Following a consolidation of IT resources across the Guernsey public sector, one of its departments wished to conduct a review of its IT systems and services across all unincorporated trading assets. The desired outputs of the review were to identify all systems and services currently utilised across the unincorporated trading assets, all associated risks and any opportunities for IT service improvement.
The objectives of the review was to identify:
- Trading assets’ strategic direction for IT service delivery;
- The IT systems that were in place, the underlying technology and the support model;
- The true costs of running these IT systems, and potential areas to reduce costs and deliver improved service through IT-enabled change;
- Any opportunities or challenges in the way IT was delivered across the trading assets, including reviewing data protection;
- Rating the opportunities in terms of attractiveness and achievability.
To support achieving the objectives, CBO conducted a detailed review producing the following deliverables:
- A context analysis, aligning the IT to the trading assets’ strategy
- A detailed IT service and system risk review
- An opportunity analysis
- A high-level implementation plan
- A Data Protection/GDPR Assessment
CBO’s approach incorporated a combination of reviewing business plans and interviewing key stakeholders to identify the strategic assumptions about the role of IT in the trading assets. These findings were then applied to a structured framework to build a rounded articulation of the trading assets’ strategic intent for IT.
The focus then moved towards reviewing the IT services and systems, which was supported by detailed workshops on risks and opportunities.
Using the outputs created, CBO produced a comprehensive report which included clear recommendations and a high-level implementation plan for each of the recommendations..
In parallel a CBO Data Protection Health Check ‘rapid review’ was carried out across the trading assets, producing a RAG Report and associated GDPR Risk Register.
The outcome of the CBO IT review gave the trading assets a clear and documented understanding of their baseline IT services, how these were aligned to overall IT strategy and, importantly, their overall IT Maturity Level. The recommendations and implementation plan enabled the trading assets to agree the best approach to deliver on the opportunities and risk mitigation actions identified. This included core activities, timescales, resource requirements and a recommended governance model.
The trading assets adopted the CBO recommendation and implementation plan which addressed a number of best practice gaps in IT service delivery including a dedicated IT operations role supporting the board and the implementation of a ‘portfolio of IT change’. These activities formed the first step towards the trading assets improving their IT service delivery maturity level.