Good IT Governance Principles for Project Management and Outsourcing

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)


Photo from Pixabay is licensed under CC0

Management awareness with regards to IT risks has increased, due to the growing importance placed on IT within an organization. Due to budget restrictions and cost-cutting, it is in the interest of organizations to pay greater attention to IT governance, risk-management, effective use of resources and clear communication to reduce IT mishaps. Particularly, if one makes the decision to outsource part or all of its IT development to an offshore vendor, then there must be clear focus on IT governance and accountability in project management.

Firstly, what counts as good IT governance?

Alignment. Companies need to provide strategic and sound direction of IT, and align their IT goals to the business.

Value Delivery. Companies need to understand the purpose and hard value of the IT project which is being implemented. They need to be able to ask questions like, how will the projects implemented by IT improve our organization as a whole, and drive maximum business and ROI from IT. They have to have an answer for that too!

Risk Management. Companies need to be aware of the risks associated with the project, have a plan in place, and perform assessment of the risk aspects of IT. Central, is accountability. Who is in charge of what, and who is accountable for the project and performance risk management?

Resource Management. There must be high-level direction for IT resource management and distribution of resources. Is there sufficient IT funding, capability and infrastructure to support current and future business requirements? What if there are unforeseen blocks in the road, how do we manage that? What if the IT delivery goes overtime or over budget? How do we accommodate and manage that?

Performance Management. Companies must measure and review IT objectives and performance with how it relates to the business goals of the organization. Are we compliant should be one of the top criteria for performance management. Has IT delivered on its business value criteria? Has there been clear oversight and accountability throughout the process?


Why do we need good IT governance? Well, rather than selling the benefits of good IT governance in project management, let’s see what an IT project risks if they don’t implement IT governance:

  • Firstly, without a strong structure, a company risks wasting time and resources, due to lack of project prioritization. This can show itself for example in, duplicate tasks or projects, discontinued, failed IT projects, overstretching budget and manpower, or simply the time and effort it requires to correct mistakes and get a project back on track.
  • Without prioritization, a project can be affected by lackluster leadership. This can demonstrate itself in confusion, loss of momentum, unclear objectives, and lack of accountability. This can harm an organization’s reputation and affect total business goals.
  • Without strong structure and accountability, an organization can risk being non-compliant. This can result in fines, loss of license and reputation and intrusive audits. This will result in down-time and loss of revenue for the organization as a whole.


When faced with these alternatives, can companies really afford to practice poor IT governance and mismanagement of projects? Obviously not. Especially when companies make a decision to outsource to an offshore provider, then it is essential that there is clear, mapped-out expectation and success criteria from both the customer and supplier. Let’s take a look at what sort of tools can help a company make an informed decision whether to use an offshore service provider or not and if so, how to best insure good IT governance for projects and define success criteria.


Firstly organizations need to focus on risk management and road-mapping. Given how essential IT is to organizations today, companies will probably only use a few service providers. If they decide to outsource, they need to make an informed decision based on cost-effectiveness, performance, ability to deliver, ability to help the organization perform better and more competitively and long-term strategic business goals. Because it makes more sense to use a few key providers instead of many when outsourcing, the focus must be on the relationship with the greatest risk and investment between supplier and customer. Here clear goals and communication is key.


Secondly, create a roadmap for the auditing process, to define success criteria, accountability in the organization and compliance. The audit tool CobiT is a great tool to help organizations gain greater clarity and structure over their projects. Define key measureables for the success of the project and delegate ownership over these measureables. Here it is vital to map out what functions will be retained by the customer, and what functions is expected to be fulfilled by the supplier. Create ownership for IT handover, training, whether development will be fulfilled in-house, partially or not. If you use an offshore provider, will you develop a reporting system to ensure effective work, perhaps have offshore developers work in-house for certain tasks, or put one of your own project managers at the source location? All these measures and scope of the project need to be defined.


Thirdly, define the service management techniques and service level agreements. A SLA is vital to the success and transparency of the project and needs to be updated consistently. A SLA is defined as a detailed contract between customer and service provider, and details the expectations and warranties provided should agreements not be fulfilled.


In order to manage a SLA, there needs to be set definitions for metric standards and methods, reporting processes, service contents and frequency, security processes, dispute resolution and an indemnification clause to protect the customer from litigation from service level breaches.


PSA Marketing Team

Leave a Comment

Your email address will not be published. Required fields are marked *