Blog 5 - Application Landscape: Bespoke Initiatives

Application Landscape: Bespoke Initiatives

“It is all about Data!”

Those companies that understand and have the tools to interrogate their data will be able to identify business opportunities, such as potential growth areas, lines of business no longer performing, or perhaps to highlight areas where their exposure has now reached an increased risk level. Data is King and in this modern era where data from social media, mobile phones, websites, hobbies & lifestyles etc. is being used to influence our buying potential, it is important that your data is being used appropriately.

In a briefing and accompanying editorial earlier last summer The Economist magazine, using another analogy, argued that data is today what oil was a century ago. As The Economist put it, Just as a century ago those who got to the oil in the ground were able to amass vast wealth, establish near monopolies, and build the future economy on their own precious resource, so data companies like Facebook and Google are able to do similar now.

The difference between oil and data, however, is that there is a limited amount of oil in the ground. Unlike oil, increasing amounts of data are being generated at a pace that’s hard for mere mortals to comprehend: in the next two years, 40 zettabytes of data will be created - roughly equivalent to 4 million years of HD video or five billion Libraries of Congress, according to a WEF report.

Back to earth though, how well does your business know and understand its data and has it the capability to access the data for analysis? What level of integrity exists throughout the data processing process from input to reporting to the Executive Management Team? Is there a data map, for example, that shows data interfaces, change points and controls across the application landscape? Do you know whether your data is being leaked out of the organisation ?.

MDM or Master Data Management is all about understanding your data:

● how is it defined?
● where it is updated?
● where and how is it held?
● who owns/controls it?
● how it is interrogated?
● who reports on it?

A data audit would provide a concise report delivering an inventory of your data across databases and applications. Detailing the interfaces and data change points helps to assist in supporting any regulatory data control requirements.

“Document Management”

Have you considered the thousands of documents that are sitting on servers, data storage devices and PC’s? in your organisation. As we move to a more regulated world, companies are required to have a Document Retention Policy. Whilst it is relatively straightforward to create a policy, it is the compliance to the policy that is often difficult.

A document can range from a spreadsheet, to a word or powerpoint, an emails or html documents, jpeg images etc and the fundamental problem is in the identification of a document. Unless there has been a strict document naming standard and storage filing structure established at the outset, it is almost impossible to identify a document using automated methods and will require manual intervention to correctly classify any given document.

Document ownership is the next problem. What has happened to documents belonging to staff who have left the company? Even staff who are currently employed are unlikely to remember what documents they filed 2-3 years ago unless they were very thorough with their naming conventions and filing structure. These documents are utilising storage space, and may even be backup every night, unless the company has implemented a backup Deduplication System.

Ideally, a company will have a central Document Management System that will be used to file and hold all company documents. As documents are stored, they will each receive a set of attributes, that can then be used to enquire, retrieve and delete document through manual or automated processes. Whilst there is expensive DMS System available, in the current world of cheap cloud storage, there are alternatives that are now available to help companies to create an infrastructure to store their documents in an organised way.

The first step is to define the scope of what needs to be achieved, and then to understand the company document storage landscape. Define the issues, then agree a plan to move forward. Experience shows that unless this is treated as a separate project away from the day to day business, then it will always sits at the bottom of the project pile. Fifth Step can help to set up this project if it is something that is supported by the senior management.

“End User Computing/Shadow IT”

EUC is here to stay and allows flexibility for the business to work with their data and provide bespoke solutions for business initiatives. However, small quick interim solutions have a tendency to grow and become permanent solutions, which go on to form an intrinsic part of the business & systems process. Unfortunately, these user-developed systems have often been developed without inbuilt data controls and validation, development standards and adequate documentation.

Whilst the IT department does not have a monopoly on delivering Systems or Reporting solutions, it does however, have responsibility for the control of data.

Where the business work on their own IT solutions it is important to understand how they are using the data, both to ensure that they are using the data definition correctly, e.g. Net Premium, Gross Premium, currency etc. and that any reporting of data has not had the integrity compromised. As a result, where an EUC system becomes an integral part of the application landscape, it needs to have the same documentation, controls, change management and production release process as any other IT developed system, that come under the regulatory control process.

Whilst the perception and increasing reality that storage is cheap, and therefore data duplication does not have a high physical cost per say, there is another view. Where the business have their own databases and generate numerous copies of data, this makes control very difficult, especially when you start to consider data privacy and GDPR implications. It is a common problem that when staff leave the business, then the knowledge about a particular application or database disappears. In these instances IT often find that they are asked to take over a business built application invariably with little or no documentation.

Without strict controls, there is a greater risk of errors. Where an end user computing solutions is used as part of the company’s formal operating procedures and reporting it is important that these are included in the regulatory documentation.

Whether it is the Risk Management team, Head of IT or Senior Business Managers who have concerns, it is important to understand how EUC is being used in your organisation. Fifth Step can help you gain that understanding!

“System Decommissioning”

As business processes change, new functional systems are implemented, and this often leads to functional overlap and data duplication with existing systems that become redundant. The most common outcome is to keep both systems running, because not everything has been replaced, and there is always a data file or function that continues to be used. However, over time the support overhead increases to a point where old systems need to be decommissioned, due to cost, risk or they become unsupportable.

As a CAP Gemini report states: “Most organizations do not have a clear strategy for retiring legacy applications and continue to spend up to three-quarters of their IT budgets just “keeping the lights on” - supporting outdated, redundant and sometimes entirely obsolete systems.”

Meanwhile, company acquisitions & mergers will often lead to parallel application landscapes. The good intentions that originally set out to migrate one system into another never seem to get to the top of the priority list. Some of the reasons for this are:

● The company never really integrates its business processes
● A system ceases to be used for new business, and it will be left to run off the old business, until such time that data or system functionality is no longer required
● System functionality is not exactly matched and would require application enhancement and a complicated data migration.
● There is a lack of application/database knowledge

A system is made up of many components, interfaces to/from other systems, databases to store the data, database scripts that may update the data, database views to allow other applications to enquire against the data, processing hardware, operating software, data storage hardware, and backup systems.

Before a system can be decommissioned, the existing functionality needs to be either replaced, or agreement reached with the business that is is no longer required. This is relatively straightforward, but it is often the data that causes the main problem. One of the last components to get replaced from a system decommissioning project are the data links and interfaces that feed downstream systems. The dilemma is do you change the downstream system to read data from new data sources, or do you replicate the interface from the new system to feed the downstream system? Invariably the data fields will be different, or the formats will be different and there will need to be some kind of conversion to the old interface format.

This all takes time, and the unfortunate aspect is that the business invariably do not see any change or benefit, and sometimes have to do extra work themselves by having to make a change to an EUC system, or do without a report that they used to get, because the system has been removed.

The more complicated the application landscape the higher the baseline support cost. There is always a project request or urgent maintenance task that takes priority over the work to decommission a system. This is where Fifth Step can help! We can provide a fixed price cost for selective pieces of work to address such issues as systems that need to be decommissioned.

“Systems Integration Assessment”

If the company is considering a merger or takeover, it is important for Senior Management to understand what the systems implications and options are prior to the transaction happening. The systems/IT cost is not often seen as a crucial part of the financial proposal, and can even possibly be seen as an area where costs could be saved on a pure consolidation of IT departments basis. It is the ongoing support cost that will rise, and overtime becomes a major factor in the business expense ratio.

Before this red flag is raised to the board, stay one step ahead and get an assessment as to the cost to reduce the application landscape, and have the systems integration alternatives available in a document for business consideration.

“Regulatory Certification and Compliance”

Solvency II, GDPR, SOX, Lloyd’s Cyber Certification are all regulatory certification requirements that demand controls, processes, procedures, and technical solutions. It’s important when you consider we are in an environment in which The British Insurance Brokers’ Association (BIBA) has called for the Financial Conduct Authority (FCA) to prioritise cost-effective supervision following a 70% increase in regulation costs for small brokers. Extensive new research, conducted by London Economics has shown that in the last three years the cost of compliance for small general insurance brokers has increased from 4% to 6.8% of income.

The time and effort to deliver this compliance can be significant. Do you have all these controls etc. in place, and are they fit for purpose? What is the downside if one of them fails or does not highlight that a significant premium amount or claim used the wrong currency and the board received a report with incorrect data?

If you need to set up the correct controls & procedures or would like a third party review of them, Fifth Step can help.

“Program & Project Management”

If you have program of projects or one specific project to complete to a deadline or budget, it is crucial for the best chance of success to have good project management. There are benefits to use an independant PM, since it is important to be able to be impartial, and be able to assert governance over all parties on the project, vendors, IT infrastructure, analysts, developers and business users.

Incurring an external spend on a project often focuses the team to deliver to the agreed deadlines.

“Next Step”.

Perhaps you would like a data audit or review to identify how your most beneficial assert is being used in the organisation. Or perhaps you have concerns about how End User Computing is being used? Is you Application Landscape far too complex for the functionality actually delivered? And do you have systems that need to be decommissioned? Is your company considering a merger or acquisition and would like an IT assessment?

Do you have concerns over your regulatory compliance? or perhaps some crucial projects that require external project management?
If you have answered yes to any of the above questions, then contact Fifth Step who can complete a short Fifth Step Quickstart™ Assessment that for a fixed price will allow you to gain understanding and have a plan for addressing the issue.

If you would like to learn more about the Fifth Step Quickstart™ Assessment, then please contact us at enquiries@fifthstep.com