2. INTRODUCTION
1. IT Industry Overview
2. What is IT Strategy
- Core components expected to be found in an IT Strategy
- Relationship between IT and Business Strategy
3. IT Governance
- Applicable guidance- legal, regulatory and theory
- Common pitfalls
2
3. 1. SETTING THE CONTEXT…
What’s coming? Overview of the Technology industry in 2018
4.
5. 1. IT INDUSTRY OVERVIEW
IT is increasingly advancing and has become pervasive causing digital disruptions in social,
public & business environments. As a result more than ever, enterprises and their executives
strive to:
maintain high quality information to support business decisions
generate business value from IT enabled investments i.e achieve strategic goals & realise
business benefits through effective & innovative use of IT.
achieve operational excellence through the reliable & efficient application of technology.
maintain IT related risk at an acceptable level.
optimise the cost of IT services & technology.
comply with ever-increasing relevant laws, regulations, contractual agreements & policies.
Successful enterprises have recognised that the board & executives need to embrace it like
any other significant part of doing business. boards & management both in business & it
functions must collaborate and work together, so that IT is included within the governance
and management approach
6. 2. WHY IT GOVERNANCE?
• The widespread use of technology has created a critical dependence on IT which has
brought about the need to focus on IT Governance
• The volatile nature of the IT industry call for focussed control structures
• IT Governance consists of leadership, organizational structures and processes that will
ensure that IT sustains and extends the organizations strategies and objectives
• IT Governance ensures that it goals are met, IT risks are mitigated such that IT delivers value
to sustain and grow the business
• The business has its set goals! And IT is a driver of business goals
• Whatever IT is planning, those plans must be in alignment with organizational goals
• Whatever IT does, there must be a common goal
7. 2. WHY IT GOVERNANCE? (CONT’D)
• If you are a financial institution, your business goals may be to
provide seamless service which is not defined by the walls of a
banking hall
• How can IT support this business objective?
• Internet banking
• Mobile Banking systems
• Increased emphasis on Information Security
• Digitizing systems to reduce transacting costs
8. 2. IT GOVERNANCE
Relevant literature on IT Governance in
Zimbabwe
• Zimbabwe Code on Corporate Governance
• Corporate Governance Bill
• Companies Act
• COBIT 5
• ITIL
8
The Zimbabwe Code on
Corporate Governance
and the Corporate
Governance Bill places
an explicit requirement
on the Board to oversee
IT in the same way that
Finance, Risk and
Internal Audit receives
Board attention.
9. 3. IT GOVERNANCE… THE BENEFITS
• Reduction in IT risks
• Reduction in costs
• Return on investment is assured, allowing enterprise to meet
objectives
• Fewer surprises and less frustration due to projects follow up
• Improvement in quality
• Enhanced service delivery
10. 4. 5 KEY IT DECISIONS
DIGITIZATION
• DRIVEN BY business
Strategy
• How is IT to be used
ENTERPRISE
ARCHITECTURE
• Logically
organizing data,
applications and
infrastructure to
achieve
standardization
and integration
IT
INFRASTRACTUR
E STRATEGIES
• Delivery of
technical and
reliable services
through shared
capabilities
BUSINESS
APPLICATION
NEEDS
• Acquiring and
developing
applications based
on business needs
and specifications
IT INVESTMENT
• Where and how
much to invest on it
projects
12. 5.1 STRATEGIC ALIGNMENT
• It strategic alignment is the
combined alignment of all IT
units’ strategies, plans,
processes, investments and
decisions to support the overall
functionality and purpose of the
organization
13. 5.2 QUESTION TO THOSE CHARGED WITH MANAGING INFORMATION
RESOURCE
• What are the major problems being faced by your organization from the following
perspectives
• People
• Processes
• Systems
• How are these problems and challenges reflected on the IT Unit’s balanced scorecard? If these are not
represented, there is a possible strategic risk between IT and the rest of the business
14. 5.2 VALUE DELIVERY
• Value delivery is about executing the value proposition, delivering on promises made in building the
business case.
• Answers the following questions
• Are we doing the right things (scope)?
• At the right cost, are we getting the benefits?
• At the right time?
Like any investment, any investor should expect a return on the investment. Governance is concerned with
ensuring the benefits from the project are obtained.
• Typical Failure in ensuring Value Delivery: Most entities run ERP’s like SAP yet they use less than 50% of
their capacity.
• ROI on IT is rarely measured. ROI= NET PROFIT/ INVESTMENT
15. 5.2.1 PRACTICAL EXAMPLE
2017 governance failures in a local financial institution
• One financial institution invested in a new agency banking system, values invested were estimated to be north of
$1million.
• Projections were that the platform will allow thousands of new accounts monthly
• At the end of the last financial year the institution only managed to create less than 100 accounts through the
platform
Governance failures were:
• No business case was made prior to the investment to analyse if the solution is based on a market need
• No project risk management was done
• There was no IT steering committee, decisions were centralized in one dominant executive
• No due diligence was performed on the supplier, the vendor could not resolve some problems
• No post mortem was done, that institution may make the same mistakes
16. 5.3 RESOURCE MANAGEMENT
• Its about the optimal investment in and proper management of critical IT resources
which include
• Applications
• Information
• Infrastructure
• People
• Key issues relate to optimization of knowledge and infrastructure
• Is there really no capability to develop some of the acquired systems?
• Do you really need to build your own data centre?
• Are we operating cost efficient and effective it services?
17. 5.3.1 PRACTICAL EXAMPLE, RESOURCE MANAGEMENT
• One institution invested in a new system and subsequently acquired 3 other systems
• In a few months, the institution found that the first system was able to perform the functions
embedded in the subsequently acquired systems
• The initially acquired system was not being put to optimal use leading to Users requesting for
additional systems to perform functions which they did not know were already capable of being
performed by the first system
The governance failures were
- There was no IT steering committee to drive return on investment
- Lack of understanding of acquired system. No-one sought to understand the system, no one
took stock of the skills gap to support the systems.
18. 5.4. RISK MANAGEMENT
• Consists of instituting a formal framework which puts some rigour in how it
measures, accepts and manages risk as well as reporting on what it is managing
in terms of risk
• Management should have a clear understanding of the organizations’ risk
appetite, compliance requirements
19. 5.4.1.EACH IT PROJECT MUST HAVE A RISK REGISTER
• Senior management must be involved. Don’t
expect IT to effectively manage their own risk
without being monitored
• Each project must have its own risk register.
• The project risk register must cover pertinent
risks such as
• Market risks affecting project success
• Cyber security risks
• Technological volatility risks
• Skills assessments
• Over reliance on a vendor
20. 5.5 PERFORMANCE MANAGEMENT
• Consists of tracking and monitoring of strategy implementation, project
completion, resource usage, process performance and service delivery using
tools like balanced score card
• As management look at those contracts with vendors, monitor performance
on contracts
21. 6. RELATIONSHIP BETWEEN IT & BUSINESS STRATEGY
Business Strategy IS Strategy
Info systems supports business strategy
22. 7. IT STRATEGY…..WHAT IS IT?
• PROCESS TO ALIGN IT CAPABILITY WITH BUSINESS STRATEGY.
KEY OBJECTIVE OF IT STRATEGY:
• Deliver the right technology & applications to the right place ,at the right time and at the right level of cost
efficiency & effectiveness.
IT STRATEGY SHOULD ANSWER THE FOLLOWING QUESTIONS:
• Are we doing the right things with technology to address the organisation most important business priorities?
• Are we making the right technology investments?
• Do we measure what is the real value to the organisation derived from that technology.?
• Is our current information technology agile enough and flexible to continuously successfully support the
organisation.?
• Can our strategy support current & future business needs?
23. 7.1 CORE COMPONENTS FOR IS STRATEGY
IT INFRASTRUCTURE
STRATEGY
- All the hardware, the
software & operating
systems running on it
representing the
engine that delivers all
of what IT delivers for
the enterprise.
SERVICE
-Established through
SLAs or simply inferred
from a budget, an
enterprise signs on for
a certain level of
service out of its
infrastructure
operation.
APPLICATION
PORTFOLIO CHANGE
-This strategic element
covers the rate and
extent of change to
the application over a
defined future period.
BUSINESS PROCESS
INTEGRATION
- This represents the
degree to which the
enterprise operates as
a single unit.
SOURCING
Addresses the source
of all people who
perform the work
needed to execute the
strategy whether
internal employees or
external personnel
from business partners.
24. 7.2 IT STRATEGY…COMMON PITFALLS
• LACK OF OWNERSHIP, LACK OF ACCOUNTABILITY AND COMMITMENT BY MANAGEMENT. LEAVE IT
ALL TO THE CIO.
• NOT DISCUSSING IT ISSUES UNTIL THERE ARE PROBLEMS.. LACK OF PLANNING
• NOT TRACKING PROGRESS EFFECTIVELY
• NOT HAVING REGULAR REVIEWS & UPDATES
• NOT BEING ABLE TO IDENTIFY APPROPRIATE TALENT & SKILLS
• NOT HAVING A SKILLS UPGRADE BUDGET TO ALLOW STAFF SKILLS TO MOVE WITH THE
TECHNOLOGY
25. 7.2 IT STRATEGY…COMMON PITFALLS (CONT’D)
FAILURE TO REALISE RETURN ON IT INVESTMENTS. FAILURE OF IT INITIATIVES TO BRING
INNOVATION OR DELIVER THE PROMISED BENEFITS.
ENTERPRISE EFFICIENCY & CORE PROCESSES NEGATIVELY IMPACTED BY POOR QUALITY OF IT
DELIVERABLES.
DEADLINES NOT MET, PROJECT COSTS HIGHER THAN EXPECTED & QUALITY LOWER THAN
ANTICIPATED.
INFLEXIBLE IT ORGANIZATIONAL STRUCTURE
NO DEFINED GOVERNANCE OR RISK FRAMEWORK
INCONSISTENT POLICIES & PROCEDURES.
POOR COMMUNICATION.
26. 7.2 IT STRATEGY…COMMON PITFALLS (CONT’D)
• Lack of ownership and commitment -departments and users left to be the owners of the system. Hence no
strategies put in place to monitor IT systems and evaluate benefits from informantion systems. IT projects not
prioritised. Ideal situation is IT project plans with set milestones in place. Steering committee whose members
include senior management should be in place to monitor the projects, tracking progress vs milestones and
monitoring performance of systems. Eg a company where it was not represented in executive management
and was under finance only to realise importance of ict to the business after loss of key information
• Tracking of progress- where a system is implemented, tracking for achievement of milestones should be
done to meet project financial budget, timelines and determine if project scope and parameters are
appropriate
27. 7.3 IMPLICATIONS ON BUSINESS PERFORMANCE
• Resources May End Up Being Channelled To The Wrong Areas
• Businesses May Fail To Identify Opportunities For Growth.
• Failure To Identify Risks Being Faced By The Business .
• Business May Fail To Come Up With Appropriate Responses To Risks.
28. 7.4 HOW SHOULD IT GOVERNANCE BE
STRUCTURED
BOARD/ AUDIT COMMITTEE
• Drive Enterprise Alignment
• Direction of value
• Overall responsibility for
Risk Management including
Cyber Security risk
• Measure Performance
IT STEERING COMMITTEE
• Align and structure IT
organisation with
overall business goals
• Establish risk frame
work to manage and
monitor risks
• Measure performance
to goals
• Establish IT
competencies
• Manage resources
• Create an innovative
environment.
MANAGEMENT/ CEO
• Financier
• Push for return on
investment
29. 8. WISE WORDS
No IT strategy lives in isolation. An IT strategy formulated without appropriate Governance structures and
processes to support it will not be survive these VUCA times.
K. Musundire -2018
30. 9. ABOUT THE PRESENTER
KUDAKWASHE MUSUNDIRE
TelOne Audit & Risk Executive
Chartered Accountant (ICAZ)
CISM (ISACA)
Email: kmusundire@yahoo.com