The Budget Packet Should Name the Work You Are Choosing to Keep
A practical weekly article for community bank and credit union boards and senior leaders on making technology budgets honest by naming the manual work, deferred risk, people dep...
A clean technology budget can be one of the most misleading documents in the building.
The numbers line up. The projects look sensible. The board sees modernization, cybersecurity, digital growth, maybe a little AI, and a reasonable total at the bottom of the page.
Then six months later, operations is dragging a spreadsheet through a broken handoff, compliance is nursing a compensating control that was supposed to be temporary, and the call center is absorbing the mess from a half-finished workflow.
That is the part I want boards and executive teams to get better at.
The annual technology budget is not just a spending decision. It is an operating model decision. Every dollar you defer preserves some amount of friction, delay, manual effort, control exposure, or dependency. Most budget packets explain what the institution will buy. Far fewer explain what it is choosing to keep.
That belongs in the packet before the vote.
Not in the postmortem. Not in the audit response. Not in the exam prep meeting three quarters later.
Before the vote.
Most budget discussions are better at showing ambition than consequence
I have seen plenty of technology budgets in banks, partner environments, and executive review cycles. The pattern is familiar.
The growth items are easy to describe. New digital capability. Better analytics. Improved customer experience. Security enhancements. Efficiency gains.
Which manual reconciliation survives another year? Which aging control stays dependent on one experienced employee remembering the weird step? Which branch or call center workaround remains the unofficial safety net? Which vendor issue gets tolerated because the replacement effort did not make the cut? Which reporting gap stays in place even though the dashboard still looks green?
Those are budget decisions too. They just do not get presented with the same polish.
Community banks and credit unions do not have spare complexity lying around. If you leave hidden work in place, it does not disappear. It gets distributed into operations, member service, commercial support, compliance review, and executive attention.
The institution still pays. It just pays in labor, delay, inconsistency, and risk instead of invoice line items.
Example one: Southwest showed how deferred operational reality can turn into a public event
Southwest Airlines is not a community bank, but the governance lesson is relevant. After the airline's 2022 holiday meltdown, the company disclosed a $1.1 billion hit tied to the disruption and recovery effects. Public reporting and congressional scrutiny focused on crew scheduling, operational coordination, and the gap between growth complexity and the systems supporting it.
The issue was not simply that technology existed or failed. The issue was that the operating model had become too dependent on manual intervention and outdated coordination under stress. When the environment got ugly, the hidden work became visible all at once.
Community institutions have smaller scale, but they run into the same trap. A process can look acceptable while volume is normal and pressure is low. Then an outage, staffing issue, or growth spurt shows that the institution was never really automated. It was just being carried by patient employees.
If a budget defers the cleanup of manual exception handling, brittle reconciliations, or fragile operating dependencies, the board should see that plainly. Not as a footnote. As a consequence.
Example two: TSB proved that modernization spend is not the same thing as governance
TSB's 2018 migration failure remains one of the clearest reminders that a technology program can be fully funded and still poorly governed. Customers were locked out, payments were disrupted, and UK regulators later fined TSB £48.65 million for operational risk management and governance failings tied to the migration.
Institutions often treat modernization spend like a virtue by itself. New platform. Big project. Clear timeline. Confident deck.
But the real board question is whether the budget covers the ugly middle:
testing under realistic conditions rollback planning manual fallback capacity customer communication readiness post-launch exception handling control coverage while the workflow is half old and half new
If those items are underfunded, then the institution is not really buying modernization. It is buying a nicer story about modernization.
In financial institutions, the expensive surprise is rarely the feature list. It is the aftercare. The backlog. The reconciliation. The duplicated work across old and new systems.
Example three: the cheapest line item can become the most expensive operating choice
I have sat in banking meetings where a proposed spend looked optional because the current workaround was still functioning. That phrase should make every executive nervous.
"Still functioning" usually means an employee is compensating.
Maybe treasury operations is manually validating something the platform should catch. Maybe loan operations has an exception path that depends on tribal knowledge. Maybe branch staff know how to rescue account opening failures that never show up in the project dashboard.
Those workarounds make a budget look smaller. They do not make the institution cheaper to run.
They create concentration of knowledge. They create inconsistent service. They create burnout risk. They create exam questions later when somebody finally asks why a "temporary" process became part of the operating model.
Boards do not need to fund every cleanup item every year. But they do need an honest view of which operational burdens they are consciously retaining and what that choice costs the institution.
What I would want in the budget packet before the vote
Here are five things I would want management to put in plain English before approving a technology budget.
1. The manual work we are choosing to keep
List the top recurring manual workarounds that will remain if the budget is approved as proposed. Which teams carry them. How often they occur. What friction they create. Whether they affect controls, timing, or service consistency.
If the institution is choosing to keep manual work, say so.
2. The risk that is being deferred, not solved
I do not want every line item presented as progress if part of the risk stays put.
If a security tool improves visibility but identity cleanup remains weak, say that. If a digital investment improves front-end experience but back-office exception handling remains manual, say that. If a reporting upgrade still depends on spreadsheet stitching, say that too.
Boards can handle tradeoffs. What they cannot govern well is selective optimism.
3. The people dependency nobody wants to admit
Every institution has a few processes that work because specific people know how to keep them working. That is not resilience. That is unpriced dependence.
If a proposed budget leaves critical work concentrated in one team, one manager, or one long-tenured employee, the board should know. Community institutions especially cannot afford to confuse loyalty with a control framework.
4. The customer or member impact if nothing changes
What will customers, members, or commercial clients keep experiencing? Longer turnaround times? More rescue calls? More exception reviews? More inconsistent handoffs across channels?
This is where strategy gets real. Growth plans sound impressive until the service model underneath them starts wobbling.
5. The review trigger for revisiting the decision
If the institution chooses to defer a cleanup, control, or resilience item, name the condition that would force reconsideration: volume threshold, audit finding, exam pressure, customer complaint trend, operational backlog, or vendor instability.
If nothing would trigger reconsideration until the next annual cycle, then the institution is basically agreeing to fly blind for a year.
What this changes in the room
This kind of budget discussion is less comfortable. Good.
The vote should be less about whether management built a persuasive wish list and more about whether leadership translated technology spending into operating consequences the board can actually govern.
That means the CEO hears not just strategy, but service burden. The CISO hears not just control intent, but residual exposure. The COO hears not just delivery plans, but where manual work will keep landing. The compliance leader hears not just policy alignment, but where exam pain is likely to surface later. And directors hear the most important thing of all: what the institution is approving, and what it is deciding to tolerate.
That is a better board conversation.
Technology budgets are full of promises. Governance starts when the packet also names the friction, manual work, and dependency that will survive the vote.
Discussion questions
1. Which manual technology workaround in your institution would surprise the board if it were described in plain English? 2. What risk or operational burden is your next budget quietly choosing to keep? 3. What trigger would tell leadership that a deferred cleanup item has become a governance issue instead of just an annoyance?
Sources
- Southwest Airlines Co., Form 10-K for fiscal year 2022
- U.K. Financial Conduct Authority and Prudential Regulation Authority, final notices regarding TSB Bank plc migration-related operational risk and governance failings, 2022
- FDIC, Quarterly Banking Profile, First Quarter 2026
- NCUA, Quarterly Credit Union Data Summary, First Quarter 2026