Public sector digital transformation presents a multitude of opportunities, but with technological expansion come challenges; let’s explore a few
We are seeing many examples where technology is enabling public sector digital transformation. This is allowing organisations to add value to customers and members, as well as become more efficient, and we expect this to continue in the medium term. This is driven by adopting cloud-based technologies, including infrastructure and software as service platforms and applications that allow rapid deployment of components with rapid scaling capability.
In back-office functions, such as finance, HR and Procurement, the consumption of this technology plus automation services such as robotics, data analytics platforms and artificial intelligence has reduced the volume of manual business processing activities that colleagues have traditionally been required to perform. Back-office colleagues can now operate more as strategic decision-makers for the organisation through business partnering, leveraging the data provided (and time saved) by automation to successfully analyse information for decision-making, model scenarios and present more precise business intelligence to stakeholders.
In front-line services, we are seeing the continued deployment of online services powered by digital technologies, such as the establishment of truly digital end-to-end customer services leveraging cloud technologies and networks, AI-powered bots for end-user interactions and self-service for digital records as key enablers. Organisations are better equipped than ever to assess how their front-line online services are consumed, leveraging metrics around adoption and consumption that can pinpoint issues or failures in processes.
However, many organisations are still in the early stages of their public sector digital transformation journey. More advanced innovations, such as virtual/augmented reality, are largely without a clear use case in the sector.
Implementing technology that adds value
Technology implementation can be complex to execute, often requiring a multi-year programme of work to successfully implement and embed. We see a lack of strategy and vision, business value assessment, skills and training, and security resilience as challenges facing public sector digital transformation, particularly given potential cost pressures in the current economic climate.
The first challenge is the lack of strategy and vision. Without a clear focus on how technology will tangibly add value to the organisation, there is a risk that key enablers are not successfully adopted. The technology strategy should be led by the organisation strategy so that technologies directly complement organisational objectives. Clear technology roadmaps then need to be defined and aligned to the strategy.
Linked to this is the need to have clearly calculated business value, including financial (such as Total Cost of Ownership, Cost to Serve, Cost to Implement) and non-financial (System Adoption, System Availability, Security Posture, Net Promoter Scores) measures. Without clear calculation of these metrics at the front end and ongoing tracking and monitoring, there is a clear risk that technology implementations exceed budget and/or don’t deliver the desired outputs.
Another key challenge is the insufficient capability to implement and consume technology. This is a challenge we are seeing with emerging platforms, which requires investment in digital skills for most organisations.
When it comes to security and resilience, the adoption of new technologies brings new risks that organisations have not previously managed. Exposing applications to the web to enable online connectivity for users can significantly increase the attack surface. Therefore, investment in cyber defences such as Distributed Denial of Service (DDoS) protection, Web Application Firewalls and Threat Detection technologies is key. We also continue to see increases in Ransomware attacks that compromise key internal systems and data, particularly whereby a user unfamiliar with technology may inadvertently expose it to a malicious threat actor.
Key elements of public sector digital transformation
It is essential that when organisations deploy new technologies, this is done within a clear framework. Not only will this maximise the probability of successful implementation, but it will also help to ensure that key risks, such as cyber security and operational resilience, are effectively managed by the public sector.
There are six core layers to enabling organisations to achieve their transformation goals:
- Assess and strategise: Outline the key objectives of the transformation in consideration of the broader organisation, processes and the as-is technology. Define the desired organisation value, perform a risk assessment and develop the technology roadmap.
- Migrate, transform and implement: Design and execute the technical deployment of the technologies, including data migration activities where required. Ensure secure configuration of all deployed components.
- Optimise and manage: Develop the operational capabilities and processes to run the new technologies under a business-as-usual scenario. Ensure operations support processes to manage risks, including effective access and change management activities and cyber defence capability.
- Data and automation: Ensure there is a clearly defined data architecture and governance model, incorporating the new technology and its integrations. Consider data security, privacy or governance issues that may arise.
- Business change: Ensure that end users receive adequate communication, training and support with regard to new technology adoption. This includes awareness around end-user responsibilities for the protection of confidentiality and integrity of platforms
- Risk and controls: Embed key controls with the technology deployment. Ensure there is sufficient security and privacy assessment prior to go-live, and that key controls compliance requirements are integrated within the technology. Monitor and manage threats and risks as they evolve.
- By executing these steps, the risk of new technology deployments being exploited by malicious parties can be greatly reduced.
Written by Simon Withington, Director, Lead of IT Internal Audit at Mazars