CUES - Members Only

Advanced Leadership
Institute

CEO Institute

CUES School of
Applied Strategic
Management™

CUES School of
Business
Lending™

CUES School of Hot
Topics™

CUES School of Risk
Management™

CUES School of Sales
&
Service—Canada™

CUES School of Sales
and Service™

DLI™ Governance

DLI™: Strategic
Planning

CUES Advanced School
of Risk
Management™

CUES International
Leadership
Academy^™

Mark Your Calendar

Suggest a Session

Board Assessment
Facilitation

Cornerstone Advisors,
Inc.

CU Planner: A
Strategic Planning
Process

CUES eVote

CUES Executive Search
in Partnership with
JMFA ESG

CUES in CUs

CUES Management and
Staff Satisfaction
Report

Educated Investor
University

Financial Success
Suite

Forrester Research

Onsite Training
Service

REWARDChecking

ServiStar^®

Basics of Business
Lending Seminar

CEO/Executive Team
Network™

CUES Annual
Convention

CUES Director
Development Seminar

CUES Symposium 2010:
A CEO/Chairman
Exchange

Directors Conference

Effective Negotiating
Seminar Powered by
KARRASS

Execu/Net™

Execu/Summit

Frequently Asked
Questions

Mark Your Calendar

ServiStar Users Group

CUES Director
Membership

CUES Supplier
Membership

CUES Councils

Recognition Programs

CUES Golden Mirror
Awards

Frequently Asked
Questions

Subscribe to
Management

CUES Annual Buyer's
Guide

White Papers

CUES Board of
Directors

CUES Golden Mirror
Awards

CUES Members Share

CUES Net

CUES Recognition
Programs

Webinars

Council Connection

Management Magazine
Online

Mark Your Calendar

Strategic Radar

Update Your Contact
Information

CUES Tech Edge

CUES in the Community

Frequently Asked
Questions

CUES Employee Salary
Survey

CUES Executive
Compensation Survey

I am a Vendor

I am Looking for a
Vendor

CU Jobs

CUES Nexus Connection

CUES Skybox

Financial Literacy
Clearinghouse

Sites of Interest

Operation Outreach

Whitepapers

Enter the CUES
Pressroom

Executive Leadership
Team

Advertising & Sales

Councils &
Recognition Programs

Executive Education &
Conferences

Business Intelligence

Information Technology

Share Your Tech Expertise

E-Newsletter

About CUES Tech Edge

Contact CUES Tech Edge

CUES Members Only

CUES Director Members Only

CUES Supplier Members Only

Frequently Asked Questions

CUES mission is to advance the professional development of credit union CEOs, senior management and directors.

Untitled Document

Secrets From a CFO to an IT Manager

How to get your share of the budget for your IT security needs.

By Michael Vandiver

January 12, 2004

As the CFO of an IT security company, it's been my experience that many IT professionals don't get the money they want to secure their system for one simple reason: They haven't learned to communicate effectively with their CFO. To solve that problem, I share with my own staff seven simple rules that I've learned smooth the budget process for both sides. You'll find among them insights about what I look for in a budget, what makes me say no, and what makes me open my candy jar. You'll also find that if you follow these rules, you will'more often than not'get your share of the budget for your IT needs.

Rule #1: Communicate early and often. If you know you're going to have a need in the coming months, tell me now. I am constantly budgeting, and maintain a detailed 12-month rolling forecast that I update every month. If you let me know your upcoming needs in advance, you can take advantage of the process.

How early? For major purchases, let me know six months prior to the cycle; for less important needs, give me one or two months' notice. Provide quarterly updates when possible, and remember: Persistence is important. I may deny your initial request, but if you come back with more information, I'll know you're serious and will be more likely to listen.

Rule #2: Speak the language. Try not to sound like a computer manual or auditor's handbook when you talk to me. If I walked into your office and started talking about NPV, quick ratios, or double-declining balances, you'd look at me like I was out of my mind. Save the conversations about phishing, patching, sniffing, spamming, and spoofing for your staff'and, when possible, avoid technical acronyms. Express your goals in business language: assets, vulnerabilities, risks, and ROI.

Rule #3: Know the business situation. Some IT managers take last year's budget and make it the basis of next year's proposal. But times change, and so should budgets. Before you make a request, know the situation we're operating under. When times are good, I'm more likely to spend money on things that aren't necessities. But if times are tough, don't show me a seven-item budget request list with only two must-have items. I won't look at the list, and you won't even get the two items you needed.

Knowing the business situation also means taking into account external (non-IT) forces that can affect your decision:

market penetration plans,
changing industry practices or regulations and
contractual obligations.

Rule #4: Be a straight shooter. Don't pad your budget. It's essential that I trust you with budget requests. A budget is a framework for spending; it's not a checkbook. A person who is notorious for budgeting double the amount of what she really needs puts the credit union's financial decision-maker in a corner. If I can't determine the realistic picture, I'll often cut the budget in half.

Rule #5: Pass the weight test. Be prepared. I look for evidence that you've done your homework before you've submitted a request.

Get your numbers straight. Nothing destroys credibility faster than details that just don't add up.
Justify the decision. Identify those factors (e.g., price, functionality, SAS 70 ability) that led you to choose the recommended solution.
Include ROI. Determining ROI can be difficult, especially when dealing with IT & IT security. But it is possible'if you calculate the cost of any security breaches you've had in the past year.
- Calculate time spent repairing the problem.
- Translate internal time lost to cost of hourly wages and benefits.
- Estimate impact of network downtime and business lost.

Rule #6: Don't create surprises, not even good ones. What keeps me awake at night is the fear of failing to control the business. When a surprise happens, it's a sign of poor planning or poor execution. Bad surprises mean someone didn't do his job; good surprises mean someone didn't plan properly.

I rely on the forecasts of my salespeople for many of my decisions, and if those numbers are off'even in a positive way'it wreaks havoc with the budget. It also shows me they're not handling the business properly. If you see changes (good or bad) down the road, adjust your forecasts accordingly.

Rule #7: Wear your company hat. Know your objectives, and understand how they fit into corporate objectives. If you don't know, ask! You're doing yourself and your organization a disservice otherwise. Finally, as has often been said, try to spend company money like it's your own.

In the end, you may not win all the budget battles even if you follow these rules, but you'll win most of them. CFOs and IT managers live in different worlds: Yours is one of many 0s and 1s, while mine is a world of 1s and (hopefully) many 0s. Those who are able to bridge that gap are more frequently the ones who get their share of the budget at approval time.

Michael Vandiver is CFO of SecureWorks, Atlanta.