What Should New Leadership Look for in an IT Review?

Introduction

New leadership almost always brings fresh scrutiny, especially around spend, risk and accountability. IT is often one of the first areas to be reviewed, not because it’s failing, but because it underpins everything the business relies on. For UK SMEs, the challenge isn’t whether an IT review is justified, it’s how to approach it in a way that creates clarity and better decision‑making, rather than anxiety, cost‑cutting or defensive conversations.

The quick answer

A good IT review should focus on understanding what the business is paying for, what risks are being managed, and where spend may need to shift rather than simply be reduced. When done well, an IT review often leads to better predictability, clearer governance and improved resilience, not lower ambition.

Why new leadership almost always triggers an IT review

For many incoming MDs, FDs or COOs, IT arrives as a black box. Decisions were made before they joined, suppliers were chosen for reasons they weren’t party to. Budgets have grown gradually, often without a clear narrative tying spend to outcomes.

An IT review is usually driven by sensible questions:

• What are we actually paying for?
• Where are our biggest risks?
• Are we under‑ or over‑investing anywhere?
• How predictable are our future costs?
• Do we have a plan or roadmap?

The danger is when those questions are answered with assumptions rather than evidence, that’s when reviews turn into blunt cost‑cuts or reactive changes that create instability later on. Just like how your ideal customer profile is based on data from your customer base, this should be the same, based on evidence not guesswork.

Why “cutting IT spend” is rarely the right starting point

IT often looks expensive because it’s visible. Licences are itemised. Support contracts are monthly. Hardware refreshes are noticeable. But reducing spend without understanding its purpose usually shifts cost rather than eliminates it, that shift could be to reactive spend or disaster recovery when something goes wrong.

We often see three outcomes from poorly framed IT reviews:

• Security spend is cut, increasing insurer pressure and incident risk
• Support scope is reduced, increasing downtime and staff frustration
• Projects are delayed, creating technical debt that costs more later

In contrast, well‑run reviews usually lead to spend moving, not shrinking. Waste is trimmed, but investment increases in areas that reduce risk, improve productivity or make future costs more predictable. One example being spend on licenses you are no longer using or duplication of costs between tools but that money then being shifted to an increased security spend to protect against downtime.

A fair way to structure an IT review

For SMEs, simplicity matters. An IT review does not need enterprise‑level frameworks to be effective but it does need consistency and evidence.

A solid approach is to look at IT through four lenses:

1. Support and operations

Is the business getting the day‑to‑day service it expects? Are issues resolved in line with agreed SLAs? Does the review include real data, or just perception? This is where evidence matters most, because “support feels slow” and “support is outside SLA” are very different problems. We have a full piece on what to expect in an IT support contract that includes expectations vs contract realities that you can read here.

2. Security and risk

What risks are being actively managed today? Are identity, backups, endpoint protection and patching aligned with insurer and customer expectations? Importantly, where is the business relying on assumption rather than proof?

This is often where under‑investment or a lack of testing is revealed.

3. Governance and visibility

Does leadership receive regular, understandable insight into IT health? Not technical detail, but clarity on risks, priorities and progress. If reviews don’t exist, or are purely operational, that’s not necessarily poor service it may simply reflect the scope being paid for.

4. Future readiness

How well does the current setup support growth, hybrid working, compliance pressure, AI adoption or acquisitions? This part of the review helps leadership distinguish between “IT that works today” and “IT that will still work in two years”. It may be as simple as looking if a roadmap is in place or if the business treats IT as simply a monthly costs over what the future looks like. You can read what should be in an IT roadmap here.

Expectations versus scope: the most common tension point

One of the most important outcomes of an IT review is realising whether dissatisfaction is driven by under‑performance or misaligned expectations.

Many IT contracts were signed when the business was smaller, less regulated or less complex (managed service as a term has also evolved). Over time, leaders expect more proactive advice, better security posture and clearer planning, even though the contract may still be based on reactive support.

This doesn’t mean the provider is failing, it means the business has evolved. It’s like having a retainer with a marketing agency based on producing brochures and then questioning why you aren’t getting video production and podcast production included.

A fair review asks: Are we paying for the service we now expect?
If not, leadership has a choice: realign scope, change operating model, or change provider. But that decision should be informed, not emotional.

IT Roadmap & Budget Planning

We’ll help you identify your starting point, what to prioritise, and shape a roadmap you can use for budgeting and decision-making.

A common example scenario

A new Finance Director joined a 110‑user professional services firm and was surprised by the IT spend. On paper, costs had increased steadily over three years and the initial instinct was to reduce the support contract at renewal.

During the review, something different emerged, things like licensing spend had crept up due to poor leaver cleanup and the backup platform hadn’t been tested in over a year, despite rising insurance pressure. And while the MSP was meeting the agreed support SLA, the contract didn’t include governance or forward planning, which leadership now expected.

Instead of cutting spend, the business rebalanced it. Licensing was cleaned up, security spending increased slightly, reducing insurer friction. The MSP contract was adjusted to include quarterly reviews and roadmap support, tapping into the full expertise at their disposal.

The total spend stayed roughly level, but the value and predictability improved dramatically.

What leadership should ask for by the end of the review

A successful IT review should leave leadership with clarity, not just conclusions.

At a minimum, leaders should be able to answer:

• What risks are we actively managing today?
• What risks are we carrying knowingly or unknowingly?
• What spend is operational, and what spend is strategic?
• What will IT likely cost us over the next 12–24 months?

If the review produces cost savings, that’s fine but if it produces a clearer investment plan, that’s often even better. Business leaders typically just don’t like surprises, if costs increase, as long as within reason, that is often acceptable if they are predictable but surprise costs can end teams or even the business in hot water.

FAQs

How often should IT reviews happen?

Quarterly works well for most SMEs but this really depends on your setup, risk profile and handle on the data. It keeps decisions relevant without turning reviews into background noise.

Should we involve our current IT provider?

Yes, a good provider expects scrutiny and should be able to evidence performance and explain scope honestly but make sure you work with them rather than drop a next day deadline.

Is an IT review the same as a supplier review?

Not necessarily as an IT review looks at the whole capability whereas a supplier review comes later, once scope and expectations are clear.

What if leadership and IT teams disagree?

That often signals a lack of shared language rather than a real problem, a good review bridges that gap using evidence and common language.

Does an IT review always lead to change?

No, not always. Sometimes the outcome is reassurance that things are broadly right, with a few areas to refine.

If you want a soundboard for a leadership‑level view of how IT spend maps to risk, value and future readiness, reach out to us below for a no commitment conversation to put your mind at ease.