Dear Bob ...Our parent company is consolidating IT functions and recently transferred all of our IT staff under the corporate umbrella. Except a few of us who have been left behind, such as security, DR and change control. My director says we still report locally so we can "keep control" and that I need to figure out how to make this work. Any ideas on how we can be effective in managing our local IT support whe Dear Bob …Our parent company is consolidating IT functions and recently transferred all of our IT staff under the corporate umbrella. Except a few of us who have been left behind, such as security, DR and change control. My director says we still report locally so we can “keep control” and that I need to figure out how to make this work. Any ideas on how we can be effective in managing our local IT support when we are organizational orphans? Or do I need to get the résumé out?– Oliver Dear Mr. Dickens …There’s a general question here, and some specifics. First the general:How are you supposed to be effective in a decentralized situation like this? My general-purpose, one-size-fits-all solution to the question is to use your authority where you have it and your ability to influence and persuade where you don’t. That is, of course, oversimplified: Having authority doesn’t mean using it is always a good idea. Usually, you’re still better off persuading, even if you do have the organizational power to say, “Because I said so, that’s why.”The other half always applies – just because you don’t report to corporate IT doesn’t mean you can only communicate with it through service requests. Identify everyone in corporate who has the potential for being either a bottleneck or facilitator and build strong relationships so they usually decide that facilitating is what they prefer to do.It’s the specific questions that puzzle me. Decentralizing the implementation of security makes sense to me. Even localizing some aspects of security policy makes sense, because security policy isn’t a one-size-fits-all proposition. Security policy is all about establishing the proper balance point between mitigating risk and being able to pursue opportunities that require it. Large corporations aren’t homogeneous, which means different business units or divisions might easily have different risk profiles.Decentralized disaster recovery also makes sense: A division in California needs to plan for earthquakes and brush fires; one in Minnesota must plan for blizzards and floods. Different risks, different plans.It’s change control that puzzles me. Since you didn’t tell me that either application support or operations has remained decentralized, and since change control is the conduit that connects the two, I’m at a bit of a loss as to how that’s supposed to work. Luckily, I don’t have to know. You do … so ask, through those relationships you’re going to build. All you really need here is to know the procedure and you’re good to go. In the end, what’s important is that you change your metaphor. You aren’t an orphan. Orphans have no parents and have to scrounge food off the streets. Also, they’re kids.You’re in a different situation: You’re simply living in a different part of town.– Bob Technology Industry