Over the past few weeks, I’ve been thinking a lot about risk.
Not in the usual sense of firewalls, backups, or cyber threats—but in a much more human way.
As this is published, I will be in hospital for surgery.
It’s a situation that brings one thing into sharp focus: risk.
Not the abstract kind we talk about in meetings, but the real kind—where someone else is making decisions, and you are the one who lives with the outcome.
In IT, we often say that the IT Manager “owns the risk”.
That sounds reasonable. They are the technical expert. They understand the systems. They make the decisions.
But when something goes wrong, it’s very rarely the IT Manager who feels the full impact.
It’s the school.
It’s the leadership team.
It’s the pupils and staff who can’t access systems.
It’s the organisation that faces reputational damage, safeguarding concerns, or operational disruption.
The IT Manager carries the risk—but others live with the consequences.
If you were about to undergo surgery, you would expect the surgeon to explain the risks.
Not to overwhelm you, but to ensure you understand what could happen, how likely it is, and what steps are being taken to reduce it.
The surgeon holds the expertise. They carry the professional responsibility. But they would never quietly make decisions and hope for the best.
Because ultimately, it’s the patient who is affected.
In many schools and trusts, that same clarity is missing from IT.
Decisions are made with good intent—often under pressure, often with limited time—but without fully surfacing the risks in a way that leaders can understand and act on.
Technical language gets in the way. Assumptions go unchallenged. Risks sit quietly in the background until something forces them into view.
And when that happens, it can feel sudden. Unexpected. Unfair.
But more often than not, the risk was always there—it just wasn’t shared clearly enough.
This is where the role of the IT professional needs to shift.
Not away from technical expertise—but towards communication.
Good IT leadership isn’t just about making the right decisions. It’s about making sure others understand the risks behind those decisions.
This isn’t about covering yourself. It’s about doing the job properly.
When IT risk is shared well, something important changes.
Decisions become collective. Priorities become clearer. Investment becomes easier to justify. And when challenges arise—as they inevitably will—they are understood in context, not treated as surprises.
Most importantly, the organisation is no longer unknowingly carrying risks it doesn’t understand.
If something went wrong tomorrow, could your leadership team honestly say they understood the risk beforehand?
If the answer is no, the issue isn’t the technology.
It’s the conversation.
.jpg&maxWidth=800)
