A call to action for technology leaders

Following are steps companies should undertake or continue over the near term to ensure they can increase their agility and sustain their innovation and transformation journey successfully over the long term:

Decisions based on insightful customer and user analytics are more likely to achieve business success.

Innovation and Transformation

Modernising legacy applications to optimise growth, reduce technical debt and improve the user experiences.

  • Business leaders want engaging, intelligent and easy to use applications for their customers, employees and business partners. Modernising existing applications should significantly improve the user experiences and provide more functionality and insights to meet their user needs. In addition, modernising applications can lead to new insights that spur innovation and new digital services and product lines that create new revenue streams.
  • IT leaders want to reduce technical debt that is time consuming to manage and resource-intensive to support. In addition, outdated technology increases operational and cyber risks.
  • Business and IT leaders are interested in moving to modern cloud platforms that provide new insights into their business, improve decision-making capabilities across the hierarchy and function, and significantly improve their competitive position even with the new “born digital” competitors that are continuing to create new levels of competition for traditional companies.
    • A discovery process is needed that considers each application's current environment, cloud readiness, resiliency, performance requirements, criticality to the business, and the ideal time to move to a modern platform. In addition, cost considerations should be evaluated to gain a perspective on where to make trade-offs.
    • Applications should also be bucketed into retain, retire, or re-evaluate categories in the cloud to create a plan for moving forward with an understanding of current business benefits and considerations for the future.
    • Once the discovery process is complete, an application modernisation strategy should be defined. This strategy should focus on what should move to the cloud first and what designated technical platform should be used, whether it is SaaS, Low Code, or Custom.
    • The next step is to define the application processes and user experience needs to choose a platform based on business needs. For organisations that are using mobile and social engagement, we recommend a customer-driven process design to ensure the customer’s current and future needs are architected to include real-time personalisation with intuitive interactions.
    • A leading application modernisation industry approach like the 6 R's (Rehosting, Replatforming, Redesigning, Refactoring, Rearchitecting, and Replacing) should be leveraged to understand the pros and cons of how each application should be modernised and moved to the cloud.
      • Rehosting or “lift-and-shift” is the easiest way to move your applications and systems as is. If faced with a hardware refresh many companies will find  the elastic pricing model and provider-based management attractive, making it easier to optimise or re-architect later.
      • Replatforming leverages high-value cloud platform capabilities and very little code changes.
      • Redesigning applications provides the enterprise with the most flexibility in terms of application functionality although it may be a heavier lift. It becomes essential if an existing application has limited functionality and is nearing its end of life. 
      • Refactoring prioritises productivity and speed by embracing new approaches such as microservices and serverless. It can take aging applications written with rigid architectural patterns such as three-tier and embraces new architecture patterns.
      • Rearchitecting is needed when an application needs scalability and agility, and apps are fully redesigned to leverage the scale in the cloud. This provides the ability to create a serverless version of a legacy application.
      • Replacing an application completely with a new SaaS application offers speed and free up internal development resources for other projects, but it could result in risk given potential business process changes, limitations to customisations, and cultural adaptation to new software.
  • In summary, we recommend developing an application modernisation programme to manage the intake process, modernisation application criteria, governance, technical architecture, DevOps, and end-to-end development. The programme will focus on reducing technical debt and risks, leading change and driving adoption, and measuring success. The result will be engaging and intuitive customer, partner and employee experiences.

Improve agility through rapid response and strong operational resilience. Become a resilient and compliant organisation that can readily respond to outages, crises and other threats to running the business. Organisations must consider several aspects to build resilience across their enterprise, orchestrating across existing domains such as business continuity, disaster recovery, technical recovery, cyber resilience and management of third-party assets.

Develop proof of concept test beds. Flesh out potential failure points by piloting proof of concept implementations.

Capitalise on the emergence of advanced technology platforms and capabilities. Invest in leveraging new platforms and architectures for building and running business applications to enable better access to data, provide flexibility and faster time to market, and support digital capabilities to deliver differentiated experiences. Deploy greater process automation and intelligent technologies such as AI, machine learning and augmented reality/virtual reality to reimagine existing processes and alleviate risks from the inevitable shifts in labor availability and costs.

Leverage insights and analytics from data. Employ advanced analytics and artificial intelligence - based reporting to evolve the organisation, drive strategic decision-making, accelerate the achievement of business goals and be more competitive in the market.

Maximise customer engagement. Focus on the experiences of users and consumers (both positive and negative) to drive interaction through a modern, innovative operating model. Decisions based on insightful customer and user analytics are more likely to achieve business success. Invest in an event-streaming platform that facilitates smart apps that can react to events as they happen by developing tailored and immediate experiences customers are expecting.

Decisions based on insightful customer and user analytics are more likely to achieve business success.

Security and privacy

Prioritise cybersecurity and data privacy. Harness the power of effective cybersecurity frameworks to combat a constantly changing threat environment. Balance identity and access management to ensure maximum speed of user access while managing risk. Ensure proper management of sensitive customer data while complying with applicable legal and regulatory requirements for collecting, storing, securing, processing and using sensitive data.

  • Embed security throughout innovation activities – Proper cyber “hygiene” is foundational to managing security risks and maintaining resilience of business services.
  • Consider implementing security practices that align with agility – There are several methodologies that incorporate cyber hygiene into the development and deployment process. Ideologies such as DevSecOps can enhance cybersecurity without disrupting innovation.
  • Assess current cybersecurity maturity – Organisations should have a clear maturity assessment of their current cybersecurity protection, with the target maturity level agreed on by both the CIO/CISO and top executives or the board. This will allow the CIO/CISO to plan for future improvement.
  • Avoid being a bottleneck – Companies must mitigate cybersecurity risk without slowing down innovation and should search for opportunities to boost enterprise value with novel tools such as greenfield cloud environments.
  • Maintain an enterprisewide focus – CIOs and CISOs should evaluate the extent of cybersecurity implementations with an eye on enterprise transformation, carefully determining the measures required for minimally viable products or services and adding greater cybersecurity complexity where needed.
  • Think long-term – With cyber threats expected to be among the top 10 risks for organisations across the next decade, CIOs must ensure their organisations have effective cybersecurity programming to mitigate risk and protect their company’s valuable assets during and after digital transformation.

Leverage re-usable assets. By choosing easily reused software, hardware and other assets allows organisations to accelerate transformation by providing a framework that can be adapted to drive new services, processes and needs.

Determine the capabilities needed to manage, secure and govern APIs. The growing use of application programming interfaces (APIs) in today's digital economy (“the API economy”) has brought about new business models, risks and opportunities. As the organisation adopts architecture for providing standards enabling computer systems to communicate with each other, leaders must manage the exposure of the organisation's digital services and assets through APIs.

Global IT Executive Survey
Global IT Executive Survey
Global IT Executive Survey

Talent and skills

Make your talent your customer. The organisation’s focus on the customer experience should extend to its own people and talent. Many companies can slice and dice data to understand their customers, but fewer do this with regard to the talent in their enterprise. This is an opportunity for positive change and growth. As part of these efforts, position an advocate for the preservation of talent and culture at the decision-making table as the organisation focuses on sustaining its financial health.

Be prudent and thoughtful in decision-making. Should a recession inhibit growth:

  • Pursue all appropriate measures to preserve operating margin before moving forward with talent cuts. For example, reduce other SG&A costs, consider outsourcing noncore activities, sell noncore assets, adjust base and incentive compensation and benefits, etc.
  • Focus on retaining “A” players by designing and de­ploying repeatable assessments of the organisational talent and skills needed to exit a recession in a strong position to capitalise on market opportunities.
  • Be mindful of the employee experience and employee well-being by aligning these areas with the customer experience in ways that, to the extent possible, reflect the organisation’s unique employee value proposition. Also, maximise the flexibility of work arrangements.

Treat people like people. Should workforce reductions and changes to hiring practices (e.g., a hiring freeze) become necessary, make decisions objectively and approach them smartly. There is a right way and wrong way to approach these matters.

  • Communicate thoughtfully and frequently.
  • Understand the talent and skills required for the organisation to achieve its strategy as the economy recovers.
  • Focus on workforce reductions that eliminate overlaps in skills and capabilities.
  • Consider third-party resources to provide certain skills.
  • Explore opportunities to eliminate jobs that can be displaced by technology with the attendant workforce reskilling and upskilling.
  • Create opportunities where new skills and learnings can be applied to further enhance employee contributions and incorporate new ideas into processes.

Build a resilient culture. Inculcate a philosophy of embracing change.

Integrate upskilling and retention strategies. Ensure the organisation’s investments in upskilling employees are fully realised.

Make succession planning a strategic priority. This needs to happen beyond the senior executive suite. Devise and test knowledge transfer processes and leadership development plans to increase flexibility and reduce the high costs and stress associated with reassigning roles and responsibilities in a reactive manner. Consider how the organisation is going to retain its key people and keep them engaged long-term to increase the strength of the executive bench.

Keep DEI and ESG top of mind. Monitor employee sentiment on DEI and other ESG matters to identify and assess the broad range of human capital risks to inform decision-making processes on taking corporate stances on contentious issues.

Explore the results


Leslie Howatt
Leslie is a managing director, and Protiviti’s technology consulting solution and diversity, equity, and inclusion lead. She specialises in digital and technology strategy as well as transformational change with over 25 years’ experience across consulting, industry, and ...
Hanneke Catts
Hanneke is a director in Sydney with over 15 years’ experience focusing on technology consulting, including privacy, technology risk, project management and assurance, IT controls and security compliance, enterprise risk management, and internal audit and regulatory ...
Tim Speelman
Tim is a director with a track record of developing and implementing strategic plans that align with the demands and gaps of global and local enterprises. Before joining Protiviti, Tim was a regional CISO responsible for APAC within a large recruitment company with core ...