A CFO’s view on how to get your IT security budget approved

Trend Micro’s CFO Mahendra Negi gives his advice on how IT managers can beat the bean counters and secure their budgets

Despite a bounce back in the local economy following the lows of the global financial crisis, Trend Micro’s CFO Mahendra Negi has warned that IT budgets are likely to be constrained for some time to come.

So, what do you do about squeezing that extra bit of budget out of your CFO or Financial Controler? Here’s Mehendra’s top 5 tips.

1. Empathy: The IT manager needs to think about what the CFO is worried about. The IT manager is in effect trying to sell [the IT budget] to the CFO so if the IT manager knows what the CFO is worried about and how the IT budget can be aligned to help the CFO deal with that, then he’s more likely to get it approved

2. Security as risk: Despite whatever priorities the CFO have, most companies will have a compliance issue they are dealing with and the CFO will be responsible for that compliance risk. However, in many cases the IT manager does not present a case about what IT risks the company may be exposed to. Malware may be seen by the CFO as the IT manager’s responsibility, but if the IT manager presents the CFO with a report or assessment on how the malware is a risk to the organisation then you will get the CFO’s attention.

3. Build trust: The CFO goes into budget meetings with a very cycnical mindset that says the IT manager is just trying to justify his budget. He may have a genuine case but I as the CFO won’t buy it. So if the IT manager has previously shown an ability to understand the priorities for the business then the CFO is much more likely to trust him. The CFO may think that the IT manager is just a geek who’s trying to buy the latest technology which he has fallen in love with. If the CFO felt that the IT manager was aware of business priorities then the budget discussion will be much easier to have. CFOs are naturally risk adverse so if you position the budget question in terms of: “We have a security policy we all agreed to and here is where we have a gap in it. Do you want us to take that risk…”, then maybe the CFO will sit down with you, get a risk assessment done and then be willing to spend the money to have that risk covered.

4.Quid quo pro: IT is always useful if you always give something in return. So if you ask for some budget for security offer some saving elsewhere. I think the virtualisation part is a good example of where savings can be made on the infrastructure side, so the CFO will feel good that if he is giving something then he is getting something in return.

5. Reassurance: The CFO needs confidence that whatever conversation you have had is followed up on. So, if you can show the return on investment the CFO won’t feel that the IT manager has just made a sales pitch and run off with the money – he has followed up and has showed the return on the extra budget.

Email Computerworld or follow @computerworldau on Twitter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags trend microsecurity budget

More about Trend Micro Australia

Show Comments