Pick up almost any edition of Computer Weekly,
Computing, or any other professional IT journal, and we read about
ITIL v3, SLAs,
Prince2,
green datacentres, the ISO standards,
desktop virtualisation,
outsourcing all the hot topics that pre-occupy the IT leaders
and managers working to deliver large, complex information systems
to large, complex businesses.
If your job title is IT director or systems manager you will
receive regular phone calls, junk mail and spam from IT suppliers
offering to help you with these crucial issues. Through the IT
media, suppliers, professional organisations and other information
sources we are fed a continuous diet of propaganda focused on
convincing us that in order to have a professional, responsive,
responsible and business-facing IT function we must adopt the
latest and greatest methodologies, techniques, technologies and
best practices.
According to the UK department for Business, Enterprise and
Regulatory Reform (BERR), in 2008, "Small and medium-sized
enterprises (SMEs) together accounted for 99.9% of all enterprises,
59.2% of private sector employment and 51.5% of private sector
turnover". The definition of an SME for BERR purposes is "under 250
employees": even the major proportion of "large" businesses are not
mega-enterprises as most "large" enterprises have fewer than 1000
employees.
So what?
The big issues in IT, as encapsulated in most media articles,
peddled by suppliers, professional organisations, and standards
creators, are issues for organisations with large, complex IT.
Managing 4000 desktops, 200 servers, and 200 IT staff is a very
different proposition to managing a team of 10 IT staff serving a
business of 200 people.
I recently asked one of the industry leaders in the exploitation
of ITIL a simple question - "ITIL sounds like a good idea, but how
large does the IT department need to be before it becomes viable to
adopt ITIL?" His answer was 30 IT staff.
To put that in context, my own business has a headcount of about
350 computer users supported by an IT team of eight. It is not that
we have simple, lightweight IT - we were one of six shortlisted by
Computing Magazine for the "Most IT-Enabled Business Award" in
2005. We run heavyweight "enterprise" service, enterprise resource
planning (ERP) and customer relationship management (CRM)
applications, separate primary and backup computer rooms, about 30%
of our IT effort is in internal systems development, we have a
fully connected distributed workforce - half the IT users are
field-based and rarely come to our offices. The idea of my going to
my fellow board members and saying that I need to increase the IT
headcount from eight to 30 in order to adopt "industry best
practices" is laughable.
But this is not a pop at ITIL. There is a cut-down ITIL
methodology, ITIL Light, for those who want to adopt it, but it
still requires more resources than I need to support my
business.
Prince and Prince2 are equally inappropriate for the SME. The
concept of having a project board, a project librarian, or any of
the other 20 identified job roles implicit in a full Prince2
project for the execution of a six-man-month project with a leader
and a development team of two is off the wall. It implies a degree
of formality, demarcation and process that is unrealistic for
SMEs.
Service level agreements? I guess we have one - "Either
everything is up and all employees are enabled, or we are doing our
damnedest to rectify the problem". We seem to succeed - the team
appears to deliver 99.9995% availability when people want to work
without difficulty - power cuts excepted. I suppose I could put in
a generator, but there would be little point given that the first
thing to die in a power cut locally is the BT exchange. The last
thing the business wants from me is a contract which defines how
long we will be down, how slowly the IT function may respond to
business problems etc.
There are whole bunches of "industry standards" and "best
practices" I could point the finger at - anyone for
ISO 27001? All have been conceived to address the problems of
large organisations, and singularly fail to address the needs of
the smaller businesses that form more than half of UK employment
and wealth creation. Our professional advisers, bankers, customers
and suppliers read these standards and ask "are you compliant with
so and so standard?"
There is a general expectation and considerable pressure that we
all should be compliant with the standards and best practices
devised to help large organisations, without consideration of the
impact to the business. To put it simply - in my case, and
officially at 350 heads we are a large business - compliance with
the most common IT industry standards and best practices would mean
such an expansion of the IT budget as to take about £2m of net
profit off the bottom line. The IT industry has it wrong, in
perpetually focusing on the needs of large organisations it has
developed a skewed set of priorities it has lost sight of the
purpose of IT, which is to enable business - not to hobble or
cripple it.
So what should the IT manager of an SME be
doing?
Enable the business at the lowest reasonable cost - do not
skimp, give the business the systems it needs. Do not introduce
systems and technologies that the business does not want.
Sharepoint may be cool, but unless it is going to have a markedly
beneficial effect on the bottom line you should not buy it.
Maximise uptime - if the systems are down then all of the
employees attached to those systems are also down. You need
sufficient resilience to ensure reasonable uptime. If the business
revenue per employee is £150,000 it is not rocket science to see
that each man-day of disablement is worth £750 to the business. Ten
employees affected by downtime equals £7,500 lost revenue per
day.
Back it up - data is the second most important asset in
business, after employees. Online backup, near-line backup,
off-line, offsite backup. Be paranoid about data. You can buy new
boxes, rebuild the systems, reinstall software etc, but you cannot
rebuild lost data. If you do not have full current backups, you do
not go home until you have. Lose the data and everyone in your
business will be unemployed, including you.
Think like an accountant - as a very general rule of thumb most
businesses return about 10% profit. For each £1,000 you spend on IT
the typical business needs to generate £10,000 of sales just to pay
for that expenditure. The figures for your business will vary, but
in IT we generally spend profit not turnover. Each investment in IT
should be considered in the context of the net profit on the sales
required to pay for it.
Grow the business - look at your team, if anyone "works for IT"
they are probably in the wrong job. The role of IT is to enable the
business, to help make it more profitable and give it capacity to
grow. Make sure your team know what they are doing "for the
business". If it is not for the business it should not be
happening.
Standardise - standardisation is the single most important
factor in reducing purchasing, maintenance and support costs -
everyone gets the same model of PC or laptop, the same applications
etc. In companies with fewer than 500 users standardisation means
the difference between running a helpdesk and having a single
desktop support technician.
Train the users - trained users need less support and make
better use of the systems, they are more productive, and they
proactively improve the business without needing an IT project for
every change.
Talk - talk to every manager in the business, find out what they
need, watch what their people are doing. If you think you can
profitably help through the deployment of IT then do it. If they
have a great idea which is uneconomic then explain the facts of
life - it will cost £5,000, so it needs to generate £50,000 of
additional sales - if I give it to you will you do that?
Read the standards and the guidance of "best practices". Just
because, as an SME with a handful, or maybe even a dozen IT staff,
you cannot practically implement them does not mean you cannot
learn from them. Each one encapsulates knowledge, they form a
tick-list of issues to be addressed, and in some cases they provide
guidance on strategies to address those issues. I would not want to
decry them, they are valuable repositories of learning, and it
would be nice to aspire to them one day, as the IT director of a
large organisation. Just do not slavishly adopt and follow them
because the IT industry says you must. Best practice is a misnomer;
standardised methodology would be a better phrase, allowing us to
pick and choose the nuggets of knowledge that best suit our
organisations. Standards are likewise misnamed - standards which
fail to address the needs of 99.9% of all enterprises cannot be
standards. So read them, be aware, pick and choose, invent "better
practice". What is right is what is right for your organisation, to
enable and protect the business, its employees and its customers -
this is the job of IT in SMEs.
If you do all this well you will contribute to the growth and
success of the enterprise. As it grows you will need more desktops,
more servers, more networking, more IT professionals. And one day,
with luck and an inspired businessman at the helm of the
organisation, you might need such a large IT department and be
doing such great projects that ITIL, Prince and other large scale
methodologies become relevant and valuable tools.
Steve Burrows is IT director of Vanilla Group, and principal
of business/IT management consultancy SBA