How resilient are IT organizations toward emergencies such as COVID-19?
Today, many IT organizations grapple with contradictory goals within their departments. Historically, IT was organized to provide stability, to keep systems running and to develop a well-aligned enterprise architecture. These goals typically engendered a conservative culture. However, as businesses undergo digitalization of their channels, transactions, and business processes, IT organizations have adopted new goals to drive innovation, understand business requirements, and respond to incidents in an agile manner. Incorporating these new goals demand shifts in IT organizations and culture. They can even lead to new or separate IT organizations within the same business.
The importance of being agile to emergency situations has increased over the last decade. Cybersecurity is now essential to securing all businesses, and the Corona pandemic has shown the challenge of keeping systems up and running when a vast majority of employees are working from home globally. Being able to quickly and efficiently respond in an agile manner to unforeseen incidents has become one of the key responsibilities of IT. But, how can traditional IT respond with agility to crisis and change? Are businesses structured to efficiently manage these threats? What questions should IT managers be asking to assess their readiness?
Traditional versus fast-response IT
A recent paper published by KIN Center for Digital Innovation’s, Bart van den Hooff, with co-authors, Julia Kotlarsky, and Leonie Geerts, examined the differences between traditional versus fast-response IT organizations.
- Traditional IT organization (hereafter traditional IT): A generally centralized IT organization aimed at maintaining stability and business-as-usual operations.
- Fast-response IT organization (hereafter fast-response IT): An IT support function that operates under conditions of high uncertainty, where quick and accurate decision making, with little to no margin for errors, are vital.
The paper is based on a field study conducted at a European Ministry of Defence comparing two internal IT organizations representing both types of IT organizations. The bureaucratic organization, responsible for the IT infrastructure and keeping systems running, represents traditional IT. The military facing organization, responsible for mission support in the field, represents fast-response IT. Though both are housed within the Ministry of Defence, these are two very different IT organizations.
Emergency situations: ad hoc improvisation versus more formalization
The case showed that traditional IT was unprepared for emergency situations. In such situations, formal procedures broke down, and actors improvised to restore order. Without sufficient anticipatory capacities in place, employees tended to do “panic work” – unstructured, informal activities to bring the incident under control.
In contrast, the fast-response IT got more formalized in emergency situations. Standardized procedures were invoked to resolve emergencies quickly and efficiently. Hierarchy and clear division of tasks and procedures became even more important.
Thus, in emergency situations, the traditional IT organization tends to drop all formal, normal procedures, while the fast-response IT organization tightens its formal procedures leading to a structured and efficient way of dealing with emergencies.
In emergency situations, traditional IT tended toward doing ad hoc, “panic work” (left). Fast-response IT got more formalized and leaned on hierarchy to efficiently deal with emergencies.
Three takeaways for IT managers
The pressure on modern IT departments has increased over the last decade. The role of IT has become central to be able to efficiently handle emergency situations in business. How can your business effectively prepare for incidents? What formal procedures can you put in place to rely on during incidents? Knowing that improvisation is likely needed, how can prepare your organization to avoid “panic work”? This study suggests three key takeaways for IT managers:
- Anticipate: Prepare for and prevent “panic work”
What can you do to prepare for and prevent panic work? Tightening ranks in emergency situations may work for other organizations beyond the military, but the optimal approach will be unique for each business. Make clear what the formal procedures will be during incidents to prevent “panic work”.
- Empower: Clarify who is in control and empower them
In an emergency situation, who are the key decision makers of your IT organization? And how can you empower them? The hierarchy of the military clarified who the decision makers were to enable quick and efficient handling.
- Educate: Understanding the core business is key
What parts of your company’s core business are essential to understand regarding potential threats? In the fast-response IT case, employees had served in the field. Thus, it was a no-brainer that a single broken-down computer in a war-zone had priority over ten-thousand affected computers elsewhere. IT employees might be far from the core business, but this knowledge can be essential to effectively handle IT issues.
Take a critical stance: assess your own organization
This case points to a larger discussion on how IT can be structured to respond to constant change, threats, and conflicting goals (i.e. stability vs agility). There is no consensus or silver bullet. However, an important takeaway is that IT organizations need to learn how to combine existing and new goals into their portfolio. IT managers should take a critical stance toward the organizational structure, culture, and contexts in which they operate and the impact on their portfolio.
Want to learn more?
Join our business network. Business network members have access to our masterclasses including Bart van den Hooff and Linda Kester’s course, Strategic Decision Making and Organizational Design – Learn how to Execute your Strategy: do IT right!