IT governance
for small business.
Most UK SMEs have IT support. Almost none have IT governance. The gap between your board and your IT supplier is where risk and wasted money hide.
IT governance is not a technical problem. It is a management responsibility — and in most SMEs, nobody owns it.
What IT governance actually means for a business your size
IT governance is not ITIL. It is not a 200-page framework. It is not something your IT support company does.
For a business with 10 to 150 employees, IT governance means having clear answers to three practical questions: who makes IT decisions, who checks that those decisions are right, and who holds your IT supplier to account when they are not.
In most SMEs, nobody has a good answer to any of these. The MD makes IT decisions based on what the IT company recommends. Nobody checks. And nobody challenges.
That is not a technology gap. That is a governance gap — and it costs money and creates risk every day it goes unfilled.
What IT governance covers
- Who is accountable for IT decisions at board level
- Whether your IT supplier is giving you honest advice
- Whether your IT spend is delivering real value
- Whether your security posture matches your actual risk
- Whether you have the policies your business actually needs
What happens without it
The absence of IT governance does not look like a crisis. It looks like a slow drain.
IT spend keeps rising but nobody can say exactly what you're getting for it.
Your IT company recommends expensive changes and you have no way to verify if they're right.
A cyber incident happens and it is unclear whose job it is to respond.
A client or insurer asks about your security and nobody in the business has a confident answer.
Technology decisions get made in isolation, with no connection to where the business is going.
Licences auto-renew, contracts quietly continue, and costs compound with nobody reviewing them.
None of these are IT problems. They are governance problems — and they have governance solutions.
Who is responsible for IT governance in an SME?
In a large organisation, the IT Director or CIO owns this. They sit on the board, hold the suppliers to account, and make sure technology decisions serve the business — not the other way around.
In most SMEs, the responsibility falls between the MD (who doesn't want to get into the technical detail) and the IT support company (who has a financial interest in the outcome). Neither can fill the governance role properly.
The MD cannot independently verify whether their IT company is giving them good advice. The IT company cannot objectively review their own work.
What is missing is someone whose only job is to look out for the business — not the supplier.
What good IT governance looks like for an SME
- A clear point of accountability at board or leadership level
- Annual review of supplier value, performance, and cost
- Written IT policies your team actually knows about
- A security baseline your business can evidence when asked
- Someone who can challenge IT advice independently — before you commit to it
What it is not
- A 200-page framework document
- Something your IT company manages on your behalf
- A one-off audit that sits in a drawer
Where to start
Start with a Risk and Clarity Session.
In 60 to 90 minutes, we map your current governance position — where the accountability gaps are, where money is leaving without oversight, and what to put in place first. No preparation needed. No report at the end. Just a clear picture and a practical next step.
Your IT governance gaps mapped and ranked
Supplier accountability reviewed honestly
Security posture assessed against your actual risk
One or two practical actions you can take straight away
A clear view of whether ongoing advisory makes sense for your business
IT leadership
Need an IT Director in your corner?
Ongoing fractional IT leadership — strategic oversight, supplier management, and governance without a full-time hire.
Cyber security
Need to own cyber risk at board level?
Cyber Essentials, ISO 27001, and board-level cyber governance. Independent, with no vendor agenda.
Second opinion
Not sure if you're getting honest IT advice?
A single independent session to review what you've been told — before you commit to it.
Related reading
IT governance framework for SMEs
What a practical governance framework looks like for a business your size — without the ITIL jargon.
Read article →Why your IT support company can't be your IT director
The structural conflict that prevents your IT company from giving you honest strategic advice.
Read article →Governance starts with a conversation.
Tell me what you're dealing with. I'll tell you where the governance gaps are and what to do about them.
No jargon. No framework documents. Just clarity.