Criteria for IT projects where Steering Committee needs to be formed
I'm responding to Audit.
What are the criteria of IT projects that generally require
a Steering Committee (members are usually the board
members like CIO, COO, CFO & snr mgmt) to be formed?
I'm thinking for apps projects that exceed US$200,000
but that's for apps projects that involve users but for
Infra projects (say a costly SIEM of $250,000), it's not
appropriate to involve COO, CFO as they would find it
irrelevant.
Any supporting white papers or authoritative that can
be shared will be useful here.
Currently, it's the Financial, Shipping, Procurement
application systems that come under Audit's radar.
What are the criteria of IT projects that generally require
a Steering Committee (members are usually the board
members like CIO, COO, CFO & snr mgmt) to be formed?
I'm thinking for apps projects that exceed US$200,000
but that's for apps projects that involve users but for
Infra projects (say a costly SIEM of $250,000), it's not
appropriate to involve COO, CFO as they would find it
irrelevant.
Any supporting white papers or authoritative that can
be shared will be useful here.
Currently, it's the Financial, Shipping, Procurement
application systems that come under Audit's radar.
I would think the very committee that does those reviews would be the ones to set that threshold. Always has been in my experience. I’m not aware of any papers setting guidelines.
Or are they asking you to set that threshold?
When all else fails, look to how the government does it.
But to be safe, I would run everything past the COO and CTO until they tell you that they don’t need to see anything under a certain threshold. Remember, they are both ultimately responsible, so better to err on too much info rather than not enough.
Also, having COO and CTO buy in helps protect you if something goes south. If they were not aware, you become the fall person.
Or are they asking you to set that threshold?
When all else fails, look to how the government does it.
But to be safe, I would run everything past the COO and CTO until they tell you that they don’t need to see anything under a certain threshold. Remember, they are both ultimately responsible, so better to err on too much info rather than not enough.
Also, having COO and CTO buy in helps protect you if something goes south. If they were not aware, you become the fall person.
Thanks.
> Or are they asking you to set that threshold?
Audit did not ask me to set the threshold, just that in one
'rush' apps project, there's no steering committee & was
raised as a finding.
I just joined & took over to own the finding; to remediate,
snr mgmt suggest to me to define a threshold & document
it down: wanted to strike a balance of what's practical &
at the same time won't get an audit finding in future.
I think mini-projects esp infra ones don't justify formation
of a steering committee. Possibly a big infra project only
need an IT steering committee (CIO & IT managers) as
users are not involved.
> Or are they asking you to set that threshold?
Audit did not ask me to set the threshold, just that in one
'rush' apps project, there's no steering committee & was
raised as a finding.
I just joined & took over to own the finding; to remediate,
snr mgmt suggest to me to define a threshold & document
it down: wanted to strike a balance of what's practical &
at the same time won't get an audit finding in future.
I think mini-projects esp infra ones don't justify formation
of a steering committee. Possibly a big infra project only
need an IT steering committee (CIO & IT managers) as
users are not involved.
I think mini-projects esp infra ones don't justify formation of a steering committee.
Generally that is true. But a lot depends on the culture of the company you just joined.
Mostly a $100,000 capital item (hardware and expensive software are capital items) would get notice. You need to sit with management and work out what they wish to see ($50K, $100K, $200K)
Generally that is true. But a lot depends on the culture of the company you just joined.
Mostly a $100,000 capital item (hardware and expensive software are capital items) would get notice. You need to sit with management and work out what they wish to see ($50K, $100K, $200K)
I am thinking the Steering Committee can be determined by their term of reference - what are they for (in that sense), not necessarily by the project sum values (only)
1. Scope. Will the SC has jurisdiction over a single project or group of projects (i.e. a project portfolio)?
Note: Normally, SC may very well be the same team overseeing and operating as part of an formalised and authorised Project Management Office (depending on the organisation mandate).
2. Authority. Will the SC serves as the ultimate authority on "direction" related issues, or will the SC serves as an advisor to the ultimate decision making authority (i.e the project executive or sponsor)? This give need for a neutral oversight regardless even if project may be small value but cane dealing with strategic mission or have dealing with sensitive data.
3. Degree of Difficulty. What is the degree of difficulty in the project? If it is of higher degree of complexity besides the earlier mentioned visibility, sensitivity, cost and risk, the mission difficulty level may necessitate a SC formation to give the direction and mandate for clear and quick turnaround on requirement development and residual risk acceptance.
4. Deliverable. What will SC produce as compared to solely having just a project team? The point for SC is mainly to produce all the results (direction, evaluation results, decision on risk acceptance, and shared wisdom) can actually support and "steer" a successful project. Hence the need for the SC to make the project successful
As a whole, if the project team cannot (or fear to) make a sound decision, the SC would be preferred to give the direction (not cover or shelter per se). Here is one template of SC TOR: http://www.lawfoundation.net.au/ljf/site/templates/resources/$file/SteeringCommittee.pdf
1. Scope. Will the SC has jurisdiction over a single project or group of projects (i.e. a project portfolio)?
Note: Normally, SC may very well be the same team overseeing and operating as part of an formalised and authorised Project Management Office (depending on the organisation mandate).
2. Authority. Will the SC serves as the ultimate authority on "direction" related issues, or will the SC serves as an advisor to the ultimate decision making authority (i.e the project executive or sponsor)? This give need for a neutral oversight regardless even if project may be small value but cane dealing with strategic mission or have dealing with sensitive data.
3. Degree of Difficulty. What is the degree of difficulty in the project? If it is of higher degree of complexity besides the earlier mentioned visibility, sensitivity, cost and risk, the mission difficulty level may necessitate a SC formation to give the direction and mandate for clear and quick turnaround on requirement development and residual risk acceptance.
4. Deliverable. What will SC produce as compared to solely having just a project team? The point for SC is mainly to produce all the results (direction, evaluation results, decision on risk acceptance, and shared wisdom) can actually support and "steer" a successful project. Hence the need for the SC to make the project successful
As a whole, if the project team cannot (or fear to) make a sound decision, the SC would be preferred to give the direction (not cover or shelter per se). Here is one template of SC TOR: http://www.lawfoundation.net.au/ljf/site/templates/resources/$file/SteeringCommittee.pdf
Premium Content
You need an Expert Office subscription to comment.Start Free Trial