This is my first attempt to catalog my journey of "Leading the IT Transformation" for the Algosaibi Group. The purpose of this is to showcase with some level of structure and narrative, of how the attempt was made to apply the key principles of effective IT governance in leading an organization towards significant positive changes.
3. ENGAGEMENT PROFILE
• Client was traditionally one of the biggest conglomerate of Saudi
Eastern Province , with subsidiaries operating in multiple verticals like-
• Construction,
• Food Retail ,
• Hospitality,
• Transport,
• Energy &Power.
• It is a family run business group and is a Key Client of Deloitte FAS in KSA
Region.
• Major operational challenges due to family disputes, debt defaults with
international banks and complex mergers and acquisitions.
• Deloitte engagement for ‘Management Layer’ Transformation was
needed to gain creditors and valuators confidence.
• Main focus of transformation was around the 8 fully owned subsidiaries.
4. QUICK
CONTEXT
I was part of the ‘Core 5’ team who were brought
in from Deloitte under the leadership of Ex-
Deloitte Partners who were positioned as Group
CEO and Group CFO.
We were supposed to operate under their
leadership and head the transformation project
for each of the key support functions ie IT,
Finance, HR , Procurement and Operations .
5. MAJOR IT
CHALLENGES
Management transformation – a necessity for survival.
Very Low maturity levels of IT processes
Cultural hinderance towards change.
A heterogenous mix of technology across subsidiaries.
Legacy technology baggage.
Lack of transparency into IT costs and allocation.
Lack of visibility into IT performance and its contribution.
6. IT GOVERNANCE TARGETS
Develop an IT
Strategy &
Roadmap for
governance
layer (group
wide)
Develop
Tier 1 IT
Policies and
Standards for
Group.
Establish
Business
aligned IT
Goals.
Establish
Measurement
Criteria’s and
Metrics for IT.
Restructure of
IT functions
(Head Office/
Subsidiary
Level).
Cost
Optimization
(IT Ops &
Consulting
Expenses).
Risk
Optimization
(IT Ops).
7. TIME AT HAND
We had to find quick wins and
show tangible results within 6
months period.
A total of 2 years max
(as per contract).
11. DEEP DIVE INTO THE
TRANSFORMATION
JOURNEY
A run down of the
overall approach, key
accomplishments
and a few relevant
samples to showcase.
12. A RELOOK AT THE TARGETS
Developing an
IT Strategy &
Roadmap for
governance
layer (group
wide)
Developing Tier
1 IT Policies
and Standards
for Group.
Establishing
Business
aligned IT
Goals.
Establishing
Measurement
criteria’s and
Metrics for IT.
Restructuring
of IT functions
(Head office /
Subsidiary
Level).
Cost
Optimization (IT
Operations
and IT
Consulting
expenses).
Risk
Optimization
(IT operations).
13. KEYHIGHLIGHTS
• First 100 days plan were formulated to understand the
context, identify quick wins and next steps.
• Key principles, approaches and frameworks to use was
identified.
• An overall IT program plan was developed.
• A high level Roadmap was developed for the next 3
years for the transformation journey.
• Trackers and reporting templates were developed and
finalized.
14. SAMPLEOFDELIVERABLES
The details of the overall IT
transformation Program consisting of
multiple projects prioritized based on
Strategic Plan and Goals.
IT Program Plan
[Project Wise
Breakup]
The details of the overall IT
transformation Program consisting of
multiple projects prioritized based on
Strategic IT Plan and Goals.
3 Year IT
Roadmap
•Template for weekly reporting
•Templates for project tracking Exec
Level Reporting.
Tracking and
Reporting
Template
15. A RELOOK AT THE TARGETS
Developing an
IT Strategy &
Roadmap for
governance
layer (group
wide)
Developing Tier
1 IT Policies
and Standards
for Group.
Establishing
Business
aligned IT
Goals.
Establishing
Measurement
criteria’s and
Metrics for IT.
Restructuring
of IT functions
(Head office /
Subsidiary
Level).
Cost
Optimization (IT
Operations
and IT
Consulting
expenses).
Risk
Optimization
(IT operations).
16. KEYHIGHLIGHTS
• The Cobit framework for IT goals establishment was used.
• The IT Strategy committee was established (with top level
stakeholders representation), who would approve the IT
goals.
• The Business to IT Goals alignment was done using the
Goals cascade method of Cobit 5.
• Acclimatization for goals mapping was done inhouse
using a weighted score method.
• Top 6 group wide IT goals/ objectives were identified ,
approved and established (with formal communication
to subs).
17. SAMPLEOFDELIVERABLES This sheet outlines the approach of
goals cascading derived from Cobit5
standards as applied to Algosaibi .
Goals Cascade
Approach
This was developed inhouse to map
key goals across various parameters
and weights to make prioritization
possible and to adapt it to Algosaibi.
Goals
prioritization
sheets
List of goals that were identified to be
relevant and needed to be prioritized
given the business context.
Finalized List of
Key IT Goals
18. A RELOOK AT THE TARGETS
Developing an
IT Strategy &
Roadmap for
governance
layer (group
wide)
Developing Tier
1 IT Policies
and Standards
for Group.
Establishing
Business
aligned IT
Goals.
Establishing
Measurement
criteria’s and
Metrics for IT.
Restructuring
of IT functions
(Head office /
Subsidiary
Level).
Cost
Optimization (IT
Operations
and IT
Consulting
expenses).
Risk
Optimization
(IT operations).
19. KEYHIGHLIGHTS
• An IT Steering Committee was established at the group level
with adequate representation from the Subs.
• A Tier 1 level IT policy document was developed with
review and feedbacks from the IT Steering committee.
• Sign off on the Tier 1 IT policy was done by the Group CEO
and endorsement was done by 3 of the board members
• Responsibilities for development of Tier 2 (subs level)
policies was assigned with Timelines.
• Development of necessary standards to support the policy
was done in a phased manner over a span of 3 months.
• Some key top level process like risk management , incident
management and reporting etc were also developed for
the group as a whole.
20. SAMPLEOFDELIVERABLES A working sample of the Tier 1
IT policy document developed
for the Algosaibi group.
Tier 1 IT Policy
Document
Working Samples of procedure
and standards that were
developed for the group.
Key Procedures
& Standards
View of few sample processes
(high level) that were
developed and implemented
Key Processes
21. A RELOOK AT THE TARGETS
Developing an
IT Strategy &
Roadmap for
governance
layer (group
wide)
Developing Tier
1 IT Policies
and Standards
for Group.
Establishing
Business
aligned IT
Goals.
Establishing
Measurement
criteria’s and
Metrics for IT.
Restructuring
of IT functions
(Head office /
Subsidiary
Level).
Cost
Optimization (IT
Operations
and IT
Consulting
expenses).
Risk
Optimization
(IT operations).
22. KEYHIGHLIGHTS
• Individual and group level performance was new to the
culture there. One month was devoted to sell the idea
internally to IT as well to the Boards.
• Lack of visibility of IT performance was a major source of
grievances, and hence was used as a leverage point.
• Two phased assessment approach was established.
• 1st year based on assessment of performance towards
meeting certain KGI (only at operational level).
• 2nd year more sophisticated KPI’s were developed and
measured, inclusive of individual level performance.
• 1st year assessment was more qualitative, while 2nd year
assessment were supported with quantitative measures.
• The 1st year also provided us with enough time to develop
the maturity level of certain key processes and to test out
KPI dashboard systems, to support our 2nd year agenda.
23. SAMPLEOFDELIVERABLES Capturing IT value
generation across
various projects.
IT Scorecard
based on BSC
KPI & Assessment sheets
samples used in
Algosaibi. (sanitized)
Sample of KPI
& Assessment
Sheets
24. A RELOOK AT THE TARGETS
Developing an
IT Strategy &
Roadmap for
governance
layer (group
wide)
Developing Tier
1 IT Policies
and Standards
for Group.
Establishing
Business
aligned IT
Goals.
Establishing
Measurement
criteria’s and
Metrics for IT.
Restructuring
of IT functions
(Head office /
Subsidiary
Level).
Cost
Optimization (IT
Operations
and IT
Consulting
expenses).
Risk
Optimization
(IT operations).
25. KEYHIGHLIGHTS
• Restructuring of IT was again a very sensitive issue there.
Group CEO, CFO and HR support was relied upon, since
MD of subs had to agree and be sold on certain ideas.
• Key emphasis was to centralize certain specialized
support roles to the group level IT Team. That brought
visible benefits and cost savings to the subs.
• Further some essential relocation, hiring as well
terminations were needed to be done at subs level to
bring back efficiency to their IT operations.
• An indirect reporting structure were also established for
the IT managers of the subs to the group level on certain
key governance level directives (eg , Technology
standardisation projects, IT related procurements,
Licenses etc)
26. SAMPLEOFDELIVERABLES Samples of restructuring related
documents which included
development of job roles and
reporting structures.
Restructuring
Plan
Documents
Justification Sheets for the
restructuring .
Justification
sheets
27. A RELOOK AT THE TARGETS
Developing an
IT Strategy &
Roadmap for
governance
layer (group
wide)
Developing Tier
1 IT Policies
and Standards
for Group.
Establishing
Business
aligned IT
Goals.
Establishing
Measurement
criteria’s and
Metrics for IT.
Restructuring
of IT functions
(Head office /
Subsidiary
Level).
Cost
Optimization (IT
Operations
and IT
Consulting
expenses).
Risk
Optimization
(IT operations).
28. KEYHIGHLIGHTS
• IT Procurement centralization initiatives were initiated b y me
at the group level and well supported by the Group
Procurement Head and the Group CFO.
• Price inflations because of lack of visibility and control at the
subs level were also dramatically reduced.
• Licensing, Contracts and SLA’s with key vendors were
aggregated at the group level to get better pricings and
support terms (eg Microsoft, STC etc)
• Bringing Cloud services (Microsoft ECS) and Virtualization
(HyperV) brought about major cost optimizations.
• Shared IT Resources and Skillsets with better collaboration
and need (project) based allocation, brought substantial
savings for subs within the first financial year itself.
• Centralized IT budget development and tracking brought
greater visibility and cost efficiency in the second year.
29. SAMPLEOFDELIVERABLES Business case related to the IT
procurement centralization plan.
IT Procurement
Centralization
The cost benefit analysis that was
done for the Microsoft ECS- Enterprise
Cloud Suite for implementing it across
the group.
Cost Benefits
for MS ECS
Working Samples for the Budgeting
sheets developed and used across
the group (sanitized)
Budgeting
Sheet Samples
30. A RELOOK AT THE TARGETS
Developing an
IT Strategy &
Roadmap for
governance
layer (group
wide)
Developing Tier
1 IT Policies
and Standards
for Group.
Establishing
Business
aligned IT
Goals.
Establishing
Measurement
criteria’s and
Metrics for IT.
Restructuring
of IT functions
(Head office /
Subsidiary
Level).
Cost
Optimization (IT
Operations
and IT
Consulting
expenses).
Risk
Optimization
(IT operations).
31. KEYHIGHLIGHTS
• The development of Tier 1 policy mandated a Risk based
approach to implementing security across the group.
• A Detailed IT Risk Management policy and framework was
developed and endorsed by the IT strategy and the IT
steering committee.
• IT risk management process and related artefacts were also
developed to support this initiative.
• A two tier Risk Register was established. One maintained at
the group level to capture and report major IT risks to the
Board / Exec. Another one was maintained at the subs level
, with high and very high risks to be reported to their MD and
the Group IT Head.
• Performance measures related to Risk Mitigation (Timely CA
closures) was also linked to the KPI in the 2nd year.
32. SAMPLEOFDELIVERABLES
Sample of working IT Risk assessment
policy, which was developed centrally
as one of the critical tier 2 level policy.
Detailed IT Risk
Assessment Policy
Samples of the risk assessment process
and framework document.
Risk Assessment
Process &
Framework
A few samples related to some of the
security benchmarking done.
Security
Benchmarking
Assessments
Risk register samples (sanitized)
Risk Assessment
Registers
34. Confidential
WORKINGSAMPLESSECTION
Summary Level – Overall IT Transformation Engagement Plan Detailed Project Plan
Development of Roadmap
IT Projects Tracker mapped with Goals ERP Projects Tracker
Weekly Progress and Reporting
Project Charter
Board Level Reporting
35. Confidential
WORKINGSAMPLESSECTION
Goals Cascade and Prioritization Sheets
Key Focus areas(for 2015)with financial estimates
Key Goals Identified & Agreed upon
ITIL Aligned Value Delivery Map for Algosaibi Group
Balanced Score Card Assessment Sheet
36. Confidential
WORKINGSAMPLESSECTION
Sample of IT Policy Document developed for HQ
IS Security Program Plan Overview
Sample of Artefacts Developed (eg IT Awareness Training)
Policy Tracker Infosec Tier 1 Policy Template
Sample of Procedures developed (Technical: Firewall Block)
38. Confidential
WORKINGSAMPLESSECTION
IT Restructuring Plan Document
Algosaibi Head Office Team R & R Document
GAC IT Staff Optimization case
IT Resource Plan document for 2015
Development of Detailed Roles & Responsibilities
Resource Forecast
39. Confidential
WORKINGSAMPLESSECTION
Sample of IT Risk Management Policy for the Group
Sample of IT Risk Management Process for the Group
Sample of IT Risk Treatment Plan and Roadmap
Sample of IT Risk Assessment Sheet
IT Maturity Assessment Report- Initial assessment
Asset Criticality Doc
Security Benchmarking Exercise for GAC
Info Asset Classify.
40. LOOKING FORWARD
How can the same
principles be applied to
your organization and
what can be
considered as a good
start for an IT
governance initiative?
41. Ref: IT Governance Strategy Paper by NCC (Oxford House)- Aligned to Cobit 5
IDENTIFYYOURKEYDRIVERS