Enhancing the Board’s Readiness for Digital Transformation Governance

Shortcomings in IT governance and in the skills and competencies of boards to provide the requisite direction for digital transformation (DX) mean that boards in general are ill-equipped for DX oversight and for the nature of the decisions required to effectively achieve it.¹

A means to address some of the gaps and enabling the board to begin to be better equipped to ask meaningful management questions about the efficacy of their organization’s digital transformation initiatives is needed.

Digital transformation governance (or oversight) ultimately aims to ensure that management’s technology interpretation of the business strategy (itself influenced by DX) is in alignment and that its deployment produces the value expected of it (figure 2) in response to business drivers such as those shown in figure 1.²

Figure 1 shows that the primary drivers of digital transformation include a customer context.³ In other words, digital transformation is in response not only to traditional competitive pressures, but also to the customer experience, the new currency in an increasingly digital world without which an organization is unlikely to survive.⁴ The purpose of enterprise IT governance is to ensure that value is created in alignment with the strategy of the organization. Digital transformation can, therefore, be interpreted as the nature of customers’ experience in interacting with the organization while it is in the process of making money.⁵

Digital Transformation Oversight: More Than What It Is Generally Thought to Be

The World Economic Forum (WEF) contrasted the difference between simply adding new technology to existing business processes (thereby realizing only marginal gains from the technology for the organization) vs. totally rethinking business in the context of that technology (thereby realizing more of the benefits of the technology).

To illustrate this, consider the nature of commercial electricity use during the early part of the 20^th century. At the time, organizations simply overlaid electricity on their existing technology. However, they found that the full benefits of electrification could only be realized once entire factories were designed and built according to the “fundamental capabilities of electric machinery.”⁶

Another example is the emergence of computers in business. Modest productivity improvements were realized for decades until entire organizations and even industries reorganized themselves around computers, ultimately resulting in “real gains” and the emergence of digital business models.⁷

For a contemporary example, consider the application of machine learning (ML) technology to a bank’s anti-money laundering (AML) business unit. ML may be deployed to potentially help reduce the volume of false-positive suspicious transactions, thereby eliminating the cost of wasted analysis hours. Yet, in the context of a multibillion-dollar bank, those benefits pale.

In contrast, digitalizing the end-to-end AML process, starting from the bank’s channels (e.g., tellers, automated teller machines [ATMs]/automated banking machines [ABMs], phones, kiosks, mobile devices, desktops and correspondent banks) all the way to the regulatory submissions of suspicious transactions increases benefits because the benefits are the sum of all the processes involved rather than just a single process. The latter constitutes the digital transformation of a business unit.

An organization’s main operating process, its value chain, is what constitutes the scope of enterprise digital transformation (figure 3). The promise of digital transformation’s sustainability drives an organization to embark on a transformation of this degree, which has greater benefits than business-unit transformation as explained previously.

Given the scale of its impact, though, enterprise digital transformation must identify a strong case for change—an enterprise problem statement—to define and execute a clearly articulated enterprise strategic plan, with great attention paid to the riskiness of addressing the change requirements. Note that even process or business-unit digital transformation initiatives proceeding without the context of an enterprise plan can lead to poor integration over time, resulting in the expected benefits less likely being realized, even introducing more risk and cost to the organization.

Digital transformation is much more than just technology-enabled business. Rather, it is about a businesswide degree of technology enablement that revolutionizes how an organization does its business.⁸ The nature of governance required, thus, has a greater proportion of business oversight than, for example, the technology oversight performed by means of the board’s IT governance committee. That is, a test of whether an organization is performing digital transformation is the extent to which both its operating model and business model change. Since digital transformation is not really about technology,⁹ organizations need to rethink most every element of their business to become digital enterprises.¹⁰

Note the usefulness of the inputs and outputs constructs in figure 3. This mechanism is a simple way to understand any technology, whether it be artificial intelligence (AI), robotic process automation, blockchain or others. Although the technology will still be something of a black box, understanding a technology begins with what its inputs are, and what it produces as an output provides valuable insight into the functionality of the technology.

The Context of Organizational Oversight

The WEF highlights four themes of digital transformation: digital business models, digital operating models, digital talent and digital traction metrics (measures of how well digital is doing).¹¹ It is important to first define “operating model” and “business model” before considering how these elements interact.

An operating model concerns how an organization delivers value to its internal and external customers. Staff functions such as accounting, risk, IT and human resources (HR) have internal customers—the rest of the organization—while line functions such as sales and operations are what makes money by serving external customers. An operating model includes people (organization), process and technology (systems and information), and elements such as location and suppliers.¹² Culture, governance and measurement are further operating model elements,¹³ as are assets and resources such as buildings, patents and other intellectual property.¹⁴ In some industries such as fisheries, forestry, mining, agriculture and manufacturing, equipment plays a large part in the operating model.

Unfortunately, some refer only to three elements of an operating model—people, process and technology—believing this list to be complete. However, even a service business such as an insurer has much more than these operating model elements such as culture (an element critical in the context of IT oversight)¹⁵ and much more. It is best to understand all the operating model constructs applicable to an organization to be able to appropriately determine the effect of digital transformation on it.

A business model concerns the organization’s strategy for making a profit, including the products and services the organization plans to sell to the target market.¹⁶ Distribution (channels), pricing and advertising are further business model elements.¹⁷

In figure 4, it is important to note the chain of events from the design and development of the goods and services intended to be for sale—all in the operating model—to getting the goods to the target market for sale at a determined price—all in the business model. This flow, the value chain, links the operating model, the business model and the customer, preferably in such a way that the value of goods and services sold is greater than the cost of producing them,¹⁸ i.e., in such a way that a profit is made.

It is also important to note that the WEF’s themes (in red in figure 4) cover almost the entire scope of an enterprise’s operations, from top to bottom, emphasizing that a digital organization does not just mean that a part of the business is digitally able, but that digital transformation involves the entire organization.

The overarching construct that links the elements of figure 4 together—confirming the organization’s reason for existence and what the organization does to fulfill that reason—is the organization’s strategy. The strategy specifies the organization’s expected returns (through the budget) achieved by selling a specified basket of goods and services to a specified target market through specific channels, all of which is operationalized in a specified way by ensuring the best allocation of resources to most efficiently produce and distribute its goods or services.

The Context of Strategic Oversight

The strategy referenced in figure 4 is an outcome of a concerted study of the environment within which the organization operates.

In figure 5, a strengths, weaknesses, opportunities, threats (SWOT) study analyzes an organization’s positives and negatives both internally (strengths and weaknesses) and externally (opportunities and threats). A political, economic, societal, technological, legal, environmental (PESTLE) study considers the impacts on the organization from its environment. Porter’s Five Forces analysis¹⁹ examines the organization in the context of a portfolio of external forces acting on it. Many other tools can be used to analyze the competitive landscape, but an integration of these three tools is sufficient for the scope discussed here.

An organization will either be threatened by digital in its industry—thereby defensively labeling it “digital disruption”—or will be proactive and see opportunities to leverage technology to change the way it does business and improve its competitiveness. Figure 1 highlighted that there is pressure exerted by the competition and by the organization’s customers to improve its performance across multiple dimensions. There is also pressure exerted by new entrants and substitutes, which some organizations will defensively see as disruption.

Strategic analysis helps one understand whether an organization has the appropriate business and operating models to take advantage of the opportunities to which its internal strengths might enable it. Through digital transformation, an organization can be proactive in developing its competitiveness or reactive in response to disruption. As much as poor business/IT alignment can be business-fatal, so too, can poor alignment between the environmental context the organization operates in and how it has organized itself to make money.

It is important to note that the drivers of digital transformation are themselves an input into the organization’s enterprise strategy development process. Enterprise strategy affects decisions made by the organization for both the business and operating models.

A Structure for Digital Transformation Governance

So how does all this help to frame the nature of the questions a board of directors should be asking management about its digital transformation activities in pursuit of digital transformation governance? There are three levels of questions: micro-, meso- and macro-scale.

Micro-Scale Questions (Figure 2)
Micro-scale questions are not inconsistent with good corporate governance, especially when those activities expose the organization to risk beyond its defined risk appetite (before controls). At the most detailed level, these questions concern the scale of the proposed digital transformation. Is it just a primary process, a set of primary processes for a business unit (BU) or all the primary processes of the organization? In each case, what are the dependencies and risk factors for these interventions, and what are their resource requirements?

Meso-Scale Questions (Figure 3)
At the mid-level, these questions concern the depth of the proposed digital transformation. Is it at the operating-model level, the business-model level or even the strategic level? If it is at the operating model-level, what will the impact be for the business model? If it is at the business-model level, what are the implications for support of the operating model? Here is where more fundamental questions about the technology become relevant, with typical technology questions being asked about proposed benefits, maturity, support, operating costs, architectural fit and strategic alignment. Again, what are the dependencies and risk factors for these interventions, and what are their resource requirements?

Macro-Scale Questions (Figure 4)
At the highest level, the questions concern the nature of the digital transformation response given the milieu within which the organization operates. How does digital transformation leverage the organization’s strengths? Are the opportunities properly articulated, and how will digital transformation leverage these? Are the threats properly articulated, and how will digital transformation mitigate these? How will the competition react? For customer-facing developments, what is being done to ensure that most customers will respond favorably to developments? Are these developments easy for the competition to duplicate and, if so, is there a fast-follower development on the horizon?

These questions are the starting blocks for determining the likelihood of the organization sustainably producing the value expected of its IT investments, per figure 2.

Conclusion

Digital transformation governance extends far beyond technology. However, the board does not need to be filled with technology wizards. Rather, “[it] must understand what can be accomplished at the intersection of business and technology” and it must be prepared to help shape how technology can transform the organization²⁰ to maintain or grow its competitiveness and sustainability.

The implication of this is that the board should sufficiently understand both the emerging technology landscape and the business well enough to be able to see opportunities for a better operating model, a better business model and a better customer experience. In this way, even less-technical board directors can begin to perform better digital transformation oversight.

To tie back in with COBIT, it should be noted that shifts in the organization’s competitive position (figure 5), changes in the business operating model (figure 4), significant paradigm shifts (digital transformation), a new business strategy or a desire to significantly improve the value gained from IT are all defined by COBIT as triggers for a review of the governance of enterprise IT,²¹ the very instrument the board applies in its IT governance committee. Digital transformation is not a piecemeal project; it is an enterprise endeavor that affects the entire organization. As a result, digital transformation demands quality oversight to help protect the organization from suboptimal digital transformation decision-making and actions that could, ultimately, hamper rather than amplify the organization’s competitiveness and sustainability.

Endnotes

¹ Pearce, G.; “Digital Transformation? Boards Are Not Ready for It,” ISACA Journal, vol. 5, 2018, https://www.isaca.org/archives
² Nayak, S. K.; Digital Transformation Roadmap: The Case of Nova SBE’s Executive Education, Nova School of Business and Economics, Portugal, 2017
³ European Data Portal; “Read the Report on Open Data & Digital Transformation,” 19 January 2016, https://www.europeandataportal.eu/en/highlights/read-report-open-data-digital-transformation
⁴ Ord, R.; “If You Don’t Provide a Great Customer Experience You Won’t Survive, Says Zendesk CEO,” WebProNews, 18 May 2019, https://www.webpronews.com/zendesk-customer-experience/
⁵ Carrara, W.; S. Fischer; F. Oudkerk; E. Van Steenbergen; D. Tinholt; “Analytical Report 1: Digital Transformation and Open Data,” European Data Portal, December 2015, https://www.europeandataportal.eu/sites/default/files/edp-analytical-report-n1-digital-transformations.pdf
⁶ Bruner, J.; “The Latest Technology Isn’t Enough—You Need the Business Model to Go With It,” World Economic Forum, 5 April 2019, https://www.weforum.org/agenda/2019/04/the-latest-technology-isnt-enough-you-need-the-business-model-to-go-with-it/
⁷ Ibid.
⁸ Ismail, M. H.; M. Khater; M. Zaki; “Digital Business Transformation and Strategy: What Do We Know So Far?” University of Cambridge, England, January 2018, https://www.researchgate.net/publication/322340970_Digital_Business_Transformation
_and_Strategy_What_Do_We_Know_So_Far
⁹ Kane, G. C.; D. Palmer; A. Nguyen Philips; D. Kiron; N. Buckley; “Strategy, Not Technology, Drives Digital Transformation,” MITSloan Management Review, 14 July 2015, https://www2.deloitte.com/insights/us/en/topics/digital-transformation/digital-transformation-strategy-digitally-mature.html
¹⁰ World Economic Forum, “Four Themes of Becoming a Digital Enterprise,” http://reports.weforum.org/digital-transformation/becoming-a-digital-enterprise/
¹¹ Ibid.
¹² Rouse, M.; “Definition: Operating Model,” TechTarget: WhatIs, https://whatis.techtarget.com/definition/operating-model
¹³ Strategy&, “Our Solutions—Operating Model,” https://www.strategyand.pwc.com/cds/operating
¹⁴ Wilson Perumal & Company, “A More Effective Way to Think About Your Operating Model,” 15 May 2015, www.wilsonperumal.com/blog/blog/a-more-effective-way-of-thinking-about-your-operating-model
¹⁵ Pearce, G., “The Sheer Gravity of Underestimating Culture as an IT Governance Risk,” ISACA Journal, vol. 3, 2019, https://www.isaca.org/archives
¹⁶ Kopp, C.; “Business Model,” Investopedia, 20 April 2019, https://www.investopedia.com/terms/b/businessmodel.asp
¹⁷ Financial Times, “Definition of Business Model,” http://markets.ft.com/research/Lexicon/Term?term=business-model
¹⁸ MindTools, “Porter’s Value Chain: Understanding How Value Is Created Within Organizations,” https://www.mindtools.com/pages/article/newSTR_66.htm
¹⁹ Institute for Strategy and Competitiveness, The Five Forces, Harvard Business School, Cambridge, Massachusetts, USA
²⁰ Op cit Kane et al.
²¹ ISACA, COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution, USA, 2018, www.isaca.org/cobit