The 30-minute IT assessment for managing directors

You run a company with 50 or more employees. When was the last time you took a serious look at your IT?

Not the glance at the bill. You do that regularly. We mean the real look: What is actually going on there? What does it really cost? Where are the risks you cannot see?

If you are wondering right now. That is the answer.

Why IT assessments belong on the CEO agenda

Every year, we hold dozens of initial meetings with managing directors of Swiss SMEs. As a rule, the IT department has everything "under control". At least according to the status report. And then comes the moment when we ask three simple questions, and suddenly the room goes quiet.

Not because someone is hiding something. But because certain questions are simply never asked.

According to industry studies, only around 35% of SMEs have a documented IT strategy. That means two out of three companies are managing one of their biggest cost areas blind.

The consequences are predictable:

• IT costs grow faster than revenue without anyone being able to explain why

• Security gaps remain undetected until something happens

• Compliance requirements such as NIS2 or ISO 27001 are ignored until an auditor shows up at the door

The problem is not technical. It is organizational. IT is delegated instead of being led. And that is exactly where we come in.

The 30-minute IT assessment: Five questions

From hundreds of initial conversations, we developed a format that uncovers the most important blind spots in 30 minutes. No PowerPoint presentation, no 200-page report. Five strategic questions that every managing director should be able to answer.

Try it. Take a coffee and 30 minutes. Honest answers count.

Question 1: What does your IT really cost?

Not the monthly bill. The total cost.

Swiss companies spend an average of 5-8% of their revenue on IT. For an SME with CHF 20 million in revenue, that is CHF 1-1.6 million per year. That is a lot of money. And most managing directors only know the visible part: licenses, hardware, maybe cloud costs. The rest—shadow IT, hidden maintenance contracts, unused licenses, internal labor costs for IT tasks—remains in the dark.

Here is an example we see all the time: A company pays for 100 Microsoft 365 licenses, but only 40 are actively used. The remaining 60 still cost money. Or: three different departments have independently purchased CRM tools. No one knows about the others. (We described this in detail in our article on license costs and usage.)

We regularly find 30-45% savings potential at clients. Not because someone wasted money. But because no one looked closely.

Can you say within two minutes what your IT costs per employee per month? If not, that is your first blind spot.

Question 2: What happens if everything goes down tomorrow?

Ransomware. Server outage. Cloud outage. Update failure. The cause hardly matters. What matters is: how quickly are you back online?

More than 60% of SMEs do not have tested business continuity plans. Having a plan is one thing. Having tested it is another. (We wrote about this in detail: why business continuity plans fail in a real emergency.)

Ask your IT manager: When was the last full recovery test? How long did it take? What did not work?

If the answer remains vague, you already know enough.

Question 3: What are your three biggest IT risks right now?

Not the technical ones. The business ones.

43% of cyberattacks target small and medium-sized businesses. And according to IBM, the average cost of a data incident is over EUR 100,000 for SMEs. But risk is not only about cyber.

It is also about:

• Dependence on a single IT service provider without an exit strategy

• Key knowledge that exists in only one person’s head (what happens if your IT manager leaves?)

• Legacy systems that no one can maintain anymore, but everyone still uses

If, as a managing director, you cannot name the top three risks, you lack the foundation for any IT investment decision. We describe the five typical warning signs in a separate article. Most of them can be recognized without technical knowledge.

Question 4: Does your IT support business growth or slow it down?

This is where things become strategic. Most IT landscapes grow organically. New software here, a plugin there, a cloud service because a colleague recommended it. After ten years, the result is: isolated solutions, duplicate data storage, integration chaos.

The question is not: Does everything work? (Usually, somehow, it does.)

The question is: Can your IT keep up if you want to grow by 20% next year? Open a new location? Integrate an acquisition target?

We regularly see companies fail because of their IT, not because of their business model. The new site cannot be connected because the VPN infrastructure is at its limit. The acquisition is delayed because no one knows how to merge two Active Directories. The ERP system cannot scale because it is running on a version that has not received updates for three years.

70% of IT projects in mid-sized companies miss their goals in terms of time, budget, or quality. That is rarely due to the technology. It is due to a lack of strategy and a lack of preparation. (Our article fits this well: how to make IT decisions that do not end in disaster.)

Question 5: Are you getting the right information?

The last question is the most important—and the most uncomfortable.

Your IT manager reports to you regularly. But are you getting the information you need as a managing director? Or are you getting a technical status report that means nothing to you?

Typical: you receive an email with "99.9% uptime last month" and "47 tickets closed." Nice. But what does that mean for your business? Nothing. It is like a financial report that only shows the number of bookings, but not the account balance.

Useful IT reporting for management has exactly three dimensions:

• Costs: What are we spending, on what, and is it appropriate?

• Risks: What are our biggest exposures and how do we address them?

• Value: What measurable business value does IT deliver?

If your IT reporting does not answer these three questions, you are getting the wrong information. And without the right information, you make the wrong decisions.

What your result means

Take a moment. How did you do?

Answered all five questions clearly? Congratulations! You are in the minority. Most managing directors can answer two or three of them. All five? Rarely.

Two or more questions were unclear? That is not a failure. It is normal. But it is a signal that your IT has a leadership vacuum, and that costs you money, time, and security.

Every unanswered question is a risk you are currently not managing.

What we find in every IT audit

We want to be honest: we do not run this assessment because it is nice. We run it because it works.

What we almost always find: license costs for software no one uses. Backup strategies that were never tested. IT service provider contracts without exit clauses. And managing directors asking the right questions for the first time.

We have documented the typical findings in detail. Almost every SME recognizes itself in them.

The honest question

You now have five questions. 30 minutes. No consultant needed, no budget, no project.

But here is the real question: Will you ask them?

Not next month. Not at the next strategy offsite. This week.

The answers will be uncomfortable. But they will show you where your greatest need for action lies before someone else does.

(And if, after 30 minutes, you need someone to help you sort through the answers: that is exactly what we are here for. Vendor-neutral, pragmatic, and with experience from 50+ projects at Swiss companies. IT strategy consulting)