The Cloud Experience Everywhere

IT Governance best practices: Practical examples to support the business during crises

Strong IT governance practices can help companies stabilize and position themselves for success in the new normal.

HPE Pointnext Services IT Governance.jpgWhen the unthinkable occurs, like the Covid-19 situation we are experiencing, there is an initial focus on communication to the employees and customers – demonstrating leadership and establishing confidence that the organization will make the right decisions throughout the crisis. Organizational leadership needs to react fast to understand the situation and deal with urgent needs.

For the IT organization, priorities will be reset and resources realigned. It is important to establish control as soon as possible and ensure that business and IT stakeholders are involved in key decisions and that a programmatic approach to consistent and constant communications is enabled. 

In HPE Pointnext Services’ nine-step model for the transition to the new normal, the first phase is focused on immediate crisis management. The second phase outlines the steps to accelerate through transformation to the new normal, while capturing innovation.

This article will focus on using IT Governance linkages to support the business during a crisis, with a few practical examples of how this can help companies stabilize and position for success in the new normal.

Immediate Crisis Management.png

IT Governance, in aligning with crisis-based directives from Enterprise Governance, must deliver a mandate for using modern, adaptable technologies, both to provide business continuity and to mitigate the impact of the disruption. As always, IT Governance decisions must be made systemically, evaluating immediate issues in the context of longer-term feasibility. While IT Management still makes the detailed decisions on how to adapt existing systems and incorporate new capabilities, IT Governance should – because of the reactive speeds required – provide a more hands-on coordination to ensure alignment across IT. And, at the same time, the IT operating environment of an organization contains the emergency governance principles and responsibilities defined within the overall structure and the IT Governance Framework.

For many companies, ensuring business continuity is centered around:

  • People (customers and staff): making sure they understand what is happening, how they might be impacted, and what is being done to resolve the difficulties; and
  • Process and Technology (existing and new): extending or automating existing processes to support a wider scope; introducing new, often tool-based, capabilities to support different ways of conducting business; or building in new capacities to support higher or distributed workloads.

Implement the Stabilize step

A strong response by organizational leadership can help drive confidence in employees, clients, and partners.  People are what make businesses work, so a strong focus on the people-first principle is critical. While good IT Governance can connect functions and lines of businesses and support the initial focus areas, it is expected that most organizations today have bridged the gap and have secured for IT a “seat at the table” to align to business priorities. In these cases, adjustments to governance structures are not required. The principle of executing on decision frameworks together is already in play.

Given a strong relationship between IT and the business, risk and impact mitigations need to be tailored to the specific crisis. In the case of the current pandemic, we have observed some best practices in the following governance-supported approaches:

  • Temporary IT Governance structures when needed:

- Centralize key communication and decisions, but only what is necessary to support the crisis response; most IT Governance should not be changed. This will help to achieve stability, fast. Try to confirm “business as usual” where possible. Be sensitive to local needs; empower local leadership.

- Define who is needed to address the critical areas of your business; define the areas that have the greatest value for your customers and for the continued existence of the organization. 

- You should already be highly aligned with the business. Assign a key member of the IT staff to the largely independent, vertical lines-of-business, providing authorities based on common objectives. Ensure that final decisions are communicated to the business segments and brought back to the crisis committee to secure alignment across the organization.

  • Communicate! Communicate! Communicate!

- Provide work-from-home guidelines and productivity tools.

- Support interactive portals for FAQs, postponement of expected services, and remote help desks, as well as platforms for online courses, parliamentary debate and voting sessions, and startup businesses. The scale and diversity of communication channels to support remote interaction are essential factors in success.

  • Security first!

- The safety of your employees, clients and partners has the highest priority.

- Provide security at all levels, including protection for remote interactions to counter the increase in cyberattacks.

- Increase remote monitoring to guard against physical attacks.

  • Facilities and infrastructure

- Determine how to maintain physical environments safely and within regulations.

- Provide sufficient spare parts, remote diagnostics and streamed demonstration videos.

- Improve tiered network bandwidth capacities to separately support heavy usage of voice, video and data.

- Protect core systems’ availability by offloading less critical systems to public clouds or third parties.

  • Service management

- Facilitate contacts to agents to supplement automated channels faster.

- Consider extending support capabilities to areas that are often not considered in-scope.

Now, at least you can embark on the road to managing the moment and protecting the future.

After the first wave of emergency actions, new routines emerge, creating a semblance of stabilization. There is time for field assessment and adjustments to be made to improve on the initial prioritization. Review policies and procedures to make sure they are adequate to deal with confusing fluidity. Never be afraid to change course if warranted by unexpected conditions or results.

This may be a chaotic time, but it is rich with creative opportunity. It’s a time of re-orientation and redefinition, sustained by establishing temporary systems that give structure and strength when people are likely to feel lost and confused and processes are continually changing.

Give people information, and do it over and over again. During this period, individuals will be assigned roles unrelated to their regular areas of expertise. Information flows help people manage uncertainty and ambiguity and focus on the immediate. Information needs to be complete, respectful and forthright; include the “why” along with the “what” when giving directions.

Giving reasonable, tangible information builds trust, and trust results in people doing what is needed. Without enough communication, people will continue down an accustomed path rather than focusing on less familiar, but more critical, activities. With the redirecting of teams in the aftermath of first actions, some will continue business as usual, while others will be in hiatus and eligible to be redirected to reinforce new group configurations and/or overwhelmed teams.

Pivot to the Bridge to the New Normal

Next, start to pivot to the second phase of the model. If there is a proven and sustained ability to support a minimum viable operating model with the steps above, the time is right to move across the chasm to the model and begin to look for opportunities to redefine the future. Establish a parallel response team while the IT team assigned to the crisis committee continues the work of responding to daily changes in conditions. A second, initially smaller, team needs to begin looking toward the future point when the crisis is contained and the enterprise anticipates returning to “normal.” Skill sets of the individuals chosen for this assignment should include long-range planning, advanced analytical skills around processes, knowledge of behavioral sciences, and the ability to see where opportunity can arise out of disaster.

Define what is over and what isn’t; expect and accept the need to grieve the sense of loss that comes with a crisis. Coming out of a major disruption enables new perspectives and creates new demand, which can present prospects that might not previously have been conceived. The ideas of the past, which people are likely to idealize, were themselves a snapshot in time – and the product of change. Previously held ways and beliefs can be released and space made for the new. Encourage the sharing of insights and new thoughts or revelations, and leverage what can be applied to the benefit of the organization.

As a catalyst for a new plan, the traumatic nature of the “unthinkable” event means that planning for the new normal must go beyond the practical and situational elements to include the vision of the new identity – for both the enterprise and the IT organization. Leverage learnings gathered during the preliminary actions; factor in changes to values and subsequent changes in objectives resulting from the impact of the crisis. Capitalize on new opportunities to actualize the vision and anchor the new direction.


This discussion focused on step 3, Stabilize, of HPE’s Nine Steps to the New Normal model. When you’ve arrived at a stabilized new state – the new normal – and attempt to return to business as usual, you need to consolidate your learnings from the past period of disruption. Your next step will be to incorporate the knowledge gained from any new temporary governance councils and response teams into new business continuity (BC) and disaster recovery (DR) plans, as well as ongoing IT Governance process improvements.

Take advantage of the opportunity that comes with the crisis: The new normal helps you accelerate your digital transformation(s). Don’t wait too long!

Learn more about how HPE can help you accelerate your recovery and transformation.

Bertram Stahl
Hybrid IT Strategic Transformation Practice Lead
Hewlett Packard Enterprise


0 Kudos
About the Author


I lead HPE's Global Practice of Strategic Transformations, Governance and Process, within the Hybrid IT Practice. I focus on complex IT Transformations, using industry-leading frameworks and methodologies to aggregate solutions, and leading customers ultimately to hybrid IT optimum service delivery models.