Small business owners have a lot to think about each day. From serving your customers to making your employees happy. Who really has the time to research IT problems? At NSI, we created this three-point short guide to provide you with actionable tips to help you understand which IT updates will be most impactful, and align best to your short and long-term objectives.

Identifying Short and Long-term Company Goals

Before your IT systems are assessed, consider how current and planned capabilities fit into both long-term and short-term company goals. A short-term goal might be to improve employee productivity or implement a new database or system that meets an immediate need. Long-term goals might be plans to expand into a new region or market or implement support for telecommuters.

For example, if your short-term business goal is to reduce your IT overhead and improve financial transparency, then your IT goal is to create transparency into IT costs and improve cost efficiency. If your business goal is to improve customer service, then your IT goal needs to ensure reliable technology availability and make sure IT services are in line with customer service needs.

Once you have prioritized your business goals, look at your IT infrastructure to identify weaknesses or impediments to success. You want to balance:

• Technology: assess your hardware and software needs, such as servers, routers, cloud services, data storage, database, and other components. Where do you need new resources, where do you need to upgrade, and which services are functioning as required?
• People: consider whether you can handle the upgrades and changes required with your current staff. Does your staff require additional training, or do you need to bring in new expertise, either by adding staff or through outsourcing?
• Processes: examine your IT infrastructure using business process modeling, matching IT capabilities to company strategy and governance, business continuity, disaster recovery, and other processes.
• Environmental infrastructure: what about elements that support operations, such as the physical building, electricity, water, and cooling? In addition, consider external components, such as building access, transportation, communications, and so forth.
• Suppliers: as you better understand your business’s IT needs, revisit your IT suppliers to make sure they can provide the services and materials necessary at reasonable terms. If they are too expensive or services prove too time-consuming or unreliable, it might be time to find new suppliers.

Determine the  IT Upgrades Necessary to Hit your Goals

Most SMBs monitor their IT needs on an ongoing basis, but that approach is usually only effective to triage simple immediate problems. They often run into the challenge of being too familiar with their own systems to consider better alternatives and they don’t have the technical background to properly map IT to the company goals.

Market research indicates that small companies spend less than 5 percent of their revenue on IT, while mid-sized companies spend 4.1 percent; however, using percentage of revenue as a guideline for IT investment can be misleading. Some companies are more technology-driven than others, depending on factors such as e-commerce revenue requirements and process automation. How ever you measure your IT spend, it’s important to keep IT upgrades in line with business objectives.

So how do you identify the IT requirements? The best place to start is by assessing bringing in an IT expert. Share your business’s goals with this person or team and then have them evaluate each your IT infrastructure  to see how it will affect your goals

IT Audit Process And Subjects

The audit process itself consists of three phases: planning, on-site review and documentation, reporting and follow-up. As part of planning, consider these five steps:

1. Identify the subject(s) for the audit.
2. Define the audit objective (e.g., cost savings, risk assessment, and so on).
3. Set the scope of the audit (i.e., how deep do you want to go; how long should it take?)
4. Create a pre-audit plan.
5. Develop audit procedures and steps for data gathering and assessment.

The subjects of the audit should include various IT systems that directly impact business operations, including:

• Data Security: the IT audit should not only inventory possible security issues but prioritize them, identifying those that need immediate attention versus those that pose less of a threat.
• Data Loss Prevention:it should assess where sensitive data resides, how it is used, and whether it is exposed at any time.
• Business Continuity: identify those systems truly critical to operations and consider redundancy and recovery strategies.
• Mobile Computing: companies have to be concerned about stolen laptops and hardware, data leaks from unsecured hotspots, regulatory concerns, and more.
• Cloud Computing: it offers a number of advantages, such as the ability to add data storage and computing power virtually on demand. However, it has risks as well as rewards.
• IT Asset Management: any IT audit needs to include current service agreements, contracts, software licenses, especially as they relate to cost management. Reviewing current contracts and software licenses provide an opportunity to make sure terms are still current and appropriate.

As you complete your IT audit, you can review gaps in documentation and areas of IT responsibility. You also can create a report on the items that require attention and start to develop a plan and timeframe to implement necessary IT changes.

Once the gaps in your IT infrastructure as they relate to short-term and long-term business goals are clear, it’s time to develop a prioritized plan of action.

The plan should determine which issues are a matter of business management versus IT execution, and which problems are strategic as opposed to tactical.