IT project governance can only be effective if those influencing project decisions are adequately informed. Project management policies, procedures, rules, and individual responsibilities should be distributed to all affected parties. Furthermore, the risk awareness program should require participating employees to periodically sign a statement acknowledging their awareness and acceptance of responsibility for project security.
Management should also ensure that employees have the expertise to carry out their IT project responsibilities. To accomplish this expectation, the IT project governance program should include job descriptions; periodically reassessing the adequacy of individual skills; annual training requirements and professional development programs (to aid in ensuring individual skills are adequate and current); and monitoring employee training and professional development accomplishments.
“View Part I of the Common Risk Determinants for an IT Architecture series here“