Large companies know they need an IT risk assessment to show that they are secure and to uncover any problems which expose the enterprise to risk. The large four consulting firms charge upwards of $500 per hour, and produce detailed reports summarizing their findings. The SMB has the same risk exposure – but not the budget – to warrant such an expense in spite of the potential risk but most SMBs have never had an IT assessment. They simply assume everything is fine until there is a problem and/or major crisis. At best, this can cause a minor disruption; at worst, it’s a severe financial hardship, without access to corporate records, billing, and lost data – and it’s a huge expense to get the operation back up and running.
There are a number of ways consultants can sell IT Health assessments to their clients. Some VARs provide a short assessment at no charge, some provide an assessment for a nominal hourly charge, and others charge a fixed price.
The short assessment uses select topics such as backup and recovery, software updates, passwords and security. While this is an obvious starting point, many consultants do find shortcomings in this area, with either incomplete policies or polices and instructions not being properly followed. Once clients see the results of a short two to three hour assessment – and the potential negative impact on their business – it is easier to convince them to spend a few thousand dollars on a more detailed and thorough assessment to ensure everything is working correctly. It is also a safe option to offer a money back guarantee if no issues are found, an approach which reduces the risk of the assessment. Unless the client’s operation is exceptional, issues will be identified during the assessment. It is not uncommon to find problems that will cost in the five to six figure range over a one to three year period. The VAR conducting the assessment is in the most advantageous position to supply all of the products and services. Any fees or time invested in the assessment is offset by revenues generated from products and services by a factor of 10 to 100 times or more.
Any objection a client may have needs to be countered by what happens if an assessment is not done. You don’t know what you don’t know. But, if you did know, and if you could prevent a major problem from happening the savings could be huge. Clients may have organizational shortcomings like inadequate written policies and procedures, or human errors where stated policies are not being followed because of poor training and or oversight. A technical failure of critical hardware components could result from old equipment, outdated software or viruses. There might be a deliberate attempt to steal, defraud, delete or prevent access to corporate data which results in a major disruption and financial loss to the company. So, why take the risk?
The IT Health for SMB assessment produces two results for the client. First, it provides feedback (simple overview or very detailed) of how the client’s IT operation is performing, with recommendations for improvement. Second, it provides a written record that an assessment was completed, when it was completed, who completed it, and the subsequent action items. This demonstrates that the client is taking appropriate steps to ensure the effectiveness of their IT operation in the same manner financial audits are completed to demonstrate proper business practices are being followed and that there is no fraud or security breaches. Companies and individuals can be liable for negligence for not providing proper management oversight.
Often, the best time to approach a client about an assessment is after a major problem has occurred with a negative financial impact to the business. In most cases, things could have been worse – and in many cases, problems could have been minimized if a contingency plan would have been in place. If IT assessments are not conducted at least occasionally, there is a high probability that another major problem will occur with another negative, financial impact to the business.
One of the VAR Office Suite partner tools is called FuseExpertise. It is a patented Software-As-A-Service (SaaS) platform for assessing, creating, sharing and managing subject matter expertise and intellectual property. The technology is unique in that it transforms simple text into a framework that dramatically improves retention, execution and accountability.
The FuseExpertise IT Health for SMB allows VARs and IT managers to conduct their own IT assessments, plus capture and share their own expertise. The content in this library allows companies to benchmark against over 150 IT Topics. They can score, assess, budget, set priorities and improvement plans. Users can also capture their own expertise with checklists, procedures processes and guides and make them operational and reviewable by establishing employee, date, asset, and event routines. For more information complete the contact form on www.varofficesuite.com or visit www.fuseexpertise.com or contact Keith Taylor firstname.lastname@example.org