IT has traditionally had a reputation for micro-management. In too many professional services firms, the Department of No stood in the way of productivity and growth. But post-pandemic, things are changing. During that period, many boards and senior managers had a lightbulb moment – finally realising the value that technology can deliver to the firm.
To accelerate this path to progress, professional services organisations need to continue evolving how their IT department works, and what it is responsible for. In many cases, this will mean outsourcing more infrastructure.
A recent Saffery podcast featuring QuoStar’s Chris White and Saffery’s ITDirector, David Fazakerley, have some fascinating insight on this topic.
The changing face of IT
To add true value to the post-pandemic professional services organisation, the IT department must change its role from technology provider to business enabler. As such, the role of CIO or IT director will evolve into one of translator: speaking the language of business to the board and of bits and bytes to the IT team.
There are three ways we can observe this change happening in organisations today:
Cloud: There was a time when IT managed everything in house. Now cloud services have matured, there’s little justification for such an approach. Public cloud infrastructure, private cloud (IaaS) and software-as-a-service (SaaS) can be highly cost-effective – enabling firms to scale up and down as required. And they are often more secure than anything that can be managed internally. Increasingly, cloud is seen as just another utility.
That frees IT from the operational shackles of keeping the lights on, to focus on a more strategic role. Today, IT’s role should be to select the right partners and providers to work with, understand what the firm’s employees need to maximise productivity, and deliver the best possible service for clients. Professional services firms aren’t IT shops. They’re lawyers, accountants and specialist consultants. So IT’s role at its core should be to support these client services via optimised use of technology.
Cybersecurity: Cyber-threats are surging amidst geopolitical uncertainty and a cybercrime underground said to be worth trillions annually. One vendor blocked 85.6 billion threats in the first half of 2023 alone. Government figures from April 2023 reveal that over half medium (59%) and large (69%) UK businesses suffered a serious cyber-attack or breach in the previous 12 months.
Professional services IT teams aren’t equipped to handle this deluge all by themselves. Instead, their job is to educate users, understand the organisation’s risk appetite, and outsource where necessary to providers with the requisite skills, resources and technology. It’s about building a cohesive hybrid team, so that when the worst-case scenario occurs, everyone knows their role and can react quickly in order to rapidly contain and recover.
It’s also about recognising that not all of cyber-risk management is a matter of putting in place another firewall or a web filter. The human-shaped problem continues to be a major risk factor, in the form of social engineering and phishing. And that can’t be solved by technology alone. It’s a problem set to get much worse with the advent of generative AI (GenAI), which will democratise the ability to launch highly convincing phishing campaigns in multiple languages.
Security awareness and training programmes will therefore be an increasingly important part of risk mitigation in professional services firms. To stand any chance of success, lessons must be run in short, sharp bursts, contain real-world simulations and cover the whole organisation, from boardroom down to contractors and part-timers. And any courses must be run continuously: as long as the bad guys keep innovating, there’s always something new to learn. Once again, the value from IT will come from choosing the right third-party provider to supply these capabilities.
In short, effective cybersecurity is about firstly stopping the bad stuff getting in. If that isn’t possible, the focus should be on limiting the damage once threat actors are inside the network. And if they are able to cause any damage, ensure the organisation can recover as quick as possible with enhanced resilience.
Artificial intelligence: AI has the potential to transform professional services, especially generative AI (GenAI) of the sort pioneered by ChatGPT. But there’s also a lot of froth and bluster in the market. And the risk of accidentally exposing sensitive information or believing GenAI-generated falsehoods is high. This could have a potentially serious impact on corporate reputation.
Once again, the IT department’s role is not to build its own large language model (LLM) or chatbot tools. It is to assess what’s available on the market and advise the business about possible solutions that match the organisation’s risk appetite. There’s also important work to be done in updating policies, to ensure employees understand what they can and can’t do.
Saffery’s Fazakerley explains that he has been on a steep learning curve over the past few months, familiarising himself with GenAI. The key to optimised use is understanding where GenAI’s strengths and weaknesses are, which is why the firm uses Microsoft Copilot secured within an Azure tenancy, so any sensitive data inputted via prompts isn’t exposed to the wider world.
Fazakerley claims it has transformed and enriched his search experience. And whereas it may not be advisable to generate content on tax advice, it has been extremely useful at summarising existing advice in a more accessible language that clients may better understand. In that way. it’s helped Saffery think differently about how it interacts with clients, to change engrained habits. For that reason, the tech has already garnered significant enthusiasm from non-IT members of staff, which is a rarity, he says.
The road ahead
This is a vision of IT fit for the digital age: as a core business-enabling function. It imagines an IT department focused on how to optimise the organisation’s use of technology, so it can deliver the best possible client service. And on explaining to the board where and how this tech is generating ROI.