If you struggle annually to develop an IT budget that allocates the right amount of money to the right things, following these nine steps will make sure you arrive at the right answers year after year.
1. Talk to your staff.
IT can’t develop a plan to serve its customers (i.e. your employees) without knowing what they need and how well those needs are currently being met. By surveying all your end users about their satisfaction with IT and their suggestions for improvement, you can create benchmarks that let you measure and reward IT’s performance while identifying areas for and justifying future spending.
Keep the survey simple. Instead of asking dozens of detailed questions, ask one open-ended one: What is IT doing that’s working, and what could it do better? This ensures that people bring up all their kudos and complaints instead of limiting their feedback to issues you’ve specifically asked about.
2. Dig deeper with people who have an informed perspective on specialized areas.
Talk to key managers about the results of your end user survey and how new systems might address their employees’ issues. Ask them to estimate the return on investment those systems could deliver so that you can determine whether the ROI justifies the project’s costs.
3. Conduct a security and operational risk assessment.
You don’t want to spend a million dollars where a few thousand will do. Sit down with your lawyer, your insurance broker, your IT team, and your operations manager and ask these questions:
- What events might result in business downtime or compromised data?
- What would be the consequences of these events?
- What are the most cost-effective ways to prevent or mitigate those consequences?
This exercise will help you focus your efforts and spending on systems and programs that effectively address problems you’re actually likely to have, rather than allocating money to solutions that either don’t meet your needs or meet needs you don’t have. Here are a few examples:
Are you maintaining servers in a high-risk location like San Francisco, which is vulnerable to power outages and earthquakes, and protecting them with an expensive remote disaster recovery failover site? Consider moving business systems to the cloud. The costs associated with maintaining hardware/licensing and administering on-premise systems are replaced with subscription-based licensing that will likely translate to a lower total cost of ownership over a 3-5 year span.
Are you considering installing sophisticated internet traffic monitoring hardware in your office to protect your company from malware? Solutions like this can generate numerous false positives, are mostly blind to encrypted traffic (which most traffic now is), and only protects people while they’re in the office. Consider implementing enhanced endpoint detection combined with end user phish testing and awareness training. It’s inexpensive, works when your systems are remote, and most importantly, defends against the single biggest driver of security breaches: hacking through social engineering.
Are you investing in a costly intrusion detection system? If you haven’t put basic security controls in place, you’re locking the windows against intruders but leaving the door wide open. Implement a password policy that requires strong, regularly changed passwords and locks users out after only a few failed logins. Eliminate common names that hackers target, like “Bob,” “administrator,” and “scanner,” from your user database. Review all accounts that have admin privileges and limit those privileges to those who need them.
4. Choose proven, broadly deployed technology.
Unless you have specialized needs, standardize on hardware and software from the biggest technology vendors. They’re the biggest kids on the playground, so everyone wants to play nice with them. Choosing their products makes it more likely that your new purchases will be compatible with what you already own.
For computers, go with Dell, HP, or IBM — not lower-quality brands — and consider support contracts that include quick part replacements.
For software, stick to standard vendor-supported packages like Netsuite and Microsoft Dynamics 365.
For other hardware, invest in equipment that suits job requirements. This is especially true for printers, where economizing up front is likely to cost you more in repairs and replacements later.
5. Eliminate software development.
In 20 years of business, we’ve seen dozens of companies with budgets ranging from five figures to millions of dollars try to build their own software because they thought they saw a gap in the market. None of them succeeded.
Software development requires such huge scale that it needs to be a core business. If you think you’ve spotted a market opportunity, set up an independent development firm. Your organization can be customer number one, but the developer will need to sell actively to other firms in your industry to scale and survive.
6. List the basic building blocks of your IT budget.
Now that you know what you need, list it so you can incorporate it in your budget:
-
- Hardware, including all your owned and leased equipment, such as desktop and laptop computers, servers, switches, cabling, phones, printers, etc., as well as costs for cloud-based Platform as a Service (PaaS) and more traditional hosting/Infrastructure as a Service (IaaS).
- Software, including both licensed and SaaS solutions.
- Data backup solutions.
- End user training.
- Data and telecom services.
- Staffing, both internal and outsourced.
- Upcoming one-time projects.
- Security and compliance, including audits.
- Cybersecurity and business interruption insurance.
7. Include insurance.
Cybersecurity insurance is well worth the investment, and it’s an incredible bargain. You can find insurers offering $10 million in coverage for as little as $30,000 a year. When you apply, don’t overstate your cybersecurity practices for the sake of lowering your premium. You won’t save a significant amount, and you’ll risk losing quite a lot if the insurer investigates a breach, discovers you lack the protections you claimed to have in place, and denies your claim.
8. Enforce standardization.
Creating technology standards and sticking to them are the most important things you can do to ensure secure, reliable, IT services while controlling costs. Make your department heads accountable for keeping costs down by enforcing standardization. If someone demands an exception (for example, permission to use a Mac in an otherwise all-Windows environment), they should say no — or, alternatively, require the person requesting the exception to pay the additional cost of accommodating it.
9. Consider outsourcing functions that aren’t your core competency.
Outsourcing services that aren’t core to your business is one of the best ways to stretch your IT budget and ensure you get the best combination of price and value. The market for IT outsourcing is huge and growing, so it should be fairly easy for you to choose among multiple bids for almost any project you have in mind.