IT Budgeting

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free
download.

IT Budgeting

by James G. Barr

Docid: 00018035

Publication Date: 2208

Publication Type: TUTORIAL

Preview

Central to the planning and execution of an enterprise’s information
technology (IT) strategy is the IT budget – the funds allocated for the
development, acquisition, maintenance, and management of IT systems and
services. The IT budget is generally divided into three expense
categories: (1) capital or fixed asset expenses, including servers,
storage systems, switches, routers, desktops, laptops, mobile devices, and
longtime software licenses; (2) operating expenses, including salaries,
maintenance services, technical support, and cloud subscriptions; and (3)
project expenses, including application development, cloud migrations, and
hybrid work infrastructure deployment.

Executive Summary

[return to top of this
report]

Central to the planning and execution of an enterprise’s information
technology (IT) strategy is the IT budget, or the funds allocated for the
development, acquisition, maintenance, and management of IT systems and
services.

Related
Faulkner Reports

Crowdfunding Tutorial

Measuring and Reducing
Total Cost of Ownership Implementation

The IT budget is generally divided into three expense categories:

Capital, or fixed asset, expenses, including servers, storage
systems, switches, routers, desktops, laptops, mobile devices, and
longtime software licenses.
Operating expenses, including salaries, maintenance services,
technical support, and cloud subscriptions.
Project expenses, including application development, cloud
migrations, and hybrid work infrastructure deployment.¹

Under ideal circumstances, the size of the IT budget would be determined
by summing the projected IT capital, operating, and project
expenses. More commonly, however, the IT budget is either:

A fixed percentage of overall enterprise spending (in the past,
usually three to five percent); or
The previous year’s IT budget plus or minus a small increment.

This approach to IT budgeting reflects the perspective that IT is a “cost
center,” i.e., a non-revenue-generating. In this context, IT
spending should be contained, if not minimized.

While the chief information officer (CIO) should be mindful of how much
money her department will likely receive from other enterprise executives,
the CIO should fashion her initial budget purely based on IT needs. If, ultimately, spending cuts are required, the CIO will be positioned to
explain the impact of such cuts and argue for additional funds. If the IT department remains underfunded, the CIO will be positioned to
make smart budget cuts, postponing or canceling projects, or
changing their scope.

Importantly, the IT budget should be a flexible instrument, capable of
accommodating changing business conditions. In 2020, for example, no
one could have predicted that a coronavirus pandemic would empty
enterprise offices and compel the adoption of a remote or hybrid work
environment.

Non-IT IT Budgets

While not the subject of this report, analyst Mary K. Pratt reminds us
that “not all IT spending falls within the IT department.” Past
studies have revealed that “35 percent to 50 percent of an [enterprise’s]
overall expenditure on technology is controlled by business divisions
others than IT.”²

Budget Optimization

[return to top of this
report]

The first step in preparing an IT budget is to optimize current spending
patterns:

Eliminating wasteful spending, like spending on excess software licenses
Embracing lower-cost operations, like replacing on-premise IT services
with their cloud counterparts

For starters, consider the following:

Software Licenses

Seemingly a never-ending problem, the absence of effective software
license management (SLM) continues to plague IT departments, especially
large enterprise departments. The CIO should appoint a small team to
inventory enterprise software and software licenses:

Canceling licenses for unused software
Acquiring licenses for "improperly-procured" software
Negotiating discount license agreements for heavily-used software

These actions will normally result in a reduction in the overall software
spend.

Cloud Migration

With the cloud continuing to grow in both size and substance, more
on-premise services like disaster recovery, network services, and process
automation are becoming cloud-eligible, with the effect that CIOs will
soon have to justify any local IT spending. The CIO should determine – proactively – which on-site operations are
good candidates for cloud conversion, and initiate migration activities as
appropriate.

Vendor Management

In addition to full-time employees, IT departments are supported by a
variety of third-party vendors, including:

Hardware, software, and materials suppliers
Managed services providers
Supply chain partners
Consultants

The CIO should assess – at least annually – the performance of these
vendors and, in the process:

Demand compensation for service delivery failures (per the applicable
service level agreements);
Remove and replace any vendors with a history of sub-par service; and
Expand and diversify the vendor pool to enable more agile vendor
management.

Maintaining Relevance

The IT department, like all enterprise departments, exists to serve the
interests of the enterprise – a reality the IT budget should reflect. As the Dynamic Solutions Group observes, “An IT budget shouldn’t just be
a laundry list of tech purchases that would be nice to have. Instead, it
should take into consideration the company’s objectives.
By aligning budgeting processes with your company goals, you can better
prioritize spending. For instance, if increasingly
sophisticated ransomware is a recurring problem, you may have to set aside
a large portion of your budget to implement a holistic cybersecurity
strategy. This could mean investing in next-generation firewalls,
intrusion prevention systems, anti-malware software, data backups, and
rigorous security training.

“Your budget should also account for long-term goals that are broken up
into smaller expenditures. Let’s say you have plans to implement a
permanent hybrid work environment. An appropriate IT budget to
achieve this would consist of investments in cloud-based productivity
apps, mobile device management software, company-issued laptops or cloud
PCs, and business messaging platforms.”³

Workforce Deployment

It may seem obvious, but the experience and expertise of IT employees
should correspond to the current business and technical needs of the IT
department. That’s why, in this decade, you’re more likely to find Python
programmers on staff than those programmers who create COBOL code.

While never a pleasant task (given the specter of potential transfers and
layoffs), the CIO should identify critical IT staffing needs and adjust
the IT workforce mix accordingly, adding, for example:

Cybersecurity analysts (including ethical hackers)
Data scientists
Compliance analysts
Subject matter experts (as appropriate):

Cloud computing
Machine learning
Internet of Things
Edge computing
5G communications

Budget Orphans

[return to top of this
report]

There are certain elements of IT operations and management that are often
neglected – or, at least, undervalued – during the budgeting
process. The CIO should address these “budget orphans” as a means
of:

Raising awareness of their overall importance; and
Gaining, at minimum, subsistence-level funding.

Project Management

Much of the work of the IT department involves projects – projects which
frequently fail (or produce sub-standard results) owing to the absence of
proper project management. To ensure better results, the CIO should
establish a Project Management Office (PMO) within the IT department.

Personnel Training

Information technology is constantly changing, meaning that IT techs
require periodic training – and retraining – within their
specialties. The CIO should set up a large and inclusive IT training
and certification budget to ensure all techs are properly qualified and
credentialed.

Figure 1. Sample IT Training Class

Source: Wikimedia Commons

Contingency Planning

The world is a dangerous and disruptive place, with each day bringing new
disasters, some natural like hurricanes and some manmade like ransomware
attacks. Since disasters are unpredictable – and, in many cases,
unpreventable – the CIO should ensure the development, maintenance, and
testing of three specific IT contingency plans:

A Disaster Recovery Plan (DRP) – The
DRP provides for the physical and digital recovery of shared information
infrastructure like data centers and telecommunications networks.

An Incident Response Plan (IRP) – Also
known as a crisis management plan, the IRP provides enterprise
stakeholders (employees, customers, business partners, emergency
management officials, the media, etc.) with up-to-date information about
the status of recovery and business operations.

A Business Continuity Plan (BCP) – The
BCP provides for the continuous operation or rapid recovery of critical
business functions until recovery operations are complete and normal
business operations are restored.

IT Inventory

The CIO is responsible – and accountable – for managing the enterprise’s
IT infrastructure. Consequently, knowing the nature of that
infrastructure is vital. In recent years, keeping track of IT assets
has been rendered more difficult due to influences such as:

New asset types, like mobile devices and USB drives
New asset categories, like the Internet of Things and edge devices
New asset acquisition paradigms, like “Bring Your Own Device” (BYOD)
and “Shadow IT"

The CIO should supervise an annual IT asset inventory – hardware,
software, and services – and administer the inventory through a recognized
IT Asset Management (ITAM) solution.

Patch Management

Software, like all things in life, isn’t perfect. It has flaws; and
when these flaws are identified, they must be corrected by the software
vendor. If a flaw is significant, wide-ranging, or foundational, the
vendor may furnish a replacement release, a whole new version of the
software that fixes the flaw and may also provide new or improved features
and functions. In most cases, however, the vendor will simply supply
a “patch” or small corrective software update. While a vendor may
issue a single patch to address a single flaw – especially if the flaw is
disrupting customer operations – the more normal practice is to issue a
patch package, a collection designed to fix a variety of detected
flaws. Microsoft, for example, provides Windows users with regular
operating system updates – groups of patches designed to fix functional
problems or, more often, eliminate security exposures.

Security breaches are often associated with the failure of IT departments
to promptly apply vendor patches. Recognizing the risk of not
applying patches, the CIO should designate a small dedicated team to
perform patch management operations and oversight.

Data Backup

Once considered a routine – and fairly straightforward – systems
management discipline, data backup has become much more complicated with:

More data to manage (including Big Data)
More types of data (including audio, video, and unstructured data)
More types of data collectors (including smartphones and other edge
devices)
More types of backup collectors (including USB drives and the cloud)

Although always important, in recent years, data backup has assumed a new
and increasingly-vital dimension, as it provides the only reliable method
of recovering data and restoring operations in the wake of a ransomware
attack.

The CIO should guarantee that data backup and recovery operations are timely,
comprehensive, and fully-funded.

Robotic Process Automation

Shining brightly on the business process reengineering (BPR) spectrum,
the Association for Intelligent Information Management (AIIM) defines
robotic process automation (RPA) as “the term used for software tools that
partially or fully automate human activities that are manual, rule-based,
and repetitive. [RPA] tools are not replacements for the underlying
business applications; rather, they simply automate the already manual
tasks of human workers. They essentially look at the screens that
workers today look at and fill in and update the same boxes and fields
within the user interface by pulling the relevant data from the relevant
location.”⁴

The oft-cited advantages of RPA include:

Accelerating business operations – thereby enhancing business
opportunities.
Achieving greater accuracy – eliminating tedious and unnecessary
rework.
Regaining employee time – freeing employees to engage in more
productive and profitable activities.
Cutting costs – improving the “bottom line.”
Providing better customer experiences – increasing customer
satisfaction and decreasing customer churn.
Ensuring regulatory compliance – avoiding fines and other governmental
sanctions.
Improving employee productivity – enabling a more satisfying work
environment, both for employers and employees.
Permitting cross-platform work processes – leveraging the fact that
RPA is application agnostic.
Allowing scalable processes – expanding or contracting processes
according to business demand and operational capabilities.
Harnessing artificial intelligence – extending, for example, the
boundaries of automation to include unstructured data.⁵

The CIO, like the leaders of other enterprise departments, should invest in
BPR projects to affect budget reductions, thus making funds available for other
worthwhile initiatives.

Budget Preparation

[return to top of this
report]

Budget preparation, whether for IT or other enterprise departments,
should be pursued as a financial “negotiation”.

In other words, the CIO should prepare her initial budget as if no
financial constraints existed. Hopefully, this will encourage
enterprise management to at least entertain the idea of adding one or more
of the “orphaned” elements referenced above.

With respect to these elements, it might not – indeed, probably would not
– be possible, for example, to properly fund contingency planning and
robotic process automation in the first year of an expanded budget. Since contingency planning would normally take precedence, the CIO could
adopt an incremental approach, adding contingency planning in year one and
robotic process automation in year two.

If money is especially tight, the CIO can create budget space by
expediting already-planned cost-cutting actions, such as moving certain
legacy applications from private to public clouds, or delaying or
cancelling minor projects.

More than simply completing an Excel spreadsheet, be prepared that the
budget preparation process could occupy several months, as the CIO (or her
representatives):

Gather financial information
Consult with vendors
Collaborate with colleagues
Survey IT customers (both internal and external)
Haggle with C-suite executives
Tweak line item amounts

In the end, the goal is to maximize IT’s contribution to enterprise
productivity and profitability.

Web Links

[return to top of this
report]

https://www.asisonline.org/

https://www.continuitycentral.com/

https://www.iso.org/

https://www.nist.gov/

References

¹ “IT Budgeting Best Practices for 2022.” Dynamic Solutions
Group, Inc. January 24, 2022.

² Mary K. Pratt. “IT Budget (Information Technology Budget).” TechTarget. July 2015.

³ “IT Budgeting Best Practices for 2022.” Dynamic Solutions
Group, Inc. January 24, 2022.

⁴ “What Is Robotic Process Automation?” AIIM. 2019.

⁵ “Robotic Process Automation (RPA).” Automation Anywhere.
2021.

About the Author

[return to top of this
report]

James G. Barr is a leading business continuity analyst
and business writer with more than 40 years’ IT experience. A member of
“Who’s Who in Finance and Industry,” Mr. Barr has designed, developed, and
deployed business continuity plans for a number of Fortune 500 firms. He
is the author of several books, including How to Succeed in Business
BY Really Trying, a member of Faulkner’s Advisory Panel, and a
senior editor for Faulkner’s Security Management Practices.
Mr. Barr can be reached via e-mail at jgbarr@faulkner.com.

[return to top of this
report]