Costs across the projects
The unwanted news (like the above is not enough) is that this is not all. There is also a myriad of additional Operational Expenditure (OPEX) that are arising from the company-wide requirements imposed by external forces. Your organization must be also handling:
In case you are not aware there is even a new “kid on the block”: Data Protection Officer, aka DPO. Sometimes known as Chief Compliance Officer. Whose job is to “help” to firmly keep the organization in the sweet spot intersection of the three above. Choose her/him wisely.
Calculate these three into every project costs and be sure that everyone understands, what theirs “call for action” is going to cost related to Compliance, Risk and Security.
The Legacy Issue
You have inherited an IT legacy. Legacy is a weed of the IT landscape.
Slight detour. In every medium to a large company, every CTO and/or CIO life is one endless waltz with suppliers. Suppliers of energy, goods, people, and software. And they all know it, and they are waiting for CTO/CIO to get tired. They are circling and forever waiting for the right moment to insert the latest and greatest “solution” with hidden costs inside.
And they are always close to you (the CxO) so that they know your weak points. They call them very nicely: “pain points”. There is a constant stream of ideas and solutions on how to relieve you of your “pain points”. And the stream of offers.
How to take care of IT legacy, for you. Which is very often in the form of some legacy (read: ancient) IT that you can not just simply “switch off”. On one side you (the CTO/CIO) have company board demanding ever more cost-cutting, because (let’s be honest) “IT is an overhead”.
And yes they will hardly ever let you even plan a replacement. Replacement of some back end IT from mid-20-th Century. Unless you come with some “rabbit out of the IT hat”, which if you are clever enough can be some Cloud Computing solution. That is until “board security concerns” stop you, mid-air.
But it is not as bleak as that. There are “legacy system failures” waiting to happen and to be happy about. You know they will happen and you are prepared. You have done the “blame delegation” and now The Board realizes at last, “something has to be done” and all eyes are on you (the CTO/CIO hero). It is your moment to charge. Hordes of VAR’s are already circling around. They have already smelled the prey: THE BIG ORDER. Who are they exactly?
Ah. Good old Value Added Resellers aka VAR’s. Everyone thinks she/he knows how to handle them. You “just” have to be clever enough to choose the lean and hungry VAR’s which will do that 1% less in costs and offer that 1% more in services. And who will also stay in the business long enough. How long? For example, longer than your retiring date would be good enough.
Back to the big order. Even more than big orders, VAR’s do like long contracts.
Some VAR’s will do anything to assure long contracts.
But. Change inside the company IT landscape, to make it more modern and cheaper, inevitably means few legacy contracts will have to end. I knew quite a few good VAR’s to support me when I need the support most. But on the other side, I have seen situations where VAR’s have been allowed to play internal games in some organizations. That was the extent of the pressure they have bee prepared for when they realized they might lose decades-old legacy contracts in place. Never sleep with both eyes closed when VAR’s are around. Never rest.