Cover your arse (or ass for those in North America, although why you cover donkeys I don't know) or CYA is one of the most crippling inhibitors to change in any organisation. Often dressed up in the weasel words of "considering all the possibilities" it is all about making any job seem so much bigger than it actually is.
IT, in particular Enterprise Architecture and IT operations, can be the major creators of CYA within a project or organisation. Asking people to consider every potential outcome, and embarking on long studies to consider the full long term impacts on the Albanian watch industry of that SAP upgrade or application to support the marketing campaign.
These people delight in the "what if" scenario and fight back against suggestions like "There aren't even 10 billion people on the planet" by accusing the rationalists of being unprofessional and just trying to get things out the door without the proper controls.
You can tell organisations that suffer from this problem because they tend to be burdened down with paper, paper that is very rarely read even once after being written. Projects have to complete lots of different assessments and studies to get anything working, all due to the fear that if something does go wrong that it will bounce back. Because after all if you do all the paperwork and still produce a crappy system at least you can prove you did the bad work according to the process.
During projects this comes down to project managers asking for daily status reports, Enterprise Architects asking for "justification documents" on technical decisions that make you think about "how will this work in 5 years time" while operations ask for a full set of documentation, training courses, security audits, penetration tests and the like before you can even speak to them.
Now some people will howl "but you do need to think about these things" and to that I say "sometimes you do, sometimes you don't" and there in is the problem. IT organisations rarely think about what is appropriate for the job being done. In the same way as IT sets up projects to be rubbish in support so the CYA culture makes sure that everything moves at the same snails pace.
What is the solution? Well in part its about more formalism around specifications so you can get rid of all of these reports because you can say "look the SLA on the service says 99.99 availability and here is the test suite for it" and "look the Security Policy says that all Albanian Watch sellers are banned from using this". This increase in formalism means a decrease in the amount of documentation required because these elements can be used to enforce the boundaries of the service and highlight when those boundaries are in danger of being breached.
The other part is for IT people to be more professional, so not producing crap software and projects, not having documentation so poor that support can't use it and not continually releasing things that don't scale to the market. The CYA crowd also needs to become more proactive in determining what success is for a given element and then applying the right set of principles and audit to that solution rather than a blanket one size fits all.
Formalism and Professionalism, is it too much to ask?