1 Minute Summary
Innovative businesses face several challenges as they grow from the start-up phase. Customer demands, regulatory requirements, and future growth targets often necessitate more formal processes and policies.
Rapidly growing organisations often have concerns about:
- The management of IT risks;
- The scalability of their IT; and
- Unclear accountabilities for risk and security.
We discuss how scaleups can develop key IT building blocks to facilitate growth.
This case study describes how we helped an organisation meet their increasingly complex client and regulatory requirements.
Building a growth-ready IT capability
ThreeTwoFour was engaged by a fast-growing Fintech looking to transform its approach to IT risk and governance. It wanted IT to help enable growth by meeting the increasingly complex regulatory and customer requirements.
Key IT challenges for Innovative Businesses
The challenges our client faced were not dissimilar to other fast-growing, innovative businesses. We see many pioneering businesses reach a point in their development where the following challenges become increasingly important:
- IT risks are unidentified and not managed effectively – A lack of good practice IT processes, standards and frameworks increases the uncertainty of relevant IT risks and how these can be managed effectively as the business grows.
- Issues with customer due diligence – Innovative businesses often struggle to comply with the due diligence requirements of ‘traditional’ customers, such as Banks, many of whom are heavily regulated, and have unmoveable risk management requirements.
- There are concerns about IT scalability – IT may struggle to meet the demands of business leaders who find it difficult to see the return on investment (ROI). Complex shadow IT, costly technical debt, and concerns around cyber security are common.
- Ownership of IT may be shared – There is often a lack of clarity about the roles and responsibilities across IT, security, and data, resulting in the lack of accountability when issues do arise.
Helping to address these challenges by establishing the fundamental building blocks of IT
To help our client build a growth-ready IT capability, we used our proprietary approach to facilitate the development of key IT building blocks that serve as the foundation of future IT growth.
These guiding principles were designed to help the business ensure consistency within IT, but also align IT with the business strategy. This is important because in innovative businesses there is a tendency for everyone to acquire and develop their own tools which creates a technology environment that is very difficult to manage and secure.
An example of a principle we proposed was, ‘Purchase rather than develop’ which helps the business avoid issues with costly maintenance and security concerns with self-developed applications. This helped reduce a large amount of shadow IT, developed in-house for requirements that could be met by the business-wide implementation of enterprise tools.
We developed the different layers of the IT reference architecture. These layers moved from “generic to specific” and from “unconstrained to deployable” as we learned more about the firm’s environment.
The reference architecture visually represents the entire IT estate across many different layers. At the top, it outlines the overall requirements of a service that IT should provide, and the bottom layer is the vendor-specific elements that outlines the chosen tools to meet the requirements.
The reference architecture helps business stakeholders to visualise the construct of their entire IT capability to easily plan and assess new proposals which are common in fast-growing organisations.
To ensure that the reference architecture is accurately maintained, a governance process needed to be defined that could use the principles to assess any requested change to the reference architecture.
We assessed the various existing governance forums and committees to determine how IT governance could fit into the wider organisational governance model. Our recommendation was to establish a technical forum to assess IT changes, which would then make recommendations to a business-led forum. We developed an IT governance model outlining the process to assess and review IT changes.
This approach enables implementations made by technical teams to be assessed by an audience of equally technical resources. When proposals reach business decision-makers, they should align with the business principles and fit into the reference architecture. This approach filters out the ‘nice-to-haves’, resulting in business decision-makers only receiving requests that fit into the agreed IT architecture.
A key challenge for our client’s business stakeholders was the lack of clarity of related to new IT projects and the timelines involved. This made it difficult for them to plan their own projects or see the ROI for IT.
We worked with the client to document an IT Roadmap that clearly articulated to the business what projects are in the pipeline and when they would see the benefits of these planned projects. This helped IT better communicate their value to the wider business and allow business stakeholders to provide timely input on the proposed projects.
A solid IT foundation for future growth
At ThreeTwoFour, we focus on execution and remediation, not writing reports. We wanted to help our client develop artefacts and documents to be used in the day-to-day operation of the business.
These artefacts now form the building blocks to further mature IT and help enable business growth.
To join our InfoSec Leaders mailing list, please register your details in the signup box below for our latest events and webinars.