CFOs need to take a deep dive into IT to understand the costs

In my first article, I looked at why CFOs should be considering managed services as a way of improving the financial and overall performance of the organisation’s all-important IT function. Once the principle of managed services has been accepted, the next step is for the CFO to take a much more detailed look at the current in-house IT department and specifically what the costs and risks are.

This article is intended to provide CFOs with some common-sense guidelines for how to proceed.

Calculate cost and risk of downtime. CFOs must understand what the cost of IT downtime really is. For example, a fast-moving consumer goods manufacturer’s ERP connects directly into the ERP systems of the retailers it supplies. If the manufacturer’s ERP is down, then it cannot receive orders from the retailer, generate picking slips and issue invoices – its business effectively ceases to function. The CFO needs to understand what each hour of downtime costs, including lost productivity and, crucially, loss of revenue.

Audit the organisation’s current IT costs. Before considering a replacement strategy, one needs to get a handle on what the current IT costs are. In our experience, most organisations have no idea what they are spending on IT, and what business value is being provided.

• Identify what is being paid on IT and telecommunication line items – these would include desktop and server support, fibre, PBX extension, antivirus, firewalls, backup and disaster recovery, and any Microsoft (and other) licences.
• Work closely with an IT specialist who can help the CFO advise on what each of these line items delivers to the business in terms of keeping the business running (uptime) and critically generating revenue.
• Perform a deep technical audit of each system component within the context of its business value. Have the necessary steps been taken to ensure the system is being properly taken care of? Are patches updated timeously? Is antivirus installed? Is redundancy built into the critical server infrastructure to mitigate the risk of system failure? Have important business applications been virtualised? Is the hardware still under warranty and being supported by the vendor? Are all applications, including firewalls, correctly configured, licensed, and backed up daily?
• Understand what the cost of supporting the IT system is, including variable costs such as replacing stolen laptops, replacing worn-out network points, project work and voice/ data costs.
• CFOs need to track down “shadow IT”, which is becoming increasingly prevalent. Driven by the easy availability of cloud services, individual business units are procuring IT services for themselves, bypassing the IT department. These costs must be factored into the audit of the existing IT, and also assessed in terms of the business’s overall risk profile.
• Determine the total cost of ownership. Essentially, this means pulling all the costs identified above, including the annual costs for repairs and support, into a single view. Other factors to include would be hardware replacement life cycles, warranty renewals, and the renewal of software licences for operating and other systems.

Once the CFO fully understands what the cost of downtime is to the business, and how much it is currently spending on IT, then he or she is in a position to determine what the IT risk is and what an appropriate amount to spend in mitigating it is.

Only then is the CFO in a position to look at different ways of doing IT:

Cloud. CFOs must take into account the operating costs of running business applications in the cloud, including the costs of a virtual central processing unit, memory, and disk space, annual support, licensing, connectivity, and VPN. It will be necessary to provide a secondary link in case the primary one goes down – if the IT system or a part of it is in the cloud, the organisation is totally dependent on its ability to link into the cloud.

Cloud has the benefit of reduced downtime as the IT infrastructure is maintained by experts and has numerous failover options. Scalability is improved and capex all but eliminated.

However, cloud’s high compute scalability comes at high total cost of ownership and might not be necessary for organisations with predictable computing needs or that can manage demand. Be aware that significant marketing dollars are being invested by the big cloud providers to present the cloud as the solution to all problems – that is simply not the case!

Hosting of your own kit in a third-party data centre. This option is a halfway house and will give the organisation a greater sense of control. It may also suit those who want to sweat existing assets. Costs associated with an on-premise data centre are replaced by predictable monthly costs for data hosting, connectivity, and security. Support and licensing costs remain.

The benefit of this option is lower opex plus reduced business impact due to power and/or connectivity failures.

Managed services. This option builds on the previous option in that the kit could be owned by the client, or wholly by the managed services provider, and it could be housed either on premise or in the service provider’s data centre. The key is that responsibility for the services is passed to the service provider, which charges a fixed monthly cost to which variable costs are added as they occur.

The benefits are significant and include a move to opex and much greater cost predictability, along with all the benefits detailed in the first article.

Hybrid approach. For many organisations, a hybrid approach makes most sense. For example, mail and collaboration applications can be most cost-effectively and reliably provided via the public cloud. No internal IT function can provide the cost structure, redundancy, and scalability that Microsoft can via Office 365. However, it can be much more cost-effective to continue hosting the business-critical applications like Syspro, SAP, Pastel and the like either in an on-premise or third-party data centre. An organisation with multiple branches would likely find that a third-party data centre made a lot of sense because if the head office is affected by load shedding, the branches can remain live and head office staff can work from home.

Having undertaken the analysis outlined in this article, the CFO is much better placed to make a rational decision based on a full understanding of the costs and benefits, as well as the risks, involved. As with most things in life, context is everything, there’s no single solution to every challenge.