IT Management for SMEs
- Details
- Created on 06 March 2009
- Written by Steve Burrows
As published in , an article explaining why the IT management methodologies, standards, expectations and pressures placed upon organisations by the IT industry are inappropriate for many small and medium-sized enterprises, and what the focus of IT management should really be in those organisations. The text is reproduced below:
IT management for the smaller business
Pick up almost any edition of Computer Weekly, Computing, or any other professional IT journal, and we read about ITIL v3, SLAs, , , the ISO standards, , all the hot topics that pre-occupy the IT leaders and managers working to deliver large, complex information systems to large, complex businesses.
If your job title is IT director or systems manager you will receive regular phone calls, junk mail and spam from IT suppliers offering to help you with these crucial issues. Through the IT media, suppliers, professional organisations and other information sources we are fed a continuous diet of propaganda focused on convincing us that in order to have a professional, responsive, responsible and business-facing IT function we must adopt the latest and greatest methodologies, techniques, technologies and best practices.
According to the UK department for Business, Enterprise and Regulatory Reform (BERR), in 2008, "Small and medium-sized enterprises (SMEs) together accounted for 99.9% of all enterprises, 59.2% of private sector employment and 51.5% of private sector turnover". The definition of an SME for BERR purposes is "under 250 employees": even the major proportion of "large" businesses are not mega-enterprises as most "large" enterprises have fewer than 1000 employees.
So what?
The big issues in IT, as encapsulated in most media articles, peddled by suppliers, professional organisations, and standards creators, are issues for organisations with large, complex IT. Managing 4000 desktops, 200 servers, and 200 IT staff is a very different proposition to managing a team of 10 IT staff serving a business of 200 people.
I recently asked one of the industry leaders in the exploitation of ITIL a simple question - "ITIL sounds like a good idea, but how large does the IT department need to be before it becomes viable to adopt ITIL?" His answer was 30 IT staff.
To put that in context, my own business has a headcount of about 350 computer users supported by an IT team of eight. It is not that we have simple, lightweight IT - we were one of six shortlisted by Computing Magazine for the "Most IT-Enabled Business Award" in 2005. We run heavyweight "enterprise" service, enterprise resource planning (ERP) and customer relationship management (CRM) applications, separate primary and backup computer rooms, about 30% of our IT effort is in internal systems development, we have a fully connected distributed workforce - half the IT users are field-based and rarely come to our offices. The idea of my going to my fellow board members and saying that I need to increase the IT headcount from eight to 30 in order to adopt "industry best practices" is laughable.
But this is not a pop at ITIL. There is a cut-down ITIL methodology, ITIL Light, for those who want to adopt it, but it still requires more resources than I need to support my business.
Prince and Prince2 are equally inappropriate for the SME. The concept of having a project board, a project librarian, or any of the other 20 identified job roles implicit in a full Prince2 project for the execution of a six-man-month project with a leader and a development team of two is off the wall. It implies a degree of formality, demarcation and process that is unrealistic for SMEs.
Service level agreements? I guess we have one - "Either everything is up and all employees are enabled, or we are doing our damnedest to rectify the problem". We seem to succeed - the team appears to deliver 99.9995% availability when people want to work without difficulty - power cuts excepted. I suppose I could put in a generator, but there would be little point given that the first thing to die in a power cut locally is the BT exchange. The last thing the business wants from me is a contract which defines how long we will be down, how slowly the IT function may respond to business problems etc.
There are whole bunches of "industry standards" and "best practices" I could point the finger at - anyone for ? All have been conceived to address the problems of large organisations, and singularly fail to address the needs of the smaller businesses that form more than half of UK employment and wealth creation. Our professional advisers, bankers, customers and suppliers read these standards and ask "are you compliant with so and so standard?"
There is a general expectation and considerable pressure that we all should be compliant with the standards and best practices devised to help large organisations, without consideration of the impact to the business. To put it simply - in my case, and officially at 350 heads we are a large business - compliance with the most common IT industry standards and best practices would mean such an expansion of the IT budget as to take about £2m of net profit off the bottom line. The IT industry has it wrong, in perpetually focusing on the needs of large organisations it has developed a skewed set of priorities it has lost sight of the purpose of IT, which is to enable business - not to hobble or cripple it.
So what should the IT manager of an SME be doing?
Enable the business at the lowest reasonable cost - do not skimp, give the business the systems it needs. Do not introduce systems and technologies that the business does not want. Sharepoint may be cool, but unless it is going to have a markedly beneficial effect on the bottom line you should not buy it.
Maximise uptime - if the systems are down then all of the employees attached to those systems are also down. You need sufficient resilience to ensure reasonable uptime. If the business revenue per employee is £150,000 it is not rocket science to see that each man-day of disablement is worth £750 to the business. Ten employees affected by downtime equals £7,500 lost revenue per day.
Back it up - data is the second most important asset in business, after employees. Online backup, near-line backup, off-line, offsite backup. Be paranoid about data. You can buy new boxes, rebuild the systems, reinstall software etc, but you cannot rebuild lost data. If you do not have full current backups, you do not go home until you have. Lose the data and everyone in your business will be unemployed, including you.
Think like an accountant - as a very general rule of thumb most businesses return about 10% profit. For each £1,000 you spend on IT the typical business needs to generate £10,000 of sales just to pay for that expenditure. The figures for your business will vary, but in IT we generally spend profit not turnover. Each investment in IT should be considered in the context of the net profit on the sales required to pay for it.
Grow the business - look at your team, if anyone "works for IT" they are probably in the wrong job. The role of IT is to enable the business, to help make it more profitable and give it capacity to grow. Make sure your team know what they are doing "for the business". If it is not for the business it should not be happening.
Standardise - standardisation is the single most important factor in reducing purchasing, maintenance and support costs - everyone gets the same model of PC or laptop, the same applications etc. In companies with fewer than 500 users standardisation means the difference between running a helpdesk and having a single desktop support technician.
Train the users - trained users need less support and make better use of the systems, they are more productive, and they proactively improve the business without needing an IT project for every change.
Talk - talk to every manager in the business, find out what they need, watch what their people are doing. If you think you can profitably help through the deployment of IT then do it. If they have a great idea which is uneconomic then explain the facts of life - it will cost £5,000, so it needs to generate £50,000 of additional sales - if I give it to you will you do that?
Read the standards and the guidance of "best practices". Just because, as an SME with a handful, or maybe even a dozen IT staff, you cannot practically implement them does not mean you cannot learn from them. Each one encapsulates knowledge, they form a tick-list of issues to be addressed, and in some cases they provide guidance on strategies to address those issues. I would not want to decry them, they are valuable repositories of learning, and it would be nice to aspire to them one day, as the IT director of a large organisation. Just do not slavishly adopt and follow them because the IT industry says you must. Best practice is a misnomer; standardised methodology would be a better phrase, allowing us to pick and choose the nuggets of knowledge that best suit our organisations. Standards are likewise misnamed - standards which fail to address the needs of 99.9% of all enterprises cannot be standards. So read them, be aware, pick and choose, invent "better practice". What is right is what is right for your organisation, to enable and protect the business, its employees and its customers - this is the job of IT in SMEs.
If you do all this well you will contribute to the growth and success of the enterprise. As it grows you will need more desktops, more servers, more networking, more IT professionals. And one day, with luck and an inspired businessman at the helm of the organisation, you might need such a large IT department and be doing such great projects that ITIL, Prince and other large scale methodologies become relevant and valuable tools.
Steve Burrows is IT director of Vanilla Group, and principal of business/IT management consultancy SBA