Purpose:

<?>

Objective:

Ensures that the organizational objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritization and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives.

Description:

Governance is an oversight function. The Governance function evaluates the business environment in terms of the business strategy and objectives, the global technology industry, the general market conditions and innovations that could significantly influence the business and operating models of the organization.  The governance function then  provides the direction that the IT operation should take to maximize the support and involvement to the business.  The governance function also monitors the performance of the IT operation in terms of its direction.

It is recommended that the maturity of the IT governance practice is assessed on a regular basis to measure the effectiveness of governance in the organization.  Online-PMO is able to perform an independent IT Governance Maturity Assessment and provide the organization with the feedback and recommendations on the state and maturity of the governance practice.

Entrance Criteria:

  • Communications of changed compliance requirements
  • Business environment trends
  • Regulations
  • Governance / decision making model guidance
  • Constitution / bylaws / statutes of organization
  • Performance Reports
  • Status on Results of Actions
  • Results on benchmarking and other evaluations
  • Results of internal control monitoring and reviews
  • Results of reviews of self-assessments
  • Assurance plans
  • Compliance confirmations
  • Reports of non-compliance issues and root causes
  • Compliance Assurance Reports
  • Obligations
  • Audit Reports

Exit Criteria:

  • Enterprise Governance Guiding Principles
  • Decision-Making Model
  • Authority Levels
  • Reward System Approach
  • Feedback pm governance effectiveness and performance

Process and Procedures:

Tailoring Guidelines:

None

Process Verification Record(s):

  • <?>
    • Stored By: <?>

Measure(s):

  • Number of instances of non-compliance with ethical and professional behavior guidelines
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Frequency of independent reviews of governance of IT
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Frequency of governance of IT reporting to the executive committee and board
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of governance of IT issues reported
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of executive management satisfaction with IT’s value delivery and cost
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Deviation between target and actual investment mix
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of stakeholder satisfaction with the enterprise’s ability to obtain value from IT-enabled initiatives
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of incidents that occur due to actual or attempted circumvention of established value management principles and practices
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of IT initiatives in the overall portfolio where value is being managed through the full life cycle
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of stakeholder satisfaction with progress towards identified goals, with value delivery based on surveys
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of expected value realized
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of alignment between IT risk and enterprise risk
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of potential IT risks identified and managed
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Refreshment rate of risk factor evaluation
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of enterprise projects that consider IT risk
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of IT risk action plans executed on time
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of critical risk that has been effectively mitigated
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of unexpected enterprise impact
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of IT risk that exceeds enterprise risk tolerance
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of stakeholder feedback on resource optimization
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of benefits (e.g., cost savings) achieved through optimal utilization of resources
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of deviations from the resource plan and enterprise architecture strategies
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of deviations from, and exceptions to, resource management principles
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of projects with appropriate resource allocations
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of re-use of architecture components
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of projects and programs with a medium- or high-risk status due to resource management issues
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of resource management performance targets realized
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of executive management satisfaction with IT’s value delivery and cost
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Deviation between target and actual investment mix
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of stakeholder satisfaction with the enterprise’s ability to obtain value from IT-enabled initiatives
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of incidents that occur due to actual or attempted circumvention of established value management principles and practices
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of IT initiatives in the overall portfolio where value is being managed through the full life cycle
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of stakeholder satisfaction with progress towards identified goals, with value delivery based on surveys
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of expected value realized
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of alignment between IT risk and enterprise risk
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of potential IT risks identified and managed
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Refreshment rate of risk factor evaluation
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of enterprise projects that consider IT risk
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of IT risk action plans executed on time
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of critical risk that has been effectively mitigated
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of unexpected enterprise impact
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of IT risk that exceeds enterprise risk tolerance
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of stakeholder feedback on resource optimization
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of benefits (e.g., cost savings) achieved through optimal utilization of resources
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of deviations from the resource plan and enterprise architecture strategies
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of deviations from, and exceptions to, resource management principles
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of projects with appropriate resource allocations
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of re-use of architecture components
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of projects and programs with a medium- or high-risk status due to resource management issues
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of resource management performance targets realized
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Date of last revision to reporting requirements
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of stakeholders covered in reporting requirements
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of reports that are not delivered on time
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Percent of reports containing inaccuracies
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Level of stakeholder satisfaction with reporting
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>
  • Number of breaches of mandatory reporting requirements
    • Maintained By: <?>
    • Submitted By: <?>
    • Frequency of Submission: <?>

References:

  • COBIT 5, ISACA
  • ISO/IEC 38500