What level of IT risk is acceptable for your business and what risks have you already knowingly or unknowingly accepted? These are the questions you need to be asking and answering in developing an effective and efficient IT strategy.

If businesses don’t know what they have currently, how will they confidently know that the new solutions implemented are going to deliver in the future?

A large number of businesses, especially SMEs, have accepted IT risks they were not aware of as too much emphasis is put on the IT Director to make business critical decisions relating to IT. It is essential that you decide at board level what amount of acceptable risk is right for your business before agreeing to an IT strategy that may cause significant downtime or loss of productivity to the business.

Businesses that decide to keep the management of their IT in house need to accept that they may be leaving the most critical decisions in the wrong hands. The IT Director may be great at the technical aspects of IT but the degree to which the business can accept risk is a decision that should only be taken at board level.

Outsourcing can often be a very valuable option to address business IT issues as outsourcing partners can help you understand the level of risk that is acceptable to the business and present an IT plan that appropriately manages this level of risk.

However, outsourcing too comes with its own considerations: when it comes to outsourcing IT security and disaster recovery in particular the cheapest option is typically the most favourable with the finance manager but it is more likely than not to prove expensive in the long run. By choosing the cheapest option for security and disaster recovery you may find yourself with an unacceptable amount of business downtime that could have been avoided.

The message here to all businesses is to make sure you understand what risks you have accepted – either explicitly or tacitly – in your current IT agreement, whether that be in house or outsourced and make sure these match up to the needs and expectations of your business. And make sure that IT risk remains a permanent item on the board agenda.