When companies are small, they rarely have many (if any)
formal policies in place. However, as they get bigger they always start to
codify many of the important aspects of the culture into formal policies. Your
IT organization may have started the same way. When there were only a handful
of people performing your IT function, there may have been no formal policies.
Now look around. How many policies do you see? If you’re like most
organizations, you probably have policies for:

  • Application Development
  • Security
  • Production turnover to support
  • Asset management
  • Teleworking
  • Finance
  • Procurement
  • Dozens or hundred of others
  • How
    did it come to this–an organization guided by policies?

Policies reflect an organizations logical progression from
working in an ad-hoc manner to one where people are following common and
consistent processes. A policy reflects your organization’s desire for everyone
to perform a specific function in a specific way. Policies help everyone
understand how to do things, and they help managers understand the framework in
which they can manage.

In my opinion then, policies are developed and are they are
important for two main reasons.

Working more effectively under company best

One thing you will observe about policies is that they are
created and approved by the people or group that owns the process. Because of
this, you hope that the policy reflects the best practices of the group that is
most experienced in the area and most impacted by the outcome. The policy then
aligns everyone else under these best practices.

For example, look at your company Expense Reporting Policy.
This policy is going to be established by the Finance group. That should make
sense. Even if your team had the time to create the policy yourself, you don’t
have the expertise to know the best way to handle expenses. You are IT people —
not accountants.

So, following the established process gives you the sense
that you are working on a firm foundation. Let the Finance Department establish
the finance policies. Let the Database Group establish the database policies.
Let your management team establish the management policies. These groups are
then accountable for the policies and you know where to go if you need an
exception or if you would like to change the policy.

Working more efficiently through process reuse

Most of us recognize the value of reuse. It makes more sense
to reuse things that are already developed instead of having to re-invent
everything we do from scratch. This is true with work processes and policies as
well. For instance, you could certainly come up with a framework for handling
IT security on your project.

But why would you need to if your organization has already
developed and approved a Security Policy. You could also come up with a workstation
replacement policy that makes sense for your department. But why should you if
your IT Department already has an established and approved Workstation Upgrade
Policy. Having common policies saves you the time to having to invent and gain
approval on these for each individual project or group. It also saves time for
new people in the company as they learn how things work in your world.

One short definition of culture is that it is “how
things are done around here”. Written policies become part of your culture
since they reflect how things are done in your organization. As companies get
bigger, they need to establish policies so that people have guidance on how to
do things. Since policies are established and approved by the subject-matter
experts, you also should feel good that everyone is doing things in ways that
protect the company and make sense.

You might complain about policies, but don’t complain about
policies in general. If you do not agree with some specific policy try to
change it with your better idea. However, all organizations need policies. Your
organization would quickly get out of control and be much worse off without