How Calculate Margin of Safety Concept in IT
The book "Margin of Safety" by Seth Klarman is focused on managing risk in investing. For many corporations, their IT network is a major capital expense, an ongoing cost and a critical resource. Failure to implement a margin of safety in IT networks, software resources, schedules and budgets can result in catastrophic losses.
How can the concept of a margin of safety be applied to IT?
Margin of Safety in Risk Management
Manage the risk in IT projects by having a margin of safety in the resources allocated to the project. Dedicate adequate resources to the project, both in terms of money and time.
Never set up a project that is dependent upon one key person, who throws off the whole project when they need to take time off for a family emergency or whose planned vacation at the end of the project derails it when the project slides a few weeks. Always have slack in the utilization of key personnel as well as several people who can fill in for key tasks.
Minimize speculation in IT projects. Do not make changes to your software unless there is already a reported need or customer desire for it. Change for the sake of change is a waste of time - though changing to keep up with hardware, software and infrastructure changes are necessary.
Technological Margin of Safety
When something is "hot" is not the time to rush in and implement it. Don't let a new developer write a new API or interface in a hot new software language no one else knows or has used in a production environment. Let it mature, first, before you put your IT assets on the line.
IT security creates burning platforms, because exploits are used almost immediately by hackers. This means that IT professionals have little time to think out patches and fixes. IT professionals should study their IT networks carefully, building in a margin of safety into IT systems and services. You may want to set up hot backups of servers, excess bandwidth in case of denial of server attacks, mirrored servers if your website is hacked, automated backups of PCs. Have spare PCs available if someone's infected machine is taken offline.
Build in a margin of safety in your software management. Don't buy 100 licenses when there are 90 users. Have a 15% or greater margin of safety. The lower cost may be offset by people waiting for licenses to become available.
Recognize that your customers are "value investors". They want to preserve the capital, such as time spent learning the application, and the processes that they already know work well. Don't make radical changes simply to look like the competitor, when it literally costs your customers time to relearn how to use it.
Scheduling Margin of Safety
Plan a margin of safety into schedules, return on investment calculations and budgets. Surprises do happen, and a failure to plan for it makes the project timeline or budget appear to be a failure.
Put extra time in your schedule for software testing, debugging and hyper-care support. Cutting these areas to the bone causes major problems if the implementation isn't perfect, and most are not. The slack may seem like waste, until you need it to accomplish the project on time.
Human Resource Margin of Safety
Build in backups for human monitoring. Automated network monitoring tools and data leak protection software look for potential exploitation and flag suspicious cases, helping administrators find problems.
Never rely upon a single subject matter expert or system administrator to keep your IT systems operating. As Dave Ramsey says, you will one day leave your job; it may be voluntarily when you find a better job or involuntarily through death or layoff, but you will leave the job. Build up redundant skill sets among your IT department so that the loss of a single person will not leave you crippled.