New to Overseeing IT? Your IT Infrastructure Is One Way to Realize Real Organizational Gains, Fast
When a new CFO takes the reins, the pressure is on. The rest of the C-suite is looking in your direction, not just for new data, but for new insights, and big new gains against the company’s key performance indicators.
It’s a great position to be in. Why? Because during this one-year honeymoon you get on the executive staff, everyone is looking to you for new ideas and is giving you the leeway you need to implement them. As a CFO, of course, you don’t have authority over everything the company does. However, it’s very likely you’ll have oversight over the company’s IT department and infrastructure. And I’m here to tell you, this is one area where you can realize big wins quickly.
Most IT operations have significant room for improvement. When we come in as an MSP partner to do assessments, we always find big gaps and new, more efficient ways to run your systems. Here are some of the common ones that we find, and areas that we suggest that new CFOs investigate for areas of quick, important improvement. Let’s get into it.
Big, Achievable Areas for Improvement in Your IT Infrastructure
Are you new to the job of CFO? Or are you an established CFO that’s been handed oversight of IT?
Either way, it’s best to take a strategic view of your IT operations right away. We recommend getting professional help and an outside perspective so you can assess your IT infrastructure from top to bottom. You’ll find things that need changing both in your strategy and in your daily operations detail. From experience, I can tell you there are lots of blind spots to be found if only you look.
Lifecycle Management and Eliminating Redundancies
How well have you tracked your IT purchases? Do you know how old all of your devices are? Every good IT operation should have an ironclad inventory of all its endpoint devices and a plan for replacing those that become obsolete or too slow to operate on any upgraded systems. Once you have your systems firing with no obstacles, you’re likely to see big gains in speed and efficiency. While there may be some investment required upfront for upgrades, the money you save in the long run pays dividends.
The same principle stands with your server room if you have one. How up-to-date is your equipment, and is the age or speed of that equipment having a negative impact on your system performance?
Have you made the transition to cloud-based productivity software? If so, you won’t have to worry about the cost of updates. Those come standard— and can be a key way companies save money and hassles.
The important things to look for in this part of your assessment process are obsolescence, incompatibility, and waste. I consider this process the “lowest hanging fruit” of your assessment phase. It’s a great place to realize big gains.
Internal vs. External Staffing
Whether you’re a mid-sized company looking for IT staff augmentation, or a small company looking for an MSP partner, most people assume that it will always be more efficient to outsource. Let me just say here—this is very often the case.
But have you run the numbers?
It pays to have an assessment done that compares all your options, so you can take an unbiased look at your choices. That’s why we usually recommend you get a paid assessment done, and not one that is thrown in free with the promise of signing a big contract with an IT provider. You need all the information—because sometimes the right answers might surprise you.
Enhancing Your Speed to Recovery
When was the last time you gave any thought to your company’s disaster recovery protocol? This is the sort of thing that many companies set and forget. But that’s a mistake because often, these protocols don’t keep up with the constant increases in traffic and system updates your IT department is implementing.
So, I would encourage you to ask yourself these questions:
- Do we currently have enough cloud storage to meet our data processing needs?
- If a natural disaster took out our headquarters offices, what would that mean to our ability to do business? Would our staff know what to do? Are there written procedures in place?
- If our systems were interrupted due to disasters or outages, how much data would we be likely to lose? How fast would our backup systems be activated? What would those answers mean to our business, in dollars and lost productivity?
How you answer these questions will determine your level of investment, and your backup strategy overall. Some companies can deal with a few hours of downtime without an enormous impact on their business and profits. Other companies can only afford a few minutes. Think now about what you believe your “ideal recovery” would look like. Use that vision to build a recovery system for your company that will prepare you now, and in the future.
Properly Insuring Your IT Infrastructure Against Risks
If you haven’t yet insured your company with cyber risk insurance, it’s time to run, not walk to your local insurer’s office. If your company is small, this might seem like an extravagance. But if you have systems that carry any kind of sensitive data— especially health and financial/sales data— a robust cyber risk insurance policy is mission critical. If you already have cyber risk insurance, reexamine your coverage levels, and double-check to see if it’s still adequate to cover the entirety of your IT operation.
This may not be the sort of thing that moves the needle in the near term. But in the unfortunate event of a breach, this kind of coverage could literally save your company. Not only that, but the process of qualifying for cyber risk insurance will prompt a detailed dive into your company’s cybersecurity operations. You’ll have to level up, just to walk through an insurer’s door.
Once you qualify, you’ll know that your company is meeting all the recommended standards for cyber security mandated by the National Institutes for Science and Technology, as well as any regulators in your industry. It’s smart protection and a good exercise. Trust me—they’ll thank you later.
Conducting a Thorough IT Policy Review
Many companies, especially smaller ones, don’t realize the sheer magnitude of documentation the average IT operation should have on file. This kind of documentation covers everything your IT operation covers, from proper usage policies to disaster recovery policies to cyber security procedures. Everything you do should be documented for several important reasons, including:
- Continuity for your staff, so everyone understands how your operations work
- Proof for your cyber risk insurers, so they have evidence of your proper cybersecurity protections, tools, procedures, and patching.
- Consistent system record-keeping procedures, for historical review in the case of a breach
- Solid procedural expectations, so employees understand what’s required of them while on company devices, at home, or in the office
- A disaster response plan, so your staff and vendors know what to expect and what their role is in the event of an outage
- Proof for potential vendors or clients, who may want to see in writing what your cybersecurity protections are in the event they may want to start working with you
The process of conducting a policy review can be enormously productive for your organization. It’s a great way to discover the gaps in your processes and can be a catalyst for new change initiatives. We usually recommend a policy review every few years to ensure your processes are keeping up with the size of your systems.
Establish New Key Performance Indicators for your IT Division
Every company has its “big, hairy, audacious goals” for their company. Why not have them for your IT organization?
The goals you choose for your IT operation will have a lot to do with the goals of your company itself. For instance, how fast does your system need to run to provide optimum service levels for customers visiting your online shop? Maybe your goals might be around cyber security and lowering the overall security incidents in your company for the year. Perhaps you want to decrease your equipment spend by ten percent, improve employee scores on cybersecurity training tests, or lower the time it takes to resolve IT tickets.
Truth is, there are lots of KPIs you can set depending on your priorities. Creating reporting structures around those KPIs will help move that metaphorical needle and build trust among your key internal constituents. It’s a great way to hit the ground running as an executive.
Hire the High-Level Strategic Help You Need
If you don’t have this kind of strategic leadership already in your IT department, this is an area where a managed serviced IT provider can really help. Choose your MSP wisely, and you’ll have a strategic partner that can help you take a top-down view of your IT operations. We love helping clients with these issues and would love to talk to you about how you can improve your systems and procedures. Contact us today for a free consultation.