The establishment of the Digital Transformation Agency brought digital transformation to the forefront in public sector strategy. No longer the exclusive purview of the Chief Information Officer, it is clear now that digital transformation is about the business of government. The recent establishment of ‘Services Australia’ is the next iteration of the digital transformation journey in the Federal public service.
While digital transformation gives the public sector enormous opportunities, with those opportunities come downside risks that are increasing in scale and velocity. These risks present a threat to digital transformation and could undermine the Australian public sector’s ability to remain relevant in a rapidly changing digital economy.
In the Australian Government, the approach to digital transformation is defined by the Digital Transformation Strategy. The Strategy’s three focus areas are government that’s easy to deal with, government that is informed by citizen information and government that’s fit for the digital age. The Strategy is focused on providing simple and intuitive services for citizens and harness the power of data analytics and automation of processes.
Digital transformation is a buzzword in the ‘de jour’ lexicon of IT vendors, CIOs and consultants, so the meaning of digital transformation and what it means in the context of government is often unclear. The World Economic forum has defined five digital operating models that all exist to a greater or lesser extent in organisations.
These operating models are:
- Open and Liquid: Australian governments are moving to ecosystem-based approaches evidenced in the myGov platform and digital identity
- Data-powered: Using available data across multiple agencies and powerful analytics engines to drive insights for better decision making.
- ‘Skynet’: agencies are looking to utilise the power of automation and analytics to reduce costs associated with administrative tasks
- Customer-centric: Governments are focused on citizen experience to meet their expectations of what it is to interact with
- Extra Frugal: Optimising processes and infrastructure to drive down costs.
These five characteristics of digital transformation align neatly with the DTA Digital Transformation Strategy in areas such as citizen-centric design, the ecosystem approach, and the utilisation of data.
Digital transformation is undoubtedly a worthy goal for all levels of government in that it has the potential to fundamentally change the way that citizens interact with government and the way that the public service operates. However, with these opportunities come risks. These risks aren’t just about the confidentiality of data or availability of systems but go to the fundamental ability of government to do its job. This is the domain of Digital Risk Management.
Digital Risk Management is assessing, monitoring and responding to new risks resulting from digital transformation and continued adoption of disruptive technology. As government agencies extend technology deeper into their day-to-day business operations, they introduce unwanted and often unexpected outcomes that stem from digital transformation, digital business processes and the adoption of related technologies.
While the major areas of risk remain the ‘usual suspects’ such as security, compliance, resiliency, inherited risks from third parties and operational risk, the nature of digital business amplifies risk for organisations today. Previously, the realisation these risks would not have had the far-reaching impacts that they do today because of the heavy reliance on digital channels and the increased concentration of data.
There are numerous examples where digital risks have been realised in the government in recent times. These include website outages leading to the inability of citizens to interact with government, back-end IT failures resulting in the inability of government to deliver services, and issues with the automation of processes and data analytics resulting in poor citizen experiences. Recent experience has shown that digital risks are very real for government.
The first step in addressing digital risk is to understand how it might be affecting your organisation. The RSA Whitepaper: 10 Major Factors Affecting Your Digital Risk Profile includes areas such as use of third parties, resiliency requirements and data profile as some of the issues public servants need to consider when thinking about digital risk.