Criteria for IT projects where Steering Committee needs to be formed
I'm responding to Audit.
What are the criteria of IT projects that generally require
a Steering Committee (members are usually the board
members like CIO, COO, CFO & snr mgmt) to be formed?
I'm thinking for apps projects that exceed US$200,000
but that's for apps projects that involve users but for
Infra projects (say a costly SIEM of $250,000), it's not
appropriate to involve COO, CFO as they would find it
irrelevant.
Any supporting white papers or authoritative that can
be shared will be useful here.
Currently, it's the Financial, Shipping, Procurement
application systems that come under Audit's radar.
What are the criteria of IT projects that generally require
a Steering Committee (members are usually the board
members like CIO, COO, CFO & snr mgmt) to be formed?
I'm thinking for apps projects that exceed US$200,000
but that's for apps projects that involve users but for
Infra projects (say a costly SIEM of $250,000), it's not
appropriate to involve COO, CFO as they would find it
irrelevant.
Any supporting white papers or authoritative that can
be shared will be useful here.
Currently, it's the Financial, Shipping, Procurement
application systems that come under Audit's radar.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Thanks.
> Or are they asking you to set that threshold?
Audit did not ask me to set the threshold, just that in one
'rush' apps project, there's no steering committee & was
raised as a finding.
I just joined & took over to own the finding; to remediate,
snr mgmt suggest to me to define a threshold & document
it down: wanted to strike a balance of what's practical &
at the same time won't get an audit finding in future.
I think mini-projects esp infra ones don't justify formation
of a steering committee. Possibly a big infra project only
need an IT steering committee (CIO & IT managers) as
users are not involved.
> Or are they asking you to set that threshold?
Audit did not ask me to set the threshold, just that in one
'rush' apps project, there's no steering committee & was
raised as a finding.
I just joined & took over to own the finding; to remediate,
snr mgmt suggest to me to define a threshold & document
it down: wanted to strike a balance of what's practical &
at the same time won't get an audit finding in future.
I think mini-projects esp infra ones don't justify formation
of a steering committee. Possibly a big infra project only
need an IT steering committee (CIO & IT managers) as
users are not involved.
I think mini-projects esp infra ones don't justify formation of a steering committee.
Generally that is true. But a lot depends on the culture of the company you just joined.
Mostly a $100,000 capital item (hardware and expensive software are capital items) would get notice. You need to sit with management and work out what they wish to see ($50K, $100K, $200K)
Generally that is true. But a lot depends on the culture of the company you just joined.
Mostly a $100,000 capital item (hardware and expensive software are capital items) would get notice. You need to sit with management and work out what they wish to see ($50K, $100K, $200K)
I am thinking the Steering Committee can be determined by their term of reference - what are they for (in that sense), not necessarily by the project sum values (only)
1. Scope. Will the SC has jurisdiction over a single project or group of projects (i.e. a project portfolio)?
Note: Normally, SC may very well be the same team overseeing and operating as part of an formalised and authorised Project Management Office (depending on the organisation mandate).
2. Authority. Will the SC serves as the ultimate authority on "direction" related issues, or will the SC serves as an advisor to the ultimate decision making authority (i.e the project executive or sponsor)? This give need for a neutral oversight regardless even if project may be small value but cane dealing with strategic mission or have dealing with sensitive data.
3. Degree of Difficulty. What is the degree of difficulty in the project? If it is of higher degree of complexity besides the earlier mentioned visibility, sensitivity, cost and risk, the mission difficulty level may necessitate a SC formation to give the direction and mandate for clear and quick turnaround on requirement development and residual risk acceptance.
4. Deliverable. What will SC produce as compared to solely having just a project team? The point for SC is mainly to produce all the results (direction, evaluation results, decision on risk acceptance, and shared wisdom) can actually support and "steer" a successful project. Hence the need for the SC to make the project successful
As a whole, if the project team cannot (or fear to) make a sound decision, the SC would be preferred to give the direction (not cover or shelter per se). Here is one template of SC TOR: http://www.lawfoundation.net.au/ljf/site/templates/resources/$file/SteeringCommittee.pdf
1. Scope. Will the SC has jurisdiction over a single project or group of projects (i.e. a project portfolio)?
Note: Normally, SC may very well be the same team overseeing and operating as part of an formalised and authorised Project Management Office (depending on the organisation mandate).
2. Authority. Will the SC serves as the ultimate authority on "direction" related issues, or will the SC serves as an advisor to the ultimate decision making authority (i.e the project executive or sponsor)? This give need for a neutral oversight regardless even if project may be small value but cane dealing with strategic mission or have dealing with sensitive data.
3. Degree of Difficulty. What is the degree of difficulty in the project? If it is of higher degree of complexity besides the earlier mentioned visibility, sensitivity, cost and risk, the mission difficulty level may necessitate a SC formation to give the direction and mandate for clear and quick turnaround on requirement development and residual risk acceptance.
4. Deliverable. What will SC produce as compared to solely having just a project team? The point for SC is mainly to produce all the results (direction, evaluation results, decision on risk acceptance, and shared wisdom) can actually support and "steer" a successful project. Hence the need for the SC to make the project successful
As a whole, if the project team cannot (or fear to) make a sound decision, the SC would be preferred to give the direction (not cover or shelter per se). Here is one template of SC TOR: http://www.lawfoundation.net.au/ljf/site/templates/resources/$file/SteeringCommittee.pdf
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IT Risk Management Plan
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
Or are they asking you to set that threshold?
When all else fails, look to how the government does it.
But to be safe, I would run everything past the COO and CTO until they tell you that they don’t need to see anything under a certain threshold. Remember, they are both ultimately responsible, so better to err on too much info rather than not enough.
Also, having COO and CTO buy in helps protect you if something goes south. If they were not aware, you become the fall person.