These are tough times. Over the last decade you have most likely become used to some kind of more-or-less stable basis for how your business operates. Sorry, but that's all about to change because the economy is in serious trouble.
If you don't believe me then carry on as you are and good luck to you. On the other hand, if you are cautious and conservative you might like to consider what I'm about to outline.
I contend that despite decades of everyone and his analyst brother espousing strategic thinking in information technology as a better approach than reflexive tactical responses, the reality for many organisations is that most of you have been driven to what might be best described as a set of sub-optimal solutions.
This started when you saw a fire that IT needed to address and you put it out. Then you saw another fire and another and another and so you went around putting out each one in turn. In no time at all you could point to having successfully dealt with scores of fires but there was a big problem: Each extinguished fire left its unique footprint that wasn't connected to any other footprint.
Yes, indeed! You had created the silo problem: Lots of isolated pockets of technology. You now had (and probably still have) a crazy patchwork of systems and services that runs on the edge of chaos. Now every system change of any consequence has knock-on effects that multiply the cost of management and make stability a nice fantasy.
So, what is the solution? That's easy, it's risk management. There isn't one aspect, any single function or operation, of any organisation that doesn't have profits and losses associated with its successful prosecution. In addition, there are costs associated with its potential failure to operate correctly.
Say you have a warehousing operation. It has costs associated with receiving, storing, retrieving and shipping whatever it is that it handles. You can't operate without a warehouse, so it has a real, quantifiable value.
On the other hand there are risks associated with warehousing that lie in things such as not being able to receive incoming goods efficiently, taking too long to find goods that have been stored or not being able to find goods at all, goods getting damaged in storage, . . . there are all sorts of risks and each has a quantifiable value.
And there's my central point — if you can't quantify your risks then how can you possibly figure out where the real fires are that need to be put out?
What risk analysis gives you is a cost benefit model. For every workflow (workflow is really the only thing that matters because no step or process in an organisation is isolated from the overall flow of business) there's a value of operation and a range of costs of failure (I say "range" because if something goes wrong then, at the least, workflow could pause and, at the worst, it can catastrophically stop).
Your job is to determine and evaluate every failure mode and associate costs and probabilities with each one. When you've done this exercise for every workflow in the organisation, you will then be in a position to rank the risks in order of value and likelihood.
Now you, oh wickedly smart IT guy, can look at your budget and weigh the value and risks of every operation and determine where your limited funds should be spent — in other words, how to get the biggest bang for your IT buck.