Organising governance for a successful Mainframe modernisation

67 percent of Fortune 500 companies* still rely on last-century mainframe technology because modernisation appears too complex and risky. In back offices and data centres across the world, mainframes process trillions of dollars’ worth of transactions every day, the same way they always did. Business chiefs have been reluctant to decommission mainframes in favour of modern, agile platforms because they are compliant and secure — and unravelling them seems just too hard 

But after two decades of businesses kicking the can down the road, Risk Officers are giving modernisation programmes the green light as head-in-the-sand strategies hit a wall. Quite simply, the risk of doing nothing is too great, exacerbated by a dwindling pool of mainframe skills, which threatens the business’s very survival. Organisations are finally engaging with the daunting task of transformation; framing the highly complex, multi-disciplined endeavour that spans IT, risk, legal and finance is a crucial step, and governance lies at its heart. 

Application reboot calls for modern governance 

Modernisation calls for governance that facilitates quick responses to a fast-moving technological and competitive environment. Identifying pain points and understanding what’s driving the mainframe application modernisation imperative within your organisation is the all-important first step. Then comes the need to assess risk tolerance: does staying on the mainframe pose a future risk to revenue? Finally, stakeholders need to assess their applications and understand what kind of modernisation journey is most suitable: an incremental rehosting versus a Big Bang recoding job? Equally, an on-premise versus in-the-cloud migration. 


Orchestrating modernisation as a cohesive exercise from the outset is helpful. Normally, a programme is kick-started by an objective and delegated to a relevant department. A business applications leader may be tasked with rewriting software to be cloud native in order to easily access machine learning and bring customer-friendly products to market faster. Only to find that data associated with the applications resides on a particular mainframe in a data centre selected to meet regional compliance rules. Compliance colleagues then join the modernisation train. 

Journey entails multiple stakeholders 

The burgeoning nature of the problem is typical of application modernisation projects: the person tasked with fixing a particular problem pulls at the thread, which unravels to reveal a much bigger challenge. It can be a moment of electrifying revelation. Tier 1 companies normally have governance in place that authorizes IT teams to routinely buy or modify databases or CRMs (customer relationship management) or other components. But they don’t necessarily have a mandate to reconfigure IT infrastructure or critical business processes – the equivalent of open-heart surgery. 


Deep experience is invaluable in bridging such fissures in architecture and governance; it’s often at this juncture that an experienced third party is brought in to oversee the much larger scale programme of works that is emerging. LzLabs’ bread-and-butter job consists of coordinating the various stakeholders from IT, Risk, Legal and Operations, dealing with and resolving issues created by the radical restructuring demanded by transformation. 


Stakeholders come in different departmental guises and may also originate from other companies with a different approach based on their last set of experiences. Bring these different sets of stakeholders together and it can take a while to formulate a cohesive narrative. Harder still to generate enough buy-in throughout the organisation to move the programme forward to the execution phase.

Neuer Call-to-Action

Third party guide brings deep experience 

Another reason for bringing in third-party expertise is to bolster the skills required for such a far reaching strategic technological and business change. Paradoxically, the digitisation of the New World and the ease with which people can navigate virtual terrains may render the problem simpler than it seems. Stakeholders may anticipate the journey as a stroll through the hills with a Google Maps–like tool as sufficient.  In fact, reengineering the old world is more like a jungle expedition: you’ll need survival skills, but also a guide who can get you there in one piece. 


Organisations that do appreciate the scale of complexity, in turn, may not want to invest in necessary skills permanently or to build them into the fabric of organisation. 

Broad risk management desirable

And, framing the mainframe modernization programme more broadly delivers a highly desirable digital risk management capability, according to McKinsey consultants. Its report,  Digital Risk: Transforming risk management for the 2020s, identifies data, analytics, and IT architecture as enablers for digital risk management. “Highly fragmented IT and data architectures cannot provide an efficient or effective framework for digital risk”, say the report’s authors.   


Today’s Chief Risk Officer will likely have Mainframe Modernisation land on their desk triggered by an operational crisis caused by retired or expired mainframe personnel. We see time and again that such a red flag event generates an explosion of activity: finance, operations and IT stakeholders will scramble to plot a route to enhanced business agility while preserving the much-loved facets of the mainframe compliance and reliability.   


At LzLabs we understand the risk landscape, the scope and the detail of the technical challenge, and the nature of modern business goals. We know how vital it is to formulate a vision and to design a journey that’ll get you there and we’ll shine a light on to surface and solve the deeper hidden problems along the way. 




*Accenture: Solving the mainframe application conundrum 


Related articles.