Last week, we discussed some of the common surprises resulting in unplanned business disruptions and/or IT expenses? If you missed last week’s blog, we discussed four categories of unplanned IT surprises. First was hardware and whether you’ve ever discussed age and end of life timelines for your servers, desktops, switches, routers, and firewalls. Second, we recommended frequent communication—with your IT team or managed service provider—about equipment capacity and the current status and future plans for your business. We then focused on whether or not recurring agreements of varied types are actively managed: domain names; SSL certificates; and hardware/software maintenance agreements. The fourth category of “surprises” was unexpected labor expenses and upgrades driven by external audits.
Not every business is confronted with all of these surprises, but as you’ll see in this week’s blog, an understanding of their root causes will help any company, large or small, develop practical strategies to avoid them.
The variables can all feel and seem overwhelming to manage, but they don’t have to be. The root causes lie in two broad areas: the inherent conflict of proactive and reactive IT services provided by the same individuals; and secondly, the inability to step back and look at the big picture. For most businesses, user issues trump anything else occurring in IT. Without some type of consistent proactive maintenance strategies, user issues, unexpected outages and investments, become the norm. IT professionals become limited in their ability to step back and look at the big picture. Without ever stepping back to assess your IT systems and processes, surprises will absolutely be out there. And they will multiply and then trip you up at the most inconvenient moments.
As I work with small and mid-size businesses, my message regarding IT is that it’s all about expectations. If expectations of an IT environment are clearly defined, then the surprise of “What just happened, and why?” is replaced by the planned procedure for “What steps do we take when this documented issue arises?” So how does one get to this point? It’s a two-step process. Quantify, then plan.
First off, IT should be driven by business objectives and strategies. It’s understood that many business innovations originate within IT, but your business strategy must be clear. Business strategy drives IT priorities and investments. Is your strategy in writing? Have you shared it with your IT staff? Has your provider ever asked you for it?
Then you need to quantify your technical infrastructure. Do you have your inventory documented? How old is it? Are there end of life issues looming in the near term? Are software licenses documented? Are you in compliance with software license agreements? What’s your strategy for upgrading key line-of-business applications? Do you know when your domain name registrations expire?
Finally, don’t overlook your IT operational practices. What activities consistently occur daily, weekly, and monthly? Are these activities auditable? Do you ever leverage a second set of eyes to insure that what’s expected actually occurs? When was the last time server backups were tested or a disaster recovery test occurred?
If you haven’t been asking any of these questions of yourselves, expect to be asked by potential clients or an auditor—maybe even your accountant.
Once you’ve quantified your “IT world,” planning becomes easy. I typically leverage three types of planning tools: an IT Risk Assessment; a 3 year budget; and, based on the specific client need, a summary of IT objectives. The Risk Assessment is primarily the lead document that summarizes all of the quantified information about your IT environment, documents open questions, quantifies the level of risk, and identities short and longer term remediation activities.
The Risk/Network Assessment then blends with your business strategy to result in prioritized activities and the associated budget. It’s a living set of documents that becomes the ongoing roadmap for you, your management team, and your IT staff and outsourced partners.