IT: to protect and serve
The motto "to protect and serve" is a good one for IT. OK, "to protect and serve" has acquired some negative baggage but the US police slogan still resonates as far away as where I live on The Last Rock On The Planet. There seems to be this expectation that IT exists only to create new IT in response to the demands of the business. It's not true.
The Finance department doesn't exist solely to find the money for whatever the business needs ("serve"). The Finance department also exists to look after the health and safety of the organisation's wealth ("protect"). Sometimes the Finance department will resist new initiatives simply because the organisation can't afford them. This then becomes a decision escalated to the Executive or the governors (the Board) to decide whether to proceed against the advice of the CFO.
In exactly the same way, the Information Technology department exists to protect the IT interests of the owners of the organisation whilst also serving IT's customers and users. The two don't always align. The current fixation on customers - the Cult of the Customer - is wrong and dangerous... but that's another blog post. IT is entrusted with custody of the organisation's IT assets. These include:
- the information itself: its confidentiality, integrity and availability
- the investment in existing systems to manage, support and use that information (people, processes, hardware, software, connectivity, suppliers...)
- the capability to deploy new or changed systems: architecture, analysis, design, development, deployment
(Did I miss any big organisational IT assets?)
Sometimes it is not in the best interests of the organisation to abandon those investments or to increase the risks to the confidentiality, integrity and availability of the information, in order to meet demands for new IT from the customers. In that case IT should resist (advise against) the change and the decision should be escalated to the Executive or the governors (the Board) to decide whether to proceed against the advice of the CIO.
IT should not be accountable for approving the building and use of IT systems and IT solutions, the business should – in partnership with IT.
The key part of that partnership is consultation: IT are or should be the experts who provide advice on IT, just as the Finance department provides advice on money.
Finally, it is also the role of Finance and IT to provide delegated governance fulfillment: that is, we exist to ensure the directives of the governors (and the resulting directives from their delegates, the Executive) are understood and complied with. It is emphatically not our role to grovel at the feet of the customers regardless of any negative consequences for the organisation. Sometimes we have to be the cop.
Put another way, IT's role is to balance extracting maximum value from existing investments against facilitating the generation of value from new investments. Protect and serve: it's a tough gig and sometimes a thankless one.
The "balance" stuff from ITIL Service Operation (3.2) says the same things:
- balance between internal and external focus (no Cult of the Customer)
- balance between stability and responsiveness (protect and serve)