Scanning the Internet for External Cloud Exposures via SSL Certs
Research Paper on "Project Management and IT Governance"
1. Project Management and IT Governance
Submitted by: Prasad K. Patankar
A well-defined governance model is essential for project management to fulfill its role in
governing project management. Governance ensures clarity of purpose and sets forth
responsibilities. By exercising strict governance over the strategic direction and tactical
control of technology projects, we can maximize the business value of our technology
investments. Project technology management (PTM) principles and capabilities ensure
that technology executives maintain the same degree of control, accountability and
fiscal responsibility that is expected of projects. Some of the steps used in this process
are
1) Developing strategic and tactical governance
2) Understand government and regulatory requirements
3) Ensure that the top management has project management knowledge
4) Configuration of infrastructure for the organization
Developing strategic and tactical governance prepares an organization to address what
decisions must be made, who is responsible for making them and what process is used
to make those decisions. Enterprises should have ready answers that are ingrained and
automatic. This relates to the full range of project management governance including
investment decisions, standards, principles and target business and technology
architectures. Understanding government and regulatory requirements starts with the
compliance and risk management capability, which should be supported by the board
and disseminated to everyone involved in enabling project management methodologies
through the use of business technology. It is imperative that the board have an
understanding of project management. Some management boards have addressed this
issue by appointing outside board members, including CEO’s and CIO’s of well-
regarded IT companies or by establishing project management strategic committees.
Determining how the organization will configure its infrastructure to facilitate access to
financial information will enable the company to determine what control systems and
analytics are needed to detect vulnerabilities and fraud. This is because the enterprise
architecture of an organization is composed of the technical, data and application
architectures; which jointly enable the processing, sharing and management of data
resources across divisional and organizational boundaries.
IT Governance as a structure
IT governance has a direct impact on how IT is managed within the organization. The IT
Governance Institute has offered the following definition “IT Governance is the
responsibility of executives, board of directors and consists of the leadership,
1
2. organizational structures, and processes that ensure that the enterprise’s IT sustains
and extends the organization’s strategies and objectives. IT governance structure
involves the existence of responsible functions for making IT decisions such as steering
committees. Staffed by both the business and IT executives, the IT steering committee
should be the primary governing body for ongoing IT operations and initiatives of the
organization, including IT investment projects. The IT steering committee is responsible
for translating business and strategic goals into actionable plans. Successful IT
governance requires effective communication among all parties based on constructive
relationships, a common language and a shared commitment to IT policies and
procedures.
IT Governance as a process
IT governance processes involve the implementation of IT management techniques and
procedures in compliance with established IT strategies and policies. Kaplan(2005)
defines IT governance as the set of processes used by the organization to manage IT,
aligning IT with business objectives, resourcing IT projects and monitoring IT
performance ( Vitale,2001).In particular IT investment processes involve the
identification, acquisition, implementation and ongoing operation and maintenance
activities of IT applications. As a continuous process, effective IT governance provides
transparent IT decision making, clear accountabilities and acceptable and actionable IT
measurements. That is, effective IT governance enables business and IT executives to
integrate business and IT decisions, implement IT solutions and monitor IT
effectiveness.
IT Outcome Metrics
For IT governance to be effective, organizations should monitor their IT
performance through appropriate measurement systems. Organizations need multiple
set of metrics to measure their IT operational performance and overall value to the
business. Recognizing that the business unit assessment of the value of IT may be
different across the organization, a structure must be in place to assess the ultimate
success of IT.
Different organizations have different meanings of the term “success” and use
different metrics to gauge the success of their IT activities. Many organizations have
progressed from using elementary cost-benefit analysis to an entrepreneurial approach
that encompasses the risk, uncertainty, and intangible elements of IT investments
including organizational changes facilitated by these investments. IT governance
encompasses three dimensions – IT governance structure, IT governance process and
IT metrics. The three dimensions are driven by business value. The first dimension, IT
2
3. governance structure, strives to achieve strategic alignment of IT with business and
includes mechanisms for decision-making, direction setting and casting policies. The
second – IT governance process, is driven by embedding accountability into the
organization, i.e., establishing the policies and procedures used to implement the IT
investment projects. The third dimension, IT outcome metrics assesses both IT
governance structure and processes to ensure that the desired results were and are
being obtained.
IT governance starts by providing IT with direction which means setting business
strategies and performance goals. Second, IT investment projects that align with these
strategies are developed and resourced. Third, a continuous loop is established by
measuring performance and comparing these measurements to objectives, resulting
redirection of activities or changes to objectives, as appropriate. Implementing an
effective IT governance framework allows business value to be achieved through IT
(Kearns and Sabherwal, 2006/07). For effective IT value delivery, IT governance must
clearly articulate and implement IT governance arrangements for structure, process and
outcomes. To be successful, an organization needs to be aware that different strategic
contexts require different indicators of value. Implementing an effective IT governance
framework context requires different indicators of value. Also, implementing a effective
IT governance framework allows business value to be achieved through IT. For effective
IT value delivery, IT governance must clearly articulate and implement IT governance
arrangements for structure, process, and outcomes.
IT Steering Committee Composition
IT governance is concerned with the strategic alignment of IT with business. Effective
exchange of ideas and shared understanding of business and IT objectives allow the
organizational strategies to adopt harmoniously (Luftman et al., 1999; Johnson and
Lederer). Therefore IT governance requires significant input from stakeholders about
both strategic business needs and technological capabilities so that organizations can
build a clear and comprehensive picture of the connection between business and IT and
devise IT solutions that transcend functional boundaries.
The IT steering committee brings together stakeholders from diverse backgrounds and
organizational roles. The executive steering committee monitors IT management and
sets IT spending and cost allocations. The IT strategy committee provides direction and
assures that individual IT projects align with the overall business strategy. The IT
steering committee is responsible for project advocacy, and for the provision of
adequate resources for both planning and implementation of the IT investment
decisions (Parr and Shanks, 2000). Furthermore, compliance with external regulations
and internal guidelines should also be overseen by the IT steering committee (Ewusi-
3
4. Mensah, 1997). If the IT steering committee does not understand these tasks
effectively, desired outcomes are unlikely to be achieved and, in extreme cases, the
organization may not comply with regulatory requirements such as SOX. For the IT
steering committee to be an effective team, they must have clear goals understood by
all members. Higher levels of IT governance effectiveness are associated with a shared
understanding of IT and business objectives by members of the steering committee.
Higher levels of IT governance effectiveness are associated with active participation of
the IT steering committee. Higher levels of IT governance effectiveness are also
associated with a balanced representation of senior business and IT management on
the steering committee.
Formulation and communication of IT strategies and policies
Rather than just focusing on purely technological issues, IT management must
understand the business, its critical success factors, and how to develop a synergistic
portfolio of IT capabilities (Bushell, 2003). Delivering effective IT governance requires
an integrative and comprehensive set of strategies to promote more universal views of
the value of information and the technology within the business. Critical to the success
of IT governance structures and processes is effective communication of IT strategies
and policies among all parties. The more effectively management communicates the IT
governance mechanisms, how they work, and what outcomes are expected, the more
effective are the IT governance processes(Weill and Ross,2004; Johnson and
Lederer,2005).
A priori evaluation and selection of IT investment projects
The objective of the IT investment approval process is to ensure that IT investments
generate significant returns to the organization relative to alternative investment
opportunities. The range of possible circumstances suggests that no one single
evaluation method or metric is likely to fit all cases( Scott Morton,1990 ).A complete
picture of the likely impact of an investment can only be given if a balance is achieved
between financial and non-financial impact assessments ( Renkema,2000).
Early in the system development life cycle, proposed IT investment projects can be
examined using a combination of financial, non-financial, and risk analysis. Projects
subjected to such scrutiny experience a more accurate and complete assessment than
projects examined using a less stringent combination of criteria. Obtaining a better
appreciation of the risks and returns improves the likelihood of success of these projects
relative to projects that experience less rigorous a priori evaluations.
4
5. Interim evaluation of IT investment project implementation
During the system development stage, interim evaluations are needed so that projected
costs and benefits can be revised in the light of updated information about the project.
Frequent measurement and evaluation of project management metrics are critical to
effective IT governance. The metrics aid in tracking each project’s progress and, when
necessary, redirecting or terminating individual projects. Organizations use a variety of
indicators for assessing project behavior or process improvement, e.g., actual versus
planned task completions and actual versus planned resource consumption. Through a
comprehensive set of project management metrics, the organization can provide better
control of costs, greater reduction of risks, more substantial improvements in quality,
and greater assurance that the project objectives can be met. Hence, project
management metrics enhance the likelihood of implementation success.
The goal of the formalized decision making structure is to drive the project to
completion. Senior management involvement in or executive support of the structure is
a critical success factor to IT project implementation success. Individuals or committees
who take responsibilities for IT governance should also exercise important roles relative
to the project implementation activities. The activities include setting up an appropriate
IS development style, assessing project risk, ensuring adequate infrastructure, and
providing the project with adequate visibility and transparency. A very important
antecedent to a successful implementation of an information system is a “champion” for
the system (Ewusi-Mensah, 1997;Reich and Benbasat,1990;Beath,1991). Project
champions actively communicate their visions of the project with the project team and
obtain support from business stakeholders. They push the project over or around
approval and implementation hurdles. Therefore, the likelihood of success of IT
investment projects is substantially improved when one or more project champions are
involved .We can thus say that the success of IT project implementation is associated
with higher levels of involvement by the project champion during project development.
5
6. References
Agarwal R, Samamurthy V. Principles and models for organizing the IT function.MIS Q
2002; 1(1); 1-16
Clark HH,Brennan SE. Grounding in communication. In : Resnick LB,Levine JM,Teasley
SD, editors. Perspectives on Socially Shared Cognition. Washington DC: American
Psychological Association; 1991.p. 127-49
Coakes C,Cavanaugh N, brown C,Sambamurthy V. Building change-readiness IT
capabilities : insights from the Bell Atlantic experience. MIS Q 1997; 21(4); 425-55.
Coakes E. Focus issue on legacy information systems and business process change;
the role of stakeholders in managing change. Commun ACM 1999;2(4):1-31.
Keil M. Pulling the plug : software project management and the problem of project
escalation. MIS Q 1995;19(4);421-47
Keil M,Cule pE,Lyytinen K,Schmidt RC. A framework for identifying software project
risks. Commun ACM 1998;14(2);76-83
Peterson RR,O’ Callaghan R, Ribbers PMA. Information technology governance by
design: investigating hybrid configurations and integration mechanisms. Proceedings of
the 21st International Conference on Information Systems; 2000.
Ribbers PMA, Peterson RR, Parker MM. Designing information technology governance
process : diagnosing contemporary practices and competing theories. Proceedings of
the 35th Hawaii International Conference on System Sciences, 2002.
Sambamurthy V, Zmud RW. Arrangements for information technology governance : a
theory of multiple contingencies. MIS Q 1999;23(2);261-90.
Serafeimidis V,Smithson S. Information system evaluation in practice: a case study of
organizational change.Journal of Information Technology,2000;15();93-105.
The Standish Group International. Third Quarter CHAOS Report; 2007
6