Before Approaching The Board With An IT Proposal​

When Should You Approach The Board With an IT Proposal

Before Approaching The Board With An IT Proposal

When Should You Approach The Board With an IT Proposal

Every company wishes to be profitable, and in their pursuit of profits, it is not uncommon for businesses to push IT needs aside. As a CTO or IT manager of your company, it is your job to make sure the company IT requirements, both long and short term, are met by pitching IT proposals to the board.


This often requires you to stand in front of the Board of Directors and explain just why you need new software, new devices, new frameworks, new workstations, and above all, why cybersecurity should be more detailed than just having firewalls.

Most of the time, however, the board might not be aware of just how detrimental it can be to push these needs aside, and that it can put the future of the company at stake, especially if there’s a data breach. 


What To Think About:

Your IT proposal idea – investing in a new encryption system for example – might seem like a logical choice, but never forget that staff, time, and money are limited, so the board will be very selective with their approval. 

Most IT proposal ideas come to you from observing daily work and seeing how it can be improved. For your proposal to be successful, you will need to define a problem that exists and then propose your solution. For example, you find that you don’t have a good overview of how data is shared within your company and who has access to it, so you’re looking for a security solution that will categorise data, restructure access, and give you a central hub from which you can monitor everything.

To get approval, you will always need to include a detailed project description, as well as the benefits, costs, plan and time scale, risk assessment, and resources needed for it. 


Know Your Audience

Before you even approach the board, learn a thing or two about the members: 

  • What kind of background are they coming from? HR, Finance etc.
  • What are their stances on current IT security systems? How much do they use the current system?
  • Are any of them from an IT background or a sector related to IT? How much will they understand? 
  • How affected will they be by your proposed changes? Will it make their lives easier or cause a longer process for them?
With this in mind you’ll know how to tailor your IT proposal to talk specifically to them and foresee any pain points that may come up and address them first. 

A Matter Of Perspective

You then need to consider the board’s point of view when it comes to your proposal and where the company is right now. If the company is looking at growth, innovative proposals will probably be better received. On the other hand, if the company is struggling, on the essentials will be considered. You’re likely to get something like the following three questions no matter the perspective: 

  • How big of an impact will the proposal have on the budget? 
  • How much risk is involved for the company, with or without the proposed implementation? 
  • How fast will they see the investment returned?  (or how quickly will the protection be in place) 

Remember To Take Small Steps

One of the biggest mistakes you can do is present an IT project that will require a complete overhaul of all processes and operations. These overhauls are disruptive to regular operations and are most often disapproved because business could very likely suffer in all areas.

Rather than present a complete reorganisation of the business, unless it’s absolutely essential, break it down into smaller projects and propose different, less-impactful stages with a long-term goal in mind. 


Speak Their Language

Your next step should be finding a way to present your solution so that it’s in line with company goals. The crucial elements of the project that you have to include are as follows: 


  • What is the background of the current problem? Present in detail what the problem is about; for example, how does data access affect the risk of a data breach? Provide statistics on data breach costs and lack of technology to detect it early. 

  • How will your proposal solve that problem? List goals, objectives, and expected outcomes. If possible, offer a complete solution that will track data access in real-time and detect anomalies.

  • What are the pros and cons of your solution? What are the project strengths, and what weaknesses do you expect? 

  • Can this solution be adjusted as needed? Research reliability and scaleability. 

  • What is the time scale of the project? 

  • What kind of impact will it have on operations?

  • What are the projected costs? Consider the initial costs for implementation and the recurring costs afterward. Also, present how much projected savings your proposed implementation will bring in the long run. 

Without a detailed breakdown of such information, the board will have a hard time determining whether the project is actually worth it. To put it in perspective, explain how high the risk of NOT implementing the solution really is. Having your solution implemented means a data breach can be completely avoided. Without a solution that classifies and protects data, the costs will be huge and can ruin the company. 


ROI and risk assessment are the deciding factors, so your IT proposal should emphasise current costs, new project costs, savings, profits, and how your solution lowers future business risks. If you have that, you will get approved easily. 

Quicker IT & CYBER Budget Approvals

When technology meets 'bottom line'. There's Boardish.

Get the pragmatic guide to cyber risk quantification