How do we improve project governance?
Organize and structure your thoughts to write an essay
1. Do our business plans reflect the full potential of technology to improve our performance?
1.1. Questions for the board: * Has the P&L opportunity and threat from IT been quantified by business unit and by market? * Will our current plans fully capture the opportunity and neutralize the threat? * What is the time horizon of these plans, and have they been factored into future financial projections for both business and IT?
1.2. Is our portfolio of technology investments aligned with opportunities and threats?
1.2.1. Questions for the board: * How well is our IT-investment portfolio aligned with business value with regard to opportunities and threats? * How well does the portfolio balance short-term and long-term needs? * Do we have effective value-assurance processes in place to mitigate execution risk?
1.3. How will IT improve our operational and strategic agility?
1.3.1. Questions for the board: * How does our business and IT agility measure up with that of our competitors? * How do our IT plans increase our business and IT agility? * Are our sourcing relationships increasing or reducing our agility?
1.4. Do we have the capabilities required to deliver value from IT?
1.4.1. Questions for the board: * Do we have the capabilities needed to drive full value from our existing IT systems? * What are the weakest links in our capabilities? * Do we have enough IT-literate executives? * What is our plan for upgrading capabilities?
1.5. Who is accountable for IT and how do we hold them to account?
1.5.1. Questions for the board: * What is our operating model for IT, and is it aligned with our business priorities? * Who is accountable for delivering business value from IT—both overall and by activity? * Are those accountable being measured using business-friendly scorecards that create the right incentives?
2. Where has Internal Audit been? There has been a long history of Internal (and IT) Auditors involvement in Systems/Project Development Life Cycle Reviews, however, it appears that with all the cost reductions, also impacting internal audit, there has been limited involvement by internal audit in providing assurance to the oversight authority (board or department secretary). If there has been appropriate internal audit resources, I suspect that many internal audit functions have not adequately considered the risks of these projects and not implemented a strategic risk based internal audit plan. What have the Audit and Risk Committees (Board subcommittees or government committees) been doing in overseeing major risks in their organisations and where programs fit into their risk and assurance oversight. I notice that a number of organisations, such as Westpac and a client of mine have implemented board technology subcommittees - should these be expanded for infrastructure organisations to board program subcommittees (which may include technology)?
3. 1. What are the major topics
3.1. Popular/frequently discussed
3.1.1. One way project governance can be improved is integrated requirements and compliance into relevant processes and systems
3.1.1.1. Glen Watts Beyond governance I wonder how many poor project outcomes result from unrealistic scope and cost estimates, capabilities of the project team, disconnected incentivisation for everyone working on the project, culture which encourages seeking forgiveness rather than permission (what was the consequence for the team on the failed project?)
3.1.1.2. Peter Murchland It seems to me that there are a number of key points of connection between corporate governance and project governance: a) project initiation / justification b) monitoring project performance and risks (on a relevant threshold basis) There are a number of issues at the initiation / justification stage - poor project performance indicates that there issues around project management capabilities, particularly: a) scoping b) risk identification and management c) stakeholder engagement and accountability Corporate governance needs to establish assurance that the common failure factors have been adequately addressed before approving investment - rather than hoping it will all be OK.
3.1.2. Address the vast problems project governance teams are facing, such as lack of time, resources and skills, as well as the cost that poor project governance has on the economy.
3.1.3. “Blame for failure has traditionally been laid at the door of the project management team. However, it appears that most of the fault actually lies with the project governance team,” Paul Myers, Caravel Group director and chief executive officer
3.1.3.1. Peter Murchland suspects the positioning of project governance as being management rather than a corporate governance is leading to a failure on the part of corporate governance and management to attend sufficiently to the monitoring and accountability of change projects, which are, after all, about strategy execution.
3.1.3.2. Guy Wilson-Brown suggests lack of a defined project management framework with appropriate accountability at a senior level
3.1.3.2.1. The questions for directors are about: a) how they will ascertain whether a project plan is good or not b) how they will ascertain whether good management is operating or not c) what action they will take if either of the above identify that their enterprise faces unacceptable risks
3.1.3.2.2. establishing the governance body and ensuring that the people who are on it collectively have real independence from the management team responsible for the management of the project. The first and most important role of governance is to make sure that management are doing what management have been tasked to do. The governance body must be able to ask the hard questions that the project management group have missed or did not want to ask! Successful projects tend to be well scrutinised and those things that work and those things that don't are visible to all those who have a responsibility and who are to be held accountable.
3.1.4. Michael Deegan, national infrastructure coordinator for Infrastructure Australia, says one of the major problems project governance teams face is that positions are given to highly senior people who lack the time and resources to carry out the role in the necessary way.
3.1.4.1. Richard Swann The key to successful Project Governance is primarily to appoint the right person as Project Director who can take an overview of what needs to be delivered with a clear appreciation of how it will be delivered. A comprehensive Project Governance framework needs to be established up front with clearly defined stage gates and checkpoints which will not be passed unless all stage requirements are met.
3.1.5. Leigh Coutie thinks the AICD model for governance is good and is applied at an oversight level rather than direct involvement. The key governance aspects are: guidance (setting objectives and desired outcomes); appointing the right leader; making strategic and key scope decisions influencing the activities; monitoring performance and holding accountable the team. Management is more about the day-to-day activities; facilitating teamwork to achieve objectives, detailed planning is undertaken, ensuring activities are undertaken as planned, performance variations are addressed and all issues and risks are addressed. Operations - are typically similar activities and improved through continuous improvement techniques as the activities, processes and procedures should be relatively well defined and understood. Projects though are transformational in nature and include extensive unknowns, typically newly formed teams and work on gross change. The issue is that good project governance should come from an oversight body with people having a diverse skillset including organisation strategy, ownership of the outcomes and objectives, project delivery expertise and an understanding of the roles and responsibilities they have as project governors. In my view it is lack of the last two items: understanding of the roles and responsibilities as governors and the lack of successful project delivery experience which are the primary causes of failure.
3.2. What are the key interest areas
3.3. What is the major goal?
3.3.1. Competition
3.3.1.1. How will IT change the basis of competition in our industry?
3.3.1.1.1. Technology is making boundaries between industries more porous and providing opportunities for attacker models. For example, in the banking industry, online consumer-payment products such as Square—a mobile app and device that enables merchants to accept payments—are challenging traditional payment solutions. Free Mobile, a French telecommunications attacker, has captured significant market share by offering inexpensive mobile voice and data plans, in part by offloading some of its traffic onto the home Wi-Fi access points used by its broadband customers.
3.3.1.1.2. Questions for the board: * Who are our emerging competitors? * How is technology helping us win against traditional and new competitors? * How can we use technology to enter new markets?
3.3.1.1.3. What will it take to exceed our customers’ expectations in a digital world?
3.3.2. Organisational capability
3.3.2.1. Are we comfortable with our level of IT risk?
3.3.2.1.1. Questions for the board: * Do we have a comprehensive understanding of the IT risks we face? * How is our level of IT risk measured, and is it aligned with the company’s overall risk appetite? * How are we reducing our IT risk on an ongoing basis? * Who is responsible for overseeing the level of IT risk?
3.3.2.2. Are we making the most of our technology story?
3.3.2.2.1. Questions for the board: * What are the key messages we should communicate? * How, when, and to whom should they be communicated?
3.3.3. Strategy
3.3.3.1. Big Data
3.3.3.1.1. Need for a governance mandate for Big Data. You didn't create it,you don't own i, you don't control it!
4. 2. Research
4.1. The ideas
4.1.1. AICD Q&A
4.1.1.1. Information technology (IT) is integral to the operation of any organisation. As the mechanism supporting payment systems, accounting, business processes, information storage, communication and more, it presents significant opportunities for, and risks to, the achievement of goals and strategies.
4.1.1.1.1. IT is increasing in importance on board and audit committee agendas. Other researchers have found that independent directors are 22.4 per cent more likely to be replaced in companies with material weaknesses in IT controls.
4.1.1.2. What is IT governance?
4.1.1.2.1. The Australian Standard for the governance of information and communication technology, AS8015, defines Information and Communication Technology (ICT) governance as: "The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organisation."
4.1.1.3. Why is IT governance important to directors and boards?
4.1.1.3.1. The collection, processing, accessing, communication, reporting and security of information is essential to every organisation; information technology is essential in performing these functions in any business. Therefore, the oversight of information technology is essential to good corporate governance.
4.1.1.3.2. 1. Understand the role of IT in your business – how does IT currently support and enhance your business? How is IT managed and who are the stakeholders (and who manages them)? Is it integrated and efficient? Is it secure? 2. Understand the opportunities and risks - How is IT used by others in the industry? How would users like it improved? What opportunities does IT present? Does IT promote or stifle innovation or communication? What are the risks and how can they be mitigated? 3. Fit IT to strategy and strategy to IT– Does IT, including technology and human resources, have the capability required for your objectives and strategy? Do strategy execution plans and budgets include appropriate time frames and costs for IT? 4. Governance and monitoring – How does the board perform its oversight of IT? What are the controls and reporting? What are the performance indicators?
4.1.1.3.3. McKinsey: Strengthen the technology governance structure. While boards often need to improve their technology expertise, there are also structural steps that can make them more effective stewards. One is to create a technology-focused committee to ensure more frequent and directed discussions on these topics. Twenty-two percent of survey respondents reported that their companies’ boards had a committee responsible for technology oversight. It is important to remember, however, that delegating this work to a committee does not relieve the full board of broader responsibilities, such as discussing technology trends.
4.1.1.4. How can a director assess the effectiveness of IT governance?
4.1.1.4.1. Is the board regularly briefed on the IT risks to which their organisation is exposed? Is IT a regular item on the agenda of the board and is it addressed in a structured manner? Does the board articulate and communicate the business objectives for IT alignment? Does the board have a clear view on the major IT investments from a risk and return perspective? Does the board obtain regular progress reports on major IT projects? Is the board getting independent assurance on the achievement of IT objectives and the containment of IT risks? How does the board perform its oversight of IT? What are the controls and reporting? What are the performance indicators?
4.1.1.4.2. McKinsey: Sponsor periodic reviews of technology’s long-term role in the industry. Some boards are taking responsibility for the big picture by engaging in forward-looking conversations about how technology affects the industry and what the implications are for their companies. Some companies may have a CIO or other senior executive who can facilitate such a discussion. Those that don’t, and those that prefer an outside view, involve external experts who can help generate a discussion about technology trends and topics that can inform current and future strategies. Given the rapid pace of change, such big-picture discussions should take place every 12 to 18 months—or more frequently if necessary. The CIO of one financial institution, for example, requested substantial investment to modernize legacy software platforms and develop new capabilities in advanced risk analytics across the business. In response, the board looked for an outside perspective and arranged a presentation and discussion rooted in the company’s industry context. The presentation, which looked at recent trends, found that while a new type of player—large, highly tech-enabled and data-driven companies—was emerging in the commercial market, there would still be room for a sizable number of smaller players with varying technology capabilities. The presentation also highlighted leading practices applied by other companies and drew on developments from other sectors in using data and analytics to improve customer segmentation and risk assessment. By engaging the board with these perspectives and then discussing the implications, the company gained a better understanding of its business-technology gaps and the investments that would be required to close the most critical gaps. As a result, the CIO received funding for substantial expenditures in the next corporate-investment cycle.
4.1.1.5. Are our IT investments cost effective and reducing risk?
4.1.1.5.1. Investment in IT systems is not cost effective, and presents significant risks, unless it meets the four criteria
4.1.1.5.2. Can the board or directors delegate their responsibility for governance of IT?
4.1.1.6. How can directors improve their IT governance?
4.1.1.6.1. The first step to improving IT governance is a review of existing competencies and capabilities within the organisation and at board level. Steps that can be taken to improve IT governance include: Improving director competency through appointment of new directors or education of the existing ones with the appropriate IT skills and expertise Extending or making more explicit the responsibilities of existing board committees (eg. audit and risk) Establishing an additional committee or advisory group with particular focus in this area (a strategy adopted by boards with high reliance on IT capabilities) Reviewing audit arrangements, including the role and scope of internal/external audit arrangements Reviewing the range of delegations established by the board and formalising responsibility and accountability for IT management.
4.2. Reference material
4.2.1. References
4.2.1.1. links
4.2.1.1.1. http://leadingcompany.smartcompany.com.au/execution/poor-project-governance-costs-australia-over-$6-billion-report/201306074350
4.2.1.1.2. http://www.infrastructureaustralia.gov.au/publications/files/CARAVEL_GROUP_Project_Governance_Effectiveness_March_2013.pdf
4.2.1.1.3. http://www.cica.ca/publications/list-of-publications/item70281.aspx
4.2.1.2. News sources
4.2.1.2.1. Poor IT Projects
4.2.1.3. Blogs
4.2.1.3.1. McKinsey on Managing BIG projects
4.2.1.4. Supporting Data
4.2.1.4.1. Expert reports
4.2.1.4.2. Third party research
4.2.1.4.3. Survey data
4.2.1.4.4. Size of topic
5. 3. Structure
5.1. Approach
5.2. The facts established
5.3. Categories
5.4. Presentation to improve project governance
5.4.1. Introduction - why are you writing about this?
5.4.2. Subhead 1
5.4.3. Subhead 2
5.4.4. Subhead 3
5.4.5. Conclusion - what summarizes what is most interesting about your topic?
6. Administration
6.1. Deadlines
6.2. Contacts
6.2.1. Russell Yardley E: [email protected]