Using Lessons from the COVID-19 Crisis to Move from Traditional to Adaptive IT Governance
Heiko Gewald, Heinz-Theo Wagner
This study analyzes how IT governance structures in nine international companies, particularly in regulated industries, were adapted during the COVID-19 crisis. It investigates the shift from rigid, formal governance to more flexible, relational models that enabled rapid decision-making. The paper provides recommendations on how to integrate these crisis-mode efficiencies to create a more adaptive IT governance system for post-crisis operations.
Problem
Traditional IT governance systems are often slow, bureaucratic, and focused on control and risk avoidance, which makes them ineffective during a crisis requiring speed and flexibility. The COVID-19 pandemic exposed this weakness, as companies found their existing processes were too rigid to handle the sudden need for digital transformation and remote work. The study addresses how organizations can evolve their governance to be more agile without sacrificing regulatory compliance.
Outcome
- Companies successfully adapted during the crisis by adopting leaner decision-making structures with fewer participants. - The influence of IT experts in decision-making increased significantly, shifting the focus from risk-avoidance to finding the best functional solutions. - Formal controls were complemented or replaced by relational governance based on social interaction, trust, and collaboration, which proved to be more efficient. - The paper recommends permanently adopting these changes to create an 'adaptive IT governance' system that balances flexibility with compliance, ultimately delivering more business value.
Host: Welcome to A.I.S. Insights, the podcast at the intersection of business and technology, powered by Living Knowledge. I’m your host, Anna Ivy Summers. Host: Today, we're looking at a fascinating question that emerged from the chaos of the recent global crisis: How did companies manage to pivot so fast, and what can we learn from it? Host: We’re diving into a study from MIS Quarterly Executive titled, "Using Lessons from the COVID-19 Crisis to Move from Traditional to Adaptive IT Governance." With me is our expert analyst, Alex Ian Sutherland. Alex, welcome. Expert: Great to be here, Anna. Host: To start, this study analyzed how major international companies, especially in regulated fields, adapted their IT governance during the pandemic. It’s about moving from rigid rules to more flexible, relationship-based models that allowed them to act fast. Host: So Alex, let's set the stage. What was the big problem with IT governance that the pandemic put under a microscope? Expert: The core problem was that traditional IT governance had become slow, bureaucratic, and obsessed with avoiding risk. Think of huge committees, endless meetings, and layers of approvals for even minor IT decisions. Host: A process designed for stability, not speed. Expert: Exactly. One CIO from a global bank in the study said, “We are way too slow in making decisions, specifically when it comes to IT decisions.” These systems were built to satisfy regulators and protect managers from liability, not to create business value or respond to a crisis. Host: And then a crisis hit that demanded exactly that: speed and flexibility. Expert: Right. Suddenly, the entire workforce needed to go remote, which was a massive IT challenge. The old, slow governance models were a roadblock. The study found that another CIO sarcastically described his pre-crisis committees as having "ten lawyers for every IT member." That kind of structure just couldn't work. Host: So how did the researchers get inside these companies to understand what changed? Expert: They conducted in-depth interviews with CIOs and business managers from nine large international companies in sectors like banking, auditing, and insurance. They did this at two key moments: once in mid-2020, in the thick of the crisis, and again at the end of 2021 as things were returning to a new normal. Host: That gives a great before-and-after picture. So, what were the key findings? What actually happened inside these organizations? Expert: Three big things stood out. First, companies created leaner decision-making structures. The slow, multi-layered committees were replaced by small, empowered crisis teams, often called Disaster Response Groups or DRGs. Host: Fewer cooks in the kitchen. Expert: Precisely. One bank restricted its DRG to a core team of just five managers. They adopted what the CIO called a "'one meeting per decision' routine." This allowed them to make critical choices about things like video conferencing and VPN technology in hours, not months. Host: A radical change. What was the second key finding? Expert: The influence of IT experts shot up. In the old model, their voices were often diluted. During the crisis, IT leaders were central to the decision-making groups. The focus shifted from "what is the least risky option?" to "what is the best functional solution to keep the business running?" Host: So the people who actually understood the technology were empowered to solve the problem. Expert: Yes. As one CIO from an auditing firm put it, "It was classic business/IT alignment. The business described the problem and we, the IT department, provided the best solution." Host: And the third major finding? Expert: This is perhaps the most interesting. Formal controls were replaced by what the study calls 'relational governance'. Instead of relying on thick binders of rules, teams started relying on social interaction, trust, and collaboration. Host: It became more about people and relationships. Expert: Exactly. A CIO from a financial services firm said, “We do not exchange lengthy documents anymore; instead, we actually talk to each other.” This trust-based approach proved to be far more efficient and flexible than the rigid, control-focused systems they had before. Host: This is the crucial part for our listeners, Alex. How can businesses apply these crisis-mode lessons now, without a crisis forcing their hand? What’s the big takeaway? Expert: The main takeaway is that companies shouldn't just go back to the old way of doing things. They have a golden opportunity to build what the study calls an 'adaptive IT governance' system. Host: And what does that look like in practice? Expert: First, make those lean decision-making structures permanent. Keep committees small, focused, and empowered. Strive for that "one meeting per decision" mindset. Second, permanently increase the influence of your IT experts. Ensure they are at the table and have real decision-making power, not just an advisory role. Host: So it’s about institutionalizing the speed and expertise you discovered during the crisis. Expert: Right. And finally, it's about striking a new balance between formal rules and relational trust. You still need rules, especially in regulated industries, but you can reduce them to a necessary minimum and complement them with governance based on collaboration and mutual trust. It’s less about top-down control and more about shared goals. Host: So it’s not about throwing out the rulebook, but about creating a smarter, more flexible one that allows you to be agile while still being compliant. Expert: That's the core message. The crisis proved that this approach delivers better results, faster. Now is the time to make it the new standard. Host: A powerful lesson indeed. To summarize for our audience: the pandemic forced companies to abandon slow, risk-averse IT governance. The keys to their success were leaner decision-making, empowering IT experts, and shifting from rigid rules to trust-based collaboration. The challenge now is to make those changes permanent to create a more adaptive and value-driven organization. Host: Alex Ian Sutherland, thank you so much for breaking this down for us. Expert: My pleasure, Anna. Host: And thank you for listening to A.I.S. Insights, powered by Living Knowledge. Join us next time as we continue to explore the ideas shaping the future of business.
