Bottom line

PUBLISHED : Tuesday, 27 May, 2008, 12:00am
UPDATED : Tuesday, 27 May, 2008, 12:00am

IT managers need to use risk-management terms to spell out their budget and technology requirements to CEOs and chief financial officers

Justifying a significant outlay on any technology solution - be it enterprise storage or security - in a business environment where IT budgets are notoriously tight is a challenge for any organisation.

This is especially true for small and medium-sized businesses, many of which do not have the financial depth that organisations at the enterprise level enjoy.

And, if you use terabytes, heterogeneous storage platforms and thin provisioning to justify storage outlay, you are even less likely to succeed, industry experts say. They say that enterprise storage platforms should be assessed by sound business principles, such as risk.

Pierre Noel, who handles risk management and information security for computer giant IBM Corp, said the problem with going with the IT approach was that it tended to focus on the technical aspects of the solution rather than quantitatively spelling out the risks that the business might face without. And it was important to put this in monetary terms.

'You need to adopt a message and lingo that is risk management-centric and resonates with business people and the CFO. They need to have a vision of what you are spending their money on,' Mr Noel said.

He said one reason executives were so receptive to risk was as a result of legislation, such as Basel II in Europe and the Sarbanes-Oxley Act in the United States, which required companies to spell out their operational risk in their annual reports.

And, while similar legislation does not exist in Hong Kong, it is increasingly becoming a requirement among shareholders and business investors.

This sentiment was shared by Michael Chue, managing director for Symantec in Hong Kong and Taiwan. He is a strong advocate of phrasing IT infrastructure budget requests in real-world business terms.

'We definitely see this happening in the market at the enterprise level. We've been talking to CIOs in Hong Kong and Taiwan, and they see the value of this when asked by CEOs and CFOs. In the SMB space many CEOs and business owners are too focused on the bottom line and ignore business risk. So there is a lot of education that needs to take place in this end of the market - on an executive and a IT level,' he said.