Feeds

Show me the money!

Uncovering the financial aspects of IT

  • alert
  • submit to reddit

SANS - Survey on application security programs

Workshop IT costs money, and the job of any CIO, IT director or manager will include some element of balancing the books. In their simplest form, budgets split across money for new acquisitions and one-off purchases, and money to be spent keeping things going, covering everything from contract renewals and staffing, to spare parts and toner cartridges.

The former we refer to as capital expenditure or Capex, and the latter, operational expenditure or Opex. Now, every pundit and his dog like to think they know all about these dimensions, and they are sprinkled onto articles like condiments, particularly in times (like now) when money is harder to come by. Often they are often treated like alternatives, whereas the reality is naturally much more complicated.

Not least because of the human quality called “discretion”, and the reality that at the beginning of a budgetary year, it is almost impossible to predict how things are going to unfold. We’ve learned to grow wary of spending plans for anything further afield than the next two quarters, for example – and it was with little surprise that we all saw the massive impact of deferrals in spending in 2009.

Similarly, what goes down can go up – where a clearly justifiable, yet unexpected need is identified, money does seem to appear. The importance of a solid business case cannot be underestimated – I can remember rushing in too soon to see my Finance Director, to ask for some extra cash (I think it was to pay for management software). He asked a very simple question – “Do we really need it?” and when I was unable to give a straight answer, that was the end of that.

Business cases do not have to be inch-thick documents that cover every aspect. But they do have to be able to answer some pretty basic questions, of which “do we really need it” is one. Other questions include:

• What else has been considered and ruled out?

• What stands to gain from the acquisition, and by how much?

• How can success be maximised?

• What issues are going to prevent things from working, and how can they be avoided?

Much of a business case hinges on the term “value”, which can be hellishly difficult to pin down. I generally revert to the equation first introduced to me by a down-to-earth business consultant – that value = benefits - costs. Which sounds obvious, in hindsight – but it also depends on having a clear understanding of the business benefits, together with a good overview of all the costs involved.

Not everything will even reach business case stage, of course. Just as in life, running IT is a constant case of juggling priorities and dealing with the more urgent requirements, often at the detriment of things that might be more important. It is no coincidence that much IT marketing follows the “He who shouts loudest” model, in the hope that certain agendas will be pushed up the priority stack and perhaps get signed off.

Meanwhile, the day to day running of IT continues as it should. Several factors mean that financial prudence doesn’t end on the day after deployment – not least that nothing is forever. Over time, as the world keeps turning and the unexpected happens, the effectiveness of IT services decreases. As we saw late last year for example, the current refresh rate for x86 servers is generally agreed (by vendors and businesses) to be about four years, for example.

IT has a natural lifetime, beyond which service calls start to go up, and the costs of maintenance begin to exceed the benefits achieved in monetary terms. Of course, it would be good to spot when this point is being approached. But often it is easier to plan the replacement/upgrade in advance, so that new systems can be in place before the edge of the cliff is reached.

Fundamentally, keeping the IT infrastructure going is little different to managing a pool of assets. Whether a certain element of IT is exists in-house or is bought in as a service, whether it is operated by employees or contractors, whether it is funded in a single payment that must then be amortised, or leased over time, all these things will make a difference to the overall cost of each service in the portfolio.

We’re not using the word “service” lightly here. The “advanced class” of IT economics builds considers IT services not just individually, but in terms of the way the portfolio as a whole brings value to the business. While this does bring things back to the balance sheet, managing the portfolio is as much about understanding the relevance of each IT service to the business need, as its tangible costs. This boils down to seeing IT services from the business perspective, which is not always as straightforward as it sounds.

The portfolio needs to be kept up to date, sure, and it is important to work at the level of individual assets particularly at their creation, but also when the time comes to retire them. To be blunt, if a service is neither relevant nor efficient, what the heck is it still doing there?

There’s more we could talk about here – for example whether it makes sense to charge services back to the business (quick tip: don’t try it unless you’re already on top of managing IT as a portfolio). But what IT finance fundamentally boils down to, is that single criterion of understanding the value it brings to the business. Get that right, and the rest will fall into place. Get it wrong, and you may find yourself forever chasing after the money.

Combat fraud and increase customer satisfaction

More from The Register

next story
WTF happened to Pac-Man?
In his thirties and still afraid of ghosts
Reg man builds smart home rig, gains SUPREME CONTROL of DOMAIN – Pics
LightwaveRF and Arduino: Bright ideas for dim DIYers
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Apple patent LOCKS drivers out of their OWN PHONES
I'm sorry Dave, I'm afraid I can't let you text that
Microsoft signs Motorola to Android patent pact – no, not THAT Motorola
The part that Google never got will play ball with Redmond
Slip your finger in this ring and unlock your backdoor, phone, etc
Take a look at this new NFC jewellery – why, what were you thinking of?
Happy 25th birthday, Game Boy!
Monochrome handset ushered in modern mobile gaming era
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.