On this page…

Business Process and Architecture

temple-of-hephaestus-athensWhether to support general standards such as ISO9000, more specifically IT standards and best practice frameworks including ISO27000 for information security or ITIL1 for service management or to comply with legislative and regulatory requirements such as GDPR, there is an increasing need for businesses to establish and sustain formal business processes and associated governance structures.

Adopting a piecemeal approach in the face of this challenge may be effective in the short term but the longer term consequence can be fragmentation, with similar processes being enacted in different and sometimes incompatible ways in different parts of the organisation.

Cardinia’s consultants are experienced in pulling together disparate business process models to create a single, enterprise-wide process model with clear accountability and appropriate segregation of duties at every stage. It is not usually necessary to tear up existing process artefacts; rather we take the best of what is already in place and supplement it where necessary to create an overall process architecture. We use TOGAF2 to assure consistency across disparate business units and process areas and take current best practice from a variety of sources, including pre-existing processes, where appropriate, ITIL, COBIT3, PRINCE24 and others.

We can also develop and deliver training in business processes and the maintenance of the enterprise process model.

Due Diligence, Acquisitions and Disposals

Due diligence and acquisitions

Acquiring a company usually means acquiring information systems and data along with it.

In the days when corporate IT systems were physically isolated and users had to be present within the organisation’s premises to access them, this presented only a simple management challenge to the acquirer – whether to retain the systems and infrastructure of the acquired company or to replace them, perhaps with an established company-wide system, thus benefiting from economies of scale.

Now that every company has systems which are directly or indirectly connected to the Internet, in an era of Bring Your Own Device, with widespread use of Virtual Private Networks enabling employees to work at home and elsewhere, the widespread use of cloud storage and similar services and increased speed of communication through email and social media, an additional challenge has arisen for those acquiring established businesses – information risk.

Risk is of course a fact of business life but the most successful businesses take the trouble to understand their risks and the business drivers which give rise to them, enabling informed decisions about how to deal with each. However, unlike most other forms of corporate risk, which are usually well understood and/or deeply probed by the due diligence process, information risk is often not understood or even known either to a company or to a prospective buyer. This means that a party acquiring a company may well be – indeed very often is – taking on unknown risks. These might include past or present breach and consequent leakage of company data, theft or misappropriation of intellectual property or failures to comply with regulatory or legislative requirements which could give rise to future liabilities or to other, potentially costly problems.

Cardinia supports the due diligence process by examining a company’s information technology and data assets along with business process, governance and softer cultural factors evidenced by human behaviour. You will receive our expert report setting out risks identified, with a detailed impact analysis and suggested mitigation of each where possible. This makes previously hidden information risk visible during the due diligence process and enables better decisions about when, how or even if the acquisition should go ahead.


Where a company is disposing of a part of its operation, it is usually necessary to provide for on-going access to data and information systems relating to the spun off entity. This could be done for structured data such as bills of material, stock records, financial information and even HR and payroll records, depending on the capability of the underlying system, by extracting all records relating to a particular product or department.

But what to do about the unstructured data? Modern organisations have vast quantities of email and documents in a variety of formats (word processing, spreadsheets and others) which do not lend themselves easily to this type of split. Just giving the acquiring entity a full copy of all of this is usually not an option – you might end up inadvertently revealing commercially sensitive information, say about retained products or pricing. Worse still, there is the problem of Data Protection principles – any personal data handed over in this way could put both parties in breach of Data Protection law; there may be no justification for the acquiring business to have it and, where there is, there may not be consent for the data to be handed over.

Cardinia supports the disposal process by examining a company’s data assets, business process and compliance requirements. You will receive our expert report setting out where attention needs to be paid to the effective separation of the organisation’s information assets, how it should be done and what additional resources will be needed to give effect to the separation.

Interim Management

Careers in IT have always moved quickly and it is not uncommon for organisations to find themselves bereft of IT leadership at short notice and often at very inconvenient times.

Finding the right person to lead your IT team can be a time-consuming process, but you need to steady the ship while that process is underway. Christopher Linfoot, Cardinia’s Principal Consultant, had a successful career as a Head/Director of IT and CIO in multinational and FTSE100 organisations for many years prior to setting up Cardinia. Christopher can step in as an interim head of your IT department, either full time for up to 6 months or on a part-time basis  for longer periods, while you continue your search for the right permanent successor.

During the interim period, Christopher can also assess your organisation’s IT needs and the strengths and weaknesses of your IT department, its people, processes and infrastructure. Understanding thus gathered can be very useful in ensuring that a permanent successor is well chosen and well briefed and can hit the ground running on appointment.

Non-Executive Director

Christopher Linfoot, Cardinia’s Principal Consultant, has extensive experience advising small, growing companies, particularly in IT services and Internet-of-Things sectors. He understands the growing pains typically suffered by these organisations, how to help them build secure, scalable products and services and how to establish a mature and sustainable capability to maintain and develop them. This makes him an ideal choice as Non-Executive Director for this type of organisation.

Christopher will be happy to meet with you and discuss your requirements without any obligation.

  1. Information Technology Infrastructure Library 

  2. The Open Group Architectural Framework 

  3. Control Objectives for Information and Related Technologies 

  4. PRojects IN Controlled Environments, version 2