The events of 2020 forced IT teams to respond fast. Remote work, cloud-first decisions, and urgent digital transformation took center stage. While many rose to the challenge, the resulting IT landscape often resembles a patchwork of solutions held together by duct tape. In November 2020, organizations must begin the shift from tactical responses to strategic alignment. It’s time to revisit IT governance with fresh eyes—and clean up the mess.
During lockdowns, organizations launched new services, migrated workloads, and stood up cloud-based access with incredible speed. That agility saved operations—but often left controls, compliance, and standardization behind. We now need to review what was deployed, what risks were accepted, and what remains undocumented or unsupported.
IT governance defines how decisions are made, priorities set, and risks managed. If your frameworks haven’t evolved since early 2020, they likely no longer reflect current operations. Revisit foundational areas like:
The IT steering committee (if one exists) may have become dormant during crisis response. Now is the time to reactivate or establish one. This group ensures alignment between IT investments and business goals, monitors risk, and makes priority decisions transparent. If governance feels missing, unclear, or driven by shadow IT, the steering committee must take the lead in reasserting control.
Shadow IT flourished during lockdowns. Teams found and implemented tools on their own—many of which stuck. While not all shadow IT is bad, governance teams must now evaluate which tools should be standardized, which should be deprecated, and which require formal onboarding. This includes security assessments, data lifecycle policies, and integration planning.
In the rush to adapt, documentation often fell behind. Configuration drift, ad hoc decisions, and verbal-only protocols create long-term risk. Begin a formal initiative to document architecture, access, recovery plans, third-party integrations, and SLAs. This step is non-negotiable for risk management, especially for regulated industries.
What risks were accepted during the emergency phase? Do those decisions still make sense? Re-evaluate temporary access exceptions, self-managed security configurations, and user autonomy. Restore principle-of-least-privilege. Centralize logging and monitoring. Re-engage internal audit functions where needed.
Governance thrives on measurement. Use data from service usage, incident reports, ticketing trends, and employee feedback to guide priorities. Let metrics drive decisions on what to fix, what to keep, and what to upgrade. Dashboards and visual reporting make this process transparent and actionable.
Don’t try to fix everything at once. Build a governance roadmap that spans the next 6 to 12 months, with clearly defined milestones, stakeholder engagement, and KPIs. Include technical, procedural, and cultural aspects of governance. Communicate progress and celebrate wins.
Effective governance isn’t a solo effort. It requires buy-in across leadership, finance, legal, HR, and end-user teams. Ensure IT governance is embedded in broader corporate governance and risk frameworks. Outsourced IT providers should align with the same standards. Create sustainable structures, not one-time fixes.
Eduardo Wnorowski is a Technologist and Director at Virtus Group Ltd.
With over 25 years of experience in IT and consulting, he brings deep expertise in networking, security, infrastructure, and transformation.
Eduardo helps New Zealand businesses navigate change with clarity, security, and trust.
🔗 Connect on LinkedIn