Certainly, perceptions of practitioners play a large role, but so too does the tone from the top and pressures placed on the organization. If groups fail to understand the pressures that cause people to bypass the rules, then no amount of policies and procedures will make any difference.
Carefully planned and implemented policies and procedures, along with the right people in the right positions, create a control framework that enables an IT organization to meet objectives while managing risks. The goal of the control framework and IT in general must be to assist the organization by adding value, not simply creating policies and procedures.
The All-too-Often Reality
Unfortunately, the intentional bypassing of policies and procedures too often is reinforced from the top. In other words, senior management creates an environment which rewards the violation of controls: “Just get it done.” Those four words can do more damage to a control framework than an explosion.
As Dietrich Dorner points out in his excellent book, The Logic of Failure, the bypassing of standard protocols rarely results in an explosion, and bypassing them often has a positive outcome. In other words, it is very easy to skip or change the steps in a process to yield a result that is faster and/or cheaper.
This creates fertile grounds for the mindset that it is acceptable to cut corners, especially when management lauds the results. Regardless of the perceived benefit, the margin of safety was reduced by the action.
Applying this to IT, how often are policies and procedures bypassed to gain an advantage? For example, how often are changes introduced into production by well-meaning people? Odds are that many of those changes go into production just fine. There likely also are many cases, both known and unknown, where changes brought the same systems down or had negative consequences.
In bypassing change management, the seemingly positive incentive is faster deployment to production. The negative is that there are always risks associated with changing the state of anything and sooner or later an applied change will create an undesirable result.
Critical Success Factors
Controls have very real benefits for an organization by improving security, availability and integrity while managing costs. Getting to the point where a sustained positive control environment exists takes very real effort. For controls to be implemented successfully in an organization, there are some essential elements that must be factored in:
A Balance
None of this is meant to suggest that controls are more important than adding value. The fact is that IT and management must balance controls so important risks are managed appropriately. A control framework should not impede business, but support it.
At the same time, everyone must understand why the controls are necessary and what the function of each control is. “Just do it” doesn’t do much to further understanding. All it does is create another perceived layer for bureaucracy. Take the time, provide the rationale and drive home as many direct benefits to the stakeholders as possible — not just in IT, but outside of IT as well.
Summary
Policies and procedures alone do not create a control environment. Management cannot simply buy a set of policies and procedures and expect IT to follow them. There is far more to the creation of a positive control environment than that. This article listed a number of critical success factors to consider, but the fact is that each organization is unique and they need to understand what is needed to create and sustain a control environment. The effort is significant and the journey begins with the tone at the top.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.