Two goals of governance initiatives are to create effective policies and procedures that enhance operations, while protecting the organization. These are monumental tasks to say the least.
During both the creation and subsequent audit steps, organizations must ‘beware of shelfware’. Sounds clichi, but it’s more important than you might suspect.
What must not come out of governance and operational improvement efforts is documentation that sits on the shelf, so to speak, and is never used except to prepare for audits. Of course, this applies to electronic documentation, as well. The point is that policies and procedures must be useful and accessible to the people who need them or they will not be followed.
This is one of the reasons externally developed policies and procedures cannot be transplanted wholesale. They must be ‘tuned’ for internal use.
From the very beginning of a governance project, great care must be taken to create policies and procedures that actually aid the organization. What comes of these projects must add value and not just needless layers of bureaucracy.
By using COBIT, ISO 17799 and/or ITIL, organizations have access to a wealth of knowledge developed by thousands of people over many years. By using one or more of these standards as a framework, the people developing the policies and procedures can better understand what needs to be looked at and can share best practices with people all over the globe through the Internet, books, classes and seminars.
Now, let’s discuss means to document policies and procedures in the IT area.
For the purpose of this article, we’ll assume that a risk analysis already has been performed and decisions made about the appropriate framework to follow and what needs to be done in order to address identified risks.
The first step is to identify the IT stakeholders who must be involved.
It is a fatal mistake to bring in consultants or buy pre-written policies and procedures and expect to just implement them wholesale without modifying them to work in your organization. Clearly, there are benefits to reviewing what others have done and leveraging that work to jumpstart your efforts. However, these policies and procedures need to be edited and refined to work in your environment.
With this in mind, the best people to do this are the people who actually do the work every day. Depending on your organization, you may create a project team with the appropriate stakeholders. Be sure to carefully select the team, bearing in mind communication skills, stature with peers, etc.
The next step is for a peer review. This means that a knowledgeable council reviews everything and must give approval prior to release of the content into production.
There are a variety of reasons that necessitate peer review prior to formal adoption.
Be aware of how people view their own jobs and the best way of accomplishing tasks. Individuals can inadvertently document what is known as an espoused theory. The organizational psychologist, Chris Argyris, has noted that people have a difficult time explaining what it is that they do because they tend to document their ideal method, or the method they would use without consideration of other issues in the workplace that could constrain the use of that method.
The scientist and philosopher, Michael Polanyi said people regularly do not document how they perform tasks because they literally know more than they can say. If that is true, then it pays to review the work and ensure that it is complete.
In our technical world, it is very simple to make a mistake through errors of interpretation. For example, I may think I know how to back up a system and try to document the process. However, the reality is that I do not know everything and another person may have additional valuable input.
By involving the team, people know what is going on and can give other perspectives. Due to diverse backgrounds and perspectives, often times better ideas arise during a peer review session because people build on one anothers concepts.
Once the Documentation is Done
After creating the documentation, it needs to be published. In this age, the best means is to use the Internet. Be sure to have the material organized and searchable. Be very certain to follow appropriate document management practices.
As policies and procedures are released, it is not enough just to publish them. Appropriate training must be instituted to be sure that all of the stakeholders are aware of the new/changed policies and procedures. It is very important that people be formally trained at the start and have refresher training at least once per year.
Without a doubt, the IT environment is constantly changing.
What is documented today will not be true forever and there must be means to audit and continuously improve the system. If the policies and procedures get out of synch with reality, then people will stop using them. There must be routine audits to ensure that documented practices are being followed and that they are still appropriate.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.
