Building confidence in executing IT programs
1MvMFcE
1MvMFcE
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Third l<strong>in</strong>e<br />
Audit committee<br />
Internal audit<br />
Key roles<br />
• Ma<strong>in</strong> board (“heartbeat”): responsible for provid<strong>in</strong>g overall portfolio and program direction<br />
and accountable for corporate-level risk management.<br />
• Executive leadership team: provides program sponsorship, strategy and direction.<br />
Responsible for sign-off of: scope; functional, technical and service solutions; and changes to<br />
spend<strong>in</strong>g; also for monitor<strong>in</strong>g of program plan, budget, risks, issues and change requests.<br />
• Portfolio risk committee: responsible and accountable for provid<strong>in</strong>g overall portfolio risk<br />
management oversight and portfolio and program-level risk management. Seeks <strong>in</strong>terventions<br />
to address any concerns across portfolio.<br />
• Audit committee: assists the board by sett<strong>in</strong>g the agenda for and receiv<strong>in</strong>g reports related to<br />
the effectiveness of risk management on the project and the effectiveness of controls with<strong>in</strong><br />
key bus<strong>in</strong>ess processes.<br />
• Internal audit: typically will have some responsibility for provid<strong>in</strong>g <strong>in</strong>dependent assurance to<br />
the audit committee on the effectiveness of <strong>in</strong>ternal controls with<strong>in</strong> key bus<strong>in</strong>ess processes on<br />
change <strong>programs</strong>.<br />
Internal<br />
audit reviews<br />
• Steer<strong>in</strong>g committees: responsible for ensur<strong>in</strong>g strong buy-<strong>in</strong> for the solution and that all<br />
stakeholder groups are represented appropriately. Accountable for effective governance and<br />
plann<strong>in</strong>g, sign-off of quality deliverables; and ensur<strong>in</strong>g that the solution and bus<strong>in</strong>ess change<br />
meets bus<strong>in</strong>ess and user requirements.<br />
• Technical design authority: responsible for the technical review of solution and ensur<strong>in</strong>g<br />
adherence to technical architecture pr<strong>in</strong>ciples of the organization.<br />
• Program management office: provides day-to-day management controls over the<br />
project, <strong>in</strong>clud<strong>in</strong>g management of project plan, budget, risks and issues. Responsible<br />
for communicat<strong>in</strong>g effectively with governance groups, rais<strong>in</strong>g risks and issues and<br />
required sign-offs.<br />
• Independent PRM: responsible for <strong>in</strong>dependently review<strong>in</strong>g and advis<strong>in</strong>g on the effectiveness<br />
of risk management at the program level, <strong>in</strong>clud<strong>in</strong>g the effectiveness of mitigation strategies<br />
for key program risks.<br />
• Project workstreams: responsible for day-to-day project delivery and the management of<br />
project risk.<br />
<strong>Build<strong>in</strong>g</strong> <strong>confidence</strong> <strong>in</strong> execut<strong>in</strong>g <strong>IT</strong> <strong>programs</strong> | 11