The planning meeting ran long.

Too long for December.

Budgets were discussed. Projects proposed. Hardware refreshes debated.

Then someone asked the question that stopped the room.

“What risks are we carrying into next year?”

No one answered immediately.

Not because they didn’t know.

Because the list was long.

Deferred upgrades. Legacy systems. Access exceptions. Dependencies no one wanted to touch during a busy year.

Microsoft’s message by the end of 2006 was unmistakable: platforms were stable, secure, and capable—but only if customers operated them deliberately.

The organization hadn’t always done that.

They reviewed incidents from the year. None catastrophic. Several uncomfortable. All instructive.

Each one traced back to the same source.

Assumptions.

Assumptions that something was configured correctly.
Assumptions that access was appropriate.
Assumptions that backups would restore.
Assumptions that documentation existed somewhere.

They prioritized.

Some risks were accepted. Explicitly. With eyes open.

Others were scheduled for elimination early next year.

The difference mattered.

Risk was no longer invisible.

It was cataloged.

The year ended quietly. Systems stable. No outages. No alerts.

But no one felt complacent.

2007 wouldn’t allow it.

Because by now, technology wasn’t just supporting the business.

It was defining how exposed—or resilient—the business really was.

Published by Kevin Fream

Many people don't understand their current situation and become frustrated in business and life, so I created the Delta Method and wrote the #1 Best-Seller "Change Your Game" - as featured at Harvard and NASDAQ as well as national TV news. Streamline your technology for competitive advantage using vetted IT support and take a divergent approach to personal growth. View all posts by Kevin Fream