The Gears of IT Governance

Blog /Gears-of-IT-Governance

My career as a solution architect has been an unending opportunity to examine systems and determine how they work, or (in most cases) why they don’t work and then develop solutions to make them work. Most of the time, this meant gaining a deep understanding of the fundamentals of the business or mission of the organization, then describing how we could use enabling technology and organizational change to improve the effectiveness and/or efficiency of the organization. I have been fortunate in that many (but by no means all) of those solutions achieved or exceeded their goals.

In the successes, I can see a pattern that follows a relatively simple formula: understand the fundamentals, structure the solution to align people to succeed, be practical, and understand the limits of technology and people. Note that I said the formula was simple, not that it was easy. In my previous post, “The Value of Willful Compliance,” I explained why I think IT policies are ignored or circumvented. I won’t repeat that here, except to say that I believe that IT governance needs to facilitate policies that are understandable by all, are fair and reasonable, and can readily be enforced.

The fundamentals of IT governance structure requires at least three fundamental functions.

  1. 1A method to create, modify, rescind, or adopt policies
  2. 2A method to enforce those policies
  3. 3A way to arbitrate or interpret how those policies impact a specific situation

Invariably, organizations already do these functions, but they may not do them explicitly or well. Understanding how these functions are done within an organization, and being cognizant that all of them are necessary, is key to creating a culture of willful compliance. 

The first step is building an organizational structure that reinforces the governance. This requires clearly articulating who establishes policy, who enforces it, and who arbitrates it. Ideally, each function is assigned to a different person, and each of them fully understands why they are doing it. That requires the second step of some level of training and reinforcement so those leaders can succeed. Most organizations do all of these steps as part of a normal business process. What they may not have done is thought through the implications; therefore, the process is inefficient or ineffective.

Inevitably, a flawed process becomes impractical and breaks down. But not before it creates a great deal of anguish and consternation. If this is where your organization needs to change, the time is now. To be effective and efficient, someone must review and analyze the process of IT governance, establish how it works, and write it down so everyone understands. This can be hard to do, and organizations often need an unbiased third party to help understand the primary functions, how the organization is aligned, what processes exist, and how those processes need to be modified and documented.

The leaders entrusted with governing the organization must be vested in the importance and responsibility of their function and capable of making what may be tough decisions. Having the process documented and well established helps those leaders guide the organization toward willful compliance.

Post Date: 2016-02-10