“It is illegal to take more than three sips of beer at a time while standing.”
“Resolved by the House of Representatives, the Senate concurring, that it adopt the Bluebonnet song as the State Flower Song.”
I live in Texas. I was born and raised in Fort Worth. The three quotes above are actual laws on the books in Texas. While Texas sometimes gets a bad wrap, most legal jurisdictions have antiquated or unenforceable laws like these on the books.
Governance is the aspect of an organization that defines, communicates, and enforces its equivalent of “laws”: policies. Policies are the boundaries that an organization defines to guide how it behaves, operates, and conducts business.
Governance can be complicated by many things, including politics, lack of leadership, and lack of communication. However, one of the most challenging aspects of governance is having policies and rules that are actually worth enforcing.
As in the examples above, when a law doesn’t make sense or isn’t worth enforcing, people will ignore it. The same thing affects IT organizations when they attempt to govern their activities: governance that is complicated by bizarre, extreme, or otherwise unenforced rules.
For example, one organization that I’m aware of has an incident management process supported by an incident management tool. Like most organizations in a similar situation, they categorize incidents, and they have a policy that all incidents should be categorized in a specific technical area. In this particular organization, they have historically focused on reporting incidents rather than providing quick resolution, and they have around 800 distinct categories in their incident management system. As if that’s not enough, each category has two or three subcategories for extra-specific reporting of incident activity.
Because such an extreme use of categorization is unmanageable, this organization also has a “miscellaneous” and an “other” category. Rather than spend the time to sort through all the categories when opening a ticket, the service desk staff simply selects “other” for most incidents. They do this in the interest of time, and because they know that no one cares about categorization.
When all incidents are categorized as “miscellaneous” or “other”, basically nothing is being categorized. This organization would be better off turning off categorization in their tool, and it would save them from having to keep all of their categories up to date, which they also don’t do.
This situation emanates from a lack of effective governance. At some point, someone in the organization decided that categorization was important and implemented a policy around it that was unenforceable because of how they’d configured categorization in the organization.
People don’t follow unenforceable rules such as this that, if followed, would result in longer duration incidents. Organizations should regularly investigate whether their current rules, policies, and boundaries make sense. When they don’t make sense, it’s probably time to improve them.