Fundamentally, IT policies and procedures should be deployed based on assessed effectiveness and efficiency in addressing managements’ risk appetite. Supporting CE risk reduction activities are managements’ IT project governance policies providing for a(n):
Risk Awareness Program
Project Training Program
Audit Oversight Committee
IT Strategy Committee
The project management function should have a formal, written charter establishing the department’s position within the entity. It should document the purpose, responsibility, authority and accountability of the project management function. Minimally, the charter document generated should address detail project management aspects — such as mission statement, organizational structure, risk management, critical success factors, quality assurance, and reporting lines.
“View Part I of the Common Risk Determinants for an IT Architecture series here“