Blog

enterprise-architecture

Behavioral Analysis Ideas for IT Governance

two monkeys on a roof

One thing that the UK government has managed to do quite well in recent years is introduce innovation into its operations – for example, it's recognized by the UN as the world leader in e-government. One interesting initiative that the UK government has introduced is the use of behavioral analysis – using reinforcement and influencing techniques to improve compliance with government goals. For example, people renewing car tax online were asked if they would accept an organ donation, and then whether they'd sign up to be a donor – this added 100,000 donors a year to the register.

Now, there are a number of techniques that are employed in behavioral analysis (or, as it is commonly known, ‘nudge therapy’), so before I talk about how to apply the ideas of BA, it’s worthwhile to explain the ones that I’ll be using for this article. They are:

Authority – people are social animals, and will naturally follow a group leader. If a perceived leader in the group is doing something, this legitimizes it. So, by providing examples of companies or departments that are perceived as leaders in the space who perform an activity, the activity becomes legitimized.

Social Proof – for the same reasons, we copy the behaviors of our peers. Telling us that an activity is common amongst our peers makes us more likely to accept the activity as legitimate

Consistency – humans hate to seem inconsistent, so if you can get them to make a small commitment in a direction, it becomes much easier to get them to move further in that direction. But people are much more likely to make what they see as a small commitment, so in this regard the proverb ‘a journey of a thousand miles begins with a single step’ is very true

Make Mappings Clear – people need a clear understanding of how their choices map through to benefits. So, while this should seem obvious, it should be possible to map through from why the governance model will help the stakeholders

With this stated, let’s talk about two of the main challenges with IT governance that I think nudge therapy could help with.

Buy-in 

There is a natural problem with getting stakeholders to accept the need for IT governance in the form that it is presented.

So how can nudge analysis help with this?

  • Authority – the proposal and presentation to stakeholders should reference leading companies in the industry that have seen benefits from IT governance programs or change to programs (as appropriate).
  • Make Mappings Clear – the proposal and presentation to stakeholders absolutely must make clear how the proposed changes will benefit them. One good way to accomplish this is to set up a motivation model for the organization (ideally, the stakeholder), mapping through from drivers to objectives to requirements.

Ensure Proper Review 

The risk with review, especially with formalized criteria, is that people treat them as a formality. I remember working in a highly formalized ISO 9001 environment that produced telephone switches where one notorious architect would go down the checklist of ‘evaluate X’, ‘evaluate Y’ with “Yes, done that”, when everyone present knew that they’d done no such thing in any and relied on her experience.

So, applying the techniques listed at the start of this post, we can suggest a couple of approaches.

  • Consistency – here, the trick is that all architects naturally have concerns; in some ways, being a naysayer is one aspect of the job. So, we can assign reviewers to the project at the project start and have them list 2-3 concerns at this point.  They then have to explicitly assess that those concerns have been met in the review.
  • Authority – as with the buy-in stage, there is valuable mileage in noting the companies that have seen value from governance. However, here it should be referenced in the actual review invitation for a review. If sent manually, a provided template email could reference the leading companies that are on record as benefiting from governance. In an automated system, the automated reminder message should make the same references.