IT Governance Renewal at the University of Manitoba

Transcription

1 IT Governance Renewal at the University of Manitoba Overview Version September 2015

2 This document is the property of the University of Manitoba, and is for internal distribution only. It shall not be reprinted, reproduced, or distributed without the expressed, written consent of University of Manitoba UofM IT Governance Overview - ver 2.8

3 Table of Contents I. IT Governance Renewal Overview... 1 II. Governance Renewal to Support IT Transformation... 2 III. IT Governance Structure The University IT Advisory Council (UITAC) UITAC Committees... 4 a) Senate Committee on Academic Computing (SCACom)... 4 b) Student IT Experience Committee (SITEC)... 5 c) Research Computing Advisory Committee (RCAC)... 6 d) Administrative Services IT Governance Committee (ASITGC)... 7 e) Enterprise IT Architecture Committee (EITAC)... 7 IV. IT Governance Structure - Processes... 9 a) Sub-Committees and Working Groups... 9 b) Governance Membership... 9 c) Terms of Reference and Operating Procedures... 9 d) Meeting Logistics... 9 V. Key Governance Priorities a) IT Strategy Development b) IT Investment Review Process c) IT Mandates and Authorities Review VI. Conclusion and Next Steps Appendix A Glossary of Terms Appendix B University of Manitoba IT Governance Model Appendix C Proposed IT Investment Review Process Process Flow Diagrams UofM IT Governance Overview - ver 2.8 Page i

4 (Page left blank for formatting) UofM IT Governance Overview - ver 2.8 Page ii

5 I. IT Governance Renewal Overview This document provides a brief overview of the renewal of Information Technology (IT) governance at the University of Manitoba (the University ). It is intended to brief and orient University leaders and governance members to the new structures and processes. The governance process will be elaborated into more detailed terms of reference and work plans as appropriate. The process will be supported by an orientation package for proponents and committee members which will include a glossary of terms to introduce a common nomenclature and ensure common understanding. UofM IT Governance Overview - ver 2.8 Page 1

6 II. Governance Renewal to Support IT Transformation Information Technology (IT) has been identified as a critical enabler of the University s current and future success. Unlike other critical enablers (i.e. people, budgets, facilities), the University does not have the degree of enterprise-wide control over the IT enabler as is warranted by its importance. As a result, there is a growing imbalance between demand on and supply of IT resources and budgets at the University underlining the need for a more effective process of prioritizing IT projects 1 and investments across the University to ensure that highest needs can be addressed and IT performance can be more measurably improved. A key objective of IT transformation is to evolve the university-wide IT planning, governance and operations towards a model that better advances the importance attached to IT as a critical business enabler an environment where planning, investment and priority setting is transparent and coordinated. In doing so, we can bring IT into an environment of university-wide control supported by clear authorities, mandates and university-wide perspectives on IT strategy, priorities and associated investments. In this regard, a new approach to university-wide IT governance is needed to advance this vision and direction. Specifically, a new approach to governance needs to accomplish: A University IT plan that is aligned with and enables the University s strategic and business priorities; A consolidated view of IT investments on which the University can set priorities and measure return; Clarity on university-wide IT mandates and authorities among central agencies, faculties and administrative units; All University IT advisory and governance processes aligned to strategy; A process to ensure IT projects across the University are aligned to and compliant with core IT standards and guidelines as published by the Chief Information Officer (CIO); and A new state where IT is brought into an environment of control through formal governance processes where executive and business leaders have meaningful roles in IT decision-making and priority setting. In this regard, the scope of IT governance is university-wide and extends across the IT function including and beyond the Information Services and Technology (IST) department. 1 Refer to Appendix A for the new definition of an IT Project and of an IT Investment. UofM IT Governance Overview - ver 2.8 Page 2

7 III. IT Governance Structure 1. The University IT Advisory Council (UITAC) The renewed and formalized university-wide IT governance framework features a new Executive-level committee the University IT Advisory Council (UITAC). UITAC replaces the former PACITi group - with a stronger mandate to provide university-wide recommendations and direction on IT strategy and investments. The UITAC will engage senior-level leaders from across the University in providing recommendations and advice to the Vice-President, Administration and the CIO with respect to IT strategies and investment s. All existing IT advisory bodies will be aligned with the new university-wide governance structure. (See Appendix B: University of Manitoba IT Governance Model) Mandate: Ensures the effectiveness of IT Governance and its alignment with university-wide strategy and business priorities; Reviews university-wide IT investments for alignment with institutional goals, evaluates their benefits and risks and recommends IT project investments to the VP Administration and CIO for their approval; and Supports the development and review of a university-wide IT strategy. Scope: All plans, projects and priorities across the University recommended to UITAC by its committees fall within the mandate of UITAC. Membership: Vice-Provost (Graduate Education); Vice-Provost (Students); Vice-Provost (Integrated Planning & Academic Programming); Associate Vice-President (Partnerships); Associate Vice-President (External Relations); Three Deans as appointed by the Chair, for a three year term - selected to represent the diversity of faculties. The Chair may renew the terms of appointed Deans. In addition, the Chair may choose to adjust the appointment terms of these Deans in the interest of staggering appointments to support continuity Chief Information Officer; University Librarian; Chief Risk Officer; President, UMSU; President, UMGSA; and All UITAC Committee Chairs (as per below) - ex-officio; non-voting Chair: Vice-President, Administration Secretariat: CIO Office - non-voting Terms and Processes: Meets at least quarterly (more often if required). Members must be in attendance to vote. Quorum: Nine (9) voting members in attendance. UofM IT Governance Overview - ver 2.8 Page 3

8 2. UITAC Committees UITAC will be supported by five committees structured into portfolios that represent the University s faculty, student, research, and administrative business needs and supported by a cross-campus information technology body. This portfolio approach allows for committees and any future committees to discuss initiatives, challenges and priorities with clear scope and context and, thus avoid confusion about purpose or alignment. Recommendations on services, programs, policies and procedures will be forwarded to the UITAC for review and approval. There are four primary committees: The Senate Committee on Academic Computing (SCACom); The Student IT Experience Committee (SITEC); The new Research Computing Advisory Committee (RCAC); and The new Administrative Services IT Governance Committee (ASITGC). A fifth committee - the Enterprise IT Architecture Committee (EITAC) serves two primary roles: Supporting UITAC and its committees by reviewing all proposed in-scope IT projects to ensure alignment with the University s technology management practices and associated IT standards and guidelines all of which are defined by EITAC for approval by the CIO; and Serving as a portfolio committee with respect to all in-scope IT projects of a university-wide IT infrastructure or common IT service nature. In addition, all existing IT advisory bodies and working groups at the University will be aligned with the new university-wide governance structure. These bodies have been assigned to UITAC committees who will be responsible for determining whether any changes may be required in their roles and mandates to advance the new governance model (See Appendix B: University of Manitoba IT Governance Model) a) Senate Committee on Academic Computing (SCACom) The SCACom s focus is the teaching and learning IT portfolio. The committee reports to UITAC as well as the University Senate on all IT matters relating to teaching and learning. Mandate: Fosters innovation in pedagogical programming, especially as it relates to technology in teaching and learning. Scope: Receive, review, prioritize and make recommendations on all IT plans and projects applicable to the teaching and learning systems and supports; Advise and inform the Senate on all matters pertaining to IT for teaching and learning; and Foster communication and share expertise on teaching related IT issues and practices. Membership: Vice-President - Research and International, or Designate (ex-officio); Vice-Provost (Students); Two Deans or Directors elected by Senate; Six members of the academic staff elected by Senate (at least one from the Bannatyne Campus); Four Students elected by the Senate (Two Undergraduate; Two Graduate students); Dean, Faculty of Health Sciences; UofM IT Governance Overview - ver 2.8 Page 4

9 Chief Information Officer; University Librarian (ex-officio); and Education Specialist, Centre for the Advancement of Teaching and Learning (CATL) (ex-officio). Chair: VP Academic and Provost (or delegate) Secretariat: Office of the University Secretary, Governance System Coordinator Sub-Committees and Working Groups reporting to SCACom: Online and Blended Learning Implementation Working Group Instructional Design Group (Distance and Online Education) Faculty of Medicine (Health Sciences) Informatics & ecurriculum Working Group Terms and Processes: Meets a minimum of four times annually; Provides a report quarterly to UITAC; and Reports annually to the Senate. b) Student IT Experience Committee (SITEC) SITEC's focus is the student experience IT portfolio. Mandate: Provides a forum for students and members of the University administration to identify opportunities and develop a prioritized list of recommended projects where the use of information technology would enhance the student experience at the University. Scope: Receive, review, prioritize and make recommendations on all IT plans and projects applicable to enriching the student experience. Membership: Two (2) undergraduate students [appointed by UMSU]; Two (2) graduate students [appointed by UMGSA]; One (1) Member, Student Affairs Leadership Team [appointed by the Vice-Provost (Students)]; Director, Enterprise Systems, IST; and One (1) Member, Administration (appointed by the Associate Vice-President Administration) As requested, from time to time, additional people may be invited to attend Committee meetings to present information or act as resources. Co-Chairs: Director, Enterprise Systems, IST; and Executive Director, Student Engagement, Student Affairs. Secretariat: CIO Office Sub-Committees and Working Groups reporting to SITEC: Mobile Applications Sub-Committee Terms and Processes: Meets a minimum of four times annually; Reports quarterly to UITAC; UofM IT Governance Overview - ver 2.8 Page 5

10 Agendas will be circulated a minimum of three days in advance of each meeting. Minutes will be kept; and UMSU, GSA, and the IST Leadership (CIO) will be informed of meeting results through the circulation of minutes. c) Research Computing Advisory Committee (RCAC) RCAC s focus is the research computing IT portfolio. The users of research computing have widely varied requirements - whether they depend on IT and computing facilities as tools incidental to their research, as central to the gathering and analysis of data or to support research in computing as the primary focus of their work. Many researchers also require access to resources further afield including access to cloud computing, remote data bases, collaborative environments. Mandate: Recommends and prioritizes s and project in support of the research computing environment across the University; Advise the CIO on IT matters and enablers relating to the Research Strategic Plan and the alignment of university-wide IT plans and strategies to that plan; Advise the Vice-President, Research on institutional level research applications involving/requiring computing infrastructure; and Advise on interactions and protocols with other institutions and granting organizations outside of the University that support IT and research computing as part of collaborative research funding programs (i.e. CFI, CANARIE, Compute Canada, and WestGrid). Scope: Receive, review, prioritize and make recommendations on all IT plans and projects applicable to enhancing the research environment and requirements of the University. Membership: Vice-President (Research and International); Five (5) Associate Deans (Research) representative of the diversity of research computing across the campus (as appointed by the Chair) University Librarian; Five (5) researchers representative of the diversity of research computing across the campus (as appointed by the Chair); and Representative from IST Leadership Team (as appointed by CIO). Co-Chairs: Associate Vice-President (Research and Partnerships); and Director, Computer and Network Services, IST. Secretariat: CIO Office Sub-Committees and Working Groups reporting to RCAC: High-Performance Computing Committee Terms and Processes: Meets a minimum of four times annually; and Reports quarterly to UITAC. UofM IT Governance Overview - ver 2.8 Page 6

11 d) Administrative Services IT Governance Committee (ASITGC) ASITGC s focus is the administrative operations and services IT portfolio. Mandate: Aligns Administrative Services IT related plans with UITAC direction; Recommends to UITAC strategic investments that will provide substantial benefits to Administrative Services; Aligns available IT resources with Administrative Services strategic directions; Prioritizes Administrative Services IT project related activities when necessary; and Reviews university-wide IT investments for alignment with institutional goals, evaluates their benefits and risks and recommends IT project investments to UITAC. Scope: Receive, review, prioritize and make recommendations on all IT plans and projects applicable to the University s administrative services and requirements; and All plans, projects and priorities applicable to support administration through the use of technology systems and supports within this portfolio fall within the mandate of ASITGC. Membership: University Registrar; University Comptroller; University Librarian; Executive Director, Office of Institutional Analysis; Director, Human Resources; Director, Donor Relations; Director, Office of Research Services; Director, Enterprise Systems, IST Chair: University Comptroller Secretariat: CIO Office Sub-Committees and Working Groups reporting to ASITGC: Web Steering Committee Mobile Applications Sub-Committee Terms and Processes: Chair is a two-year term rotating chair as voted by members of the Committee. Meets a minimum of four times annually; and Reports quarterly to UITAC e) Enterprise IT Architecture Committee (EITAC) The EITAC s focus is university-wide IT infrastructure, applications, data and security domains. In this respect, its focus is not sectoral-driven as with the four committees, but rather it serves to support the cross-university IT foundation. In this context, EITAC: UofM IT Governance Overview - ver 2.8 Page 7

12 Supports UITAC and its committees by reviewing all proposed in-scope IT projects to ensure alignment with the University s IT environment and associated IT standards and guidelines all of which are defined by EITAC for approval by the CIO; and Serves as a portfolio committee with respect to all in-scope IT projects of a university-wide IT infrastructure or common IT service nature. Mandate: Governs the development, definition and documentation of the Enterprise IT Architecture for the University including: - develops and proposes IT architecture policies and principles; - develops and publishes IT standards, guidelines and direction statements; and - assesses and advises on IT Security. Scope: Receive, review, prioritize and make recommendations on all IT plans and projects applicable to the IT technical architecture and infrastructure of the University; Reviews all plans, projects and priorities under consideration by UITAC and its committees to ensure alignment with the University s technical architecture and IT standards and guidelines; and Develops exceptions criteria and protocols for IT projects that have a strong business case for non-alignment with IT standards and guidelines for approval by the CIO. Membership: Director, Enterprise Services, IST; Team Leader Systems and Services, IST; Team Leader Storage and Integration, IST; Team Leader Networking, IST; Team Leader Communications Technology, IST; Team Leader Technical Application Support, IST; Team Leader Database Support; Team Leader Telephone Support, IST; IT Security Coordinator, IST; An IT service representative from each of the Bannatyne and Fort Garry Campus (as appointed by a vote from the IT representatives of those campuses); and Director, Client Services, IST. Chair: Director, Computer and Network Services, IST Secretariat: CIO Office Sub-Committees and Working Groups reporting to EITAC: IT Standards Working Group; and IT Security Working Group Terms and Processes: Meets monthly; Reports to CIO-IST; and Reports quarterly to UITAC. UofM IT Governance Overview - ver 2.8 Page 8

13 IV. IT Governance Structure - Processes a) Sub-Committees and Working Groups UITAC and its Committees can form additional sub-committees and working groups as needed. Subcommittees are ongoing groups that are responsible for issues and decisions in certain areas of responsibility or interest of the University. Working groups are defined as time-bound groups assigned specific problems to solve or tasks to accomplish. As such, they are not considered standing or ongoing governing bodies. b) Governance Membership Committee membership is designed to be representative of the campus community. Generally, members are selected to represent academic, student, research and administrative units of varying size. Specific details of the membership designated for each committee will be developed in detailed Terms of Reference for each committee. Members are recommended to the governance committee Chairs by governance committee members, by members of the campus community, or through a search process to identify potential members who represent a specific unit or group that is not currently represented in the governance membership. If specific expertise is desired or required for a particular project of governance, experts are identified and recommended to the governance Chairs. After recommendations are considered, committee member candidates are finalized by the committee for review and approval by UITAC. Sub-Committee and Working group membership can consist of IT governance committee members or any qualified personnel identified by IT governance committee members. c) Terms of Reference and Operating Procedures UITAC and its committees will be supported by full, approved Terms of Reference (ToR) developed from the mandate statements outlined above. Draft ToRs will be reviewed for approval at the inaugural meetings of UITAC and its committees. The ToRs should include operating procedures that address: Decision-making and issue escalation processes; Member expectations and participation inc. Delegation/n-delegation authorities ; Meeting agenda and supporting documents inc. agenda input, processes governing advance material required, timelines, records of decision/action; and Other logistic matters (see below). d) Meeting Logistics The CIO office is responsible for providing secretariat services to all IT Governance committees-with the exception of SCACom which is supported by the Office of the University Secretary. The committee Chairs and CIO will meet regularly together to coordinate the timing of committee efforts and ensure proper communication, inclusion and prioritization. The Secretariat will be responsible for all meeting processes and logistics including: UofM IT Governance Overview - ver 2.8 Page 9

14 Canvassing members of each committee for proposed agenda items to be discussed in their respective committees. Agenda items can also be suggested by anyone in the University community (non-committee members) by directly contacting a committee Chair or the CIO office. Agenda items for each committee are vetted through that committee's Chair; Collecting and circulating any material required in advance by Committees to support preparation for and efficient conduct of meetings including the agenda as approved by the Chair; and Meeting rooms and logistics. UofM IT Governance Overview - ver 2.8 Page 10

15 V. Key Governance Priorities Beyond bringing university-wide IT into an environment of control, the new IT governance framework is being created to accomplish some specific priorities needed to advance the IT Transformation direction. These include: a) IT Strategy Development The University requires an enterprise IT strategic plan that can articulate the strategic direction and priorities for IT at the University in a manner that is closely aligned with and supportive of the University s overall strategic plan and the business plans of its faculties and administrative units. As an enabler of strategy and business, the IT strategic plan needs to be seen as responding to and advancing university-wide priorities. Accordingly, its development must engage the University s leadership through UITAC. Work on the university-wide IT strategy will commence once the outcome of the current University Strategic planning process is confirmed. b) IT Investment Review Process Fundamental to bringing IT into an environment of control at the University is the introduction of an IT investment review and approval process where university-wide IT planning, investment and priority setting is transparent and coordinated. This will support the University s interest in pursuing those IT projects that serve the greatest university-wide priorities. With the variety of Faculty and Administrative unit needs, the large number of prospective IT projects and the limited budget and resources available, a structured IT investment review process is required. This will ensure all s are received, assessed, prioritized and approved in a way that is rationalized on a university-wide basis. Moreover, there is a need to align and integrate the IT investment approval process with the university-wide Strategic Resource Planning process (Budget Review, Capital Planning, and Integrated Planning committees) to ensure that it complements rather than duplicates the existing budgeting process. The IT Investment Review process will require the adoption of criteria for submission, assessment, evaluation, selection and approval. The criteria will serve as the common foundation to ensure: All required s are identified and submitted for inclusion in the Investment Review Process; Uniform and consistent approach to preparing, submitting, evaluating and prioritizing s within committees and UITAC; Assessment and evaluation of s is done in a consistent, equitable manner; and Assessment and ranking of s is done to advance the University s highest needs. IT Governance has a strong commitment to continuous improvement. The Investment Review Process is a new process and involves significant change from the current state. As such, it needs to be able to evolve as it is implemented through practice. IT Governance is committed to review the entire process within one year of launch to evaluate its effectiveness and identify areas for improvement going forward. UofM IT Governance Overview - ver 2.8 Page 11

16 Principles and Assumptions: Proposals for projects are prepared, submitted and evaluated based on the following core assumptions: All IT projects that meet one or more of the following criteria at the University are in scope: o the cost of the investment specific to the information technology (ex. hardware devices, software products, and/or network infrastructure; acquisition and 1st year licensing costs; professional services, etc.) needed to implement the proposed solution is in excess of $20,000; o the requirement of resources from either the IST or PMO-I/T units within the CIO s office needed to implement the proposed solution is expected or has the potential to be in excess of 20 person days in total; o the proposed solution is expected to or has the potential to be integrated into the core University network, data centre, and/or infrastructure. Funding s are for one-time fiscal (capital costs) only funding for baseline continuing (ongoing operational costs) will need to be secured by the advocate; Project advocates own their s throughout the process with governance committees presiding over the endorsement process exercising review and due diligence in recommending projects to UITAC and, in turn, the CIO and Vice-President Administration; The process is primarily business vs. technology based. As such, projects will be proposed, assessed, prioritized and approved through a common and transparent criteria set that are based on business needs, drivers and considerations. As such, the criteria will be founded on a balanced assessment of two primary factors Value (Benefits & Strategic Alignment) and Risk & Complexity; The CIO office will develop process tools based on the core criteria to support all phases of the process i.e. application forms; evaluator s guides; committee project portfolio prioritization frameworks; project reporting tools etc. The evaluation tools will be standardized across the committees with the aim to make project evaluation and prioritization as objective as possible; Proposals will be assigned by the CIO Office to one UITAC committee for review to avoid potential dual ownership of s; IT Investment review process will be aligned with the university-wide Strategic Resource Planning budget approval processes to ensure an integrated and efficient approval process that avoids duplication of process and effort; Approved projects will be incorporated into and aligned with the annual IT portfolio build and will be managed and adjusted accordingly; The IT Investment review process separates intake-to-approval process from project execution. Procurement, execution and benefits realization is not part of the review process (beyond the need to report on these outcomes); and It is recognized that some IT project s need not follow the standard review process as they could be deemed Mandatory (i.e. to enable the University to comply with legislative, University governance, contractual, or regulatory requirements), Fully Resourced (i.e. the advocate s respective unit or faculty is providing all funding, staffing and any other resourcing needed to fully implement the ) or Advisement (i.e. similar to Fully Funded but also UofM IT Governance Overview - ver 2.8 Page 12

17 the proposed IT component is not impacting the core IT infrastructure of the University). These s will still proceed through the evaluation process and will need to be assessed by EITAC (for alignment with University IT standards and guidelines) and then moved directly to UITAC to be included in the annual investment plan. Please refer to Appendix C for complete descriptions of each of these exception processes and a representation of each process flow. It is recognized that some IT project s may enter the process as fully funded and resourced i.e. from external sources or internal budgets (and, therefore, would not impact draw on existing CIO and IST resources). Such s may be granted approval by the CIO for inclusion in UITAC s annual investment plan. However, these projects would still proceed through the evaluation criteria scoring by the appropriate committee and will need to be assessed by EITAC (for alignment with University IT standards and guidelines). Phases and Components: The IT Investment review process contains five key phases governing the life-cycle of a from generation to approval as a project. All phases are founded on a common set of criteria. The phases are summarized below (and in Appendix C: Process Flow Diagram) 1. Submission Process In IT Governance, the project is the starting point of turning an idea into a project. Ideas can be brought forth and formed into a project by anyone or group at the University and submitted into the review process; All submissions are sent first to the CIO office for an initial completeness review and logging of the in an IT Investment Review Inventory. If additional information is required to complete the content requirements of the (as per the criteria), the CIO office consults with the s submitter and/or advocate; and Once determined complete, the CIO office then assigns s to one of UITAC s Committees. If the crosses Committee mandates, the CIO will propose a lead committee for the in consultation with relevant committee chairs. UofM IT Governance Overview - ver 2.8 Page 13

18 2. Committee Evaluation Process Committees will review the s assigned to them to qualify them for a full assessment based on the assessment criteria established by the CIO and approved by UITAC; For s that do not meet the minimum assessment criteria, the Committee will notify the project s advocate that the committee does not intend to proceed with the or it requires additional information in order to proceed; For qualified s, the Committee may request additional information it deems necessary to support its evaluation of the i.e. from the submitter and/or advocate, from other UITAC committees (that may be impacted by the ), from interested/expert parties at the University or any sub-committee/working group the Committee may choose to establish to assemble the required information. At this point, the Committee also forwards qualified s to EITAC for information; Once the committee determines it has the necessary information to support proceeding, it forwards the to EITAC for an assessment of technical risk/feasibility and alignment with IT standards and guidelines. If EITAC finds the to be partly or fully out of alignment, it will notify the advocate and the Committee. If the advocate still wishes to proceed, it will need to request an exception to IT standards and guidelines from the CIO. If such an exception is granted, the CIO will notify the advocate, EITAC and the Committee and the can proceed into full evaluation; The Committee then proceeds to a full evaluation of the using the criteria established plus any additional considerations specific to the Committee s mandate that may be required; and Evaluated s that the Committee recommends proceeding with are then prioritized by uniquely ranking the s from 1 to N, with the #1 ranking being the that the committee most strongly supports and recommends to UITAC to be included in the immediate IT Investment Plan for implementation. The ranked list is then short-listed for UITAC s evaluation to only those s the committee currently supports for implementation. Committees should only submit those s for review that they are prepared to defend at UITAC. Should a s advocate wish to appeal UITAC s decision not to include their project on the priority projects list, the advocate can request that an appeals panel be formed. The appeals panel will be comprised of the CIO (chair) and two additional committee members appointed by the Committee Chair. Appeals will be focussed on whether UITAC s evaluation criteria was appropriately applied and rated in the process. Results of the appeal and associated recommendations will be reported to the Committee chair and the s advocate and registered at the next committee meeting. 3. UITAC Evaluation Process UITAC will request committees to submit their priority for review. UITAC may request committee Chairs to present/support priority s ensure there is an accurate understanding; UofM IT Governance Overview - ver 2.8 Page 14

19 UITAC will evaluate s through the established criteria. As UITAC is tasked with taking a university-wide view in its work, its assessment will also include consideration of balancing of resources, budgets and implementation capacity across its portfolio; Based on its evaluation, UITAC will prepare a single list of priority s in the form of an annual IT Investment Plan for recommendation to the CIO and VP of Administration for approval; and Should a s advocate wish to appeal UITAC s decision not to include their project on the priority projects list, the advocate can request that an appeals panel be formed. The panel will be comprised of the CIO (chair) and two additional UITAC members appointed by UITAC s Chair. Appeals will be focussed on whether UITAC s evaluation criteria was appropriately applied and rated in the process. Results of the appeal and associated recommendations will be reported to the UITAC Chair, the appropriate Committee chair and the advocate and registered at the next UITAC meeting. 4. Investment Plan Approval Process CIO and VP Administration will review the UITAC s IT Investment Plan for approval consulting with UITAC on any revisions that may be required and assessing the plan s alignment with University s Strategic Resource Planning budget process; and Final approval of projects in the investment plan will be confirmed by CIO and VP Administration. Approval communications will be reported back to UITAC, the committees, and all advocates by the CIO Office. 5. Project Reporting Process Once approved, project owners will report on project performance against declared outcomes through a process to be developed and coordinated by the CIO office. The reporting process will also be framed by the established criteria; Approved projects will be incorporated into the annual IST s annual IT build portfolio so that it can be managed and adjusted accordingly; and The CIO will present a summary IT projects report for UITAC and its committees. Funding Criteria: The majority of s that are presented to IT Governance will require a source of funding. The following are several sources that are available to fund projects: Local funding is one-time funding that is provided completely from one campus department and/or unit; Shared funding is one-time funding that is provided through the cooperation and coordination of multiple departments and/or units often involving external funding agencies i.e. research granting bodies; Hybrid funding is one-time funding that is provided by both campus departments and/or units, and through the IT Governance process; and IT Governance funding is one-time funding that is provided through the IT Governance process to fully fund a project. UofM IT Governance Overview - ver 2.8 Page 15

20 Summarized below are examples of criteria that could be used to govern the submission of s and their assessment, evaluation and approval by governance committees. These criteria are aimed to enable a balanced, business-driven approach and will be further developed by the CIO for review with UITAC. Criteria Requirements Description /tes Project Description & Categorization 1. Problem/Opportunity Statement Defines core rationale for proposed investment problem to be addressed/opportunity achieved Describes current situation and why investment is necessary in that context (i.e. impact of continuing the status quo) Clear articulation of project outcomes 2. Information Technology Investment Category Mandatory Investments that are required as a result of a mandatory requirement (i.e. in legislation, from Senate) 2 Strategic Investment in IT applications which are critical to sustaining unit and/or University strategy Key Operational investments which the University depends upon for success High Potential investments which may be important in achieving future success Support/Maintenance - investments which are valuable but not critical Experimental/Research investments related to academic research purposes 3. Information Technology Impact Replacement or upgrade of application Replacement or upgrade of infrastructure Acquisition of a new system Value (Benefits & Strategic Alignment) 4. Alignment with university-wide strategy 5. Alignment with operational needs of the proposing faculty or administrative unit 6. Alignment/compliance with university-wide IT standards and guidelines Strategic importance to the University Enabler of University priorities Alignment with University annual budget plan Enabler of Faculty/Administrative Unit business/operational needs Alignment with Faculty/Administrative Unit annual budget plan To be defined by EITAC 7. Criticality How important or urgent is the i.e. replaces end- oflife system and sustains services ; addresses a critical gap in current IT system 8. Benefits Summary of benefits sought (i.e. service improvement; cost savings, reduction or avoidance; compliance; breadth of benefits across the University; new revenues) and how these benefits will be measured and reported on to UITAC (through a process to be developed by the CIO) Leverage Can project outcomes can be leveraged for other University faculty and administrative units 2 Any identified as Mandatory, is removed from the balance of the investment review process and proceeds directly to portfolio delivery. UofM IT Governance Overview - ver 2.8 Page 16

21 Criteria Requirements Description /tes 9. Stakeholder Impact The breadth and depth of stakeholders positively impacted by this Risk & Complexity 10. Feasibility and Risk Profile Is project feasible (within timeframe and resources requested)? Funding sources confirmed Procurement options and analysis Risk management considerations identifying risks and how these risk will be managed 11. Project Complexity and Dependencies Strength of Sponsorship Project complexity high-dependencies on other inter- related projects/processes existing or new Project duration (and schedule risk) Duration of the proposed project compared to the urgency of the need to be addressed Governance implications External vendor involvement 12. Organizational Change Implications Operational process and stakeholder impacts associated with implementation of the new capabilities from the project Organizational change management requirements for implementation of project identified (i.e. training requirements; staff level changes and associated impacts on labour agreements) Perceived level of resistance or readiness to change of the impacted stakeholders 13. Costs Are costs well-estimated? Degree of confidence in cost estimates i.e. inclusive of lifecycle costs, resource effort (FTE s, consultants) of IT or faculty resources required; ancillary costs i.e. staff training Are total costs of ownership (TCO) understood and manageable (over time) 14. Technology Risk Is this new technology, a new vendor, a sole sourced vendor 15. Operational Risk Availability of unit resources Skill set of unit resources Risk of not undertaking the project UofM IT Governance Overview - ver 2.8 Page 17

22 c) IT Mandates and Authorities Review Currently, responsibilities and management for IT at the University are disbursed - with the CIO and IST managing central policy, standards and applications and IT services units serving the more specific operational needs of faculties and administrative units. The current structure leaves significant room for ambiguity and confusion with respect to roles and responsibilities. Clarity of roles and mandates for IT will be a critical feature in bringing university-wide IT into an environment of control. The CIO mandate, and its associated Position Description, have not been reviewed in the past number of years and need to be updated to reflect new roles and responsibilities associated with IT Transformation. In addition, there is not a current, consistent mandate or Position Description to describe the roles and functions of distributed IT leads in faculties and administrative units. Missing from both are clear descriptions of the authority for the core IT functions that need to be governed as well as an understanding of how the central and distributed roles interact with each other within renewed IT governance and operational framework. UITAC will sponsor a review of IT mandates to assess gaps and recommended changes required to ensure clarity of roles and responsibilities to support IT Transformation s direction. UofM IT Governance Overview - ver 2.8 Page 18

23 VI. Conclusion and Next Steps Bringing IT into an environmental of control at the University requires a fundamental renewal of IT governance and management. IT transformation involves a significant change to the status quo which must be championed and managed by leaders across the University. As a result, a strategic focus on change management, collaboration and transparent, open communications will be a critical success factor in securing the outcomes we collectively seek. The formal launch of this governance framework was January 20 th, 2015 at which point this framework became effective. The next steps in the governance plan involve reviewing the model outlined in this document and developing further details to support its operation across the University. Next steps include: 1. Continued consultations with and support to the chairs of UITAC and its committees on the governance model, in order to create an environment in which this framework is continually reviewed and improved to meet the needs of it participants and of the University; 2. Development of further details on the governance and IT Investment Review processes including: an orientation user s guide for submitters and advocates, managers, governors and secretariat support; process tools (i.e. project application forms; project evaluation criteria and associated evaluation guides; objective prioritization frameworks; post-approval project reporting templates etc. ). UofM IT Governance Overview - ver 2.8 Page 19

24 Appendix A Glossary of Terms TERM DEFINITION ADR Advocate ASITGC An acronym for the Associate Deans of Research Committee. It s a former research governance committee that has been replaced by RCAC - Research Computing Advisory Committee. The individual who proposes, sponsors, and lobbies for a proposed project, and who will represent this to the University on behalf of their respective faculty/department/unit. This individual is usually a Dean, Director, or Department Head. An acronym for the Administrative Services IT Governance Committee which is part of the IT Governance structure. CIO An acronym for Chief Information Officer. CIO Office Committee Distributed IT Leads EITAC IST IT Governance IT Investment Refers to the administrative, Leadership and PMO areas that support the CIO of the Information Services and Technology department. Refers to the 4 Committees within IT Governance which report to UITAC RCAC, SITEC, ASITGCS, SCACom The leaders of an IT area aligned directly to a specific faculty, research area or administrative unit. An acronym for the Enterprise IT Architecture Committee which is part of the IT Governance model supporting both UITAC and the Committees. An acronym for the Information Services and Technology Unit. This unit consists of 3 groups that report to the CIO. This is the structure and processes used to receive, assess, evaluate and select IT s based on a University Wide perspective. An expenditure on information technology assets (ex. equipment, licences sing, software), and/or external information technology resources that will likely require both one-time and ongoing funding. The investment is realized by the implementation of the proposed IT Project. UofM IT Governance Overview - ver 2.8 Page 20

25 TERM DEFINITION IT Project PACITi Portfolio A proposed project that meets one or more of the following criteria: 1. the cost of the investment specific to the information technology (ex. hardware devices, software products, and/or network infrastructure; acquisition and 1st year licensing costs; professional services, etc.) needed to implement 3 the proposed solution is in excess of $20,000; 2. the requirement of resources from either the IST or PMO-I/T units within the CIO s office needed to implement the proposed solution is expected or has the potential to be in excess of 20 person days in total; 3. the proposed solution is expected to or has the potential to be integrated into the core University network, data centre, and/or infrastructure. An acronym for the President s Advisory Council on Information Technology and Innovation. It is a former executive level governance committee that has been replaced by UITAC University IT Advisory Council. Refers to the collection of enterprise wide Information Technology (IT) s and projects. The Advocate or Submitter of an IT Investment for a project. RCAC An acronym for the Research Computing Advisory Committee which is part of the IT Governance structure. SCACom An acronym for the Senate Committee on Academic Computing which is part of the IT Governance structure. SITEC An acronym for the Student IT Experience Committee which is part of the IT Governance structure. Senate The Senate is the University's senior academic governing body. Submitter UITAC The person documenting the content of a on behalf of the 's advocate. This person could also be working with the advocate to provide subject matter expertise on content. An acronym for the University IT Advisory Council which is part of the IT Governance structure. UMGSA An acronym for the University of Manitoba Graduate Student Association. UMSU An acronym for the University of Manitoba Student Union. 3 Implementation costs are not to include any post-project, operating costs. UofM IT Governance Overview - ver 2.8 Page 21

26 Appendix B University of Manitoba IT Governance Model UofM IT Governance Overview - ver 2.8 Page 22

27 Appendix C Proposed IT Investment Review Process Process Flow Diagrams This appendix contains the process flow diagrams outlining how a will move through the process from being submitted by the advocate to the point where, if approved, it becomes an approved project. There are five different process diagrams in this appendix. The first diagram is the complete flow diagram that includes all the four possible processes of the IT Investment Review process in a single, combined flow model. Diagrams 2 5 are the four separate review processes described below: Process Descriptions 1. Standard Most of the s that meet one or more of the three investment criteria will generally follow this standard process flow (i.e. the does not meet the definition for any of the following three exception processes). 2. Fully Resourced - The advocate s respective unit or faculty is providing all funding, staffing and any other resourcing needed to fully implement the. funding or staffing is required from IST but the IT element of this will impact the core IT infrastructure of the University. UITAC still has the option of approving, declining, or deferring the for implementation. 3. Mandatory - Investments that are required as a result of a legislative, University governance, contractual or regulatory requirement where: a. Legislative is a compliance requirement resulting from municipal, provincial, or federal legislation; b. University governance is a directive from the University Senate or Board of Governors; c. Contractual is a legal requirements as a result of an existing contract, or some other legal requirement that the University is required to address; d. Regulatory is a constraint or compliance requirement from a regularity body for the University such as Tri-Council, OAG, or Internal Audit. 4. Advisement Investment s with an IT component of over $20,000, that do not require any resources from IST, do not require any additional funding from the University, do not impact the core IT infrastructure of the University, and have already been approved for funding by a faculty. Such investment submissions are for informational purposes to UITAC only so that the investment information can be captured and incorporated in the current IT Investment Plan. These s do not go through the evaluation process. UITAC automatically approves this category of investment for implementation. An example of such an investment could be a research initiative that may be partially funded by an external body with the balance of the funding coming from a faculty. UofM IT Governance Overview - ver 2.8 Page 23

28 UofM Information Technology (I/T) Governance I/T Investment Proposal Review Process IT Governance Committee Complete Proposal Flow Forward info to other committees Other Faculty or Admin Unit Committee prepares & submits Log Initial review of document Sufficient content? Review & sizing of proposed I/T investment by I/T Is it an I/T investment? Discuss with and forward to appropriate committee Preliminary review by Committee Chairs Are more details needed to assess? Review, consult on, and clarify the Faculty or Admin Individual (1) SUBMISSION PROCESS Review with proponent to clarify and update Return to proponent or forward to appropriate unit (CMaPS, LOD, Physical Plant, etc.) IT Governance Committees Consult Internal & External Subject Matter Experts & Interested Parties Consult Review of s I/T investment by EITAC Investment aligns with I/T architecture? requests I/T architecture Exception Exception approved by CIO? Consult Review review result with proponent appeals evaluation of declined Appeal Rejected Mandatory or Advisement Review and finalize with proponent, estimates (ex. schedule, budget) and the s criteria evaluation. Committee, EITAC, UITAC, and/or IST CIO pre-approves fully funded & resourced Rejected Proposal Review evaluation of all s and submit committee shortlist to UITAC Appeal Accepted & Proposal Reevalauted Recommended Proposals (Shortlist) (2) COMMITTEE EVALUATION PROCESS Committee chair presents defense to UITAC Review evaluations. (Re)Prioritize, in order, the list of planned I/T Investments but appeal accepted & appeal Rejected Proposal accepted? IST resources & budget assigned and balanced for IT Investment Plan Create/update annual I/T Investment Plan VP Admin & CIO review I/T Investment Plan Plan approved? Communicate outcomes Project Portfolio Delivery LEGEND (Roles) University IT Advisory Council (UITAC) I/T Governance Committees (SCACom, SITEC, RCAC, ASITGC) Enterprise IT Architecture Committee (EITAC) Office of the CIO (3) UITAC EVALUATION PROCESS (4) INVESTMENT PLAN APPROVAL PROCESS (5) PROJECT REPORTING PROCESS VP Admin & CIO Version Date: Version 13 (March 23, 2015) UofM IT Governance Overview - ver 2.8 Page 24