Leading IT Transformation – Workshop 17 (IT Transformation Risks)
The Appleton Greene Corporate Training Program (CTP) for Leading IT Transformation is provided by Ms. Drabenstadt MBA BBA Certified Learning Provider (CLP). Program Specifications: Monthly cost USD$2,500.00; Monthly Workshops 6 hours; Monthly Support 4 hours; Program Duration 24 months; Program orders subject to ongoing availability.
If you would like to view the Client Information Hub (CIH) for this program, please Click Here
Learning Provider Profile
Ms. Drabenstadt is a Certified Learning Provider (CLP) at Appleton Greene and she has experience in Information Technology, Information Governance, Compliance and Audit. She has achieved an MBA, and BBA. She has industry experience within the following sectors: Technology; Insurance and Financial Services. She has had commercial experience within the following countries: United States of America, Canada, Australia, India, Trinidad, and Jamaica. Her program will initially be available in the following cities: Madison WI; Minneapolis MN; Chicago IL; Atlanta GA and Denver CO. Her personal achievements include: Developed Trusted IT-Business Relationship; Delivered Increased Business Value/Time; Decreased IT Costs; Re-tooled IT Staff; Increased IT Employee Morale. Her service skills incorporate: IT transformation leadership; process improvement; change management; program management and information governance.
MOST Analysis
Mission Statement
When it comes to IT transformation, there are a number of risks that organizations need to be aware of. By not taking into account the potential risks, companies can end up making costly mistakes. Companies are looking to grab any technology-driven advantage they can as they adapt to new ways of working, managing employees, and serving customers. They are making bigger moves toward the cloud, e-commerce, digital supply chains, artificial intelligence (AI) and machine learning (ML), data analytics, and other areas that can deliver efficiency and innovation. At the same time, enterprises are trying to manage risk — and the same digital initiatives that create new opportunities can also lead to risks such as security breaches, regulatory compliance failures, and other setbacks. The result is an ongoing conflict between the need to innovate and the need to mitigate risk. While the rewards of a successful IT transformation are clear, there are also risks that businesses must consider and manage carefully. By understanding these risk in digital transformation and taking steps to mitigate them, your organization can confidently move forward with its digital transformation initiative.
Objectives
01. Technology Risks: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
02. Workforce Risks: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
03. Automation Risks: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
04. Compliance Risks: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
05. Cloud Risks: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
06. Cybersecurity Risks: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
07. Resiliency Risks: departmental SWOT analysis; strategy research & development. 1 Month
08. Third Party Risks: departmental SWOT analysis; strategy research & development. Time Allocated: 1 Month
Strategies
01. Technology Risks: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
02. Workforce Risks: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
03. Automation Risks: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
04. Compliance Risks: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
05. Cloud Risks: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
06. Cybersecurity Risks: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
07. Resiliency Risks: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
08. Third Party Risks: Each individual department head to undertake departmental SWOT analysis; strategy research & development.
Tasks
01. Create a task on your calendar, to be completed within the next month, to analyze Technology Risks.
02. Create a task on your calendar, to be completed within the next month, to analyze Workforce Risks.
03. Create a task on your calendar, to be completed within the next month, to analyze Automation Risks.
04. Create a task on your calendar, to be completed within the next month, to analyze Compliance Risks.
05. Create a task on your calendar, to be completed within the next month, to analyze Cloud Risks.
06. Create a task on your calendar, to be completed within the next month, to analyze Cybersecurity Risks.
07. Create a task on your calendar, to be completed within the next month, to analyze Resiliency Risks.
08. Create a task on your calendar, to be completed within the next month, to analyze Third Party Risks.
Introduction
Digital Transformation Risks and Mistakes
The Coronavirus crisis has accelerated a global digital pivot, forcing businesses to rethink their processes and strategies for a new reality. Analysts from HBR, Gartner, Forrester, McKinsey and more are all saying the same thing – investing in technology will help mitigate the impact of this event, both right now and in the long term.
But what if you’re among the 30% of organizations who haven’t yet made any major digital shifts, even before the pandemic started?
Now that transitioning to digital is not just important but urgent, you could actually be in a better position than some of your competitors, who may be partway through their technology initiatives and must now suddenly shift gears.
You have the opportunity to transition to technologies that reflect where your systems and customers are now, where they’re headed, and the trends that will shape business in the long haul, post-crisis.
But first, you need to be aware of the most common digital transformation risks and mistakes to avoid.
Mistake #1: Shiny object syndrome
Sometimes businesses will embrace a technology trend, such as AI chatbots or automation, whether it’s because they feel compelled to digitize or because the idea intrigues them.
Many businesses are instinctively looking for a quick fix or a solution that just appears out of nowhere to put things back on track, especially in the present climate of uncertainty. But by alone, these single-technology solutions won’t live up to the expectations.
Any use of a new technology must be integrated into a broader strategy for the business and the customer experience, rather than being done only once.
Mistake #2: Staying siloed
The CIO or the IT department are not the only ones who must handle digital transformation. It affects every division of your business, including sales, marketing, finance, and human resources. It’s very likely to fail if you try to implement a change without including all departments.
Top-down cultural issues like transformation necessitate everyone’s comprehension, a change in thinking, and buy-in. And now that transformation is no longer an option but rather a requirement for almost every firm worldwide, it’s critical that everyone in your organization is informed, on board, and equipped to change.
Mistake #3: Doing too much too soon
This may seem contradictory given the pressing need for firms to go digital.
Yes, you must move quickly.
However, you must also approach it in a way that maximizes your chances of success. You might currently be concentrating on your “no fail” tasks, or the crucial business procedures that must continue in order for the organization to survive. This is a fantastic illustration of how the priorities for transformation will be determined by our new normal.
What unexpected needs or expectations do customers (and workers) have today that you are not currently meeting?
Beginning there, move forward in a method that enables you to move fast while remaining safe. This entails experimenting regularly, working slowly, and having the flexibility to pivot as necessary. Because what is required and anticipated in a month or a year from now can be entirely different, and you want to be able to change swiftly.
When moving from plan to implementation, you frequently encounter issues because the company adopted a “big bang” strategy and discovered all of the leaks in the pipes far too late…When they could have learned more quickly and cheaply by doing modest tests.
Another possibility is that they gain a lot of momentum in the beginning but quickly exhaust their leaders and talent due to doing too much too soon. In order to accelerate digital transformation effectively, one must first slow things down.
Start your digital journey by considering the four S’s: When adopting digital, set a SIMPLE goal, ensure that your leaders are behind it, start small, and sustain energy by not overloading leaders, employees, or teams.
Mistake #4: Underestimating the extent of change
It could be tempting to focus your digital initiatives only on pressing requirements like infrastructure security, telecommuting, and supply chain diversification. With this strategy, businesses typically want to keep costs to a minimum, get through the crisis, resume normal operations, and then think about investing more in digital once sales have stabilized a bit.
We firmly believe that this is a mistake, nevertheless. It’s difficult to think that things will ever return to “business as usual,” despite the fact that no one can foretell the future. According to Harvard Business Review,
“Vision is especially urgent during a crisis as global and systematic as this one. Inflections that you might have had five years to anticipate in a normal environment might unfold in a matter of weeks or months.
Trend lines, such as those towards telecommuting, telemedicine, online shopping, and digital media consumption, are suddenly much steeper…Some of the fundamental assumptions underlying your current business model may have been (or may soon be) upended.
In short, the business environment that you land in when the pandemic comes to an end – which could be one to two years from now – may be very different from what it was before the crisis began.
You need to begin preparing for it now.”
Case Study: Why you should design better UIs (and not make your creditors mad)
“if it ain’t broke, don’t fix it” is a common company philosophy when it comes to IT products, and if you’ve ever been involved in a failed upgrade or deployment, you understand why. However, this can lead to some seriously antiquated systems being used in production with UIs that date back to the early days of the software industry, which can lead to usability issues with real-world repercussions.
This trend is well shown by one of Citibank’s back-end systems, which was also the main contributor to a $500 million error. The narrative goes as follows: On behalf of Revlon, one of Citibank’s clients, Citibank was attempting to pay interest to numerous of Revlon’s creditors in the amount of $7.8 million. To calculate the interest properly, Citibank’s employees had to set up a transaction as if they were paying off the entire loan. They then had to check multiple boxes to send the majority of the payment to an internal Citibank account while only the interest portion went to creditors. Doing that in Flexcube, an outdated piece of in-house Citibank software, was a particularly cumbersome process. Even though this deal for Revlon was approved by three different individuals, it proceeded without all the necessary checks being made, and $900 million was distributed, the majority of which wasn’t due to creditors until 2023.
You might be surprised to learn that this kind of blunder is not unheard of and that the party receiving the payment typically returns the incorrectly transmitted funds to the entity that made the error. But this time, things went differently: More than half of the monies distributed went to various hedge funds, who were still irate that the loan’s terms had been altered in a way that favored Revlon. A judge decided last year that they were not required to return the money because they said they saw it as an early payment of the obligation they were owed.
The main takeaway from this is to, at the very least, update your user interfaces to ensure that staff can carry out their tasks efficiently and coherently. Another important takeaway is that, when mistakes aren’t exploited, they can be less painful.
More IT transformation risks you may come across
Faulty digital transformation premises
You may be familiar with this remark from the film The Big Short:
It’s a great summary of the factors that contributed to the 2008 financial catastrophe and the irrational optimism that caused it. It also exemplifies what we observe in big businesses undergoing digital transformation.
For instance, many large businesses are currently undergoing or intend to begin an end-to-end ERP upgrade to the cloud. It is assumed that an ERP upgrade will produce business outcomes that boost profitability and enhance operations.
However, this is absolutely untrue. There is a ton of proof for this. Major ERP provider is implemented by large company. 36 months later, they are still having trouble locating the value.
This isn’t because putting in place an ERP based in the cloud is a terrible idea. It’s really good. However, this usually gives you the capacity to use your data in novel ways, opening up chances for increased profitability and operational efficiency. It cannot complete it on its own.
Without the necessary production deployment skills, driving innovation
Nowadays, chief digital officers are employed by many businesses. Some organizations have innovation teams and even funds for innovation. Design sprints, hackathons, and other innovation-focused events are now being held by even enterprises without a specific innovation governance approach.
These are wonderful possessions. But a lot of the time, what’s lacking is the skill set required to turn the concepts into full-scale operations. Your teams will struggle unless you have a team with experience bringing a wide range of innovative technologies to market from concept to effective user acceptance. This lesson has been painfully learned by a lot of big businesses.
The current IT and development infrastructure is anticipated to carry out many of these efforts. However, the process for these kinds of engagements is usually very different.
It’s ideal to conduct quick, iterative testing with innovation projects. Delivering minimum viable products, testing or piloting them with internal or external stakeholders, then quickly enhancing them as you roll them out to progressively bigger user bases is how you create incremental value.
The problem of technological stacks comes up frequently as well. Although the final product will need to interact with internal systems, you are frequently better off utilizing technology stacks that prioritize deployment speed and simplicity over enterprise systems early on.
The potential to “bring your own language” (BYOL) into build packs that integrate seamlessly with the wider corporate architecture) is something that even companies like SAP have acknowledged.
But there is frequently (understandable) internal resistance to learning those languages and how to use them. Teams try to implement lean startup ideas using legacy or enterprise systems, but these constraints on speed and agility prevent them from being successful.
Going it alone.
“Data is a team sport.”
“There’s no I in team.”
“If you want to go fast go alone. If you want to go far, go together.”
These adages all speak to the same concept. Work as a team if you’re going to innovate.
Although it might make sense in many circumstances, this does not necessarily mean hiring more people and developing internal skill sets. However, it frequently pays off greatly to include outside team members, either for execution or for perspective.
Teams with start-up expertise are aware that combining pre-existing third-party solutions is sometimes the quickest route to market. They prioritize remaining close to the consumer, providing value, and accepting that platform or code debt is a necessary part of the deal. They fully anticipate later replacing and refactoring work. Internal teams frequently lack that point of view.
In a similar vein, those with experience in startups (and to a lesser extent agencies) frequently possess pattern detection skills that internal teams lack. Manifold’s expertise in product strategy stems in part from our own experience creating startups. That perspective is incredibly helpful when trying to make product decisions like:
• Which statistics show risk or success leading indications.
• How to concurrently design for both exterior novice users and inside power users.
• How to cope with the chicken-and-egg issues that come up when dealing with market-based firms.
• How to optimize for adoption and the vital importance of the first-time user experience.
• The methods that can encourage referral and boost supplemental income.
• The best ways to design goods with self-priming growth loops.
• The drawbacks of voice-activated or conversational user interfaces.
Even if your internal team handles most of the work, bringing in an outside team to offer direction and input can be quite beneficial.
Not having mentors.
In a similar vein, the higher level strategic vision is a prevalent weakness. Although internal teams have extensive domain knowledge, they frequently struggle from being too close to the issue or from lacking the ability to recognize patterns across a wide range of businesses and organizations.
Once more, startups serve as a terrific model. The majority of firms with venture capital funding have a board of directors as well as outside consultants. These are crucial tools that may spot future problems and assist in avoiding them, bring fresh ideas from different fields, and set up connections that can completely change a company. They can also offer guidance on how to go through iteration.
Establishing a similar board of advisors, whether at the portfolio or individual initiative level, can frequently mean the difference between success and failure.
Not proving the value.
Harvard Business Review claims that failing to have a specific value creation hypothesis is a widespread mistake.
This oversight frequently results in the funding of initiatives that, despite being well-executed, had little value attached to the victory. For innovation teams and the leaders inside them, allocating resources, fostering team energy, and finishing without demonstrable value creation can frequently spell doom.
Successful innovation projects frequently require time. Additionally, there is a clear requirement for executive level leaders to exercise patience and provide enough air cover for new ideas to develop and find value. However, that doesn’t imply you should begin a project without knowing how, if it succeeds, you’ll extract value at the other end.
To avoid this trap and make sure that successful initiatives truly benefit the organization, it is wise to model out potential avenues for growth and value creation, understand the potential addressable market, and have a hypothesis for “exit” (even if that exit is simply bringing the initiative in-house).
Create plans to mitigate these digital transformation risks
Outlining all the hazards you can perceive and creating mitigation plans for each might be useful as you implement your digital transformation strategy. Perform a “pre-mortem” to try to foresee potential problems and make sure you have the ideal systems, procedures, and partners in place to successfully carry out your digital transformation activities.
Case Study: The Ariane 5 launch became one of the biggest information technology failure
The Ariane 5 rocket Flight 501 was a part of the Ariane project, a Western European initiative started in 1973 that aimed to give Europe a dominant position in the commercial space industry by launching a pair of three-ton satellites with each launch. The project’s completion required ten years and a total investment of $7 billion.
Tuesday, June 4, 1996 saw the launch of Ariane 5 v 501, which disintegrated shortly after. Inside the launcher, two Inertial Reference Systems (IRS) with identical hardware and software were working side by side. The onboard computer would immediately switch to the backup system if it discovered that the active IRS had failed.
The (IRS) featured a built-in computer that it used to measure the launcher’s altitude and space-related advancements. The onboard computer used the data from this system to carry out the flight plan. When the launcher’s computer attempted to convert the data of the rocket’s sideways velocity from a 64-bit format to a 16-bit format, the guidance system for the launcher stopped down 36.7 seconds after the launch. Since the number was too large and Ariane 5’s horizontal acceleration was far higher than Ariane 4’s, an overflow error occurred.
Conversion failed because the input number was larger than 32,767, the maximum integer that can be stored in a 16-bit signed integer. The software was shut down as a result of the system exception management facilities being activated because Ariane 5’s conversion had no related exception handler.
The primary factor contributing to this calamity was that when the guidance system stopped down, it transferred control to the backup system that had failed in the exact same way a few milliseconds earlier because it was using the same software. In actuality, the algorithm that contained the error that resulted in this catastrophe served only to align the system prior to launch, serving no further use once the rocket was in the air. It ought to have been turned off, but due to a choice made in earlier Ariane versions, engineers left it on for the first 40 seconds of the flight to make it easier to restart the system in the case of a fleeting breakdown in the countdown system.
The rocket detonated, split into a million pieces, and fell onto the wide field as a result. The failure resulted in an additional expense of $370 million and reduced a sizable, possibly ground-breaking project to a pile of flaming dust.
Avoiding IT transformation risks
Mitigating the hidden risks of digital transformation
As they adjust to new methods of working, managing staff, and providing customer service, businesses are eager to seize any technological edge they can. They are moving more aggressively in the direction of the cloud, e-commerce, digital supply chains, artificial intelligence (AI) and machine learning (ML), data analytics, and other fields that can foster innovation and efficiency.
Enterprises are simultaneously attempting to manage risk, and the same digital initiatives that open up new possibilities can also increase risks like security lapses, failed regulatory compliance, and other setbacks. As a result, the drive to innovate and the need to reduce risk are constantly at odds with one another.
There will always be some friction between managing risk and working on digital transformation projects.
In contrast to conventional business practices, businesses’ pivot to expand the level of digital access provided to customers and workforce members involving personal and business-related information introduces totally new types of risk that must be handled. Different risk management strategies are needed for these new engagement models that the digital transformation has made possible.
Here are four major areas where efforts to implement digital transformation might present risks and how businesses can mitigate them. Throughout this workshop, we will go through these concepts in further detail.
Multicloud or hybrid cloud infrastructures
More businesses are switching to IT platforms supported by a variety of cloud services, frequently from multiple providers. Offerings such as platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS), and software-as-a-service (SaaS) are examples of this.
Hosting crucial data and applications outside of an organization’s own protective perimeter, regardless of the type of cloud being used, entails a significant amount of risk, especially when several locations, services, or vendors are involved. Along with the risk of data loss or theft, businesses may also encounter issues with data protection laws and the potential for cost overruns due to subpar cloud management techniques.
The governance of the cloud environments is one of the most frequent risks we observe here: What cloud service provider? that protocol Thresholds for development environments to maximize use in terms of creation, use, size, etc. As opposed to after deployment, it is far simpler to address governance problems like this early on.
The complexity and disparate management and automation tools that come with a multicloud strategy are often amplified. This intricacy raises the possibility of operational collapse.
Additionally, previously, IT services were purchased from data centers that were owned and maintained by the corporation, with IT overseeing the purchasing procedure. Business customers may now quickly acquire and install cloud services like PaaS without architecture or security evaluations. By managing which services are activated and made accessible to users, IT and business leaders may reduce this risk.
A recommended practice is to make sure that before any desired cloud services are approved for use in the company, they are submitted to appropriate design and security inspections on any IaaS, PaaS, or SaaS vendor platforms. Before any technologies from public cloud vendors can be made available to the company, guidelines and boundaries must be set, along with continual usage monitoring.
According to Smith, IT, cybersecurity, and legal must all collaborate to stay ahead of business customers’ efforts to acquire and employ new cloud services.
Digital supply chains and sales channels
Businesses are rapidly using a range of technologies, such as end-to-end digital connectivity, cloud services, blockchain, robotics, autonomous vehicles, and advanced analytics tools, to improve and manage their supply chains.
The supply chain’s digital transformation may boost productivity and visibility, lower costs and errors, optimize processes, and foster better partner collaboration. Additionally, it poses hazards like data loss.
Parties engaging in business-to-business (B2B) digital services might use a variety of risk reduction strategies. This entails creating thorough business contracts with partners that include all potential risks and obligations. In order to ensure that data transfer and storage are secure, businesses can also set up cybersecurity and data privacy policies.
Businesses often demand that these B2B connections be watched over to make sure that rules and regulations are being followed. Additionally, best practices include conducting regular third-party risk assessments to make sure that all parties in the digital supply chain follow the rules and guidelines for security and privacy.
Additionally, businesses are relying increasingly on online events, mobile applications, email, text messages, and other digital sales channels to connect with consumers and prospects.
Lack of clarity regarding a multichannel strategy or, if switching totally to digital, a lack of a strategy to support the shift by the partner, customer, or consumer on the other end are risks we frequently find here. Organizations risk being in a continual state of shifting priorities where no channel actually advances if the strategy is not thoroughly developed and driving investments.
Some attempts to establish numerous digital channels have even turned into internal conflict. A very key mitigation method to assist prevent this is frequently to have one leadership team be accountable for all of the different channels.
Case Study: Sacre bleu! French bank customers see each other’s accounts
On February 23, 2021, LCL customers discovered they were viewing someone else’s information after logging into their banking app. The information soon gained traction on Twitter, where several people theorized that this might have been the outcome of a cyberattack. However, the bank claims that it was really the result of a technical issue, which was quickly fixed.
These kinds of development blunders are undoubtedly an indication of internal problems in the organizations where they happen, and they are especially unacceptable in the banking sector. The fallout served as an example of the standard dance that occurs after these kinds of errors, with the at-fault corporation downplaying the situation: No personal information was disclosed, consumers could only view the accounts of other customers and could not transfer money, and perhaps only a small number of customers were impacted, according to LCL. Others noted that tens of thousands of users may have been logging in while the problem was active in live code, and that transaction information may have been used to determine the identity of customers. LCL ultimately needed to act quickly to prevent paying a hefty fine to European privacy regulators.
Internet of things (IoT)
IoT technologies are being widely adopted by businesses in the manufacturing, healthcare, retail, and other sectors to track the location of assets, monitor equipment performance, collect information on product usage, and other purposes.
The potential advantages are strong, and they include improved maintenance of machinery and products, improved customer experiences, and cost savings from preventing lost goods. But there are also significant hazards. IoT techniques present various entry points for hacking, including the linked devices themselves, and distributed denial-of-service attacks, for instance, have already been attributed to connected devices.
In an enterprise, connected devices could be anything from HVAC systems to servers and other IT hardware to cars, lighting controls, thermostats, appliances, and more. Organizations must find strategies to secure and reduce the danger posed by networked devices in order to restrict the connections that these devices can make to other devices and, in some situations, to segregate the networks in which they operate.
Additionally, extra care needs to be made to work closely with device manufacturers to make sure that these kinds of devices have the right security controls and are kept up to date for operating system patching.
Other best practices include checking corporate networks for IoT device activity and requiring device manufacturers to provide means to keep devices secure and up to date through contracts.
Analytics and automation
To speed up operations, lower costs, and eliminate errors, businesses are rushing to automate labor-intensive and time-consuming manual processes.
Robotic process automation (RPA) and artificial intelligence (AI) technologies can significantly improve the way business processes are handled by automating data entry activities, but they also carry hazards.
The datasets that data scientists use to train their models and the platforms on which they are created are the main risk factors in analytics, AI, and ML.
Risk reduction techniques include adopting well-written contracts to govern big data collaborations, ensuring that only the bare minimum of data is utilized in data sets, and using anonymized data whenever possible.
Automation risk might include failure to scale quickly enough or satisfy expectations.
The automation ecosystem is now going through a lot of upheaval. Looking back, it started with process outsourcing, moved on to process improvement (Lean, Six Sigma), and ended with RPA. RPA and AI are currently coming together to tackle complicated business problems.
The convergence of AI and RPA is bringing up previously unimaginable opportunities and use cases, such as intelligent document processing with a capacity of 175 billion machine learning parameters or the application of neural networks and deep learning to identify anomalies in transactional data.
To raise awareness of the potential advantages, capabilities, and uses of automation, organizations should establish early expectations for it and involve stakeholders from both the business and IT. Then they should launch quick, modest, and brief pilots that concentrate on the advantages.
Utilize highly qualified personnel as soon as possible by employing staff or consulting firms to set up the governance, frameworks, change management, communication, templates, business engagement, business case creation, and ROI return on investment calculation.