AN OVERVIEW OF

INSTITUTIONAL IT PROJECT GOVERNANCE

OFFICE OF INFORMATION TECHNOLOGY

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 2

1 IT GOVERNANCE OVERVIEW

This document provides an overview of the IT Project Governance process at UCLA. IT Governance comprises of the leadership, organizational

structures, and processes to ensure that UCLA’s IT capabilities continue to sustain and extend its strategies and objectives.

The UCLA IT Governance structure specifies the decision rights and accountability framework to encourage desirable behavior in using IT to

further the University’s mission. This desirable behavior is characterized by:

• Integration of IT strategic planning with campus strategic planning

• Appropriate accountability for IT initiatives

• Transparency - IT plans and investments are made visible beyond their origination point (subject to the application of some defined

thresholds).

• Adoption of a broad campus-wide view

• A willingness to share and use IT best practices across the UCLA community

• Entrepreneurial spirit and creativity in applying IT

• Participants understanding the value of the governance process and actively participating in it

The overall IT Project governance process flow is shown in Figure 1. The process is broken down in six major steps and these are described in

broad terms in this section. The remaining sections of this document provide more specific guidance on certain key aspects of the governance

process.

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 3

Figure 1

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 4

Step 1- Project Identification

The first step in the IT Governance process is the identification of those institutional IT Projects that may have significant impact on the

campus in terms of outside funding requirements, technological integration, deployment impact, and project management needs.

A major source of information for this step is the identification of such projects through the annual campus strategic planning process. In addition,

some projects may arise on an ad hoc basis in response to emergent needs. It is neither necessary nor practical for all IT Projects to pass through the

entire IT Governance Process described in this overview. The intent of the governance process is to apply good judgment and to focus attention

and resources only on those projects that truly require it and that have the greatest impact on the campus.

The primary means of making this judgment is human interaction. Thus this process step requires dialog and discussion between OIT and all

stakeholders to make an initial assessment on what projects to pass through the process and what projects to filter out.

Key questions asked at this stage are:

• Does project need outside funding?

• How is project aligned with strategic direction?

• What is the project motivation (is there a legal mandate?)

• What is the end user impact of the project?

• Is there a reason to fast track the project?

• Will the project be controversial?

Based on this initial assessment some projects will move on through the process to Step 2 for further governance consideration, some will be

deemed to not require any further IT Governance, and some will be “fast tracked” through the process.

It is important to note that this step does not constitute the official approval of a project, it simply decides if a project should move through a more

rigorous governance process. Project approvals remain with the Executive Sponsors of an IT project.

1.1 Step 2 - Project Classification

A one to two page “Project Bio” is created by OIT for every project that enters this process step. The Project Bio is compiled through discussions

with the Project Sponsor and the Project Manager. The Project Bio is a brief synopsis of the purpose and scope of the intended project. It captures

the basic data that is required to classify the project for governance purposes.

Project classification is an integral part of the governance process. The purpose of project classification is threefold:

1. Clearly and objectively identify projects that are likely to have a major impact on the campus.

2. Enable the IT Governance process to be scaled appropriately to the magnitude and impact of a particular IT project.

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 5

3. Aid in IT risk management.

By dividing IT projects in this way the “80/20 principle” can be employed to apply a more flexible governance process that focuses time and

attention on major projects that have the largest impact on the campus as whole. Other projects may then be routed through less rigorous and rapid

paths in the governance process according to their level of risk and impact.

Such an approach begs the question: “What constitutes a major project?” A Project Classification Worksheet (Page 7) is used to help Project

Sponsors, Project Managers and OIT to answer this question in a consistent manner.

The Project Classification worksheet consists of a series of questions in three categories:

• Project Management Complexity

• IT Solution Complexity

• Deployment Complexity

These questions should be answered in a project classification meeting between the Project Manager, the Project Sponsor and an OIT director (with

other participants as required). As a guideline this meeting should require no more than one hour. Although the worksheet uses a simple scoring

mechanism to encourage discussion, the classification process should not be an empirical exercise. The worksheet is intended as an aid and guide

for the project classification discussion. Ultimately the combined knowledge and experience of the participants should determine the

appropriate Project Class that makes sense. The resultant project classification is then used to steer the project through the governance process.

Class 1 Projects are considered to be low risk and do not need to continue any further in the governance process. They can therefore proceed

normally.

Class 2-5 Projects move on to Step 3.

1.2 Step 3 IT Project Portfolio Management

Project Classes 2-5 are added to the Campus IT Portfolio. The Campus IT Portfolio is a strategic inventory of IT project information maintained by

OIT for planning and IT Governance purposes. Although individual projects in the IT Portfolio may be managed by specific divisions, the IT

Portfolio provides overall visibility to Executive leadership of the key IT investments the campus is undertaking.

Class 2 projects are simply recorded in the IT Portfolio for general information and monitoring purposes. No further IT Governance is required for

this class of project beyond the normal accountability and responsibility of the unit or division that is sponsoring the project. Status information on

Class 3-5 projects is updated by OIT as the projects progress through their life cycle.

1.3 Steps 4-5 IT Project Governance Configuration

As mentioned earlier, project classification is used to scale the governance process appropriately for the project at hand. In steps 4-5 a specific

governance path is determined for the project. This governance configuration is determined by key “triggers” or characteristics of each project

(Page 10).

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 6

For example, if in the classification process the IT solution complexity of a project is considered to be high (H) or Very High (V) this will trigger

the need for a Technical Assessment by OIT/CSG. If the end user scope of impact is deemed to be High (H) then the project should be reviewed by

OIT/ITPB for alignment with campus direction & policy.

OIT will then use this governance configuration to steer the process through the appropriate IT governance path in terms of committees, review,

endorsement and executive approvals.

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 7

2 PROJECT CLASSIFICATION WORKSHEETThe Project Classification Worksheet is designed to be used within the UCLA IT Governance process. It is a tool to encourage a frank and open

discussion of the potential impact of a planned IT project on the campus and how that project might be properly routed through the IT Governance

process.

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 8

Risk Factor Descriptions/Questions

PROJECT MANAGEMENT COMPLEXITY

1. Team Size (# of people)

Total number of project team members who will be developing the solution, excluding the Project Manager.

2. # of Units Involved

Total number of distinct organizational units within or outside UCLA that must be managed and coordinated to provide requirements for

the project.

3. Development Effort Hrs

Total estimated solution development effort hours that will be spent by the team excluding project management time.

4. Duration

The estimated total elapsed calendar time required to complete the project.

IT SOLUTION COMPLEXITY

5. Technology/Technique/Process

What is the knowledge, skills and expertise of the project team in employing the chosen technologies, techniques, methods and processes to

be used on the project?

6. Product Maturity (If purchased)

If software packages or commercial software products are to be included the solution, what is the general maturity of these products and

their usage within other institutions of higher education?

7. Solution Complexity

What is the level of technical complexity of the solution?

8. System Interface Profile

What is the complexity of the required system interfaces for the solution in terms of the number software interfaces that need to be

developed?

9. IT Architectural Impact

What is the architectural impact of the solution in terms of how it will fit with IT Architectural standards (data, applications and

technology), and coexist and integrate with other applications?

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 9

10. Maintainability

What is the degree of complexity of maintaining the application in terms of the level of technical skills required and the specific

availability of those skills to UCLA?

DEPLOYMENT COMPLEXITY

11. Process Impact

What is the implementation scope, boundaries and expected degree of change on academic or administrative processes?

12. End User scope of impact

What is the implementation impact in terms of the range and types of campus personnel affected?

13. Project Profile

What is the degree of acceptance and readiness level of the affected user constituency for the solution?

14. Project Motivation

To what degree is the project being driven by an external mandate from the Federal, State or UCOP level?

Project Budget

The total estimated development costs for the project (hardware, software, facilities, and people).

Ongoing Cost

The estimated average annual maintenance cost for the application. This should include regular hardware and software upgrades and

maintenance, hosting fees, and vendor support.

Project Class

The assigned project class (High – 5 to Low – 1) based on overall scoring and the group discussion.

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 10

3 GOVERNANCE TRIGGERSThe Governance Triggers worksheet below maps the results of project classification (Risk Factor ratings) against the recommended Governance

Actions that need to be taken. The entries in the Process Steps column are cross references to the IT Process Governance Framework Diagram

on page 13.

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 11

4 IT GOVERNANCE DECISION FLOW AND MATRIXThe institutional IT project process and decision flow diagram (Figure 2) and the IT governance decision matrix (Figure 3) describes the input and

decision making flow for IT projects as well as the roles and responsibilities of different groups within the IT governance process.

Figure 2

Funding

Decisions

Endorsement

Recommending Groups

Input & Position Statements

OITFacilitation

Chancellor , EVC ,

Executive Sponsors ,

with input from Campus

CIO

ITPB, CITI , FCET , IDRE

CSG & CAO

IT Workgroups

Campus Strategic Plan

Unit Plans

Institutional IT Project Process and Decision Flow

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 12

The matrix in Figure 3 maps the decision rights of the various Governance Entities (Committees, Stakeholders and IT groups) against a set of

mutually exclusive IT Governance Decision Domains1. The IT Governance Decision Domains serve to separate project IT decisions into categories

for Strategic Direction and Policy, Application Needs, common IT Infrastructure needs and IT Investments.

Figure 3 – IT Governance Decision Matrix (http://www.oit.ucla.edu/it_governance.htm )

1 This framework is based on the work of Peter Weill & Jeanne W. Ross, IT Governance, Harvard Business School Press, 2004

GOVERNANCE DECISION DOMAIN

Institutional ITStrategic Direction

&Policy

Institutional ITApplication Needs &

ImplementationStrategies

(Research, Education,

Infrastructure, andProductivity)

Research ApplicationNeeds & Research

ImplementationStrategies

Education ApplicationNeeds & Education

ImplementationStrategies

IT InfrastructureServices &

Architecture

IT Investment

Input Decision Input Decision Input Decision Input Decision Input Decision Input Decision

Executive Sponsors ! ! ! ! ! ! !

ITPB ! Final

Endorsement

! ! ! ! !

CITI ! FinalEndorsement

!

IDRE ! Final

Endorsement

FCET ! Final

Endorsement

CSG ! ! ! ! !

Campus Administrative Officers (CAOs) ! ! ! ! !

Campus IT Directors: CCC & IT

Directors in each VC Area.! ! ! ! !

OIT! ! ! ! ! ! ! ! ! ! ! !

DRAFT

Institutional IT Governance Overview V1.3 - P 1133 – 5/31/06 – PAGE 13

5 IT GOVERNANCE PROCESS FRAMEWORKThe IT Governance Process framework graphically illustrates the reviews, approvals and endorsements that may be applied to projects. Not all

projects go through all steps; the specific path taken will be determined by the Governance Triggers analysis (Page 10).