A bank’s journey on rethinking its IT Target Operating Model  

Written in collaboration with Carla Santos, a member of The Blog team. 

---

If you enjoy watching movies and series, you’ve probably noticed that many—if not most—of them are based on true stories. So much so that you might find yourself rolling your eyes and thinking, ‘Of course, it’s based on a true story.’ We get it. But despite the occasional eye roll, true stories have a way of fascinating us. They offer us a window into the lives of others, helping us learn from their experiences without having to go through the same challenges ourselves—or at least we know how we can overcome them if we can’t escape them. 

Now, we’ve got a true story to share with you—one we hope will resonate (please, don’t roll your eyes). It’s about a mid-sized regional bank that, one year ago, was grappling with declining revenues due to market pressure, interest rate instability, and growing competition in one of their key services. In response, the bank launched a cost-cutting initiative across the organisation.* 

The IT department, responsible for supporting both core banking systems and customer-facing digital services, took the hardest hit. With a mandate to reduce operating costs by 10-15%, the department achieved this by optimising and reducing software licences. However, when asked to make further budget cuts, IT leaders warned their leadership that incremental reductions would only worsen inefficiencies, disrupt service delivery, and ultimately increase operational risks. 

So, they proposed a strategic initiative to rethink the IT Target Operating Model (IT TOM)—a plan designed to make IT functions operate more efficiently, better aligned with business goals, and capable of driving innovation. Leadership agreed to move forward with the proposal. 

What happened next? In this blog, we take you through the journey of this bank as it revises its IT TOM. We’ll explore the challenges and opportunities faced during the design and implementation phases, and share the lessons learned along the way. 

Challenges and opportunities when designing the IT TOM 

The bank began designing an IT TOM on several traditional dimensions—people, processes, technology, and governance. Growing regulatory pressure and audit findings influenced its shaping, which needed to have a robust framework and be agile enough to adapt to future business and regulatory demands. To achieve this, the bank followed these key steps across the different dimensions: 

During the IT TOM design, the bank spotted several areas where its current ways of working could be improved and refined: 

• A review of the current contractors and service providers revealed clear opportunities for cost optimisation. Some projects and maintenance contracts could benefit from more structured selection processes and stronger sourcing strategies.
  To enhance transparency and efficiency, the organisation reassessed its sourcing strategy, conducted a thorough review of existing vendors, and introduced key changes to sourcing governance and practices. 

• IT stakeholders needed to break down misconceptions and blind trust surrounding the cloud, clarifying its true value within the enterprise IT landscape. As hybrid environments become the norm, IT teams had to develop more versatile skill sets to architect, support, and maintain these systems effectively.
  These factors shaped a cloud adoption strategy based on well-established principles, including ‘reuse before buy,’ ‘buy before build,’ ‘standardise wherever possible,’ and other industry best practices. 

• Technical knowledge varied across business units—while some were using valuable technologies to optimise their processes, others lagged, lacking access to the same knowledge and methods. 
  To bridge this gap, an upskilling programme was integrated into the IT strengthening the role of IT stakeholders in sharing knowledge and developing skills across the organisation. 

• Opportunities for business process automation were identified, but the prerequisites often proved more complex than the automation itself. 
  To address this, IT provisioning procedures needed simplification, and the accountability of IT managers had to be clearly defined. 

Despite these findings, the IT TOM design was making good progress, with the organisation finding ways to turn obstacles into opportunities. However, the focus remained largely on internal organisational issues. 

IT TOM rationales and external influencing factors 

Initially, the organisation’s leadership expected the IT TOM primarily to address compliance-related risks. However, after an internal report summarising a penetration test revealed significant cyber threats, it became clear that external factors beyond compliance—such as cybersecurity risks—also needed to be considered in the IT TOM design. 

In response, the team in charge prioritised these influencing factors, engaging in extensive discussions to determine their impact. Ultimately, the following topics were integrated into the IT TOM rationale and business case: 

1. The widespread adoption of cloud computing and Software-as-a-Service (SaaS) solution, considering aging technologies, maintenance costs (OPEX vs. CAPEX models), and opportunities for innovation. 
2. A potential upcoming merger, requiring additional efforts to apply IT standards and streamline IT governance and processes. 
3. The rise of IT self-service and citizen developer trends, which shift the role of traditional IT departments—creating new opportunities for business-led innovation while increasing the need for strong IT policies to define clear boundaries for self-service solutions. 
4. Cybersecurity imperatives, including the development of cybersecurity capabilities to address gaps and ensure a consistent structure of defence lines to improve IT security. 
5. The impact of Generative AI solutions, with their potential to automate many advanced analytical tasks, reshape the IT workforce, and influence outsourcing strategies—while also introducing challenges related to data quality and the standardisation of data libraries. 

Ambition vs. reality: the challenges encountered during IT TOM implementation 

After four months of designing the IT TOM, the bank launched the implementation phase. This impacted not just the IT department, but the whole organisation. Teams were restructured, the IT department underwent a reorganisation of its various offices, and processes were streamlined and optimised. IT governance was also clarified and enhanced. The hiring of a Chief Information Officer (CIO) and an IT manager marked a cultural shift, fostering a new dynamic of collaboration between IT teams and the business. 

Unfortunately, four months after the IT TOM implementation was rolled out, progress slowed due to a merger between the bank and a larger group. The group wasn’t focused on integration post-merger, but rather on using the bank’s client base for cross-selling additional financial services. 

Thankfully, this didn’t undermine the efforts made up to that point, but the group did challenge certain gaps in the IT TOM design: 

• The IT TOM business case and improvement plan highlighted the added value of various initiatives but didn’t provide enough detail on how it would mitigate the associated risks. The group primarily based its investments on an understanding of the risks to be addressed, making this issue a top priority. 
• The financial readiness of IT expenditures was unclear, particularly regarding how costs were distributed across the organisation’s various business units. The group requested greater transparency in the cost structure and enhanced governance for ongoing controls. 
• Because of the merger, one of the organisation’s goals was no longer valid, which meant that a part of the related IT strategy and objectives needed to be reassessed. 

The implementation plan was delayed by three months as these points had to be addressed, clarified, discussed, agreed upon, and communicated clearly to the group to unlock the necessary budget for the IT TOM. 

This slowdown had a cascading effect on business projects and negatively impacted motivation within IT teams, who had high expectations for the IT TOM. Some key resources left as a result. After this setback, to strengthen the transformation effort, it was decided that the CIO would change reporting lines—from Chief Financial Officer (CFO) to Chief Executive Officer (CEO)—allowing for better updates and increased transparency regarding IT operations and dependencies with other business functions. 

Key lessons from the IT TOM design and implementation journey 

In the same way that true stories offer valuable lessons from the experiences of others, the bank’s journey in implementing the IT TOM holds lessons that can help other organisations navigate their own transformation processes. These key lessons are: 

• First, while ambitious plans can drive substantial positive change, they must be flexible enough to adapt to unforeseen events such as mergers or shifts in strategic priorities.  
• Second, clear communication and transparency, particularly concerning financials and risk management, are crucial to maintaining support and momentum.  
• Third, the IT TOM is fundamentally interconnected with all business functions, so its success should be measured by how well it serves the entire organisation in delivering value to its customers.  
• Lastly, embedding the IT leader within the executive team can foster better alignment and integration of IT initiatives with broader business strategies, enabling more resilient and responsive operations. 

Continuous evaluation and refinement of the IT TOM ensures it remains relevant, drives sustainable growth and innovation, and continues to enhance the organisation’s ability to deliver superior value to its customers. 

Just as we learn from the challenges faced by others, you can take these lessons and apply them to your own strategies, ensuring you don’t just avoid pitfalls but also enhance your ability to adapt, innovate, and deliver value. Not sure where to start? We suggest you visit our webpage to learn more. 

*Disclaimer: all elements described (organisation, sequence of events, roles) are fictional but based on various IT TOM experiences from different organisations across multiple industries.

What we think