Information and technology governance

The Board mandated Blue Label’s technology and information governance responsibility to the Executive Committee. The Executive Committee oversaw the implementation and adoption of the IT governance mandates, policies, frameworks, and processes. Our governance philosophy is an integrated and collaborative governance system that ensures stakeholder value creation while complying with the applicable relevant laws and regulations. Blue Label aligns with the COBIT 2019 (Control Objectives for Information and Related Technologies), King IV, ISO/IEC 38500:2015, and the IT Infrastructure Library (ITIL), including the National Institute of Standards as the key governance frameworks within IT. Our governance mandate is exercised through our ICT Governance Framework which includes an inventory of policies, procedures and standards that govern our control environment.

We renewed our governance framework to ensure that we can maintain and improve the level of maturity to drive control delivery through project portfolio and systems change management which now ensures alignment of technology investments with governance controls. We are currently in phase three of the implementation phase (implementation of IT process flows) of our approved IT Governance Framework and aim to complete this within the 2024 financial year.

The Information and Technology division has continued to play a pivotal role in the success of Blue Label, enabling Blue Label to adapt to the rapidly evolving industry landscape. In FY23, the division focused on several key initiatives to support growth, enhance operational efficiency, and foster a culture of innovation as detailed below:

TECHNOLOGY AS A STRATEGIC TRANSFORMATION DRIVER

  1. Digital transformation: Organisations and markets across all industries are being reshaped by disruptive digitally powered forces that have steadily gathered momentum over the last 40 years. The shift towards digital everything has brought opportunities and risks that forever alter how people live, work and play. This has resulted in deep structural changes to emerging markets’ social, economic, competitive and operational dynamics, especially within the financial, communications and services contexts in which Blue Label operates. The needs of our customers and employees are consequently shifting rapidly, too, pushing us to reimagine our value propositions to remain relevant and to find innovative ways to meet the evolving requirements of all our stakeholders.
  2. Blue Label has committed to a holistic digital business transformation journey that will use digital thinking to fuel waves of business innovation that promote one or more of four key outcomes:

    • Unlocking opportunities for profitability and, wherever possible, exponential growth;
    • Realising greater efficiencies and optimisation;
    • Building our brand equity and market reputation; and
    • Increasing shareholder value and returns.

    We have made significant progress in our digital transformation journey, leveraging advanced technologies such as artificial intelligence, machine learning and automation. This has allowed us to streamline processes, improve customer engagement and drive operational excellence across the organisation. At the same time, we needed to overhaul how our people think about digital, their insight into the world around them and their behaviour to enable a sustainable digital business transformation.

    To cultivate and empower the digital mindsets intrinsic to our workforce, a series of transformative workshops, aptly named “Waves of Change”, were orchestrated across the diverse subsidiaries under our organisational umbrella. This has resulted in generating new digital ideas and initiatives across Blue Label.

    Furthermore, TPC has launched the More2Store App (M2S), which digitised bulk print airtime offerings. The M2S app allows for purchasing and delivery of bulk airtime to our merchants to be done safely, conveniently and easily. Merchants will order their pre-printed deactivated bulk vouchers (Ringas) off the M2S app and only activate them when they are ready to sell.

  3. Modernisation: Blue Label has embarked on a remarkable journey towards modernising its applications by integrating cutting-edge technologies, namely Artificial Intelligence (AI) and Machine Learning (ML). By embracing the immense potential of these innovative tools, Blue Label aims to enhance its operational efficiency, customer experiences and overall business performance. Leveraging AI and ML algorithms, Blue Label can automate various processes, streamline workflows and make datadriven decisions with greater accuracy and agility. This transformative approach propels Blue Label to the forefront of technological advancements. It empowers the organisation to adapt swiftly to the ever-evolving digital landscape, ensuring sustained growth and success in the dynamic telecommunications industry. In the last year, Blue Label, through its subsidiaries, has launched the following applications that encompass AI capability:
  4. a.  A new fraud detection solution which deploys machine learning and AI to enhance our fraud detection capability and the automation of the prevention of fraud, always learning and enhancing the fraud topologies to reduce risk and exposure for Blue Label; and

    b.  Ticketpro ticketing platform is an end-to-end build of a complete ticketing system. Unreserved seating is now live on the new platform and other functions and features will be deployed in FY24.

  5. Infrastructure enhancement: To meet the growing demand for data and connectivity, we have invested heavily in expanding our infrastructure. This includes upgrading our network capacity, enhancing data centres and deploying cutting-edge technologies to ensure our customers have reliable and high-speed network experience. Pursuing perpetual advancement and alignment with our ever-evolving business requirements, we have embarked upon a significant endeavour to upgrade our Software-Defined Wide Area Network (SDWAN) devices. SDWAN, an innovative wide-area network solution, harnesses the power of software-defined networking technology. It enables communication over the internet by utilising overlay tunnels, which are meticulously encrypted when directed towards internal organisational destinations.
  6. Through this comprehensive network upgrade, we seek to enhance availability and uptime, fortify our security resilience, and augment our observability. This strategic initiative reinforces our commitment to ensuring robust network performance while safeguarding sensitive information and elevating our overall operational efficiency.

    Embracing the immense potential of cloud computing, we have launched and successfully deployed a cutting-edge cloud-based ecosystem. This monumental shift has unlocked new dimensions of scalability and flexibility and revolutionised how we deliver products and services, transforming our business landscape. Adopting a cloud-first approach, we have harnessed the power of cloud computing with transformative capabilities. By leveraging cutting-edge cloud technologies, we have revolutionised how alternative credit bureaus access, manage, and analyse vast volumes of data, driving operational efficiency and delivering unparalleled value to our customers.

    In response to the evolving landscape of data management and the growing need for more efficient and reliable backup solutions, we migrated our data backup to a cloud solution. The decision to transition was driven by the desire to improve backup and recovery performance. With the growing volume of data and increased demands on our infrastructure, we recognised the importance of a backup solution that could deliver faster backup times, streamlined recovery processes, and reduced downtime. As part of our ongoing commitment to optimise resources, we sought a backup solution that would provide competitive pricing without compromising functionality or performance.

  7. Cybersecurity and data privacy: Recognising the increasing importance of cybersecurity, we have strengthened our efforts to safeguard customer data and protect our systems from potential threats. Robust security measures, regular audits and employee training programmes have been implemented to ensure the integrity and confidentiality of our information assets. The preservation of cybersecurity remains an ongoing and critical concern, forming a substantial portion of our technology investments. Over the past year, we have diligently reinforced and reviewed stringent information and infrastructure security control standards. With a proactive approach, we continuously evaluate our vulnerabilities and potential exposure risks while implementing comprehensive programmes for cyber risk prevention, assessment and education to ensure unwavering vigilance. As an integral part of our platform delivery, we have embedded security as a core component through governed development mechanisms. As a testament to our unwavering commitment to security, we have comprehensively reassessed the authentication process for our core AEON platform. Recognising the paramount importance of safeguarding both our organisation and our valued customers, we have implemented significant changes to fortify the authentication mechanisms for our devices and kiosks. These enhancements ensure a robust and secure environment, mitigating potential risks and reinforcing our customers’ trust in us. By continuously refining our authentication protocols, we affirm our dedication to maintaining the highest security and protection standards for all stakeholders.
Transformation of market-facing platforms

The potential of our platforms lies in their utilisation of the cutting-edge hybrid cloud backbone and a centralised Application Programming Interface (API) gateway architecture. This dynamic combination empowers the Blue Label Group to expedite its business model transformation and swiftly integrate the most advanced technologies into the market. An exemplary achievement in this regard is successfully deploying a comprehensive range of product APIs, encompassing vouchers, airtime, electricity, long-haul bus services and gaming vouchers, including Lotto, event tickets and bill payments onto our API gateway. By capitalising on this state-of-the-art infrastructure, we unlock unparalleled agility, efficiency, and versatility, positioning ourselves at the forefront of innovation and enabling seamless integration with the finest available technologies. As a result, our business can launch minimum viable product (MVP) to the market faster and compete aggressively through investment in various platform innovation initiatives across Blue Label:

  1. Re-platform of our BluAdvance offering: The BluAdvance project aims to provide advancements in electricity products to a predefined list of end-users, facilitating their access to these advances. The project aims to establish a clawback mechanism, enabling users to repay the advances with their next token purchase;
  2. Multiverse: The purpose of the multiverse is to provide in-house derived solutions, offering the customer a product that they qualify for that is suitable for their needs; and
  3. Emergency top-up: Emergency top-up (ETU) is an existing product offering currently offered to merchants across the different merchant segments. This facility allows merchants access to emergency funds to enable seamless, uninterrupted trading when they run out of funds.
Back-office transformation investments at Blue Label

Back-office transformation refers to the process of improving and streamlining internal operations, systems and processes. It typically involves leveraging technology and automation to enhance efficiency, reduce costs and improve overall performances as follows:

  • Blue Label has significantly enhanced its cybersecurity measures, implementing a robust zero-trust framework. These improvements have been instrumental in maintaining the integrity and uninterrupted functionality of Blue Label’s core infrastructure and services. Through rigorous security protocols and a proactive approach, Blue Label has achieved an impressive record of 100% uptime for its cloud applications and infrastructure, ensuring that their operations run smoothly without disruptions. This high reliability and availability is a testament to Blue Label’s commitment to maintaining a secure and resilient environment for its customers and stakeholders. Furthermore, implementing a zero-trust cybersecurity model has played a crucial role in safeguarding Blue Label’s sensitive data and preventing any unauthorised access or breaches;
  • Updates and enhancements have been made to our human capital platform that automates the recruitment process while at the same time improving the internal employee experience;
  • The roll-out of a contract management solution: Blue Label currently requires a centralised agreement process that meets all governance, risk and compliance requirements, where all contracts are drafted and stored in one central repository;
  • We replaced the digital signatory platform with a local digital signatory system, which reduced the costs and is accepted across major banks in SA;
  • Our robotic process automation (RPA) initiatives continue to add value to Blue Label. RPA is the automation of repetitive manual processes performed by a human being, which are then mimicked, where we replace the human element with an automated process. In FY23, the internal RPA team managed to automate approximately 20 processes, thereby reducing costs, improving operational efficiency and enabling our staff to focus on other key activities; and
  • Digitising our governance and risk management solution.

These strategic elements are underpinned by our constant drive towards customer-centric design and user experience, which stands central to our world-class business solutions across our businesses.

SCALABILITY AND PERFORMANCE

Additional investments into our technology platforms, computing edge and hybrid cloud strategy have ensured continuous stability while catering for significant growth in annual transactional volume throughput. We achieved 99.5% uptime for market-facing proprietary systems and 99.4% for internal business-facing systems and shared infrastructure, such as payroll and employee-specific applications.

We remained vigilant on our strategic information technology mandates of continuous service improvement, governance, operational enhancement, platform scalability and infrastructure enhancement.

RISK AND COMPLIANCE

IT Governance Framework Implementation Roadmap

We have successfully approved our IT governance framework based on the widely recognised COBIT (Control Objectives for Information and Related Technologies) standards. This framework is now being actively implemented within our organisation. It enables us to drive control delivery through project portfolio and systems change management, ensuring our technology investments align with robust governance controls.

Phase three of the implementation, which is currently underway, focuses on designing and implementing the IT process flows. As part of our commitment to continuous improvement, we have initiated an independent assessment through our internal audit team to conduct this assessment. At the same time, it will enable us to evaluate and improve the maturity of our IT governance practices.

Cybersecurity and compliance

We recognise that cybersecurity threats pose an ongoing and significant risk to our organisation. As a result, we have prioritised substantial investments in technology to address this critical issue. Over the past year, we have thoroughly reviewed and reinforced our information and infrastructure security controls, ensuring stringent standards are in place.

To maintain constant vigilance, we proactively assess vulnerabilities and evaluate the risk of exposure on an ongoing basis. Our efforts are focused on driving comprehensive cyber risk prevention, assessment and education programmes throughout Blue Label. By embedding security as a fundamental component within our platform delivery, we adhere to governed development mechanisms that prioritise security measures.

We have taken significant steps to strengthen our environment’s security posture. Detection capabilities and response processes have been implemented to identify and address potential cyber threats swiftly. This proactive approach ensures that we can effectively safeguard our systems and data.

We have implemented the NIST Cybersecurity Framework over the past 12 months to enhance our security practices further. Additionally, we have initiated the process to obtain ISO 27001:2013 certification, with the goal of completing this certification by the end of 2023. Achieving ISO certification will provide commercialisation benefits and elevate our security maturity levels as an organisation. It will also offer enhanced assurance to our customers, business partners, and third parties we engage with, demonstrating our commitment to robust information security practices.

IT risk management

IT risk management at Blue Label is integral to Blue Label’s enterprise-wide risk management strategy. The governance and operational controls are designed to support responsible risk management, recognising its importance in value creation. Risk management is embedded into decision-making processes and daily activities to ensure the organisation is risk-aware while pursuing strategic objectives.

Blue Label’s Risk function has established the necessary risk governance artefacts to facilitate effective organisational risk management. These artefacts are consistently applied and complied with by Group IT. Key risks are monitored through a well-established risk management system and process involving collaboration among the three lines of defence to manage risks effectively.

Traditionally, risk management and tracking at Blue Label were manual processes that required extensive engagement with risk action owners for updates and progress on risk mitigation strategies for reporting purposes. Blue Label has implemented a new digital risk management platform, an automated and integrated tool to enhance risk management practices. Blue Label aims to mature its risk management practices, enabling robust and proactive risk management across the organisation by implementing the new risk platform. The platform facilitates streamlined risk tracking, reporting and analysis, supporting effective decision-making and enhancing overall risk governance.

Internal and external audit

Blue Label adheres to a combined assurance model that ensures effective governance controls and practices are implemented across all our business entities. The independent assurance component, the third pillar of our combined assurance framework, encompasses internal and external audits.

Internal Audit plays a vital role in our organisation, assisting us in achieving our objectives by employing a systematic and disciplined approach to evaluate and enhance the effectiveness and efficiency of risk management, control, and governance processes. It operates as an independent and objective assurance and consulting function, aiming to add value and enhance our operations.

Internal Audit adopts a risk-based approach to fulfil its mandate, identifying critical risk management controls that management relies upon. These controls are thoroughly tested and evaluated to give the Board the necessary assurance regarding risk management and regulatory compliance, enabling it to fulfil its governance objectives.

The Audit Committee, composed of independent members, reviews and approves the risk-based internal audit plan. It receives regular updates on completed audits, findings and improvement actions. The internal audit plan is developed through interactions with various service lines within the Information Technology department, considering their respective strategic objectives, key projects and operational activities related to their specific mandates.

The internal audit plan also comprehensively assesses corporate governance, financial controls and organisational risk management procedures. Additionally, specific focus areas are identified based on input from the Audit Committee, the Executive Committee and Executive and Operational Management.

Following this robust internal audit process ensures that our governance controls are effectively evaluated, monitored, and improved to mitigate risks and enhance overall organisational performance.

We have defined the three-year rolling risk-based audit plan with our Internal Audit partner. The three-year rolling audit plan is agile and allows for Internal Audit to provide assurance to the most strategic risks prevalent at the time, which includes:

  • IT fraud control review;
  • Network security architecture review;
  • IT governance review; and
  • Post-incident assurance review.

The above outcomes demonstrate our commitment to enhancing our governance processes, controls and systems through independent and objective assurance of the adequacy and effectiveness of our IT controls. We continue to monitor the implementation of the recommendations of our assurance partner to ensure that our control environment matures and proves the importance of adequate and effective controls in supporting the business.

At Blue Label, we have revitalised our talent acquisition, development and retention approach. Our focus has been attracting and retaining skilled individuals with the expertise needed to deliver and manage modern digital software technologies effectively.

We recognise the importance of maintaining and supporting legacy environments while simultaneously adapting to and supporting newer technologies. We strongly emphasised building a best-in-class technology workforce to achieve this balance. This ensures that we have the necessary skills and capabilities to navigate the rapid pace of technological advancements. For example, we now have enterprise access to online learning tools that our workforce can use to grow and enhance their skills.

Constant resource balancing is a key aspect of our strategy. We continuously assess and align our technology workforce to keep pace with the evolving technological landscape. This approach forms the foundation for predictable service delivery and enables us to pursue our business growth and transformation objectives effectively.

By prioritising talent acquisition and development, we have the necessary expertise to navigate legacy and modern technologies. This empowers us to provide reliable services to our customers while staying ahead in an ever-changing digital landscape.