Are digital transformations of companies working as planned?

IT strategy

At the moment, digitization is presented as a panacea, true to the motto: Everything will be fine as long as you go digital. Countless advice articles and expert interviews already preach how “going digital” works. They all have one thing in common: a fixation on digital technology. Or as German Chancellor Angela Merkel said at the CDU Economic Council's Economic Council: "Everything will be digitized that can be digitized."

However, digital technology alone does not make companies agile, innovative and efficient. Companies first anchor this trio in their corporate culture, then in their corporate structure and organization. In the end, you can find it again in business models and processes. Two or three tools alone cannot do this - especially since they often cannot communicate with each other. There is more to that. A start is to question processes and organizational models. For companies this means: realignment and optimization. A uniform corporate strategy provides the foundation for this. Digital technology serves as a support.

Digitization follows process optimization

When it comes to digitization, the means are swapped with the end. First of all, it's about process optimization and not about digitization at any price. Digitization then follows. Solving problems with tools is supposedly easy. A tool is something concrete. This does not apply to the realignment of business models and processes. Rethinking and living the corporate culture and organization in a new way is complex and time-consuming. But it's sustainable.

Process optimization first focuses on company needs and then on technical needs. It optimizes the entire process with the help of technology. In this way, tools become the means to an end again. An example: Many companies introduce identity management tools and still have no control over their identity data. Why is that? You use a tool without knowing all the processes involved. Only then does the actual need become clear.

How should companies proceed? First they determine which systems in the overall process process personal data. You identify all cross-departmental characteristics. Then they define the company's needs. Which corporate needs does identity management support? That digital identities and their authorizations are consistent and available. Companies therefore ensure that the current process (including existing technology) ensures this. Then they develop an optimization concept. Finally, companies define the necessary tools - perhaps an identity management tool. Based on this, they realign business models, structures and working methods.

  1. Ten steps to the IAM
    Software solutions for authorization management, so-called identity access management systems (IAM), have moved away from their former pure IT focus. It is true that single-point-of-administration, HR-based provisioning and role-based access control are still used to achieve cost reductions and efficient user management. Today's IAM systems are primarily business collaboration platforms that rely on the specialist departments to be more involved in access management.
    They open up extended possibilities for the implementation of regulations, legal requirements and risk management. IAM thus becomes the mainstay of a company's governance, risk & compliance strategy (GRC). The following 10-point plan gives an overview of what to look out for when introducing an IAM system.
  2. Mixed project teams from IT and business
    IAM has long ceased to be a pure IT topic. Usually only people outside of IT who have extensive knowledge of internal business processes and the organization can contribute the necessary information on essential aspects: role concepts, approval structures, expectations of user interfaces or barriers between individual departments.
    Project teams for setting up an IAM system should therefore always consist of competent persons from both IT and business.
  3. Define goals
    Clearly defined goals and services as well as a tight framework for their planning and monitoring are success factors of every IAM project. This in turn requires close cooperation between experienced employees, both at the user and the implementing IAM manufacturer.
    It must therefore be ensured that all data and goals are agreed with each other and understood by everyone involved in the project before the implementation begins. Any subsequent adjustment lengthens the project unnecessarily, both in terms of time and budget.
  4. Before starting the project: clean up!
    High data quality is the key to successful identity access management. However, this initial situation is by no means a matter of course when a corresponding project is set up. Many companies maintain the access authorizations for their employees more badly than right; It is not uncommon for there to be a lot of confusion when it comes to rights management. The consequences are missing connections between accounts and users, orphaned accounts, misspellings, etc.
    Every IAM project therefore begins with a consolidation of user IDs, in which the user accounts are assigned to their owners. In the first step, you can track down orphaned accounts very quickly.
  5. Implementation in phases
    An IAM solution should be able to integrate all company-wide IT systems and be sufficiently scalable with regard to the number of users to be integrated. But all of this does not have to be implemented at once; It makes more sense to divide the project into achievable intermediate goals and work through them step by step.
    In the first phase, only a limited number of target systems are connected - ideally the most important ones; the users initially only use standard functionalities. First successes are visible more quickly, which ultimately leads to faster achievement of the full project goals.
  6. Connection of the HR system
    Problems in the area of ​​rights management often result from inadequate coordination between human resources and the IT department. If the HR team reports changes in the personnel structure or in the job titles of IT too late or not at all, this can have serious consequences: People gain access to accounts although they no longer have the right to do so due to their new role - or because they even left the company entirely.
    A manual, non-automated information policy and decentralized work also contribute to the fact that errors in the authorization structures spread quickly and uncontrollably. The HR system should therefore be connected to the IAM system first in order to achieve automation and thus to guarantee security and control.
  7. Reduce customizing to a minimum
    Leading IAM vendors aren't just selling a toolkit. Based on the experience from many realized projects, preconfigured standard systems are rather designed according to the best-of-breed approach. Avoiding standard scenarios in order to adapt a system as individually as possible to the circumstances of a company should therefore remain the exception.
    A standard product already reflects the long-standing knowledge of a manufacturer about the most diverse challenges in the IAM environment and the best solution in each case. The use of standard components also reduces implementation and maintenance costs to a minimum.
    Customers should carefully check whether, instead of complex customizing, it would not make more sense to adopt the proposed approach of a standard product and adapt their own structures with regard to processes, terminology and responsibility.
  8. Implement roles
    The bundling of access rights in so-called "roles" significantly reduces the administrative effort and forms the basis for automation in the area of ​​rights allocation. A role is the collection of individual access rights that are required for a specific function or task in the company.
    Role mining tools offer help in defining roles and optimizing them across a continuous process. However, caution is advised here: The introduction of roles requires more than a single definition of "access right clusters".
  9. Determine who is responsible for the role
    Roles are living, changeable structures that should be subject to a constant monitoring and adjustment process. Therefore, they need an assigned owner who takes responsibility for their clean design. He must regularly review the roles to determine whether changes are necessary due to changes in the organization or the IT systems.
    What applies to the IAM introduction on a large scale is therefore also relevant to the topic of roles: dividing a role project into small sub-goals, including both business and IT managers.
  10. Top-down approach
    A risk assessment system is a powerful tool for arranging the individual objects in Access Management - users, roles and accounts - in a meaningful ranking depending on their relevance. However, implementing such a system for the entire access rights structure can lead to a time-consuming and resource-intensive project.
    A top-down approach is recommended, in which attention is first focused on important aspects at an early stage of the IAM operation. The company can then catch up with a full risk assessment over time.
  11. Faster success at the department level
    In practice, the drivers of an IAM project are often auditors or IT managers. In order to achieve acceptance across all corporate areas, a user company should evaluate functions in the early project stage that are based on the wishes and needs of the individual user.
    Why not offer the available preconfigured workflows for request or password reset instead of waiting until the solution is 100 percent implemented at the end of the project? With this approach, the benefits of an IAM system quickly become noticeable in everyday work for everyone - from the user to the management - which is an important building block for the overall success of the IAM project.
  12. Stay realistic
    The 10-point plan makes it clear: Modern IAM systems integrate specialist departments and provide a business process-oriented and understandable view of identities and their rights.
    The trees do not grow into the sky when it comes to Identity Access Management. Successful projects are those in which the participants set realistic intermediate goals and work piece by piece to create a company-wide IAM system.
    This then fulfills its actual purpose: the implementation of the company's GRC strategy.

Process optimization begins in the corporate culture

Collaboration tools are another example. The use of a collaboration tool does not ensure that employees save, edit and share documents on this platform. It also does not guarantee improved communication through a new virtual collaboration group. Here the second step was taken before the first. Process optimization and changes begin in the corporate culture and organization.

Far-reaching changes such as digitization bring uncertainty. Employees are afraid of losing their jobs or are afraid that they will not be able to cope with the new technology. That is why it is so important to involve the employees. Because that's what corporate culture is all about. Significantly, the first approaches describe corporate culture as cultivating human relationships.

Corporate culture sensitizes employees to changes - in such a way that they internalize the principle of “making those affected become participants”. Those responsible convey how to use the collaboration tools and communicate the added value. They get feedback from employees and take it into account. In this way, they become a contributor to change.

The employee survey by CSC from 2016 confirms the uncertainties of the employees:

• Only 21.8 percent of the respondents said that an HR concept for digital transformation exists.

• 88 percent are convinced that the existing company structures will not succeed in setting the course for the new requirements of the digital world of work.

• 66 percent of those surveyed would like a corporate culture that specifically promotes innovation.

• Likewise, two thirds of the respondents rate the current skills and competency strategy at best with a school grade of three or worse.

Processes have to be continuously optimized

And the most important thing: there are constant changes. That is why those responsible and those involved continuously question and optimize processes. You anticipate the current competitive situation and customer needs. This makes companies agile, innovative and efficient. Business models and processes focus on corporate strategy, customer and employee needs. This increases the economic success of companies in the long term. Digital technology is the tool for this. Continuous optimization of complex business processes is a challenge for companies. Especially since different departments coordinate and optimize the individual sub-processes. The result: silo thinking can slow down holistic process optimization. Companies must therefore ask themselves how their organization ensures holistic and continuous process optimization. (fm)

  1. How to get employees excited about digital transformation
    IDC analysts give tips on how the CDO and CIO's digitalization strategy should be planned in short, medium and long-term steps. The focus is on the human factor, because the digital transformation can only be a success with motivated employees.
  2. Tip 1: check processes
    Step 1 - short-term measures: Examine the current digitization initiatives. To what extent do these projects require changes to the organizational procedures, the work processes and the collaboration between the departments?
  3. Tip 2: sound out employee concerns
    Step 2 - Short-term measures: Discuss with the department heads what concerns the employees may have about the changes.
  4. Tip 3: address employee concerns
    Step 3 - Short term measures: Think about how the possible concerns of the employees about the changes can be addressed through communication measures.
  5. Tip 4: form focus groups
    Step 1 - medium-term measures: For future digitization initiatives that result in organizational changes, introduce focus groups or interviews with employees to learn about their concerns.
  6. Tip 5: Develop a communication strategy
    Step 2 - Medium Term Actions: Review the ways internal communications can shape a communications strategy for future rollouts to address these concerns.