How many of you work for an organization that has a policy manual that's a foot thick? Now, how many of you work for an organization that has little to no written policy? Which one would you rather work for? Before you answer, though, read on.
Every day, CIOs and senior IT leaders have to make tough decisions regarding tight budgets, difficult personnel situations and complex projects in our quest to drive efficiency throughout the enterprise. Often, these decisions are far from routine; they are unique to the situation at hand. In many organizations, the CIO is able to focus on these strategic decisions and not have to worry as much about decisions that should be routine.
However, in many organizations, the CIO constantly finds himself having to make everyday decisions all the time as well as having to make the same decision multiple times. Worse, the CIO might find it necessary to make different decisions to different audiences just because one was yelling louder than another.
What's the difference?
While there are a ton of possibilities, start with a look at the policy manuals. In the first organization, the CIO is able to focus on strategic and impactful responsibilities because the "everyday concerns" are considered routine. There are policies that address the most common scenarios so that there is consistent and repeatable process in the decision-making taking place. In the second organization, lack of policies leaves the potential for inconsistency and forces the CIO to shift focus from the big picture to matters more mundane.
So, at this point, you might be telling yourself that it's time to go out and write a bunch of policies to address the mundane... not so fast.
The process of creating good policy stems from having good governance in place to begin with. Much has been written specifically about IT governance, but when it comes to managing the organization, there must be agreed upon standards that will be followed. Often, to address the IT portion of the governance equation, IT steering or advisory committees are formed. Through these governance structures, the CIO can vet policy, gain insight and make better strategic decisions for the organization.
I've seen what happens with IT departments are left to their own devices and the CIO loses touch with the organization. Projects go awry, users get frustrated and business goals are missed. In many, many cases, this is not necessarily anyone's direct "fault". The CIO may think that he's exactly on the right track, but the organization's feedback loop isn't working.
By instituting a strong IT governance model, organizations:
- Provide more transparency about what's going on in IT. Too often, IT departments are overwhelmed by the volume of work and underwhelmed at the staffing levels that exist to get the work done. Users that have been waiting for project completion get frustrated because their needs are being addressed quickly enough. A governance structure will help the CIO be more transparent about what is going on in IT and why certain projects are getting attention and others aren't.
- Gain more buy-in on IT priorities. After all, a good governance structure will represent all aspects of the business. All of these pieces will need to come together and come to agreement on what the real priorities will be. With users having a say in the process, even if they don't get their work done, at least they're involved in the decision and understand the reasons. Is it perfect? Nah. But it's better than leaving people in the dark.
- IT will be more productive. With a clearly defined set of priorities that are agreed upon by the organization, IT knows what it should be doing and there should be much less ambiguity and less hand-wringing due to constantly shifting orders.
- Rein in the user base. Believe it or not a strong governance model can serve to rein in the user base, at least in some cases. This is going to be more important than ever as cloud adoption increases. The danger of unchecked application acquisition is real, but if there is a well-defined and workable governance and policy structure, the right people should always get involved
- A sounding board for policy development. Remember our chat about policies earlier in this piece? With the right governance structure, the CIO has an automatic sounding board for the impact that potential policies might have on the user base. In some cases, there may need to be draconian policies that no one likes, but for more routine items, the CIO can get the counsel and advice necessary to craft policies that are enforceable and achievable and maybe, just maybe, start to be able to shift focus a bit more toward the big picture and away from some of the mundane.
What IT governance shouldn't be is a direct management team. That's the CIO's job. The other thing that shouldn't be brought to the governance table is a personal agenda. While everyone should reflect their roles and needs, the higher order need is to make sure that the organization as a whole is successful. While some of this is unavoidable, if it's constant, you have the wrong people on the team.
A good governance framework helps the CIO make the routine things, well, routine. It also helps the CIO gain an operating framework under which clear, constant and consistent decisions can be made.
Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive with CampusWorks, Inc. Scott is available for consulting, writing, and speaking engagements and can be reached at email@example.com.