The Board mandated Blue Label’s technology and information governance responsibility to the Executive Committee. The Executive Committee oversaw the implementation and adoption of the IT governance mandates, policies, frameworks, and processes. Our governance philosophy is an integrated and collaborative governance system that ensures stakeholder value creation while complying with the applicable relevant laws and regulations. Blue Label aligns with the COBIT 2019 (Control Objectives for Information and Related Technologies), King IV, ISO/IEC 38500:2015, and the IT Infrastructure Library (ITIL), including the National Institute of Standards as the key governance frameworks within IT. Our governance mandate is exercised through our ICT Governance Framework which includes an inventory of policies, procedures and standards that govern our control environment.
We renewed our governance framework to ensure that we can maintain and improve the level of maturity to drive control delivery through project portfolio and systems change management which now ensures alignment of technology investments with governance controls. We are currently in phase three of the implementation phase (implementation of IT process flows) of our approved IT Governance Framework and aim to complete this within the 2024 financial year.
The Information and Technology division has continued to play a pivotal role in the success of Blue Label, enabling Blue Label to adapt to the rapidly evolving industry landscape. In FY23, the division focused on several key initiatives to support growth, enhance operational efficiency, and foster a culture of innovation as detailed below:
Blue Label has committed to a holistic digital business transformation journey that will use digital thinking to fuel waves of business innovation that promote one or more of four key outcomes:
We have made significant progress in our digital transformation journey, leveraging advanced technologies such as artificial intelligence, machine learning and automation. This has allowed us to streamline processes, improve customer engagement and drive operational excellence across the organisation. At the same time, we needed to overhaul how our people think about digital, their insight into the world around them and their behaviour to enable a sustainable digital business transformation.
To cultivate and empower the digital mindsets intrinsic to our workforce, a series of transformative workshops, aptly named “Waves of Change”, were orchestrated across the diverse subsidiaries under our organisational umbrella. This has resulted in generating new digital ideas and initiatives across Blue Label.
Furthermore, TPC has launched the More2Store App (M2S), which digitised bulk print airtime offerings. The M2S app allows for purchasing and delivery of bulk airtime to our merchants to be done safely, conveniently and easily. Merchants will order their pre-printed deactivated bulk vouchers (Ringas) off the M2S app and only activate them when they are ready to sell.
a. A new fraud detection solution which deploys machine learning and AI to enhance our fraud detection capability and the automation of the prevention of fraud, always learning and enhancing the fraud topologies to reduce risk and exposure for Blue Label; and
b. Ticketpro ticketing platform is an end-to-end build of a complete ticketing system. Unreserved seating is now live on the new platform and other functions and features will be deployed in FY24.
Through this comprehensive network upgrade, we seek to enhance availability and uptime, fortify our security resilience, and augment our observability. This strategic initiative reinforces our commitment to ensuring robust network performance while safeguarding sensitive information and elevating our overall operational efficiency.
Embracing the immense potential of cloud computing, we have launched and successfully deployed a cutting-edge cloud-based ecosystem. This monumental shift has unlocked new dimensions of scalability and flexibility and revolutionised how we deliver products and services, transforming our business landscape. Adopting a cloud-first approach, we have harnessed the power of cloud computing with transformative capabilities. By leveraging cutting-edge cloud technologies, we have revolutionised how alternative credit bureaus access, manage, and analyse vast volumes of data, driving operational efficiency and delivering unparalleled value to our customers.
In response to the evolving landscape of data management and the growing need for more efficient and reliable backup solutions, we migrated our data backup to a cloud solution. The decision to transition was driven by the desire to improve backup and recovery performance. With the growing volume of data and increased demands on our infrastructure, we recognised the importance of a backup solution that could deliver faster backup times, streamlined recovery processes, and reduced downtime. As part of our ongoing commitment to optimise resources, we sought a backup solution that would provide competitive pricing without compromising functionality or performance.
The potential of our platforms lies in their utilisation of the cutting-edge hybrid cloud backbone and a centralised Application Programming Interface (API) gateway architecture. This dynamic combination empowers the Blue Label Group to expedite its business model transformation and swiftly integrate the most advanced technologies into the market. An exemplary achievement in this regard is successfully deploying a comprehensive range of product APIs, encompassing vouchers, airtime, electricity, long-haul bus services and gaming vouchers, including Lotto, event tickets and bill payments onto our API gateway. By capitalising on this state-of-the-art infrastructure, we unlock unparalleled agility, efficiency, and versatility, positioning ourselves at the forefront of innovation and enabling seamless integration with the finest available technologies. As a result, our business can launch minimum viable product (MVP) to the market faster and compete aggressively through investment in various platform innovation initiatives across Blue Label:
Back-office transformation refers to the process of improving and streamlining internal operations, systems and processes. It typically involves leveraging technology and automation to enhance efficiency, reduce costs and improve overall performances as follows:
These strategic elements are underpinned by our constant drive towards customer-centric design and user experience, which stands central to our world-class business solutions across our businesses.
Additional investments into our technology platforms, computing edge and hybrid cloud strategy have ensured continuous stability while catering for significant growth in annual transactional volume throughput. We achieved 99.5% uptime for market-facing proprietary systems and 99.4% for internal business-facing systems and shared infrastructure, such as payroll and employee-specific applications.
We remained vigilant on our strategic information technology mandates of continuous service improvement, governance, operational enhancement, platform scalability and infrastructure enhancement.
We have successfully approved our IT governance framework based on the widely recognised COBIT (Control Objectives for Information and Related Technologies) standards. This framework is now being actively implemented within our organisation. It enables us to drive control delivery through project portfolio and systems change management, ensuring our technology investments align with robust governance controls.
Phase three of the implementation, which is currently underway, focuses on designing and implementing the IT process flows. As part of our commitment to continuous improvement, we have initiated an independent assessment through our internal audit team to conduct this assessment. At the same time, it will enable us to evaluate and improve the maturity of our IT governance practices.
We recognise that cybersecurity threats pose an ongoing and significant risk to our organisation. As a result, we have prioritised substantial investments in technology to address this critical issue. Over the past year, we have thoroughly reviewed and reinforced our information and infrastructure security controls, ensuring stringent standards are in place.
To maintain constant vigilance, we proactively assess vulnerabilities and evaluate the risk of exposure on an ongoing basis. Our efforts are focused on driving comprehensive cyber risk prevention, assessment and education programmes throughout Blue Label. By embedding security as a fundamental component within our platform delivery, we adhere to governed development mechanisms that prioritise security measures.
We have taken significant steps to strengthen our environment’s security posture. Detection capabilities and response processes have been implemented to identify and address potential cyber threats swiftly. This proactive approach ensures that we can effectively safeguard our systems and data.
We have implemented the NIST Cybersecurity Framework over the past 12 months to enhance our security practices further. Additionally, we have initiated the process to obtain ISO 27001:2013 certification, with the goal of completing this certification by the end of 2023. Achieving ISO certification will provide commercialisation benefits and elevate our security maturity levels as an organisation. It will also offer enhanced assurance to our customers, business partners, and third parties we engage with, demonstrating our commitment to robust information security practices.
IT risk management at Blue Label is integral to Blue Label’s enterprise-wide risk management strategy. The governance and operational controls are designed to support responsible risk management, recognising its importance in value creation. Risk management is embedded into decision-making processes and daily activities to ensure the organisation is risk-aware while pursuing strategic objectives.
Blue Label’s Risk function has established the necessary risk governance artefacts to facilitate effective organisational risk management. These artefacts are consistently applied and complied with by Group IT. Key risks are monitored through a well-established risk management system and process involving collaboration among the three lines of defence to manage risks effectively.
Traditionally, risk management and tracking at Blue Label were manual processes that required extensive engagement with risk action owners for updates and progress on risk mitigation strategies for reporting purposes. Blue Label has implemented a new digital risk management platform, an automated and integrated tool to enhance risk management practices. Blue Label aims to mature its risk management practices, enabling robust and proactive risk management across the organisation by implementing the new risk platform. The platform facilitates streamlined risk tracking, reporting and analysis, supporting effective decision-making and enhancing overall risk governance.
Blue Label adheres to a combined assurance model that ensures effective governance controls and practices are implemented across all our business entities. The independent assurance component, the third pillar of our combined assurance framework, encompasses internal and external audits.
Internal Audit plays a vital role in our organisation, assisting us in achieving our objectives by employing a systematic and disciplined approach to evaluate and enhance the effectiveness and efficiency of risk management, control, and governance processes. It operates as an independent and objective assurance and consulting function, aiming to add value and enhance our operations.
Internal Audit adopts a risk-based approach to fulfil its mandate, identifying critical risk management controls that management relies upon. These controls are thoroughly tested and evaluated to give the Board the necessary assurance regarding risk management and regulatory compliance, enabling it to fulfil its governance objectives.
The Audit Committee, composed of independent members, reviews and approves the risk-based internal audit plan. It receives regular updates on completed audits, findings and improvement actions. The internal audit plan is developed through interactions with various service lines within the Information Technology department, considering their respective strategic objectives, key projects and operational activities related to their specific mandates.
The internal audit plan also comprehensively assesses corporate governance, financial controls and organisational risk management procedures. Additionally, specific focus areas are identified based on input from the Audit Committee, the Executive Committee and Executive and Operational Management.
Following this robust internal audit process ensures that our governance controls are effectively evaluated, monitored, and improved to mitigate risks and enhance overall organisational performance.
We have defined the three-year rolling risk-based audit plan with our Internal Audit partner. The three-year rolling audit plan is agile and allows for Internal Audit to provide assurance to the most strategic risks prevalent at the time, which includes:
The above outcomes demonstrate our commitment to enhancing our governance processes, controls and systems through independent and objective assurance of the adequacy and effectiveness of our IT controls. We continue to monitor the implementation of the recommendations of our assurance partner to ensure that our control environment matures and proves the importance of adequate and effective controls in supporting the business.
At Blue Label, we have revitalised our talent acquisition, development and retention approach. Our focus has been attracting and retaining skilled individuals with the expertise needed to deliver and manage modern digital software technologies effectively.
We recognise the importance of maintaining and supporting legacy environments while simultaneously adapting to and supporting newer technologies. We strongly emphasised building a best-in-class technology workforce to achieve this balance. This ensures that we have the necessary skills and capabilities to navigate the rapid pace of technological advancements. For example, we now have enterprise access to online learning tools that our workforce can use to grow and enhance their skills.
Constant resource balancing is a key aspect of our strategy. We continuously assess and align our technology workforce to keep pace with the evolving technological landscape. This approach forms the foundation for predictable service delivery and enables us to pursue our business growth and transformation objectives effectively.
By prioritising talent acquisition and development, we have the necessary expertise to navigate legacy and modern technologies. This empowers us to provide reliable services to our customers while staying ahead in an ever-changing digital landscape.