Prepare well to win over the board

Thorough preparation is the secret to winning funding for complex security projects from company boards, according to two leading IT directors.

Thorough preparation is the secret to winning funding for complex security projects from company boards, according to two leading IT directors.

Presentations are like making a film – each minute in front of the board should represent hours of research and preparatory work, said Ewan Melling, former IT director at F&C Asset Management.

“It is essential that you put effort into preparing. You might only be in front of the board for 20 minutes, if you are doing a good job. But you could be in there a long time if you have not done your homework,” said Melling, who will shortly take up a new IT director post.

He advised IT departments to spend time getting to know the board members, and to discuss issues with them, so that directors are not taken by surprise when they ask for funding.

“Find out what their attitude to risk is. Are they risk takers or are they risk averse? The hardest people to deal with are those who are risk averse. They will not make decisions; they will keep sending you back for more information,”
he said.

“Find out what sort of financial case they are looking for. Do they want a high-level plan? Do they want a detailed return on investment? Do they want to make sure you have got the best deal on the market?”

Having your business case validated by one of the big four accountancy firms can help to win over the board. “If you go through that process and they have found a few things you can improve on, that helps your credibility,” said Melling.

If the board shows some interest in technology, include a slide with a diagram, but do not use technical jargon. “They do not want to know why you have chosen one firewall rather than another,” he said.

Rorie Devine, information security director at online betting exchange Betfair, said it is vital for security staff to recognise the seniority of board members, if their bid for funding is to be successful.

“I have seen people being glib and not treating them with the respect they are used to,” he said.

Devine advised IT staff never to contradict a board member, even if they are wrong. It is better to offer to look into a matter and report back, than to challenge their authority.

Make sure you come across as enthusiastic, confident and speak with conviction, he said. “The board, like everyone else, likes to back the jockey, not the horse.

“A really common mistake is being too verbose. You really need to be concise. You should be able to make your case in four or five slides. There should be no ambiguity.”

It helps to offer board members a choice of solutions rather than impose a single option. But do not give them too many choices – two is probably the optimum number, said Devine.

If the board fails to be convinced by your presentation, your fallback position should always be to note any concerns, reassess the project, and present it again at the next board meeting, he said.

To win backing from the board for IT security initiatives, Betfair IS director Rorie Devine advises:

  • Present security projects as a way of reducing risks to the business
  • Frame security problems around developments in the business
  • Give boards a choice of solutions
  • Be transparent about costs and assumptions
  • Do not quote PR material from suppliers
  • Network with other companies and competitors to find out how they are tackling problems
  • Sell security to the board as part of compliance
  • Discuss projects with key decision makers before they are formally considered by the board
  • Anticipate security risks before they happen, rather than reacting to them afterwards

To win backing from the board for IT security initiatives, Ewan Melling, former IT director at F&C Asset Management, advises:

  • Always position security as a business issue with a security context
  • Take board meetings seriously and prepare for them thoroughly
  • Find out what sort of financial case the board expects
  • Get to know board members’ style – are they risk takers or risk averse?
  • Find out the board’s level of understanding of technology
  • Remember that presenting to the board is your opportunity to shine and surprise
  • Do not propose a solution that is over-engineered – the board will see through it
  • Keep presentations jargon-free
  • Do not promise perfection

Read more on Hackers and cybercrime prevention