Do we need a Strategy on IT and digitalisation in a time of war?
The role of IT in the modern world is hard to underestimate. Technologies serve to speed up and improve the quality of data processing and to minimise human factor and deliberate manipulation of the data, personal information, and confidential information.
In the area of public finance management (PFM), automatic data processing is critical to avoid corruption and tax avoidance. Also, as we all observed recently, IT is used as a weapon which may jeopardise the functioning of critical infrastructure, compromise databases or disable public institutions from providing essential services to the citizens or commercial entities. So why the EU-funded programme for Ukraine ‘EU4PFM’ supports several PFM institutions in Ukraine with the development of the Strategy on IT and digitalisation and why the strategy is needed at times of uncertainty and continuous attacks of russia on the critical infrastructure of Ukraine?
There is always a need to have a strategy. Only in this case, it is possible to identify threats and opportunities and have multiple scenarios for response in case of crisis – and these are the factors which define the stability of business processes, ‘business continuity and resilience of the institution. Defining the strategy starts with an analysis of the context and available resources and deciding on the direction for reforming or sustaining the existing systems.
When we talk about strategy for IT development for the institution, the first step is to look at the existing business processes and how these may be optimised. And when we talk about the institutions which belong to the same sector, it is reasonable to consider how IT support for some of the common business processes may be centralised and synchronised, for the benefit of each institution. The strategy for IT development for the institutions of the PFM area in Ukraine was released in 2021 and it promotes the approach where the Ministry of Finance of Ukraine will have a central role in managing the IT systems of its subordinate institutions. This is in line with the best European practices, increasing effectiveness and efficiency.
At the same time, each governmental institution should have its strategy for IT development, aligned with its business goals. The strategy assures that both functional and non-functional requirements are implemented and are in line with the defined standards: high availability, integrity of the data, security requirements, etc.
Three main prerequisites for the successful operation of the institution are: people, products and processes. ‘People’ (employees) is a factor which is dependent on the availability of qualified human resources. The issue with employing top professionals in IT is a problem for many governmental institutions not only in Ukraine but in many other countries, because of the difference in the level of salaries in government and the private sector. Thus, centralization of services may offer an optimal solution where the pull of specialists will be able to support the standardised IT (infrastructure, network) owned and operated by several institutions. From an organisational point of view, it is an effective and efficient setup: the specialists will regularly receive training and will not be prompted to leave the job because their salaries will be competitive and the job – attractive.
Another advantage of centralization of the management of IT resources – and it is about ‘product’ prerequisite – no need to create reserves for infrastructure by each institution individually – the reserve is formed at the main institution, and this reduces operational expenses.
As an example, in Lithuania, the strategy for IT development for the government, based on a centralised model of IT administration, was adopted some years ago and it resulted in an IT infrastructure consolidation process where the number of server rooms used by government institutions was reduced from ninety-nine to four just over the recent years – obviously, the costs for maintenance have dropped significantly, allowing the offering of more new services for the same budget.
Another example is Serbia, where a strategic decision was made by the government to migrate all databases and IT infrastructure of all governmental institutions to two data centres – primary and disaster recovery data centres. Although the process of data migration is still on the way, as it takes time, this will reduce operational costs for administration and lead to a better quality of service. This change followed the adoption by the government of Serbia of the strategy on IT development, so this can be viewed as a good example of how the process of formulating the strategy may be useful and lead to concrete change.
As for ‘processes’ – while the business processes are unique in each institution, some non-core processes may be standardized and automated for several institutions and administered by a single entity. For example, this may be possible for the human resources management process (e.g., calculation of salaries), for e-mail service based on a single platform, or for a document management system. This is possible to introduce also for PFM institutions in Ukraine when the private cloud for PFM institutions will be created. Finally, response to cyber threats can be more effective if it is done by well-trained personnel and using advanced technologies which are managed by a single entity.
Commonly, any proposed change is often perceived with resistance. In most cases, this is just a first reaction which is linked to the assumed negative effects of such change. But a deeper analysis of the proposed reform may convince of its benefits. The approach promoted by EU4PFM is for centralized management of IT and is in line with the best European practices. This is especially important in the context of the accession of Ukraine to the EU – which requires Ukrainian institutions’ alignment with the EU requirements and the development of new IT solutions which meet the standards of the EU Interoperability Framework for secure data exchange and defined data models. Additionally, such developments will increase the demand for IT support, which would be possible to provide efficiently and effectively in a centralized way, as explained above.
It is worth noting that when we talk about the centralization of IT management and strategies for IT development, one more aspect needs to be considered which is linked to both. It is about the establishment of the most optimal models for Security Operation Centers (SOC’s) which monitor, detects, and responds to cyberattacks. The end solution is that the coordination of SOC’s should be centralized for all institutions – and there are obvious advantages to such an approach, and we hope that this will be brought to the agenda of discussions soon. Since the type and nature of cyber threats change constantly, it will require new technologies, new procedures for responding to incidents and effective communication between cyber specialists supporting each institution, with continuous training for cyber specialists to have sustainable SOC.
So, now is the best time for PFM institutions to adopt revised strategies on IT development, define priority actions needed for the EU accession, but also to align them with the sectoral strategies. The first step is to consider how existing IT systems may be modernized, how to make them more sustainable, and what sources of funding may be explored. A good quality strategy sets out specific goals, but it is even more important that the way how the institution plans to achieve these goals is clearly explained. To have a complete strategy is necessary to develop an action plan with a list of projects, with an indication of their timeline and approximate budget. The more precise the action plan is, the smoother will be its implementation. A well-prepared list of projects which are easy to match with the goals set in the strategy is useful reference material for the donors when they consider areas where their support is needed for the institution. So, the strategy for IT development may also contribute to the provision of technical assistance.
Thus, the modernisation of existing IT systems and revision of IT solutions in PFM institutions is not an easy and quick procedure, since there is a need to modify business processes and adopt relevant legislation to this end. However, in the end, the benefits of these changes will be significant for Ukraine.