Understanding and managing IT services is a discipline all on its own. As with any industry, the IT industry is full of cool buzzwords, acronyms and consulting services which may be absolutely applicable for large organisations with extremely complex IT environments that have business critical requirements for uptime and security, ie Banking and finance. However, trying to translate that thinking to small and medium businesses can be a real challenge. IT specialists can over complicate things as they are largely a risk adverse bunch due to traditionally being the ones that are on the firing line. Combine this with the small business/start up, or a medium business who embraces an entrepreneurial mindset to take risks, gaps in understanding will occur. Over complicated IT governance can come across to business leaders in organisations like these as trying to fix an insect problem with a Tank. This consultant still has the words “Analysis Paralysis” ringing in his ears from an outburst by a CEO, 4 years ago.
To throw fuel on the fire, now that cloud services are readily available, small to medium businesses are jumping on these in an effort to “simplify their IT” and drive their costs down. I’ve seen some medium sized businesses that are even doing away with the traditional IT department due to being sold an “outsourced” or “multisourced” (ie some internal staff and some external services) model. This effectively removes one point of accountability for the businesses in all matters IT in the outsourced model or can remove the capability for the actual “doing” in a multisourced model. Point being, if this is not done with some thinking and planning at all levels, businesses can paint themselves into a corner with disastrous consequences, even small businesses.
So what do you?
What follows is a starting point only. It is by no means a definitive list. But I believe that if both small and medium businesses start here, this should take the potential sting out of a potentially disastrous outsourcing/multisourcing situation.
1. Understand your IT as best you can
At the risk of quoting Shrek, IT is like an onion. It has layers that are not immediately obvious. As a small business example, Xero may be your accounting system, Office 365 might be your email solution and you might use Dropbox to store your documents. Think of everything IT related that you use on a day to day basis and write it down somewhere. Again, this doesn’t have to be complex. If you’re a sole trader, write it on the back of a napkin if you have to. The important bit is to consider this, especially if any of these systems are business critical.
2. What happens if they stop? How long can you do without them?
To stick with Xero as an example. If you couldn’t access Xero for any reason, what does that do to your business? If it was offline for a day, a week, or a month? What does that cost you in real terms? Alternatively, if your documents that you stored on Dropbox became unavailable for 5 days, what happens to your business?
3. Understand the relationships between components
Here’s where some complexity comes in. Again sticking with Xero, what are the relationships between the components that go into making Xero available to you? Well obviously the Xero website, but then there’s your web-browser, your PC, your internet connection which also consists of multiple components. In medium sized businesses when talking about in house applications, this can be more complex when you throw in servers, server rooms, cooling, power, Citrix…the list goes on. Again, the important part is to consider these aspects and record them in a way that makes sense to your business.
4. Who owns/supports the components?
Now you have a rough idea that your accounting system isn’t just the Xero website, but has many dependencies, do you know who to call if any of these things break? If you do, great! Write them down! If you don’t, you need to think about this carefully. For accounting system problems, you call the Xero helpdesk, but they can’t help you if your internet is offline, or your computer is broken. In addition, do you know how to differentiate between the causes of the issues so you know who to call?
5. Are there commercial arrangements in place governing this?
You may know who to call, but what are the terms of their response? Best effort? To again use the previous example (and potentially exaggerating to make my point), if the absence of Xero for whatever reason is going to cost your business $5000 per of day in lost revenue, and it is going to take the organisations that support any of the components that you identified in step 3, longer than a day to respond, then you may have risk around the potential impact if this service becomes unavailable. In a medium sized organisation, this is where a decision might be taken to maintain someone in house that can manage your accounting service for you if it is that business critical. Conversely, you may be content to outsource the things that are not so critical. In addition, there may be outsourced organisations that commit to a response time, but unless there are repercussions for them not meeting this commitment, it can be a paper tiger.
In conclusion, there are many frameworks out there designed for governing and managing IT, ie ITIL, CoBit and an emerging framework designed for managing outsourcing/multisourcing arrangements known as SIAM (standing for Service Integration and Management). Good IT management is about not only understanding the benefits that IT can give an organisation but understanding and articulating the risk that they pose once a business is reliant on them. This applies to businesses of ALL sizes. Once this is understood and articulated, the associated rules for managing them can be flexed accordingly wherever possible using the KISS principle (won’t bother explaining that one.) By understand the aspects and the relationships between your IT services, and by sticking with one point of accountability for your key IT services wherever possible, your IT becomes closer to the nirvana of “an invisible business enabler” that has been sold to businesses since the time that first green screen terminal was placed on somebody’s desk!