The Client's Challenge
The client had reviewed its existing IT security approaches and infrastructure in conjunction with KPMG. This had identified the need for a new approach, but no tangible benefits.
The CTO asserted, “For this type of project you can’t (financially) justify it, you just need to do it!”
However, we were asked to help generate a financially viable business case.
The project included generating a full business case for:
- identity management for both internal and external parties
- device management
- intrusion protection
- wireless security
- mobile security
- network zoning
- collaboration security, and
- data classification.
Using the TOP Business Case program a small team of Bluescope IT and Business staff worked with us, by attending three progressive workshops over 6 weeks, to identify and quantify the:
- desired business outcomes,
- business benefits
- dollar value available plus bases and assumptions
- project delivery costs
- project delivery and business impact risks and risk management strategies
- critical success factors
- outcomes and benefits delivery plans.
The generation of 15 ‘desired business outcomes’ that described the goals of the program and could be easily understood and were accepted by business management
Twenty three major benefits, further analyzed into Customer, Competitive, Capability, Productivity, Financial and Risk-reduction categories
$5.655m in real tangible dollar savings identified
$1.5m in conservatively estimated productivity savings
A measurable reduction in IT’s high-risk exposure areas (assessed as part of the corporation’s overall risk analysis).
The assignment identified that management of the overall design and implementation of the security environment was a central corporate need in a highly federated multi-national organization — resulting in the creation of a new corporate entity with specific accountability to introduce and roll-out the new security environment
The existing security-related projects were reorganized to align to the agreed business outcomes to be delivered.