Skip to main content

Leveraging Project Portfolio Management to Implement an Effective IT Governance Strategy

IT Governance

The discipline of IT Governance, a key aspect of overall corporate governance, has received increased attention over the last 10 years. This attention has been fueled by Y2K initiatives, the awareness that technology is core to every business, and the impact of the Enron collapse in 2000 with the resulting Sarbanes-Oxley legislation that mandated compliance requirements.

It’s important to remember that IT governance is not just about compliance; it’s about ensuring that IT has the best possible impact on the business. In this light, an IT governance strategy must be built on two pillars: producing value and managing risk.

The IT Governance Institute, which was founded in 1998, identifies the following objectives and requirements for IT governance:

  • Alignment: For IT to be aligned with the enterprise and realize the promised benefits of information technology
  • Value: For IT to enable the enterprise by exploiting opportunities and maximizing benefits
  • Resource Optimization: For IT resources to be used responsibly
  • Risk Mitigation: For IT-related risks to be managed appropriately

These objectives map tightly with what Project Portfolio Management (PPM) does, making PPM a required foundation for every IT governance initiative. In fact, PPM not only helps accelerate IT governance, but new on-demand approaches to PPM further simplify the process of getting IT governance done.

Innotas has seen many situations in which companies got lost trying to implement overly complex IT governance strategies, and unfortunately, in the process, ended up creating large bureaucracies and complex metrics that contributed little value to the organization. But finding the right balance between producing value and being compliant is doable.

Innotas has worked with companies that have made rapid progress in their IT governance initiatives by starting with a PPM implementation focused on a simple and pragmatic approach. These companies have been able to make measurable impacts on the business while implementing reasonable controls; adding layers of further sophistication only when and where they were really needed.

The Role of PPM in IT Governance

While PPM alone is not enough to meet all the requirements of IT governance, it is one of the most critical ingredients for a successful IT Governance strategy. PPM plays a pivotal role by enabling an organization to:

  • Prioritize the IT portfolio of projects and applications according to business objectives and expected benefits
  • Respond to changing conditions and new opportunities by being able to rapidly reallocate resources with a full understanding of the impact
  • Know exactly what projects people are working on, enabling them to make clear business decisions on what the priorities are and how well resources are utilized
  • Ensure that projects are delivered on time, on budget, and on quality
    The following table summarizes the capabilities required to meet the objectives of IT governance, and identifies whether each capability is part of the discipline of PPM and supporting applications, or if the capability is addressed by other disciplines and technologies. As you can see, PPM addresses a large majority of the capabilities required to meet IT governance objectives.

IT Governance objectives
Required capabilities
Other disciplines
Alignment and benefit realization
Align to business objectives
Manage project portfolio
Manage application portfolio
Enforce standard business case
Prioritize IT portfolio
Value – Exploit opportunities, maximize benefits
Change portfolio priorities
Understand impact
Track project performance
Rationalize applications
Manage IT demand
Measure reliability and availability
Application mgmt software
Use resources responsibly
Manage resource capacity
Manage resource skills and cost
Track resource capacity and availability
Align resource utilization to priorities
Manage risk
Deliver projects on time
Deliver projects on budget
Manage project risk and change
Implement a security strategy
Security software
Establish a control framework and IT processes
Implement and manage application controls
GRC software

How PPM helps meet IT governance objectives

Next we are going to explore each of the four objectives of IT governance. We start each section with the questions that need to be answered to meet that objective and then we describe how PPM is leveraged to answer them.


Are we doing the right things? Is what we are doing going to produce the best value for the organization?

These are fairly simple and basic questions, but answering them with confidence requires IT to take several steps to create a single IT system of record:

  • Take an inventory of all current projects and applications
    • Not much can be prioritized without understanding what IT is working on, and what projects are in the queue
    • After taking a project inventory, companies often discover they are working on twice the number of projects they thought they were in their project inventory
  • Create a standardized business case for project requests
    • Developing consistent metrics for expected value, cost, and risk allows an apples-to-apples comparison
  • Understand business objectives
    • Know the organization’s priorities and how they are measured
  • Understand how existing projects, applications, and proposed initiatives contribute to those objectives

These steps, or building blocks that PPM provides allow an organization to take a portfolio approach to managing what IT does and align it to the business.

Figure 1. Three IT portfolio scenarios showing breakdown between active projects, new project proposals, and sustaining or maintenance work.


Is enabling a new proposed service more important than any of the projects we are already doing? What would be the impact of merging with Company Y – what do we have to put on the back-burner to get that done?

Prioritizing the IT portfolio is not just a once a year planning exercise; it’s an on-going process. Market conditions change and people come up with excellent new ideas, and there are never enough resources to accomplish everything on the list. While it’s always painful to disrupt a carefully balanced project portfolio, the job of IT leaders is not only to embrace change, but to drive it.

Effective IT governance requires that IT leaders look for great ideas and quickly assess how these ideas score against what is already on the plate and on the waiting list. This needs to be done in partnership with the business. A simple stage gate approach supported by a PPM solution is critical to implementing a standard process with established review and approval steps to filter out ideas that may be good, but do not match the objectives of the business.

Then the fun begins — sorting out where in the stack of priorities a new proposal belongs based on priority, budget, and resource availability.

Figure 2. Balancing priorities across three IT portfolio scenarios by choosing projects and sustaining work based on value, priorities, objectives and departments.

Figure 3. Finding the right spot for each project.

Resource Optimization

Do we have the resources with the right skills to get this project done? When will they be available? What kind of people do we need to hire based on future plans? Should we outsource part of a project?

In the end it all boils down to people – getting and keeping the right people, and focusing them on the projects that allow them to make the best use of their time and have the biggest impact on the business.

PPM provides a clear understanding of where time is actually spent. It is amazing how finger pointing stops when a discussion is based on facts and not assumptions. Think of the typical scenario in which somebody from a business unit complains that IT is not doing enough for that particular business unit. That conversation will take a dramatically different tone when IT is able to show a PPM dashboard based on real-time data and explain that “Based on your demand and prioritization, 30 percent of your allotted IT resources/budget is being spent on projects X, Y, and Z; and 70 percent is being utilized to maintain and enhance applications A, B, and C. Would you like to change these priorities? Furthermore, project W is delayed because we do not have available software architects, but it could be started right away if you are willing to fund a consultant for that role.”

Figure 4. Tracking resource allocation by project and role comparing demand to staffed and unstaffed levels.

Figure 5. Managing resource capacity and utilization.

Risk Mitigation

Great idea, but do we have the infrastructure to pull it off? We can build it, but will they come? How reliable is the new vendor we need for this project?

Two projects may have the same potential value and both may be well-aligned with business objectives, but the risks and unknowns associated with each may be very different and should be factored into the prioritization process and made clearly visible to the stakeholders. It is also important to plan for the potential risks involved in a project and have a mitigation plan ready.
Then there are the operational risks: monitoring the execution of the project to ensure that it is on schedule, making sure that all planned resources are still available and not impacted by delays in other projects; tracking spending against budget; and closely managing requests for scope change.

These are all staples of a PPM solution.

Finally, the part nobody wants to talk about: did the project actually produce the value to the business that was expected? This is the ultimate risk from a business perspective, and tracking it results in much better future business cases and planning.

IT Governance for Business Value and Compliance

If you have an IT governance initiative in the works, don’t panic! Many companies have successfully implemented IT governance strategies without overwhelming the people involved or bringing IT to a standstill.

It is possible to both ensure that IT produces the best value for the business AND that IT meets internal and regulatory compliance requirements. By making project portfolio management a key element of your IT governance strategy, you will provide the right level of visibility and processes for managing the IT portfolio, its resources, and risks.

Comments (3)