IT Steering Committee Basics
Rick Roybal, CISA
Internal Audit Manager
The Bass Companies
Fort Worth, Texas
How does your organization’s IT department support the business? Beyond the daily help desk calls, when it comes to strategic IT-related decisions, who should be involved? Should those with IT know-how have most of the say, or should operations personnel make the call? Can they work side-by-side to make this salient decision?
In last week’s blog, I described a common scenario in which a company is undergoing a strategic decision: maintain its current enterprise resource planning (ERP) system or purchase an entirely new one. Based on this scenario, I presented four challenges to this particular business. The question I have is: How can the company align itself so that the business and IT executives have equal opportunities to discuss the risks, costs, and commitment to the company?
An IT steering committee (ITSC) is a forum by which members from various business units and key information management roles convene to monitor, supervise, and discuss the implementation of the corporation’s IT strategic plan. The committee’s fundamental aim is to further business goals through effective use of coordinated information technologies. More specifically, this committee can meet to guide and approve IT strategy, provide business direction when it comes to information management activities, and subsequently prioritize these activities.
An effective ITSC also can help an organization:
- Centralize disparate information management functions.
- Allow top management to maintain control over IT activities.
- Provide the information management function a method to present initiatives and then subsequently obtain support from executive management.
Without a charter, an ITSC may not be aligned with the organization’s strategic business plan and therefore not be effective. An agreed-upon charter should include statements that the ITSC is committed to:
- Aligning information management strategies with the overall organization mission.
- Enhancing understanding and satisfaction with the values of IT investments.
- Encouraging a collaborative work environment between IT departments and their constituents.
A charter should include some of the following components:
- Background and purpose for creating and maintaining such a committee.
- Committee sponsor.
- Scope of authority.
- Mission statement.
- Objectives to be accomplished.
- Current membership.
- Roles and responsibilities.
- Key success factors of the committee.
- Provision for continuous review of the IT strategic plan to ensure corporate alignment.
- General meeting schedule.
- Method by which replacements and resignations are handled.
The charter should be formally documented and communicated.
The ITSC’s scope must be corporatewide. A broad view can alleviate departmental priorities and bring them in line with the strategic view. The scope should first and foremost set the strategic direction and priorities for information management. The scope also should include the following points:
- Ensure senior management and other stakeholder input in the planning process for information management projects.
- Review and approve recommendation for information management standards, policies, and procedures.
- Provide ongoing oversight of large projects at pre-defined milestones.
Anything less than a corporatewide scope will further the notion that information management or a business unit may operate in a silo.
Research varies when it comes to defining who should be appointed members of the committee. However, at its core, the ITSC should consist of senior management, user management, and the key representatives from information management departments. There are other key considerations when determining the makeup of the committee’s membership:
- The chairperson has delegated authority from the chief executive.
- The committee itself is balanced to ensure there is no bias.
- Members have relevant experience, skills, and available time to undertake the role.
Measuring the Committee’s Effectiveness
A primary method by which an organization measures the effectiveness of the ITSC is through regular attendance. If a committee meets annually for one hour, how effective could this forum be? An ITSC should consider meeting as many times as needed but no less than quarterly.
Historical research points to financial measures as being the chief means of measurement. This is antiquated, however. A key measure of the ITSC’s success is whether it is meeting the responsibilities that were established in its charter. Additionally, meeting minutes should be taken, distributed for review, and approved formally.
Does your organization have an ITSC and how does the committee measure success? Does internal auditing have a seat at the table?
Posted on Jun 8, 2011 by Tim
Share This Article: