The CIO Agenda: What's top of mind for NZ CIOs?
What is top of mind for New Zealand’s Chief Information Officers (CIOs)? At a recent ISACA event I attended in Auckland, three CIOs talked about some of their key areas of focus, including IT strategy execution, cloud strategy and cloud migration, and cyber security. The CIOs were Gerben Otter of Fonterra, Shane Ohlin of Paymark, and Wilson Alley of Delegat Ltd.
We know from talking to our customers that many of these topics are top of mind for CIOs across a whole range of industry sectors, in both the public and private sectors. We’re grateful to ISACA and to the CIO panel for creating a forum to share their thoughts and experiences. The session was jam-packed with insights and information. Below, I’ve summarised some of the points that really stood out for me.
At Fonterra, software development executed at speed
The discussion began with each of the speakers being asked about their top agenda items. For Fonterra, it was IT strategy execution and delivering on the business vision. The global dairy giant – now ranked as the world’s leading dairy exporter – has an ambitious 10-year strategy that embraces increasing volume, creating value added products, and executing at speed. IT capability and rapid innovation are critical to achieving the business vision.
Fonterra CIO Gerben Otter talked about the two-speed IT model the organisation has implemented to enable fast delivery of business outcomes – vital for succeeding in an industry where speed to market is crucial. Low speed is the typical waterfall method, with full business case, governance structures and so on. High speed uses agile methods and is designed for fast development and implementation of projects and initiatives that have a low number of integration points with current systems and environments.
The high speed approach features:
- A “lite” business case
- Streamlined, fit-for-purpose governance structures
- Agile development methods
- Less regression testing as the projects have lower integration requirements
Otter also tackled the question of how to ensure your vendors are your partners. His take is that it must start in procurement with a strong and mature process. You need to understand the vendor’s business model – how do they survive as a business? What is their point of difference? Also, take a partnership approach from the very beginning, and establish a long-term view of three-plus years.
Cloud migration and system based auditing at Delegat
For Delegat CIO Wilson Alley, the focus has been on their ICT roadmap (which included possible migration from SalesForce to MS Dynamics CRM), and he shared the journey Delegat has been on with their external auditors EY to move from traditional auditing to system based auditing. According to Wilson, some critical success factors for systems based auditing include:
- Understanding systems based auditing is a process of change
- Having a desire and a solid strategy to outsource all non-core ICT
- There must be a culture of honesty and openness throughout the auditing process
- Getting buy-in from all parties - the board, audit partner, finance team and IT team – is essential. It’s important to note that at Delegat, the CIO doesn’t report to the CFO, giving much more autonomy than if the typical reporting structure were in place.
Digital transformation is creating a new generation of employees and customers. As CIO of an FMCG (fast moving consumer goods) organisation, Alley has found himself working more and more with the Marketing department. Transformation creates new opportunities but also new questions. For example, Alley noted that Delegats has come across challenges like “data on grapes and vines is being captured but they don’t yet know what for.”
Meeting the information security challenge
As New Zealand’s largest payment network provider, it's no surprise to hear that critical issues for Paymark are moving to a digital / paperless environment and cyber security. CIO Shane Ohlin acknowledges there is zero tolerance or risk appetite around information security in the payments industry, especially given that Paymark is owned by the four big banks. Paymark has to ensure they meet all the banks’ policies – a big ask given the banks’ size and complexity.
Paymark has a variety of strategies and programmes to meet the challenges. Among them:
- Internal monitoring is performed by a separate and dedicated security team
- PCI-DSS compliance is considered critical
- Rapid risk remediation is a part of the organisation’s culture. It is expected that people are open and advise immediately of any issues, so that the organisation can respond, fix, and move on.
- In-house user awareness programmes are treated as vital
CIO advice: Some takeaways
To sum up, the CIO panel offered the following thoughts and advice from their own experience:
- Digital leadership is key to support the business. Be a leader from the technical perspective.
- When it comes to cyber security, boards of directors want fit for purpose solutions. In recent times, there has been more license to focus on this area.
- Projects aren’t technology projects, they are business initiatives that technology supports. There needs to be a deep understanding of the business strategy to define business requirements properly.
- The mission is not to decrease technology costs. It’s to drive revenue and sales increases and/or to decrease the overall business costs.
- The IS/IT team needs to build and maintain credibility with the business. This means delivering projects on-time, with IT and the business working together to deliver the outcomes and value.
Share your thoughts
Optimation offers a range of solutions and broad expertise in IT strategy execution, cloud strategy and migration, information management, agile development, and project management and PMO services. Please contact us to talk about your requirements.