Why Every Organisation Struggles with Structuring IT and Data Teams - and What to Do About It

It doesn’t matter whether your organisation has 50 staff or 5,000 - almost every leadership team we’ve worked with wrestles with the same challenge: “Where should our IT and data functions sit?”

The question keeps coming up because the answer keeps changing. In 2025, the lines between technology, governance, data, and strategy have blurred - and organisations of all shapes and sizes are starting to feel it. IT and data are no longer just support roles tucked away in operations. They now drive decisions, service delivery, legal compliance, workforce efficiency, and even reputational risk.

That means the way we structure, resource and govern them needs to change too.

This post unpacks why traditional structures are struggling to keep up and what’s working for organisations that are getting it right.

IT and Data Aren’t “Support Functions” Anymore — They’re Strategic Enablers

IT used to mean “infrastructure”; hardware, servers, and support tickets. Today, it means:

• Managing the governance of AI tools like ChatGPT, Claude, or Copilot.

• Safeguarding sensitive datasets from re-identification and misuse.

• Enabling cross-functional workflows that cut across HR, legal, finance, and service delivery.

• Supporting data-informed strategy - not just reporting, but real-time insights, scenario modelling, and accountability.

• Setting controls and protections for data assets by embedding privacy, security and ethical controls within technology and processes.

  
  

No single department owns all this.

Which is why we see different structural approaches across the organisations we support:

• Under the CFO: For those focused on cost, procurement, and compliance.

• Under the COO or CRO: For those treating IT and data as operational resilience tools.

• With a Chief Technology Officer (CTO): To oversee systems integration, architecture, and tech strategy.

• With a Chief Data Officer (CDO): To lead data governance, privacy, analytics, and sharing frameworks.

• Embedded across teams: With central alignment through steering groups or governance hubs.

  
  

Each model can work - but only when it’s backed by four strategic foundations.

1. They Appoint Translators - Not Just Technicians

Modern IT and data strategy leaders don’t just fix broken systems. They bridge them - between technical realities, legal constraints, commercial value, and strategic goals.

Successful organisations appoint a senior executive role who can translate across domains. These individuals act as a translator and advocate between IT, legal, strategy, and delivery teams. They understand what’s hard about technology - but also how it must serve real-world business, cultural, and legal priorities. These individuals combine three disparate skill sets:

• Deep technical and data governance credibility

• Strategic fluency - understanding real-world decisions, budgets, and trade-offs

• Legal and ethical awareness - knowing where risks lie and how to manage them

In short: they get that “it should be simple” — but also know why it’s not.

Whether that role is called CTO, CDO, Head of Digital Infrastructure and Assets or something else, their value lies in seeing both the technical and strategic view, and helping the executive team prioritise accordingly. The most effective leaders we've met know that technology is never just a “tools” issue - it’s a people, context, and judgment issue too.

2. They Budget for Tooling as a Shared, Strategic Investment

Modern tooling doesn’t belong to one team - it serves many for example, a reporting dashboard might help HR, Finance, Risk, and Services teams or a workflow automation tool might reduce compliance risk and save operational time.

Yet all too often, we see teams blocked by siloed budgets, duplicate tools, or stalled investments. Successful organisations acknowledge that tooling should never be the burden of one team.  

That’s why high-performing organisations:

• Treat tooling as a shared, strategic investment

• Create a dedicated cross-functional budget

• Plan jointly across the teams who benefit

They also gain something crucial: clarity on their source of truth. With a strategic centralised approach to tooling, teams know where to find the latest data, systems and integrated and not duplicated and leaders have greater visibility across workflows, risks and results. 

But the real differentiator? Strategic tooling investments are aligned to revenue objectives and operational outcomes. That means:

• Reporting tools aren’t just built for compliance - they support growth, funding, and performance narratives

• AI or automation isn’t deployed just for novelty - it's linked to cost savings, service efficiency, or community value

• Core systems are selected and scaled with long-term business strategy in mind, not just departmental needs

3. They Design for Deliberate Alignment - Not Just Communication

Most organisations don’t suffer from a lack of meetings - they suffer from a lack of designed alignment. It’s not enough to say, “IT should work with Risk,” or “Legal should be involved in procurement.” The organisations that succeed don’t leave collaboration to change, they create structures and rituals that ensure alignment across teams from the start.

What does that look like:

• Joint planning cycles that bring together Business, Strategy, Risk, IT, Governance, and Service Delivery teams - so digital priorities and risk tolerances are shaped together

• Shared KPIs and performance metrics that align incentives across IT, Data, Risk, Transformation, and Business Functions - reducing misalignment and duplication

• Cross-functional RASCI charts that define who is responsible for what across strategy, business, IT, governance and risk teams

• Digital Governance Committees or cross-functional working groups that meet regularly to oversee shared technology, AI, and data issues, alternatively you can also use cross-team reporting lines

• A shared risk register that connects key projects, systems, and data assets to their governance, compliance, and risk owners

• Active monitoring and iterative reviews of how tools and systems are actually used in the wild — not just how they were designed to be used

High-performing organisations don't separate the people who make decisions from the people who understand the systems. Instead, they make sure those conversations happen together, early, and often. Ultimately, what matters is that collaboration is proactive not reactive, intentional not assumed and codified not improvised. 

4. They Embed Governance Into Workflow

Let’s be clear: Governance is not a policy document. It is not a checklist in a drawer, a policy on an Intranet site or onboarding training.

The most successful organisations we work with don’t treat governance as a checklist. They build it directly into the way people work - into the tools they use, the data they touch, and the decisions they make. In our work with public and private sector teams, we’ve found that the most expensive mistakes often come not from bad intentions - but from good intentions implemented without embedded governance. This often happens when governance functions like Legal, Audit & Risk, Strategy, or Policy are structurally siloed from IT, product, and data teams.

Because here is the truth: too many siloed governance teams tend to focus on just one type of governance - risk, value or compliance. But great governance serves all three at once and earns trust in the process.

Smart governance leaders understand that governance has four objectives, that often contradict: 

1. to fulfil legal obligations - not because we want to, but because the law gives us permission under specific terms.

2. to prevent harm - privacy breaches, ethical failures, and operational disasters.

3. to unlock value - faster decisions, better products, stronger marketing, operational efficiencies. 

4. to earn trust - because that’s what gives us the right to keep operating our business in the first place.

The smartest organisations are building governance directly into the way people use systems, make decisions, and manage data - without adding friction. Importantly, they are acknowledging where people are human, and supporting them. 

What does this look like in practice?

• Risk and rules are built in - automatically: When someone uploads or uses data, the system already knows: “Where did this come from?” “Is it sensitive?” “Are we allowed to use it?” The data comes with those rules attached — automatically. No one has to remember policies. The tool enforces them.

• Smart Alerts Before Risk Happens: If a team member writes an email that includes private data or sends the wrong file externally, the system nudges them or blocks it. Messages, file transfers, even AI usage can be paused or rerouted based on legal or ethical risk - before they cause a problem.

• Consistent, Clear Labelling and Lifecycle Controls: The system names, classifies, and tracks data from day one. It knows who can access it, how long it should be retained, and whether it's high quality or outdated. Retention and privacy settings aren’t just applied to the system - they’re embedded into each file, database entry, or task field.

• Every System Knows Its Job - And Its Limits: Rather than a disconnected tech stack, every platform is mapped to its legal duties, authorised use cases, and user roles. This means your AI models, dashboards, or shared folders don’t accidentally break laws - because governance is designed in.

• Real-Time Dashboards That Surface Risk - and Opportunity: You don’t have to dig through spreadsheets. Dashboards show, in real time, where a process lacks legal basis, where a tool isn’t aligned to your business goals, or where duplication is wasting time and money.

• One Rule, Flowing Through Many Systems: When you apply a rule (e.g. “delete sensitive data after 12 months”), it applies everywhere — email, files, task trackers, even AI pipelines. That makes governance seamless and scalable.

Embedded governance doesn’t slow you down. It speeds you up, by making good decisions by default. It’s what allows digital ambition to scale safely. And most importantly, it ensures that legal, ethical, and strategic guardrails aren’t afterthoughts - they’re design features. Whether your governance "anchor" is a CTO, a CDO, or a digital steering committee, the key is this: don’t build tools or collect data and hope governance catches up. Build governance into the tools and the data.

The Bottom Line

Whether your organisation has 50 people or 5,000, the principle is the same: IT and data are no longer “someone else’s job.” They are everyone’s enabler - and everyone’s risk.

The reality is that getting them right won’t look the same everywhere - and there’s no one “correct” structure.

But in every successful case we’ve seen, leadership has recognised four things:

1. IT and data are no longer support functions - they are strategic levers for value, compliance, and performance.

2. Tooling must be treated as a shared investment, aligned with business outcomes and revenue goals.

3. Alignment across legal, risk, IT, data, and delivery must be designed deliberately - not left to chance.

4. Governance must be embedded into the flow of work - not siloed or reactive, but built around clear classifications that power legal compliance, trust, risk prevention, and data value creation.

Need help designing the right structure for your organisation? We’ve worked with boards, executive teams, policy units and data leaders across sectors to do just that - and we’re always happy to share examples of what’s worked (and what hasn’t).