Chris Barr, Technical Director at CT, shares his expert opinion as to why companies should consider a strategic IT review in 2019
With business now in full swing in 2019, many mid-market organisations will be looking at the effectiveness of their business applications and the resilience and security of their IT infrastructure.  Most reviews of an IT environment are initiated in response to some sort of compelling event, such as a systems outage, a data breach, concerns over personnel, or issues with an incumbent supplier. However, others will simply want to ensure their IT Infrastructure has the right foundations to facilitate future growth and ensure there is a robust cybersecurity resilience strategy.
The ultimate goal is that it provides the opportunity to review the needs of the business, both immediately and in the medium to long-term. This ensures that IT decisions are being made on a significantly more strategic basis, and that these decisions are thought about in relation to the growth aspirations and goals of the organisation.
The scope of a review should cover three key areas: Findings, Risk Analysis and Recommendations.
Findings should provide an in-depth analysis of the infrastructure, including local and wide-area networks, server infrastructure, back-up and business continuity arrangements. This all-encompassing research exercise will also cover existing strategy, policies, support arrangements for users and establishing their views of the current set-up and future requirements.
Risk analysis involves an easy-to-understand benchmarking of each area of the scope of your review, which is often rated using a Red, Amber, Green (RAG) colour code, showing the comparison of your IT with the company’s peer group– namely companies of a similar size in a similar sector to the organisation.
Ideally, such a RAG should show where you currently sit on each area assessed, and show where you will be after an agreed period – the clear intention being that the colour code improves markedly over this period.
Each recommendation should be justified as to why it is being recommended, and will normally be broken down by section of the scope of the review – i.e. separate recommendations for server infrastructure, IT support arrangements.
Thinking of an IT review? Here are our ten key factors you should take into consideration
1. Strategy – it is key that any review starts by understanding your organisation’s objectives. It is impossible to align a technology strategy to an organisation without first having understood in detail their overall business goals and how that organisation is hoping to achieve them.
2. Cost – a review is typically chargeable. If the work is being given away for free or heavily discounted, it is probably not going to offer the level of detail you need.
3. Independence – for a review to be most valuable in the business world, it needs to be genuinely independent. It is important that the best interests of the customer are firmly at the forefront of the consultants mind.
4. Format – is the Strategic IT Review going to be delivered back to you in the right format for you? Do you really need a long, wordy report document? Agree the right format for you to spend your time efficiently and really understand the output.
5. Board – it is key that such a review has Board involvement and sponsorship from the outset. This means that the results/ recommendations will be aligned to your business goals.
6. Method – how will the review be conducted? Will it be on-site or remotely undertaken, or a combination of the two? How much time will be required of personnel in your organisation, and for what?
7. Interviews – for a review to have most impact, it will need to involve some one-to-one interviews with users of the IT, along with where relevant, some focus groups. This helps understand what users most need to do their jobs efficiently and effectively.
8. Information – what supporting information will you be provided with? Have a good understanding of additional information on the existing IT environment you will be provided with.
9. Timescale – how long will a review take, and what are the contingencies involved in its preparation? Is there for example, information required from third parties, such as existing suppliers of IT services?
10. Follow Up – what is the feedback loop process, and the ongoing management of the engagement with your organisation to ensure that the recommendations are successfully implemented?
