IT organizations are control-oriented. Nothing wrong with that in itself. IT must always work, after all. Every event leads to a call for more control measures. But in increasing complexity, this focus on control leads to more and more requirements, quality gates, and controls in the daily operations that need to be overcome to achieve something. Even at the tactical and strategic levels, organizations become ‘mature’ with centralized portfolio processes, IT boards, and prescriptive architecture. Innovations are identified and evaluated, and risks have centralized management and decision-making. So focused on being ‘in control,’ the daily (change) needs of the user departments are quickly lost sight of. The route from request to realization has so many safeguards and control steps that the requester (and sometimes even their request) is lost along the way.
Appropriate IT Governance for the organization?
In this situation, it is not surprising that agile is gaining so much ground. Small, autonomous teams with direct user alignment. Continuous delivery and adjustment close to the user. But agile working is not just common practice and requires something from people, processes, and technology. If agile is (still) a step too far, it becomes difficult. There is often a gap between central control and agile teams. Decentralization may submit requests.
In organizations, the most detailed mandate lists are common. Who is allowed to spend up to which amounts? Detailed to the last detail. Delegation of control. But when it comes to IT, it takes a little searching. But don’t we have RACI tables? Yes, they describe who is responsible for what in the IT management processes. Activity-oriented. While controlling IT, making choices, is not activity but content-oriented.
Can’t we introduce the ‘mandate list’ for IT? That we don’t describe who is responsible for an activity but who can decide on what. Can we again focus on what can and should be chosen, done, and controlled decentral, without the involvement of central processes and functionaries? This requires a change of mind: From guarding to informing and presenting choices. From gatekeeper to facilitator. From testing to proactive guidelines. From restricting to creating decentralized decision-making space. From centrally executing to supporting decentralized execution. How can IT and IT processes be optimized so that user departments get as much autonomy as possible without adding unnecessary risks and complexity to tomorrow’s IT?
Will you take the first step?
Having a conversation with the decentralized stakeholders (the group for whom IT is actually intended) is a good first step. Maybe it is not such a bad idea to just write down who can decide on what. Together with that user representation, not centrally decided again. Aim to have moved twenty per cent of the checkboxes from central to decentralized by next year.
