What are some signs that indicate the IT operating model isn't well-defined, even if the org chart looks perfect?

Operating model can be an ambiguous term, like "strategy." I tend to use the Ashridge Model (Operating Model Canvas) and their POLISM acronym (process/value stream, organization, locations, Information Technologies, Suppliers inclusive of "Shadow IT", and Management System). The most telling sign across all dimensions is when business stakeholders consistently express that they, 'don't understand what IT does, how long things take, or why certain decisions are made?' This indicates the operating model lacks the transparency and business alignment necessary for effective technology leadership. When developing hypotheses with clients, I generally use this checklist developed over the years: 

Process (P) Red Flags:

* IT work requests disappear into black holes with no visibility into status or progress
* Multiple teams are solving the same problems independently without coordination
* Service delivery timelines vary wildly for similar requests with no clear explanation
* End-users routinely bypass IT processes, creating their own workarounds
* No standardized approach exists for common activities like software deployment or incident response

Organization (O) Warning Signs:

* Role clarity issues where team members frequently ask "whose job is this?"
* Skills gaps persist because no one owns talent development or succession planning
* Decision-making authority is unclear, leading to delays or conflicting directions
* Teams operate in silos without understanding how their work connects to broader outcomes
* High performers leave citing frustration with unclear expectations or career paths

Locations (L) Indicators:

* Remote and on-site teams have different capabilities or service levels
* Physical and virtual infrastructure decisions are made reactively rather than strategically
* Disaster recovery and business continuity plans are outdated or untested
* Asset utilization varies dramatically across locations without justification

Information (I) Problems:

* Data exists in multiple systems with no single source of truth
* Reporting is manual, inconsistent, or requires significant effort to generate
* Integration between systems is handled through one-off solutions rather than architectural standards
* Information security policies exist on paper but aren't systematically enforced

Suppliers (S) Issues:

* Shadow IT proliferates because official IT and/or vendor relationships don't meet business needs
* Contract management is ad hoc, leading to unexpected renewals or budget overruns
* Vendor performance isn't systematically measured or managed
* Strategic technology partnerships lack clear governance or value realization tracking

Management Systems (M) Deficiencies:

* IT budgeting is purely historical rather than tied to business strategy or outcomes
* Performance metrics do not really exist, lack connection with stakeholders, and/or focus on activity rather than business value delivery
* Technology decisions are made without architectural review or standards compliance
* Risk management is reactive rather than proactive and integrated into planning

Now for the linking thread = Governance and Technology Architecture:
Governance as the Foundation of Management Systems:

- Decision Rights: Who has authority to make what technology decisions at what levels
- Oversight Structures: IT steering committees, architecture review boards, and portfolio management processes
- Policy Framework: Technology standards, security policies, and compliance requirements
- Risk Management: How technology risks are identified, assessed, and mitigated
-  Performance Accountability: How IT performance is measured, reported, and acted upon

However, governance threads through every POLISM element:
-Process (P): Governance defines how processes are approved, standardized, and continuously improved
-Organization (O): Governance establishes roles, responsibilities, and accountability structures - essentially the "rules of engagement" for how the organization operates
-Locations (L): Governance provides the framework for site standards, asset management, and infrastructure decisions
-Information (I): Data governance, information security governance, and system integration standards
-Suppliers (S): Vendor governance including procurement processes, contract management, and third-party risk management

Poor governance manifests as:

* Inconsistent decision-making across similar situations
* Lack of clear escalation paths when issues arise
* Technology investments that don't align with business strategy
* Reactive rather than proactive management of technology risks
* Inability to demonstrate IT value to business stakeholders

In essence, governance is the connective tissue that ensures all POLISM elements work cohesively toward common objectives. Without strong governance, even well-designed processes and organizational structures will fail to deliver consistent business value.

Here are some key indicators I would look for.

Siloed Operations and Lack of Collaboration: Despite a structured org chart, teams operate in isolation, leading to duplicated efforts, redundant systems, and information hoarding. Work gets "thrown over the wall" between departments without a clear understanding of upstream or downstream impacts.

Ambiguity in Accountability: It's unclear who owns specific processes, decisions, or outcomes, leading to "finger-pointing" when things go wrong and slow decision-making as people seek multiple approvals.

"Shadow IT": Business units procure or develop their own IT solutions because the central IT function is perceived as too slow, unresponsive, or unable to meet their specific needs. This indicates a disconnect in how IT delivers value to the business.

Over-reliance on Heroics: Success often depends on individual "heroes" who step outside formal processes to get things done, rather than repeatable, systemic approaches.  Heroes might seem like a good thing but in reality if you need them to survive you have major problems.

Lack of Shared Context: Employees don't understand the "why" behind their work or how it connects to the broader organizational purpose and outcomes.

In essence, while an org chart shows who reports to whom, a well-defined operating model explains how the organization fundamentally works to achieve its goals, detailing processes, governance, technology, and culture. When these underlying elements are fuzzy, the perfect lines on an org chart become meaningless in practice.

In addition to what has been covered here, I offer:

- role conflicts within IT, across the organization
- inefficient decision-making
- lack of coherent governance and mechanisms to facilitate coordination
- immature internal processes (not just ITSM or security)
- internal silos and lack of meaningful internal collaboration
- missing an inventory of current and desired skill sets in IT; reactive hiring

A polished org chart can give a false sense of clarity — but when the IT operating model isn’t well-defined, you see it in the day-to-day. For me, the signs are clear: inconsistent decision-making, unclear ownership of cross-functional initiatives, gaps between strategy and execution, and too much reliance on “hero culture” rather than structured processes. Another red flag is when teams are constantly firefighting or when business partners express frustration about lack of transparency or agility. Ultimately, if roles, responsibilities, workflows, and governance mechanisms aren’t explicitly aligned with the organization's strategic goals, even the best org chart won’t deliver value.

Usually overlap of functions or some functions without responsible. When your metrics (SLAs) looks good but you still get a lot of escalations about simple tickets...