the cio agenda - information security agenda... · the cio agenda conceptual architecture november...

The CIO Agenda

Conceptual ArchitectureNovember 2011

Uncertainty to growthBusiness-driven priorities for the IT organization

Page 1

The borderless enterprise – key trends

Some of the key questions CIO’s have to answer….

�How do you orchestrate, manage and measure services for optimal performance and cost when these are crossing corporate boundaries?

�How do you deal with increasing complexity (mass of data, increased globalization, access anywhere through smart devices, etc.)?

�How do you sort through the promise of cloud computing to leverage the tangible services that exist and drive value today?

�How do you govern and broker many service providers / suppliers and manage end-to-end SLAs to your advantage?

�How do you embrace “shadow IT” as a fundamental enabler?

�How do you leverage technology to deliver the promise of growth and innovation?

�How do you transform from a world of asset ownership to “pay-as-you-go” services?


Page 2

The borderless enterprise – new focus areas

The role of IT is now seen as a three-way

balance:•Cost efficiency

•Top-line growth

•Risk

The new imperatives: •IT Architecture

•IT Risk

•IT Finance (and improved decision-making)


Page 3

The CIO Agenda - Conceptual Architecture


Page 4

The CIO Agenda – IT Operations/Execution (What processes or controls are in place to ensure your IT organization is “best-in-class” from a cost and efficiency point of view?)

Increasing IT operations performance, IT effectiveness and IT cost optimization is a journey and

something that needs continual attention. The main elements include cost optimization, strategic

alignment, governance, operations and performance. Businesses are facing different types of costchallenges, depending on the severity and urgency of their positions in the market. We find fewer than 1 in 3 recent cost reduction programs have sustained improvements in performance. Taken individually, each of these areas provides a view of IT of greater importance to one or more parts of

the business. Taken together, these five areas form the basis for a complete and balanced view of IT. To include:

� IT Operations; Financial Management & Reporting (IT Spending, Cost Drivers, Cost & Pricing Strategies); Controls; Metrics (Performance Measurement); Resource Management (IT Staffing); Value Management (Root Cause Analysis); Service Delivery & Support; Process & Standards Management (COBIT, ITIL, ISO

20000-2005, PMI Program Mngt., CMMI-DEV, CMMI-ACQ); Vendor Management; Project Management Office;

Background

► Whilst having a full 360 degree view on

IT operations we recognize that we need

to visit the components of the framework

in alignment with scope and focus on

needs and prioritize accordingly

► We have a set of tried and tested tools,

methods and collaborative techniques to

deliver results in a consistent way to

provide effectiveness improvement

roadmap(s) – identify, diagnose, design,

deliver and sustain

► We see 7 challenges: Distress (survival);

Stress (refinancing, margins, etc); Pre-

post acquisition or divesture; Short-term

revenue drop; Revenue growth but

decreasing margins; Longer-term

revenue re-adjustment; Budget caps

► Three areas typically hinder the success

of improvement efforts► Value: the focus on the right areas► Pace: the need for effective project

management and reporting

► Sustainability: maintaining the benefits over time

► The degree to what you change should

also be determined between:► Baseline change► Fundamental shift

► Major transformation

► Exposure of full cost transparency, enabling organizations to determine hidden

costs, cost categories and to perform cost comparisons

► Stronger alignment between expenditures and business strategy/priorities

► Openness to business demands/needs (service levels, resources,

scope/expectations, ownership/accountability, adherence to standards)

► Distribute IT costs into major categories and determine how costs could be:

redirected, reduced or reinvested (analysis of fixed V’s variable, Capex V’s Opex)

► The discovery of: 80/20 immediate actions; focus areas for more rapid assessment

and change; Tsunami areas for greater detailed analysis

► Detailed roadmap with aligned IT change to direct business benefits

Benefits

Ernst & Young insights


Page 5

The CIO Agenda – Information Security & Privacy (What programs are in place to ensure you are securing the new “borderless” organization to maintain confidence of stakeholders in a virtual world? )

With the growing facets of information resources required to support the innovative and market

leading enterprises of today, providing secure and faster access to the right information at the right

time/right people has become key. With the ever expanding enterprise boundaries, one aspect ofthis multi-faceted business challenge is to promote and provision secure access to critical sharedinfrastructures. EY understands this continued pressure on enterprises to implement effectivesecurity controls that promotes business objectives and innovation while at the same time protecting

businesses by helping to maintain compliance to organizational and regulatory policies. To include:

� Security (Privacy, Firewall, Malware, Vulnerability Mngt., Physical Security, Virus, Encryption, Data Leakage/Loss, Personal

& IP Protection, Edge Security, Forensics/Fraud, etc); Security Architecture (Identity & Access Mngt.); Risk & Compliance Management (Legal & Regulatory Compliance, Info. Security Risk Mngt.); Process & Standards Management (Security Policy, Standards & Compliance); Quality Management; Architecture Oversight & Control (Secure Development & Operational Processes – Web App Security, etc, User / App Provisioning &

Decommissioning); IT Governance; Vendor Management (Outsource Security, Contract Security, Security as a

Service); Metrics (Security Metrics & Reporting)

Background

► Organization boundaries are vanishing

and traditional information security

paradigms must change. Review the

changing landscape and reach an

agreement with business from a

business impact standpoint

► Comprehend the role of information

security and privacy in enabling various

business objectives

► Leading information security functions

seek to maintain risk appropriate risk

levels through a cost-effective,

sustainable program

► Data leakage prevention is a top priority

among larger organizations

► Ask the tough questions: ► Are we relying on yesterday’s

mechanisms to counter new age security threats emerging from Cloud, E2.0,Mobility, social media

► Are we identifying improvement opportunities leveraging synergies across business verticals

► Are we doing enough to raise awareness and adherence to policies within the enterprise

► Develop comprehensive solutions to

address systemic issues within an

enterprise

Having in place a holistic security and compliancy approach (by aligning business

objectives with information security efforts) would help mitigate business risks

rising from adverse events such as:

► Financial and reputational damage caused by inappropriate access to sensitive

information

► Threats originating from malicious users and sponsored groups from inside and

outside of the organization

► Non compliance of privacy and data protection regulatory norms and lack of

confidentiality, integrity and availability of critical system accounts and data

► Inability to take advantage of emerging business models offered by new

technologies and distributed sourcing strategies with confidence

Benefits



Page 6

The CIO Agenda – Business Continuity & Resiliency What assurance do you have that your IT function has the ability to routinely recover from unplanned business disruption events and enhance resiliency ?)

Business continuity and resiliency is vital to business success. In today’s global economy, virtually

every aspect of a company’s operation is vulnerable to disruption, and the risk and cost of disruption

extends well beyond IT. Any amount of downtime can result in lost productivity, lost revenue, lost customers and lost opportunities. In addition, a disruption can have a significant negative impact on the companies brand and reputation. Companies are beginning to regard business continuity not just as an insurance policy in the event of major disaster, but also as an ongoing strategy that’s vital

to business operations and competitiveness. To include:

� Strategic Planning; IT Governance; Solution Management; IT Operations; Delivery Management (Continuity strategy aligned with your risks and the business value of your business processes); Risk & Compliance (Meet specific legal, regulatory compliance and stakeholder requirements); Training & Communications; Process (Evolve continuity strategy, programs and processes as technologies and business conditions change)

Background

► Despite all the dire warnings regarding

the cost of downtime, including loss of

revenue, market share, and even long-

term viability, most firms still don’t

adequately organize, plan, fund, and

staff business continuity and disaster

recovery efforts.

► Most firms don’t make a distinction

between business continuity (BC),

disaster recovery (DR), and high

availability which impacts the overall

business resiliency.

► Regard disaster recovery as an

insurance policy in the event of major

disaster but not as an ongoing strategy

that’s vital to business operations and

competitiveness.

► There are considerable confusion

around scope of BC/DR efforts produced

by burgeoning business continuity

industry.

► Lack of the overall coordination of the

organization’s response to a crisis in an

effective, timely manner, with the goal of

avoiding or minimizing damage.

► Lack of business risk identification and

defensible business case to justify the

impact of downtime and investment.

► Ensure continuous customer service when critical business processes and/or

associated production systems are not available

► Protect company reputation, sustain customer loyalty and ensure stakeholder value

► Ensure adequate attention and awareness of business resiliency by the CEO and

the Board

► Foster clean linkages between articulated business strategy and recovery strategy

objective

► Ensure continuous support of core business processes and align business resiliency

plans with strategic goals

► Create architectural blueprints to bridge resiliency technology choices with business

capabilities

Benefits



Page 7

The CIO Agenda – IT Risk Management & Compliance (What people, processes and technology are in place to manage risk to enable business performance and ensure regulatory compliance?)

With a growing number of government and industry regulations, financial pressures and increasing

stakeholder demands, managing risk is top-of-mind for boards and management. A critical

component of risk management is managing information and technology risk. Information and technology risk management comes into play from several perspectives — assessing and mitigating information processing risks across the organization; managing risks within the IT function; and leveraging technology to make organization-wide risk management processes more effective and

efficient. An enhanced information and technology risk management program adds value through faster, more informed, risk-based decisions and processes.. To include:

� Strategic Planning; IT Governance; Solution Management; IT Operations; Delivery Management (Continuity strategy aligned with your risks and the business value of your business processes); Risk & Compliance (Meet specific legal, regulatory compliance and stakeholder requirements); Training & Communications; Process (Evolve continuity strategy, programs and processes as technologies and business conditions change)

Background

► IT compliance is a moving target based

on continuing developments in multiple

industry sectors

► Effective IT risk management improves

business performance through adding

speed to the information decision making

process

► Companies are standardizing processes

and leveraging technology to integrate

information and technology risk

management with other risk functions

► Organizations need to adopt an

integrated risk management view, while

still allowing different functional areas

their individual perspectives

► Visionary organizations no longer

manage IT risk in silos. They develop a

holistic view of risk and implement a

unified strategy to help standardize

processes and leverage technology to

integrate IT risk across the organization

► Treat risk management and compliance

not as a one time effort . Adopt quality by

design to build cost effective controls

early in the system and process cycle

► Protect company reputation, sustain customer loyalty and ensure stakeholder value

► Ensure adequate attention and awareness regarding IT risk by the CEO and the

Board by providing periodic reports and metrics to monitor IT risk

► Achieve a positive return on investment through effectively managing IT risks, while

enabling business performance improvement

► Foster clean linkages between IT and business strategy and related IT risks

► Provide a balanced and transparent IT risk strategy

► Identify and assess IT risk based on emerging business and societal trends

► Balances the competing demands of managing IT risk and driving value, while

controlling cost and still achieving compliance.

Benefits



Page 8

The CIO Agenda – Finance Planning & Consol. (Do you have confidence in the accuracy, quality, predictability and integrity of your plans?)

The need for reliable, up-to-date financial and operational data is critical to support planning,

budget, forecasting, analysis and reporting. The integration of global with any local-unique needs to

be more transparent. All of which needs to come together in a corporate IT/Financial plan (more a single central view than scattered distributed local financial systems views). The increasing use of cloud and “as a service” providers (with new financial models) and shadow IT decisions need to be brought together in order to assess overall benefits and risks. The need for increasing compliance

to regulations and aligned audit focus will almost certainly grow as we move more into a widerconnected society. To include:

� Financial Management & Reporting (Budget Management, Funding & Financing, Forecasting, Consolidated

Financial Reporting, Financial Modeling, Accounting Operations); Metrics (Performance/Balanced Scorecard); Controls (Controls Matrix); Resource Management (Workforce Headcount/Compensation Planning); Business Alignment (Business Planning); Value Management (Financial Analysis); Software Lifecycle Delivery (SAP BPC, Hyperian)

Background

► Consolidation & management reporting

are key – but only a part of the wider

alignment and forecasting on future

strategic direction

► The understanding of compliance to 3rd

party requirements should be an integral

component

► Excessively manual finance processes

leads to inefficiency, data errors, and

overall lack of data integrity

► We see data maintained in multiple

sources with varying levels of data

security and data definitions – which

leads to multiple versions of “the truth”

► We see automation will increase

efficiency and improve data quality

► There is a need to more tightly link the

planning/budgeting/forecasting areas

with the actual results (the link-back)

► To provide executives with “dashboards”

and support drill down capability

► A barrier is lack of true exec sponsorship

► One version of the truth” is a common

theme

► Efficient close and reporting process that

will reduce time spent compiling reports

and reconciling data = > analysis time

► The need for appropriate awareness and

training is always needed

► Clearer articulation, communication and monitoring of strategy/goals/objectives and

aligned accountabilities (focus on resources). The delivery of a single truth. Have

departmental planning support – aligned plans, budget, forecasts, KPI’s, monitoring,

etc

► Ability to provide opportunity cost alternatives (forecasting) to aid decision making

► Reduced costs through the use of pre-built financial model logic and simulations

► Minimize risk/uncertainty with improved accuracy, quality, predictability and integrity

► Acceleration of reporting cycles (faster close) – more timely results to internal and

external parties

► Improved transparency (documentation and trail) and compliance to 3rd party

requirements (regulatory, audit, financial results standards, etc)

Benefits



Page 9

The CIO Agenda – IT Strategy & Growth Transformation (What processes or controls are in place to ensure your IT strategic plans align with your corporate goals and objectives?)

As we move into a more externally connected world (suppliers and consumers) with more

commodity services being available (cloud and everything “as a service”) there is a greater need to

align business and IT strategies. Transformations need to be bi-directional – not just a case of understanding the current state and plans to move forward but also, in parallel, knowing what the end state vision is and working backwards to derive key dates to accomplish market advantage sought. Key elements of IT strategy will be more agile and an iterative approach to be adaptive to

business changes/demand whilst at the same time having the core strategic directional view andunderstanding the end-game, values, roadmap and how IT can deliver against this. To include:

� Strategic Planning (Market Drivers, IT transformation, IT Trends, IT Value Add Opportunities, New Business Models,

Globalization, Horizontal Services, Vertical/Geographic Services, Target Operating Model/End State Vision, M&A’s, Emerging

Markets, Strategic Market Analysis); Delivery Management (IT Agility); Vendor Management (Sourcing Strategy

& Architecture); Service Catalog (Portfolio Planning); Process & Standards Management (TOGAF)

Business Alignment (Priority Business Initiatives); Organizational Alignment

Background

We see a cyclic view on IT Strategy &

Transformation:

► Business Strategy & Business Capability

Model (Contextual Architecture):

Drives what the business must do

► Business Imperatives – Common

Business Themes and Priorities

(Conceptual Architecture):

Drives what IT must do

► Strategic Initiatives (Portfolio)

Change business ops, capabilities,

processes

► Business Process (Business

Architecture)

► IT Implication (Logical

Architecture)

► IT Direction (Physical

Architecture)

Defines future IT-related changes

► Business/IT Capability

Derived future model and

Capabilities… leads to

► The need to define a target business

operating model is key

► We are seeing the increase use of

TOGAF as a framework for not just

technology but also business

architecture and ways of mapping

contextual strategic intent

► Global agreement on IT areas supporting competitive advantage (investment) and

areas moving into commodity offering (cloud, “as a service”, etc)

► Global agreement on business processes and supporting technologies

► Clear ownership of business and aligned IT processes established

► Better decision making authority and accountability

► Knowledge on what IT services delivery capabilities, resources, skills needed to be

developed retained versus those that should be outsourced

► Much stronger end to end architecture discipline

► Balance between long-term and short-term spending and overall investment

implications

Benefits



Page 10

The CIO Agenda – Service/Systems Global Development (How can you better ensure, aligning many stakeholders, systems developed deliver the required business value sought?)

The “next generation” of systems development is more about reuse/agile approaches. In order to

get the benefits and operational efficiencies through technologies such as virtualization/private

clouds developers must now understand best practice in loose-coupling and scalability design. New cloud development environments come with social networking capabilities to allow easier collaboration on ideas/requirements and more seamless links into testing and production environments. As most companies outsource their development – their role changes to one of

governance and quality control. To Include:

� Project Management Office (Development Centers); Solution Management (Business Requirements Mngt.,

Agile/Iterative Development, Estimation, Rapid Design & Visualization, Prototyping) ; Architecture Oversight & Control (TOGAF, Cloud Development Environments, Testing Environments, Reference Architectures/common Stacks,

Model Driven Architecture, Gold Sources); Lifecycle Delivery & Execution (Tailoring in/out, Tollgates); Process & Standards Management (IT Standards, Vertical & Horizontal Scalability Coding Standards, Extended Non Functional

Requirements); IT Governance (CMMI-DEV, CMMI-ACQ, Code Quality); Delivery Management (Promote to

Production)

Background

► You need a common, consistent, global

approach for systems development with

aligned training (classroom, live web,

recorded web, etc) – with clear roles and

responsibilities described for all

stakeholders (IT, Business, External,..)

► Be careful with new cloud development

environments as they may lock you into

future automated code to production and

operational environments

► Iterative and Rapid Visual Design

techniques work well when obtaining

business requirements but it’s a skill that

needs acquiring

► CMMI-Dev is now extending into CMMI-

ACQ to cover the wider external

contractual and governance needs

► Developers should not be tightly

coupling data into functionality – data

should be a standalone asset for future

value creation

► Have clear standards and methods for

both process quality and “product” code

quality checks – include security

guidelines

► Design for future service loose-coupling

and scalability – to take advantage of

emerging cloud environments

► Having a global common consistent macro method (processes, roles and tools) and

aligned standards for development will allow best practice resources (people and

tools), will ensure better alignment with the business requirements, provide speedier

time to market through reuse, allow opportunities to scale (up or down) with new

virtualization/cloud technologies, result in better quality code and have more safe

and secure systems operations

► Consistency will drive efficiencies: fewer activities; fewer templates; fewer

deliverables

► Continuous improvements will be driven through regular tollgate reviews with

suppliers – also having recorded acceptance criteria will help facilitate

► Increased customer satisfaction, better overall system quality

Benefits



Page 11

The CIO Agenda – Portfolio Planning & Apps Rationalization (What confidence do you have that systems investments are targeted and measured correctly?)

As more options emerge for IT spending there is more a requirement to have a “complete picture”

on existing systems landscape and agreed consistent strategic direction. There are new

opportunities to purchase “as a service” more commodity items previously not available – so a review of your spend in these items is required. Equally those systems that are directly supporting business strategy and competitive advantage may require additional investment to preserve any unique market positioning. Lastly a move to “global common” versus “local unique” needs defining,

governing and new metrics developing to show transformation and ongoing compliance. A more accurate alignment between IT spend and business objectives (VC type approach) is part of new

ongoing portfolio management process. To include:

� Business Alignment (Rationalization & Simplification of Application Portfolio); Service Catalog (Portfolio Analysis

Tools & Approaches); Architecture Strategy (Application Roadmaps); Delivery Management (Virtualization,

Cloud Usage, Instance/Platform Consolidation); IT Operations; Value Management; Lifecycle Delivery & Execution; Virtualization; Vendor Management (Transformative Outsourcing); Process & Standards Management (Apps Characteristics/Standards/Extended NRF’s, Bill of IT, Gold Source)

Background

► Our approach includes: A complete

application inventory which leads to 4

areas:► Sunset Systems (develop exit

strategy): deficient system; low

business value; strategically

misaligned; functionally redundant► Transform Systems (develop a

transform strategy): move to more commodity available alternatives, high ownership cost;

► Heritage Systems (limit investments): high current business value; significant ROI and moderate/low CTO; Integral part of the enterprise architecture

► Strategic Systems (more significant investments); strategically important, aligned with future business goals; competitive differentiator

► Questions fit into 3 areas:► Business: strategic alignment;

operational efficiency; business risk

► Technology: alignment; capability and risk

► Financial: TCO

► The need to build an ongoing approach

to align application spend to budget and

to cover the full application and portfolio

lifecycle management activities

► Optimized application segmentation (global common, local unique, vital critical,

important deferrable): To better understand your current and target application

categories – allowing for new cloud and “as a service” considerations and in having

a strategic application roadmap designed to show a consistent way forward

► Support a move to global common solutions and agreed local unique solutions.

Opportunities to extend/leverage existing systems more – have governance around

your specific “Bill of IT”. Have executive metrics/scorecard to measure progress and

ongoing compliance

► Reduced costs: maintenance costs, rationalization of data repositories, reduce size

of application portfolio; reduce duplication

► Simplification of the portfolio approach and alignment of projects to systems and

business goals and objectives

Benefits



Page 12

The CIO Agenda – Right Place IT (How do you and your partners/suppliers maintain a high degree of mutual trust and shared focus in your companies information, services and future strategy?)

We are entering the 3rd wave of outsourcing where companies need to “pick and mix” best of breed

services from a number of suppliers. At the same time there is a polarization happening between

commodity services (to include cloud and “as a service” offerings) and renewed investment in core retained IT to support business competitive advantage. To include:

� Strategic Planning (End State Vision, Transition Management, Transformation Management); Business Alignment

(Business Relationship Management); Service Catalog; Architecture Strategy (Enterprise Architecture Elements); IT Governance (White Spaces, People/Change Management); IT Operations; Service Delivery & Support (Service Management Integration, ICE, Managed Print, Enterprise Services, Network Services, 3rd Party Platform Services,

Cloud Services); Delivery Management; Process & Standards Management; Vendor Management (Sourcing & Procurement Strategy & Execution); Quality Management; Metrics; Organizational Alignment (Future IT Org.); Integration; Controls; Financial Management & Reporting (Business Case, Asset

Ownership); Resource Management; Risk & Compliance Management (Legal & Regulatory); Project Management Office; Solution Management (App Dev. & App Maint.); Metrics (Process Controls & Metrics); Value Management (Measuring & Maintaining Value)

Background

► There is a need for a new strategic

sourcing and management model as we

move into a market with increased

specialized offers (cloud, “as a service”,

etc)

► Service Management and Integration are

becoming central “hubs’ for managing

the end to end SLA’s and in governing

the new ecosystem of suppliers

► The key elements of such an IT

transformation program include building

the new end state vision, supporting

business case, central support activities,

procurement streams, transition and

transformation management

► The timing and new bundling of services

is key – there are options!

► In the extended world of IT – new

challenges are introduced especially in

the three main areas of architecture,

finance and risk

► It’s about a global transformation

program with IS being the appropriate

driver (it’s not outsourcing as strategic

parts are retained)

► This will provide the foundational

platform for more easier “plug and play”

of future service opportunities

► Innovation moving forward is key. This new model and way of working will

incentivize innovation across the various IT “towers”. The loose coupling approach

will provide a tension for suppliers to offer improvements whilst allowing for easier

termination should things not work. The ability to plug and play new services is key

► Improved Business and IT alignment through greater transparency of cost through

to benefits; more detailed end to end SLA understandings; joint agreement on

“Shadow IT” usage/spending; etc

► Overall reduced costs with improved efficiencies and exploitation of best of breed

market services – the “pathway to the cloud”

► Re focus on areas of internal investment on IT aligned to business strategic

competitive advantage with increasing use of commodity IT as appropriate

Benefits



Page 13

The CIO Agenda – Enterprise Services Architecture & Industry Orchestration (Do you understand/control services that should be purchased/commodity V’s developed/differentiated plus integration into the wider environment?)

The move into better understanding “business services” and new ways of looking at and deciding

what services (and aligned business processes) an enterprise should provide versus purchase

(maybe “as a service”) is gaining momentum. Tradition methods of business process modeling,often focused purely within an enterprise, need to expand as company’s now need to integrate moreformally into wider industry scenarios (industry as a service). New challenges on wider integration (architecture) and end to end orchestration need to be considered. Bodies such as The Open

Group Architecture Framework (TOGAF) are seeing much renewed energy in the market to havebetter ways in defining Business Architecture. To include:

Background

► Harmonizing business processes

(global) may seen straightforward, but it

is a challenge and painstaking

undertaking – the core is to build your

own value chain model (Mega, Major,

Sub, Stakeholder Influences, External

Factors, Critical Success, KPI, etc)

► You need to decode the DNA of how

your company does business and make

decisions for each key process/service

area whether to:► Retain and invest as part of

competitive advantage

► Retain but outsource (IT and BPO) to a best of breed provider

► Purchase from a 3rd party “as a service” type offer

► The exercise needs to be ongoing since

business processes and best practices

are not static

► TOGAF is renewing its focus on

Business Architecture to cover strategic

process/service modeling

► Standardizing data across the company

and bringing discipline to data

management is key

► As more and more services are being

bought/used from different sources the

integration (service and IT) between

these becomes critical

► Identification and removal of redundant processes/services

► More unified information systems to support and enforce standards

► Surfacing opportunities for consolidation and aligned savings

► Leveraging “best of breed” providers/services

► Provides a foundation to innovate and compete better – by really understanding the

DNA of the company

► It is not all about centralization – with this understanding you will be able to decide

which processes/services need to be central and also those that need to be

distributed and local to meet local needs and regulations – leverage economies of

scale without sacrificing local flexibility

Benefits


� Strategic Planning (Industry as a Service); Business Alignment (BPO, Shadow IT, Business Process/Service

Modeling, Value Chain, BPEL, Loose Coupling, TOGAF – Business Architecture, Abstractions/Scenarios); Service Catalog; Architecture Strategy (Reverse Cloud, Orchestration, Integration Hub, EAI); IT Governance; Organization Alignment; Vendor Management; Process & Standards Management (Interoperability)


Page 14

The CIO Agenda – Information Services (Converged) (What assurances do you have that your IT systems and processes timely and comprehensively meet data and information needs?)

The last decade has seen an unprecedented growth in the amount of data due to proliferation of

applications portfolio (organic or via mergers and acquisitions), better and broader network &

internet connectivity across the globe, lower cost of storage, stricter data retention policies etc. Thisexplosion in amount of data has created new complexities and challenges in getting the rightinformation to the right people, at right place/time and in being able to tap into this information for better decision making and new opportunities for “information services”. In short the data/information

is a key (if not the key) strategic asset. To include:

� Strategic Planning (Information Strategy, Information Channels); Business Alignment; Service Catalog (Information Services); Architecture Strategy (Enterprise Data Strategy, Reverse Cloud, Data Architecture, Master Data

Management, Meta Data, Data Modeling, Data Platforms, Data Flows); IT Governance (Data Governance, Data

Stewardship); Value Management; Process & Standards Management (Data Semantics); Knowledge Management (Content Management), Metrics (Information Operations & Reporting, Datapedia Usage)

Background

► Improving information management and

data quality in an enterprise is

collaborative effort between Business

and IT that most often requires a cultural

shift from managing data as a necessity

to managing information as a corporate

asset . Change leadership is a key

element in any Information Management

transformation program

► A strong data management foundation is

key to getting it right in the long term,

and this needs to be a business led

initiative with active sponsorship from

the most senior management levels in

the organization

► Establishment of a dedicated, cross

functional data & information

management organization is essential to

get the right focus and priority needed to

achieve success

► A clear mission and vision statement,

and ongoing communications and value

proposition efforts are important to get

the buy-in across the enterprise

► Data management efforts must have a

strategic alignment with enterprise

reporting/business intelligence and

analytics initiatives

► Availability of reliable and accurate Information to the right audience, at right place

and at right time – internal (e.g. business users and executives) and external (e.g.

customers and suppliers) – new “Information Services” opportunities

► Improved business decision making capability helping with performance

management and other strategic needs (e.g. swifter mergers and acquisitions,

better spend analysis capabilities for negotiation leverage or spend rationalization )

► Cost avoidance and increased productivity across all business areas

► Faster go to market capabilities for existing (new markets) and new products

► Increased customer satisfaction

► Easier and less expensive applications deployment and integration – reduced data

integration and conversion efforts due to sustainable data quality

Benefits



Page 15

The CIO Agenda – Shared Services & Globalization (are you confident that you have the right vision, agreement, sustainable commitment, communications and change management for common services?)

We are seeing organizations gain effectiveness, efficiency and service focused delivery with a well

planned transition to Shared Services. The move from multiple systems, complex processes and

various locations to a future world of common systems, standard processes and single/few locations is becoming the norm. To include:

� Strategic Planning; Business Alignment; Service Catalog; Architecture Strategy; IT Governance; IT Operations; Value Management; Process & Standards Management (Process Standardization &

Consolidation); Quality Management (Accuracy, no. of Defects); Competency Center Management;

Service Delivery & Support (Captive, Hybrid, Outsourced); Automation (Technology Automation, Selection,

Introduction, Migration & Integration); Resource Management (Sponsorship, Commitment, Communication, Change

Management, Skills Identification); Training & Communications; Financial Management & Reporting (FTE’s, Costs, Budget, Transactions, Invoices, Payments, Expenses); Metrics (Productivity, Period/Volumetrics Reporting,

%First Time, Cycle Times);

Background

► The overall impact is to deliver more

value added processes/services while

reducing cost: decision support

improves; control is consistent; reporting

and transaction processing reduces

► There are key “pillars” to the success

which revolve around 5 areas:

processes; organization; tools &

technology; culture and finance

► You need to assess the “pros” and

“cons: of the various models: captive;

hybrid and outsourced

► Successful Shared Service Centers

typically exhibit the following enablers:

executive sponsorship; clear vision;

planning & risk management

► You need to establish the degree of

transformation required by assessing

current state both from a qualitative and

quantitative point of view

► There is a roadmap: confirm the vision &

strategy and align to the business needs;

benchmark to see where you are now

and perform the gap analysis; do the

detailed future design – the “to-be”

processes/services and key location, IT

and change requirements; build the

business case; execute the transition

and transformation

► Greater Efficiency: reduced and lower total cost of ownership; decreased resource

requirements (elimination of duplication, standardization and enhanced automation);

lower wage rates; scalability for organic or acquired growth

► Improved Effectiveness: increased business unit focus on value added activities;

increased accuracy, cycle times, flexibility; improved data quality and consistent data

definitions and structures (lower maintenance costs); standardized processes and

tools

► Enhanced Talent: job enrichment; skill development through cross training; career

path management; reduced turnover; improved training (consistent set of tools)

► Better Governance & Control: simplified control structure; end-to-end control

governance; increased transparency

Benefits



Page 16

The CIO Agenda – BI & Edge Analytics (How are you ensuring that your IT generated information is complete and accurate from which to make critical decisions?)

Business insight is the key to driving improved performance. In today’s markets the need for fast

and accurate business information has never been more important or more strategically focused.

With razor thin margins and the commoditization of many businesses, information has become a strategic asset and a competitive differentiator. Being able to harvest the information and present it in a meaningful format is crucial. Multiple data sources , both internal and external, need to be aligned, producing up-to-the-minute data upon which strategic decisions can be made. Deploying

Edge/predictive analytics to better anticipate what may happen, or is currently happening is a class differentiator for today’s leading businesses. To Include:

� Business Alignment; Architecture Strategy (BI Strategy & Roadmap, BI Current State Analysis, BI Architecture

Review, Data Mart Strategy, Predictive Modeling, Cluster Analysis, Data Mining); Service Catalog (Edge Analytics

Services); Value Management; Knowledge Management (BI Dashboards/Scorecards); Delivery Management (BI Capability Assessment, ETL Process Assessment, Unstructured Data Analysis); Project Management Office (BI Project Management): Metrics (Integrated Reporting); Competency Center Management (BI Competency Center Design & Development)

Background

► Alignment of the business strategy and

the information strategy is a key

component in developing the intelligent

enterprise

► Treating information as a strategic asset

is a critical mind shift in the modern

business climate

► Improving corporate business

intelligence requires a strong union

between the business users and IT

leadership

► The elimination of “spread-marts” is

fundamental for a common set of

reported statistics

► Understanding where your organization

is in the information maturity model is

key for developing a future roadmap and

strategy

► BI tools are becoming a commodity,

using best of breed is a solid approach

as opposed to buying a vendors suite of

products

► Edge analytics are the next wave of BI.

Analytics provide a better understanding

of trends, customers, suppliers can

enhance business performance and

customer loyalty

► Better and faster decisions: Improved data provides a solid foundation for confident

decision making at all levels

► Strategic insight: Enhanced visibility into the business and its customers provides

ability to spot trends and take action

► Strategic advantage: Information is a strategic asset, accurate information delivered

in a timely format with insights is a strategic weapon

► Enhanced customer service: A solid information foundation provides value to all

customers in the information chain

► Faster go-to-market: Ability to understand volumes of data faster and more

accurately can impact first mover advantage in marketing

► Confidence in reported statistics: More time spent analyzing data adds value

Benefits



Page 17

The CIO Agenda – Smart / Sustainable IT (Is you IT Strategy business – enabled to achieve true smart transformation?)

Smart Grid refers to a combination of innovative solutions in hardware and software (metering and monitoring, controlling flow of power, communication real-time conditions to maintain reliability and stability, etc) added to the power system to achieve: a) a more autonomous responsiveness to events that impact the electrical power grid, and b) optimal day-to-day operational efficiency of electrical power delivery. In addition is the need to design the security protocols, renewable-based, sustainability driven systems (wind, solar, plug-in hybrid electric vehicle, biomass), time-of-use/demand-driven pricing. Lastly it includes innovations that enable customers to be energy-efficient & behavioral analytics that help drive next-gen solutions based on customer behavior. To include:

� Value Management (Sustainability; Smart Grid; Renewable Based Systems; Demand Driven Pricing)

Background

► Smart Grid is a challenging opportunity

to achieve higher business goals ranging

from enhanced grid reliability to

increased customer satisfaction and new

service opportunities

► Smart Grid impacts the entire

organization simultaneously across

several channels including:► Customer outreach► Organizational structures

► Work culture► People, processes, systems

► The degree of change possible in each

channel impacts the degree of change

achievable in other channels directly or

indirectly

► Our approach enables a multi-

dimensional analysis cutting across

organizational boundaries, customer

communication methods, business units,

business processes, technology systems

and applications – within the context of

Smart Grid goals, roadmap & targets.

► A deep industry approach provides

insight by identifying:► High priority areas of change► Key risks involved ► Effective strategies for

implementing the change

► Automated Self-Healing Networks

► Motivate consumers to actively participate in operations of the grid

► Resist attack with strong cyber-security

► Provide higher quality power that will save money wasted from outages

► Accommodate all generation and storage options

► Enable electricity markets to flourish

► Run more efficiently

► Enable higher penetration of intermittent power generation sources

► Reduce Carbon Emissions through efficient integration with Business Strategy

Benefits



Page 18

The CIO Agenda – Digital Supply Chain (What controls need to be built to ensure content security across the value chain?)

Digital Supply Chain refers to the series of processes and underlying technologies that manages the

flow of content from its creation/acquisition through other value/supply chain services/stakeholders

leading to end consumer consumption and associated valued delivery. Companies however are incurring higher costs due to mismatch between supply and demand. Digital is “now” and companies are converting legacy content to digital while new content is being created in digital format. The move to align digital needs (demand) with physical and virtual inventory management is the key.

The new consumer media pull (across various physical and media devices) will ultimately dictate this new balance. The networked “Digital Supply Chain” will allow better control of goods and real-

time information/decision making for overall optimization. To include:

� Strategic Planning (Emerging Business Models – for digital media flow through the supply chain, Emerging Collaboration

Models using Social Media 2.0 type approach, ; Business Alignment; Architecture Strategy (Storage and Access

Management), Value Management; Vendor Management; Quality Management; Process & Standards Management (Emerging Rights, Content Creators, Content Communities)

Background

► Understand the impact of the advent of

digital media and digital supply chain on

your business

► Digital supply chain exists in and can

benefit your industry even if you are not

in media business – a lead industry

driver - regardless of the business you

are in you need to have a digital supply

chain strategy

► NOW is the time to pioneer your

industry’s content community

► You may integrate in a larger digital

supply chain business model while you

have one for your company

► It is important to fully understand the

various elements of the business flow

that come together to form the digital

supply chain for your company

► Digital Asset Management (DAM),

Enterprise Content Management (ECM)

and Business Rights Management

(BRM) are key elements of a successful

Digital Supply chain strategy

► Partnerships may lead to winning

strategies while implementing your

digital supply chain business model

► Consider outsourcing elements of the

implementation none core to your

business

► Global content communities and aligned industry architecture models (Information

Buses!: Content communities spanning the globe enable the harmonized,

authorized and approved version of the content to be made available in real time to

their members – the move to “information/content rich services”

► Global rights, IP and any Royalty/Asset Management – harmonized rights

management standards tied to royalty management and payment systems enable

content owners to be compensated for their intellectual property promoting a safe

environment for increased contribution and creativity

► Global risk mitigation, compliance and governance – Avoiding non compliance and

risk associated with inadvertent use of content respecting local rules and regulations

as the content is being used at a global level

Benefits



Page 19

The CIO Agenda – Context Aware Services (What processes or controls are in place to ensure you don’t have unauthorized access to information?)

There is so much information around us these days that it is becoming unwieldy and unmanageable

to handle and process – traditional approaches for processing and presenting information need to

change to keep the data relevant. Context will revolutionize how information is delivered, received and presented. Context analyses the user’s situation and determines what information the user needs, what applications and services, data, voice or video needs to be delivered and how other aspects of their mobile solution need to react to the new situation. Initial deployments in healthcare,

travel and transport are now providing the platform for wider sector appreciation. To include:

� Strategic Planning (Mobile Strategy); Business Alignment; Service Catalog; Architecture Strategy (Contextual Information – User, Environment, Systems/Network, Location, Time; Distributed Architecture – Context Aware

Infrastructure, Context Sensing, Context Storage & Retrieval; Context Processing, Context Administration, Context Validity); Knowledge Management; Integration; Automation; Quality Management; IT Operations (Mobility –

Wireless Devices, Networks, Applications); Security (Mobile Security); Resource Management (Mobile Workforce –

Field Tasks, Dynamic Environments, Real-Time Information);

Background

► Characteristics for Context Aware

include:► Large mobile workforce

► Disparate geographical locations► Dynamic & complex workflow► Real-time information needs

► The need to recognize and anticipate the

needs of mobile workers based on their

job responsibilities is key: physical

location, time-of-day, device type, etc

► Context services go a step beyond

location based services and provisioning

– location is still crucial but what’s even

more is the user context

► There are challenges to mobility

adoption: large variety of resource-

constrained devices, large variety of

connectivity alternatives, large variety of

mobile development platforms

► The related 5 most asked questions:► Zone/Inventory Management: Is the

asset here?► Asset Tracking: Where is the asset?

► Condition Tracking: What is the condition of an asset?

► Presence: What is the user’s status?

► Network Location Service: Where is it in my network?

► Context aware mobility helps businesses by allowing workers to find the information

they need more quickly, and business processes to anticipate mobile workers’

needs proactively

► Context enhances operational performance and saves money

► Improvements to business-critical workflow management. Context aware can

streamline business processes to give increased productivity and reduce training

times

► Context facilitates real-time information – allowing representatives to always have

the correct information rapidly at their fingertips which can improve customer service

► Without context there is a lot more paper and voice!

Benefits



Page 20

The CIO Agenda – Community Collaboration (What assurance do you have that community information shared is accurate and of high quality?)

The ability to collaborate has grown in extraordinary ways over the last few years. What it means to

collaborate and the benefits of doing so are changing fundamentally. The fundamental process of

market and social value creation will increasingly be based on collective inputs and collaborative activity. Community Collaboration tends to focus on certain topics where a number of companies(and individuals with interest) can come to together to share information for the greater good of the community of interest associated with that topic. To include:

� Strategic Planning (Community Collaboration/Building, Brand Awareness, Social Networking, Customer Forums,

Marketing 2.0, ); Business Alignment (Relationship Management); Architecture Strategy; Knowledge Management (Collaborative Decision Making, Impact Measurement); Process & Standards Management; Risk & Compliance Management; Value Management (Engagement Management); Vendor Management (Partnerships, Alliances, Business Ecosystems, Extraprise)

Background

► Being part or leading Community

Collaboration does not mean the loss of

any accountability rather collaboration

can and should be very purposeful

► Technology is just one part – the user

experience and content are key

► Its imperative that you understand where

collaboration will create the greatest

value, how Community Collaboration

occurs and how to build and manage this

► You must participate actively in the

ongoing communication either as an

owner or a stakeholder - to educate and

influence the marketplace about your

offerings. It is not a primary sales

channel but a channel to help customers

learn and invite them to express

themselves while you listen

► If the interaction is rich and the

collaboration genuine, your customers

will carry your message into other

communities and help build your brand

► Identifying and transferring assets into a

collaborative environment is challenging:► Who contributes what and who

owns the IP?

► What level of resources are you committing to ?

► What are the service levels, quality, risk, compliance and liabilities?

► Improved reputation – will build a stronger shared community vision of your

products, services and information

► Improved decision making by having access to wider community information and

feedback – audience for surveys, general speedier discussion feedback, updates

from other partner companies

► Improved employee loyalty and trust – they will be more productive when they are

fully engaged in supporting such initiatives

► Helping consumers live a better life by allowing them to be informed with the latest

information, share information and ideas with peers – in some cases to improve

their day to day living - say with certain diseases (“patientslikeme” website as an

example)

Benefits



Page 21

The CIO Agenda – Consumer Media & Marketing (What controls do you have in place to ensure appropriate behaviour and content is used within social networking?)

Consumer Media & Marketing is a relatively new strategy approach which leverages digital

marketing tactics, utilizes the shift to mobile device applications, leverages social media

relationships, and analytical tools, to become a fundamental mechanism for companies to communicate products & image with their customers. Here we are moving away from traditional CRM approaches to more a two way communication/collaboration with consumers across a range of emerging devices in order to build better relationships and gain greater insights. To include:

� Strategic Planning (Mobile Strategy); Business Alignment (Customer Segmentation); Service Catalog; Architecture Strategy (Portals, Mash Ups, Widgets, Gadgets, Mobility, Wireless Devices, Facebook, Twitter, You Tube,

Customer Networks, E-Zine Sites, Company Networks); Knowledge Management; Value Management (Barrier

Analysis, Social Data Analysis, ROI Measurement, Understanding Costs, Attributable Benefits Analysis, Identification of

Influencers, Usage by Segmentation, Campaign Effectiveness); Security (Mobile Security); Risk & Compliance Management (Legal, Privacy, Liability, Regional Regulations)

Background

► Consumer Media Marketing is an

iterative process from understanding the

audience through monitoring/listening, to

analyzing the interactions, to defining

specific goals, to developing a strategy,

to executing social initiatives, to

measuring the results, leading back to

refining the overall program.

► Social Media Marketing requires

navigating legal limitations and

potential liability issues, privacy

concerns, security requirements that

can all vary by product and region.

► Properly leveraging technology (e.g.

mobile device friendly information &

apps) is a key enabler.

► You must participate actively in the

ongoing communication either as an

owner or a stakeholder - to educate and

support consumers about your offerings.

It is not a primary sales channel but a

channel to help customers, learn about

them, and invite them to express

themselves while you listen

► If the interaction is rich and the

collaboration genuine, your customers

will carry your message through word of

mouth into other communities and help

build your brand

► Improved customer engagement

► Direct customer communications

► Ability to learn individual customer preferences, needs and behavior

► Increased customer loyalty referrals and lead generation

► Reduce marketing, customer support and market research costs

► Improved customer trust via direct relationships and/or WOM referrals from other

consumers

► Improved SEO for owned media via increased shared links and on topic

conversations

► Improved brand building

Benefits



Page 22

The CIO Agenda – Collaborative Business Innovation (How do you mitigate against wrong ideas, bad timings, others copying, overestimation of value and misinterpretation of the market?)

Innovation is becoming more key and today we have many more tools at our exposure to extended

the traditional enterprise thinking on innovation – which was primarily through internal innovation

“jams”, and labs exploring emerging technologies – as examples. Innovation is becoming more open, global and collaborative – but now we need to look at all the web 2.0 tools and find better models to deploy. To include:

� Strategic Planning; Business Alignment (Business Aligned Innovation, Ideation, Visioning, Modeling, Test Drive,

Launch, Graduation, Innovation Approaches/Methods); Service Catalog; IT Governance (Innovation Governance,

Innovation Collaboration Officers, IP Ownership, Sponsorship); Value Management; Financial Management & Reporting (Innovation Investment); Vendor Management (Innovation Ecosystems, Global Organizations, Lead

Universities, Service Providers, Start Ups, Technology Companies) ; Knowledge Management; Competency Center Management; Organizational Alignment (Organizational Design for Innovation); Training & Communications (Professional Innovation Development); Risk & Compliance Management (Venture Risk

Management, Innovation Risk Management)

Background

► Innovation is becoming a more formal

core focus / skill / area for organizations

as a need to differentiate versus the

move to commodity services in the

market is becoming the norm – also the

move to more real-time is growing

► Disruption (market and internal) is a key

issue . More market significant

disruptions are happening. How do

companies react quickly (multiple

internal sponsors) and appropriately to

new disruptive movements?

► There is a lack of well defined future end

state strategic vision and associated

innovation versus tactical incremental

innovations more “bottom up” - a

balance is needed

► The reach to innovative resources

(people, labs, etc) is easier through web

2.0 / crowd sourcing technologies

► Companies need a better (quicker /

cheaper ..etc) “way” to discover,

incubate, deploy and measure

innovations (i.e. scale or kill quick)

► Internal governance and executive

support is key – but the need is for

clearer models – there is a gap here

(risk, funding, partnering, etc)

► Global Organizations: formalization of innovation needs and attaching processes;

access to global skilled resource base; execution assistance (innovation officers)

► Global Universities: a more recognized real time formal approach to working with

large organizations; the ability to link with other global innovative resources; have

focus to ensure delivery of appropriate business results in a timely manner

► Leading Service Providers: participation in new innovative environments with easier

request / delivery; 3rd party independent assistant driving the process and results

► Technology Companies: maximize reach; develop new relationships; have

independent distribution channel

► Start-Ups: earlier linkage with outside world on ideas; wider package integration into

full solutions; quick feedback loop for learning

Benefits


Ernst & Young

Assurance | Tax | Transactions | Advisory

About Ernst & YoungErnst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 144,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.

For more information, please visit www.ey.com.

Ernst & Young refers to the global organization of member firms of Ernst & Young

Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited,

a UK company limited by guarantee, does not provide services to clients.

Ernst & Young is a leader in serving the global financial services marketplaceNearly 30,000 Ernst & Young financial services professionals around the world provide integrated assurance, tax, transaction and advisory services to our asset management, banking, capital markets and insurance clients. In the United States, Ernst & Young LLP is the only public accounting firm with a separate business unit dedicated to the financial services marketplace. Created in 2000, the New York City-centered Financial Services Office today includes more than 3,300 professionals in over 30 locations across the US, as well as in Bermuda, the Bahamas and the Cayman Islands.

Ernst & Young professionals in our financial services practices worldwide align with key global industry groups, including Ernst & Young’s Global Asset Management Center (based in London), Global Banking & Capital Markets Center and Global Insurance Center (both based in New York), which act as hubs for sharing industry-focused knowledge on current and emerging trends and regulations in order to help our clients address key issues. Our practitioners span many disciplines and provide a well-rounded understanding of business issues and challenges, as well as integrated services to our clients.

With a global presence and industry-focused advice, Ernst & Young’s financial services professionals provide high-quality assurance, tax, transaction and advisory services, including operations, risk and technology, to financial services companies worldwide.

It’s how Ernst & Young makes a difference.

© 2010 EYGM Limited.All Rights Reserved.

This publication contains information in summary form and is therefore intended for

general guidance only. It is not intended to be a substitute for detailed research or the

exercise of professional judgment. Neither EYGM Limited nor any other member of

the global Ernst & Young organization can accept any responsibility for loss

occasioned to any person acting or refraining from action as a result of any material in

this publication. On any specific matter, reference should be made to the appropriate

advisor.

the cio agenda - information security agenda... · the cio agenda conceptual architecture november...

Documents