I'm responding to Audit.
What are the criteria of IT projects that generally require
a Steering Committee (members are usually the board
members like CIO, COO, CFO & snr mgmt) to be formed?
I'm thinking for apps projects that exceed US$200,000
but that's for apps projects that involve users but for
Infra projects (say a costly SIEM of $250,000), it's not
appropriate to involve COO, CFO as they would find it
irrelevant.
Any supporting white papers or authoritative that can
be shared will be useful here.
Currently, it's the Financial, Shipping, Procurement
application systems that come under Audit's radar.
> Or are they asking you to set that threshold?
Audit did not ask me to set the threshold, just that in one
'rush' apps project, there's no steering committee & was
raised as a finding.
I just joined & took over to own the finding; to remediate,
snr mgmt suggest to me to define a threshold & document
it down: wanted to strike a balance of what's practical &
at the same time won't get an audit finding in future.
I think mini-projects esp infra ones don't justify formation
of a steering committee. Possibly a big infra project only
need an IT steering committee (CIO & IT managers) as
users are not involved.