Enterprise Software

Why does your IT organization need formal policies?

To an IT professional, formal policies may be easily dismissed as a bureaucratic waste of time. In this article, Tom Mochal explains why formal policies actually are useful when it comes down to it.

When companies are small, they rarely have many (if any) formal policies in place. However, as they get bigger they always start to codify many of the important aspects of the culture into formal policies. Your IT organization may have started the same way. When there were only a handful of people performing your IT function, there may have been no formal policies. Now look around. How many policies do you see? If you're like most organizations, you probably have policies for:

  • Application Development
  • Security
  • Production turnover to support
  • Asset management
  • Teleworking
  • Finance
  • Procurement
  • Dozens or hundred of others
  • How did it come to this—an organization guided by policies?

Policies reflect an organizations logical progression from working in an ad-hoc manner to one where people are following common and consistent processes. A policy reflects your organization's desire for everyone to perform a specific function in a specific way. Policies help everyone understand how to do things, and they help managers understand the framework in which they can manage.

In my opinion then, policies are developed and are they are important for two main reasons.

Working more effectively under company best practices

One thing you will observe about policies is that they are created and approved by the people or group that owns the process. Because of this, you hope that the policy reflects the best practices of the group that is most experienced in the area and most impacted by the outcome. The policy then aligns everyone else under these best practices.

For example, look at your company Expense Reporting Policy. This policy is going to be established by the Finance group. That should make sense. Even if your team had the time to create the policy yourself, you don't have the expertise to know the best way to handle expenses. You are IT people â€" not accountants.

So, following the established process gives you the sense that you are working on a firm foundation. Let the Finance Department establish the finance policies. Let the Database Group establish the database policies. Let your management team establish the management policies. These groups are then accountable for the policies and you know where to go if you need an exception or if you would like to change the policy.

Working more efficiently through process reuse

Most of us recognize the value of reuse. It makes more sense to reuse things that are already developed instead of having to re-invent everything we do from scratch. This is true with work processes and policies as well. For instance, you could certainly come up with a framework for handling IT security on your project.

But why would you need to if your organization has already developed and approved a Security Policy. You could also come up with a workstation replacement policy that makes sense for your department. But why should you if your IT Department already has an established and approved Workstation Upgrade Policy. Having common policies saves you the time to having to invent and gain approval on these for each individual project or group. It also saves time for new people in the company as they learn how things work in your world.

One short definition of culture is that it is "how things are done around here". Written policies become part of your culture since they reflect how things are done in your organization. As companies get bigger, they need to establish policies so that people have guidance on how to do things. Since policies are established and approved by the subject-matter experts, you also should feel good that everyone is doing things in ways that protect the company and make sense.

You might complain about policies, but don't complain about policies in general. If you do not agree with some specific policy try to change it with your better idea. However, all organizations need policies. Your organization would quickly get out of control and be much worse off without them.

Editor's Picks

Free Newsletters, In your Inbox