1 strategies to help their businesses increase revenue. However, while digital transformation has succeeded in making the communication with the enterprise more convenient (e. g. mobile applications), it has been difficult to substantiate digital transformation contribution to the financial performance improvement. As a result, justifying new software projects has become more difficult. It is recommended to shift the digital transformation focus from technology point solutions to building quality products and services that increase profit and elevate customer satisfaction. The success should be measured by increased sales instead of only technology charms.

Read more ...

Conclusion: Consolidating information systems after a MoG change or a company acquisition is not only risky but also likely to be expensive. The problem is compounded when the benefits expected from the merger are out of reach or, in the case of a company acquisition, the buyer has paid too much, and the stakeholders are demanding accountability.

To maximise the probability of a successful merger from a business systems perspective, do not take claims made of the ICT systems’ integrity at face value. Verify them and develop plans to integrate the systems where feasible, while minimising risks and retaining skilled IT and business professionals.

Read more ...

Conclusion: While there was significant media attention on artificial intelligence and blockchain in 2017, the primary concerns of Australia’s CIOs remain focused on the more pressing issues of migration to the Cloud, and its impact on IT operations and staffing. Where discussions of artificial intelligence play a role is in automation processes and workforce transformation.

Read more ...

Many organisations are wanting to drive innovation, encourage creative thinking skills and boost productivity. Mind
Mapping is a proven technique that helps individuals and teams improve their creative thinking skills.
 
This course will help you understand Mind Mapping Skills and how to apply them for work purposes. 

Read more ...

 
IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

Conclusion: This month has seen a focus on ICT 2018 forecasts and 2017 reviews. These types of analyses are important for vendors in order to strike a balance between providing new, high quality service offerings customers’ demand and traditional concerns, such as privacy and legislative compliance. It is critical that new offerings are carefully planned so they align market drivers such as cost savings, utilising new technologies and business improvements with basic needs that are common to all customers and integral to establishing, managing and completing outsourcing agreements.

Read more ...

Conclusion: CEOs need their CIOs to be out on the cutting edge to decide which technology to incorporate so that the organisation can adapt and transform in a rapidly changing landscape. As the digital leader, the CIO needs to emphasise the culture shift, be an influencer and guide the change across the IT team and broader enterprise. Organisations that elect CIOs as their digital champions experience higher performance compared with organisations where CIOs play a more passive role in digital transformation.

Read more ...

Conclusion: Achieving the ability to comply with the new European General Data Protection Regulation is seen as a costly and burdensome overhead adding a new layer of complexity to how organisations will need to manage and secure Personally Identifiable Information (PII) records kept by them.

However, organisations should view the potential benefits of being able to use obtaining and maintaining the ability to comply with GDPR as an opportunity to justify investments in technologies, process improvements and people to deliver better overall outcomes for the organisation.

Rather than simply focusing on doing what is required to be able to comply, focus should be on using the opportunity to update tools and processes to improve organisational efficiencies, reduce costs, increase customer and employee loyalty, and improve productivity.

Read more ...

Conclusion: Security awareness campaigns are essential for educating staff on security behaviours. However without staff engagement, these campaigns can fail to change behaviour – and behavioural change is the only outcome that really matters. Instead of continually focusing on security for the work environment, start focusing on esafety and educate staff on how to protect themselves in their online lives outside work. This has the benefit of informing staff on many of the risks that they can face personally, as well as educating them on practices and technologies that can help. Training staff on esafety also has the additional benefit of being the right thing to do and demonstrates corporate social responsibility.

Read more ...

Conclusion: Most organisations today understand that business change requires the effective management of stakeholders. Whether they be internal or external, the inclusion of their opinions, needs and concerns is critical to the success of the initiative. However, too many projects and change programs still struggle to be completed successfully or to achieve desired outcomes. Change management and stakeholder engagement is too often handled as a linear process and many are under the assumption that working through the activities in sequence will be sufficient. Stakeholders are complex to identify and to assess as their relative power and influence often go beyond the obvious. Effective stakeholder engagement absolutely requires a full and frank appreciation of the power and influence of each stakeholder.

Read more ...

Conclusion: Growth in ICT remains strong in the foreseeable future in a very competitive market. Successful CIOs and ICT leaders responsible for staffing and sourcing need to adopt multiple strategies to successfully recruit, retain and plan for the resource challenges of tomorrow.

Read more ...

Conclusion: One of the least understood contributors in implementing IT projects successfully is the leadership provided by competent TTLs (Technical Team Leads). Their ability to steer projects in the right direction, maximise the contribution of team members and cement the relationship with sponsors, is pivotal.

IT professionals, with potential to act as TTLs, must manage their careers by seizing leadership training and mentoring opportunities so they have a head-start when assigned to a TTL role.

Read more ...

Conclusion: Many Cloud service providers manage their own systems but do not take any responsibility for working with other providers in a multi-sourced environment. As a result, IT organisations wishing to maximise the benefits of hybrid Cloud should develop a governance framework to address technology integration issues, optimise the interaction among service providers managing the multiple Clouds and define policies to operate in a multi-sourced environment. This will ensure business operations remain unaffected by service providers’ potential disputes.

Read more ...

Conclusion: IBRS has observed that many organisations’ eforms initiatives face five common challenges. To help ensure the best long-term outcomes for an eforms initiative, each of the five challenges must be considered, and remediation strategies put in place.

Read more ...

Conclusion: Organisations continue to emphasise their competitive differentiation based on the data they hold, and the insights gained from analysing this valuable resource. The rate at which organisations are shifting from traditional process-based to insight-oriented differentiation is being further accelerated by the adoption of Cloud-based data analytics services.

The combined result is an increasing portion of enterprise project activity that can be classified as extract, transform and load (ETL).

Despite ETL being the mainstay of data integration for decades, the cost of specialised skills and significant manual effort expended on integrating disparate data sources is now coming into sharp focus. In response, organisations are rightly seeking lower-cost solutions for data integration.

Although ETL exists in the form of at least one tool in almost every enterprise, the cost of ETL as a proportion of data analytics projects means organisations must decrease reliance on traditional ETL tools in favour of automated solutions that exploit machine learning techniques to reduce the need for ETL developers.

Read more ...

 IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

The Future of Work: The Role of People

Foreword by Joseph Sweeney, IBRS Advisor
 
For the past 30 years, organisations have applied technology to people to make the workplace more productive. But despite substantial investments in technology, productivity has grown annually on average at just 1.8 percent.  Something was not working.   
 
During the last few years, we’ve seen a shift in power. Instead of organisations dictating technology, increasingly people are choosing the technology they wish to apply in the workplace. Initially seen as a problem, shadow IT, is now accepted and embraced.    
 

NewsThousands of Australian small businesses remain woefully unprepared for the introduction of new laws that will require them to publicly disclose if their customers' data is breached by hackers or technology problems, according to local industry experts and recently conducted research.

Mandatory data breach reporting laws come into effect in Australia in February, years after they were introduced in other countries, such as the US, but a new study by cyber security provider CyberArk has found 44 per cent of Australian businesses are not fully prepared.

While it is predictable enough for a security vendor to warn that businesses need to worry more about security, independent Australian cyber security expert James Turner, of IBRS and CISO Lens, said small businesses were "absolutely not" prepared for the new laws.

Full Story

 
 IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.
 

Read more ...

Subscribe

Want to get the latest papers from all our advisors? Subscribe, and we'll send you the information you need.

Invalid Input
Please enter a valid email address
Invalid Input
Please enter your mobile phone number
Invalid Input