Download (direct link):
IT from a business review practices
IT Architecture • Provide architecture • Consult/advise on • Direct IT architecture • Ensure that the IT • Verify compliance with
Review Board guidelines the application of design architecture reflects architecture guidelines
architecture guidelines the need for legislative
ethical use of
Note: This appendix includes text from IT Control Objectives for Sarbanes-Oxley and Board Briefing on IT Governance, 2nd Edition. Copyright © 2003 IT Governance Institute® (ITGI®). All rights reserved. Reprinted by permission.
IT Portfolios and Their Content in Context
The effectiveness and efficiency of IT portfolio management is dependent on the foundational processes (input, work activities, and outputs) from the phases of the IT life cycle. This chapter provides an overview of the IT life cycle, the IT phases, and the critical integration points with the IT subportfolios.
There are three phases to the IT life cycle: the discovery phase, the project phase, and the asset phase. These were introduced in Chapter 1 and are discussed in greater detail in this chapter. Accompanying these phases are three subportfolios that individually map into each one of these phases. These subportfolios comprise the entire IT portfolio.
• The IT discovery portfolio (i.e., opportunities, ideas, and concepts) is comprised of potential growth and transformative IT investments such as emerging technologies, new business and geographic expansion opportunities, mergers and acquisitions, and so on. Discussions regarding the IT discovery portfolio are focused on areas that pertain to innovative and emerging IT investments.
• The IT project portfolio (i.e., potential and funded projects) serves to expand, replace, or fix IT solutions.
• The IT asset portfolio (i.e., assets at work) functions to replace, reposition, maintain, or redevelop existing IT systems and solutions. The IT asset
108 CHAPTER 4 IT PORTFOLIOS AND THEIR CONTENT IN CONTEXT
portfolio is also comprised of infrastructure and applications, human capital, information and data, and processes. The focus in this section of the chapter is primarily on the application aspect of the IT asset portfolio.
Stage-Gate® and the IT Life Cycle
Created by Dr. Robert G. Cooper, Stage-Gate® is a multidisciplinary, crossfunctional, iterative process with defined concurrent processes and activities at each stage and decision points at each gate (www.stage-gate.com). Stage-Gate® forms a proven and seminal aspect of the IT portfolio management framework in that it provides the process discipline, structured oversight, and monitoring of IT investments at specific stages and gates during the IT life cycle. Depending on the technical and business/mission maturity, the criticality and impact, and the size of IT investments, there are opportunities to skip, accelerate, and/or consolidate stages and gates.1 An example of the stages and gates in the IT project phase is shown in Exhibit 4.1.
Gates are interlaced between each stage and provide important control points, checks and balances for IT investments, improving the quality and success rate of IT investments while eliminating low value-added investments. Gates provide an assessment of the quality of IT investments, ensuring that a company is focused on the right projects and meeting commitments according to plan.2 Gates are where the IT decision-making governance processes are often invoked. Decision makers representing cross-functional areas define standardized criteria at each gate and must be empowered to make and authorize decisions (i.e., go, cancel, hold, or recycle) regarding IT investments and to approve resources for the next stage.
The gates utilize the IT portfolio management framework, providing active and/or passive monitoring of IT investments. Passive monitoring occurs through predetermined milestones, deliverables, and exit criteria at each gate. However, decision makers can choose to select key variables, define boundary and threshold levels for these key variables, and actively monitor their status. If an IT investment crosses a defined boundary and thresholds are breached (e.g., rising costs, scope creep, risks), predefined triggers notify gatekeepers to take immediate action that could result in rapid changes to the IT portfolio. In some sense, gates are analogous to a stop-loss applied to individual financial investments (e.g., predetermined price at which an individual sells their stock).