Resilient enterpriseA CIO’s point of view

2020

Resilient enterprise | A CIO’s point of viewResilient enterprise | A CIO’s point of view

The COVID-19 pandemic is stress-testing the current technology capabilities, and organizations are looking to their CIOs to provide a resilient enterprise and lead them through uncertainty.

A resilient CIO:

• Stabilizes core business and IT operations

• Partners with business leaders to adapt to the unfolding crisis

• Handles the influx of people working remotely, increased online workloads and incoming cyber threats

• Ensures that the baseline infrastructure consistently operates

• Enables the enterprise to deliver its value proposition to customers, communities and other stakeholders

The EY purpose is building a better working world, and CIOs can contribute by leading and managing a resilient enterprise.

The first order of business at this time of crisis is to take care of your people — approach them with compassion and confidence, reassure them, make them feel safe and protected. Clear, consistent and transparent CIO communications build trust and confidence. Each employee’s productivity will be challenged and tested in unprecedented ways (e.g., remote work, increased online workloads, mass staff shortage) in the coming weeks, and the CIO’s role is to provide a work environment where people are at their best performance given the worst of circumstances. This means re-evaluating workplace culture to accommodate for a majority remote workforce; reducing nonessential participants in all meetings; supporting flexible work arrangements as people seek to balance jobs and disrupted personal lives; and communicating frequently to both hear the concerns from the people as well as to reinforce the message of reassurance.

As a CIO, actions taken right now have a ripple effect throughout the organization. Leadership defines new ways of working and champions productivity measures such as online communities to foster a sense of belonging. Enabling the shift to a remote workforce requires significant cultural change, including targeted, meaningful and coordinated communications to build trust.

As you gear up to provide remote work capability to the enterprise, inclusive of business partners and in some cases customers, your immediate focus is on remote access and collaboration solutions. VPN, VDI, audio and videoconferencing, virtual whiteboards, etc., will experience peak loads. CIOs ensure capacity and stability to meet previously unforeseen demands. For companies where remote work was less common, you should rapidly identify and implement solutions to keep the enterprise running. In either scenario, the operations and support team scales to meet peak capacity of a crisis. Some ways to rapidly expand capacity include leveraging interactive systems to route calls, implementing chatbots to answer common questions and enhancing monitoring capability.

Resilient enterprise | A CIO’s point of view

Stabilizing core business/IT operations and critical infrastructure at scale is the backbone of your resilient enterprise in the new remote work environment. CIOs realize internet service providers (ISPs) in heavy traffic areas will present service degradation and thereby plan for endpoint access. Furthermore global supply chains and offshore service providers are experiencing longer-than-normal lead times to provide infrastructure components and remote support (servers, storage, networking gear, help desk support). A resilient CIO leverages their business continuity perspective to stabilize critical applications and systems, ensuring security is in place to prevent attacks or intrusions, then repurposes their technology to maneuver through these times. A CIO also leverages key suppliers and providers to act faster. You may depend on a third-party partnership to provide resiliency in this time of need, which may include bursting, manufacturing, supplying or financial processing. This enables a major shift of the business moving to an online model for both employees and customers. Cybersecurity teams may identify acceptable incremental risks to roll out rapid capacity of applications, including videoconferencing, to flex or adopt this new remote workforce environment.

Top of mind for a CIO’s resilient enterprise• Apply a people-first mindset and

communicate with purpose

• Stabilize core systems and critical infrastructure and re-prioritize investment for remote collaboration

• Accelerate your digital transformation and design crisis measures to support long-term growth

• Reinforce cyber protections to manage the new ways of working

• Adopt a new virtual working environment to support remote work and collaboration capabilities

Business continuity/disaster recovery (bc/dr) and cybersecurity will be at the forefront of a CIO’s agenda, especially during times of uncertainty and rapid change. As technology capabilities continue to be adapted to changing operational requirements and market behaviors, so too must your resiliency capabilities to remain in sync and effective.

CIOs establish a culture of governance and process to mitigate the onset of entropy and the risks associated with malicious threats and unintentional disruptions. CIOs cannot protect the company in a vacuum and must be aligned with the business and security to achieve a holistic approach to resilience. IT collaborates with business to understand the most critical information assets, consumers of those assets, tolerance for downtime and data loss to prioritize high availability (HA) and disaster recovery (DR) capabilities. IT also needs to be aware of business continuity planning (BCP) strategies and prepare to adapt technical resiliency capabilities to support the business.

CIOs and chief information security officers (CISOs) will partner closely during times of crises to enhance defenses and countermeasures against threat actors seeking to capitalize on vulnerable companies. Expanding monitoring and detection capabilities, patching regularly, tightening access and change controls, expanding controls over business-led IT, and building employee awareness are several strategies that can help mitigate security risks. IT and cybersecurity align on how teams respond, remediate and recover from cyber attacks. CISOs calibrate needed security capabilities (multifactor authentication, scaling anti-phishing controls) and validate security protocols, escalation paths and commitments from vendors. An integrated approach to resiliency is the only way your company will survive cyber attacks and unplanned disruptions during these turbulent times.

External threats to the business can also present opportunities to rethink customer engagement. The current situation forces industries to rapidly reinvent themselves for virtual and remote engagement with their customers. It is a familiar journey — most companies have been on the path of digital transformation already and will recognize this shift as a similar, yet more abrupt, change to their business model. At the time when traditional commerce is brought to a standstill by government-mandated shelter-in-place orders, the companies with an online presence are seeing parts of their business booming to maximum capacity. Companies lagging in this area are quickly catching up: traditional retailers expanding to online shopping, restaurants introducing delivery options, medical providers enabling video-based care, organizations evolving from automation to expanded AI/ML capabilities and companies innovating new business models and revenue streams to stay afloat.

Alicia Johnson Advisory, Technology TransformationPrincipal, Ernst & Young LLPalicia.m.johnson@ey.com+1 415 505 2322

Contacts

Jim LittleAdvisory, Technology Transformation Principal, Ernst & Young LLPjim.little@ey.com+1 415 533 0641

EY | Assurance | Tax | Transactions | Advisory

About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. For more information about our organization, please visit ey.com.

Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US.

© 2020 Ernst & Young LLP. All Rights Reserved.

US SCORE No. 08807-201US BSC No. 2003-3461919 | ED NoneThis material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice.

The views of the third parties set out in this publication are not necessarily the views of the global EY organization or its member firms. Moreover, they should be seen in the context of the time they were made.

ey.com

A CIO is at the helm of these new capabilities and as they transform their organization to survive in the time of crisis, they are also preparing to be future-ready for when the crisis is over. The investments made today to expand or enable digital services for their customers are accelerating digital transformation. The consumers are similarly disrupted and are learning how to receive the services they need digitally. When the crisis will pass, some of that knowledge will stick and consumer habits may not snap back to pre-pandemic patterns. A resilient CIO becomes a leader of innovation by executing a crisis response solution that scales and enables long-term success of the enterprise.

Our work as a CIO is to balance resiliency, agility and performance, which is increasingly difficult to maintain in the time of crisis. It is critical to keep a long-term view of the business and maintain focus on large-scale foundational efforts. Companies in the middle of major modernization efforts, such as migration to the cloud or ERP transformation, maintain momentum of these programs and prevent the current situation from causing further challenges. CIOs must be prepared for new, critical and unexpected demand for technology services as the enterprise pivots to get ahead of the crisis. You may need to re-evaluate priorities as you allocate people and resources to face these new challenges. Resilient leadership is not only to survive the time of crisis, but also to come out of it stronger than before. It is important to maintain the overall direction of the organization, provide a vision of the normal and not sacrifice long-term success and viability for short-term solutions.

Amid frantic activity, we lose continuity. While it’s important to act with speed, it’s as critical to maintain even-keeled leadership that exudes confidence and purpose toward employees, customers and other stakeholders. CIOs know emergencies are temporary by nature, the crisis will eventually pass, bringing about the new normal. Navigating through turbulence while maintaining long-term momentum of the enterprise and learning from a crisis brings forward a resilient leader. A resilient CIO leverages the crisis as a force to accelerate digital transformation of the enterprise.

EY professionals can be your resilient CIO partner; we offer Advisory solutions for technology transformation, including business continuity/disaster recovery, business continuity planning, enterprise infrastructure, cybersecurity, risk management and technology strategy. Give us a call, we’re here to help.