The Brisbane Virtual CIO Service

As a virtual CIO, it's important to be across all areas of IT to ensure that IT spend is maximised, and the business is supported for growth. Through a structured planning process, all issues and opportunities can be quickly identified, and improvements implemented in a controlled manner. Mouseover the icons for summary information on the areas addressed, or see further below for more detail.

Planning  Governance & Compliance  Risk  Service Delivery  Knowledge & Information  Architecture  Performance  Change  Web Strategy

While it's common for a company to task a CFO or CEO with the management of IT, there are potentially massive risks and costs associated with this management model such as:

  1. The executive is not able to fully concentrate on their own area of expertise.
  2. The executive typically does not have the skill set required to effectively mitigate risk, and direct the IT spend

The Virtual CIO model enables Brisbane companies to obtain their own dedicated IT Managerial expert to ensure that IT efficiencies and spend are maximised, risk is minimised, and fit for purpose decisions are implemented to support company growth. Why trust your IT spend to an amateur, when you can have it managed by a professional at a fraction of the cost of a full time resource?

Have a look below to see the IT areas addressed by a Virtual CIO, and ask yourself if the executive managing your IT function is proficient in these areas. If not, you are bearing excessive cost and risk. Click on below items to expand out for more detail:


Planning is the single most important function that an IT Manager completes! An effective planning process will determine overall IT strategy, operational activities for the IT department, units and staff, capacity decisions, and it will drive the creation of the budget. It should find all issues and opportunities, and will prioritise and schedule all resulting improvement activities. We consider the following areas for planning:

Strategic Linking to the organsiational Strategic plan, we move through a structured process to map and categorise any improvement areas. This is a generally a high level document, and is supported by the Operational plan
Operational As the name suggests, this is the plan that identifies the operational activities required to make the improvements from the strategic plan
Unit & Staff Driven from the Operational plan, it's important to provide clear direction to your teams and staff, and ensure that their goals are specific, measurable, achievable, results focused, and time bound
Capacity This is the process of ensuring that you have sufficient capacity in your systems and resources to meet your strategic goals and agreed IT service levels
Budget Any CEO is going to want to know how much it costs to run his company, so it's important to cost all operational items, and determine when that cost will be incurred.  This will then roll up into the company budget, where decisions can be made about prioritising expenditure items in the best interests of the company

We scale the above planning processes depending on the size of the organisation, so many smaller to medium sized organisations we deal will often have a single plan that includes operational items as well as overall strategy. This will be summarised on a single page for simplicity, and will also be accompanied by a simple budget.

Governance & Compliance

Governance is all about IT making good decisions for, and with the business. At the end of the day, your IT function helps your business make money, so it's vital that they communicate effectively, share information, and collaborate to ensure that their goals are aligned, and that the best use of IT resources is being achieved. The best way to do this is to implement an Governance forum, where representatives can meet to discuss the achievement of strategic goals, items for endorsement or discussion, policy, IT issues, or whatever discussion items to facilitate good decision making.

Compliance is about meeting any regulatory requirements for your IT operation. Largely this is seen in Government, but many enterprises are concerned with the performance of their IT investment, and they will implement their own internal compliance program to ensure that they are operating is a manner that is consistent with good or best practice, and meeting federal privacy requirements. It is important to scale compliance programs according to the size of the organisation, but it's also equally important to ensure that the most important functions (e.g Information Security) are not overlooked.


IT risk is an area that needs to be taken very seriously for the simple fact that unforeseen risks can end a business.

It is important that a framework exists to identify, analyse, and recommend actions for risks in the event that they occur. This can either be encompassed within a company wide framework, or be IT specific. There are a number of IT risk frameworks that can be used, such as ITIL or COBIT, but the core of IT risk management is that you:

  • Identify the risks and their causes.
  • Rate the risks according to factors such as severity (damage), impact (how many people it will affect), and probability (of occurring).  This enables you to categorise them according to how dangerous they are to your business.
  • Identity what to do if the risk eventuates.
  • Work out what you can do now to remove a risk, minimise the chance of the risk eventuating, or minimise the severity and impact.
  • Monitor the risks on a regular and ongoing basis, and change your strategy to deal with them as required.

Service Delivery

This is about IT meeting the service needs of the business by considering areas such as:

  • Service level agreements (SLAs)
  • Availability (keeping it running)
  • Capacity (making sure the service won't struggle to deliver, but isn't over engineered and wasting money)
  • Continuity (getting it running again when things go wrong)

For larger organisations, SLAs are usually agreed, measured, and reported against. For medium enterprise, it's often not so much around measurement, but rather about getting things set up right so that you can provide your staff with good IT service, and they can then do their job and make the company money. They'll soon tell you when things aren't going well!

It's important to note that with IT, you don't provide the business with any products, because products are only used to provide a service, and aren't measurable. For example, you don't provide your staff with a network - rather you provide them with a network connectivity service, that should be available x% of the time.

Service delivery is something that can be defined through various frameworks, and it's always best to scale these frameworks to the size of the organisation as they can be incredibly prescriptive and expensive!

Knowledge & Information

In very simple terms, Information is what your company knows, and knowledge is how you handle that information, so these two components are essentially the core of any business. Despite their importance however, many organisations do not investigate them in isolation, and as such they will often have a number of potentially complex issues to resolve, such as:

  • ownership (ensuring that all information has an ultimate owner)
  • custodianship (those responsible for processing, analysing and storing)
  • quality (checking information for integrity as it is received, on at regular intervals)
  • security (access controls and protection mechanisms)
  • entry channels (assessing where information is received and entered)
  • duplication (implementing controls to provide consistency where data must be duplicated)
  • purity (controlling the iterative manipulation of data)
  • policies and procedures for the effective management of information (e.g. backups & restores, change controls, testing, business continuity


Architecture can essentially be broken into three components - hardware, software, and Cloud based services. The suitability of solutions provided in these areas is something that needs to be analysed regularly, and this is typically driven from the capacity planning process - solutions will be assessed against criteria such as their ability to meet requirements of functionality, speed, stability, security, and support.

Architecture is essentially handled within a lifecycle framework - that is, it begins and ends, and things happen in between. Therefore, this area usually ties in quite heavily with project management to go through stages such as requirements, options, selection, test, implementation, go-live, support, and disposal.

Critically within the support phase, Architecture needs to be managed appropriately with activities such as:

  • regular updates to firmware or software (using appropriate change controls)
  • evaluation of support contracts
  • tracking of relevant information (e.g. in software & hardware registers)
  • tracking of locations or users


An IT operation can be said to be made up of people, processes, and technology, and where relevant it's important to be able to develop metrics to measure and review performance, and then make appropriate changes.

For staff, there needs to be clarity around role requirements, and targets need to be set that are SMART. Reviews need to happen regularly, staff should be rewarded for meeting or exceeding targets, and they should receive appropriate training.  The end result will be happier, motivated staff with a clear purpose.

Processes constantly need updating at regular intervals, and technology needs to be reviewed regularly to ensure that it is allowing IT services to meet customer expectations.

Add to this a culture of continuous improvement where there's a constant drive to make things better, and you've got a high performing IT investment that will maximise your companies ability to make money!


There are generally 3 areas of work in IT:

  • Businss as Usual (BAU) - the regular tasks that are required to ensure that IT service delivery to the business is of consistently high quality
  • Ad-hoc - dealing with the unforeseen
  • Change - making things better

To thrive in each area, you need a specific set of abilities. For example, BAU people are usually well organised with good time management, ad-hoc people can (hopefully) remain calm under pressure, and change people are good at observing, planning, directing and communicating.

If you get an ad-hoc person to handle BAU tasks, they'll be bored out of their minds.  Conversely, a BAU person handling ad-hoc work will soon be on stress leave! Get either an ad-hoc or BAU person handling your change projects, and you'll just cost yourself money.  Why? Because change people are specifically trained in how to handle change, and it can be a complex process. Without the correct skills and experience, you risk total or partial project failure, and a lack of uptake by those affected by the change.

I always utilise good practice frameworks for handling change projects, and scale them appropriately for the size of your organisation, and the complexity of your projects. I will usually implement a simple framework that can provide consistency of process, with clarity around why a project should be initiated, how it should be run, how to get people along for the ride, and the benefits it will produce.

Web Strategy

Web technology is great for allowing people to find out about your company offerings, and even to provide internal efficiencies through the use of internal based web system (i.e. an Intranet for sharing company information and collaboration). The challenge now is that web technology and the usage of it is experiencing constant and rapid change, and web strategies need to be actively analysed, monitored and modified to keep up, and the analysis of your web

First and foremost, a poor website will simply mean that a large proportion of users will not stay to read your content, and no matter how you look at it, that can cost you a lot of money. If you think that your website is fine, consider the following:

  • Graphics and design are fashionable, and will date as web users favour sites with updated user experiences.
  • Software used for running the website and delivering the content will change quickly to provide new functionality, and reduce security risks.
  • Search engines like Google will regularly change the way they see and rate your site, which affects how people find your site.
  • The way that people want to find and interact with your company on the web is constantly changing.
  • The way that you reach people through paid advertising is constantly changing, and becoming increasingly complex.
  • Web sales techniques regularly change to ensure your 'call to action' is as successful as possible.

With our broad web experience, we can assist by:

  • managing your web project - determining and implementing a web strategy is potentially a complex undertaking with large financial implications.
  • ensuring you get value for money from having someone on your team who understands what you need, and importantly what you don't.
  • determining the most cost effective development and hosting solutions, whether they be on or offshore.
  • providing ongoing direction and advise for your web strategy to ensure that your company continues to attract and engage potential clients.

Ask a Question