Security Think Tank: Patching is vital and essentially a risk management exercise

How should organisations address the need to keep software up to date with security patches without it costing too much or being too labour intensive?