An Introduction to Soft Controls in IT Governance

A laptop is missing. Cameras show an employee leaving the building around the same time carrying “something” – one cannot say conclusively that it is the laptop. You ask the employee and they do not remember what they were carrying. Now what?

A piece of code has a “bomb” in it that would’ve wiped out hard drives from all the servers in the data center. The code is traced back to a single computer. The employee who owns that computer denies planting this bomb. Now what?
Leaders face such dilemmas almost daily. Governance is not easy but it is even more difficult if we focus too much on the “science” or the “hard facts” or “controls.” This is where “behavioral” or “soft controls” come in.
The “art” of IT Governance requires that you ask yourself the following:
  1. Why do people behave as they do?
    1. Why do people work hard? Why do some others slack off?
    2. Does one team member respond well to a pay increase whereas another to being placed on an “important” project?
    3. What has this got to do with “governance?”
  2. How can I effectively predict future behavior?
    1. Can you see the “bomb” before it is planted?
    2. Can you stop the laptop from walking out the door?
  3. How can I direct, change and control behavior?
This presentation is about “soft” controls. What are soft controls? Why are soft controls important? What makes soft controls so difficult to implement? How to create a business case for soft controls?

Good Read!


Documents are in common file formats such as Microsoft Word (doc), Powerpoint (ppt), Excel (xls,csv,xlsx), and Adobe pdf. 1

Leave a Reply