You read in this chapter that each project should have a steering team of senior managers representing the business and IS organizations that provide guidance and support to the project. This is an important aspect of information systems governance: oversight of how the organization uses information systems to further its business objectives.

Nottingham Trent University (NTU) in Nottingham, England, was formed in the 1990s by a merger of several other institutions, some dating to the mid-nineteenth century. As a result, it had to deal with many information systems and technology platforms. In 2004, NTU brought its resources together into a central IS department. When this centralization was followed by the departure of their IS director in 2006, the stage was set to rethink NTU’s approach to managing information resources.

Richard Eade, an information technology software manager at NTU, writes that, “Balancing risks and opportunities [was] the major driver for the introduction of IT governance at NTU. One significant risk identified is associated with the university culture, … a perception that IT staffcan ‘do what they like.’ This has arisen from poor management. Consequently, IT governance has been introduced to bring in systems of control, without repressing initiative and enthusiasm.”

Anarchy, while it sounds attractive to those who can do as they please, does not yield the best information systems or the best use of resources. NTU’s challenge was to get control of its IS efforts in ways that faculty and staffwould accept. In addition, the university wanted to move from spending 80 percent of its time operating existing systems, with only the remaining 20 percent of its efforts going to developing new ones, to a 50:50 ratio.

Achieving these goals was a big task. Eade says NTU approached it the same way one approaches eating an elephant: “One bite at a time.”

Managing new system development was not the first area NTU addressed. Some top-priority areas had to be tackled first, including risk analysis, financial audits, security, and legal issues such as data protection. Once those urgent matters were taken care of, though, NTU could address project priorities and approval. In the long run, getting control of development priorities would have a greater payoff.

To improve the IS department’s focus on meaningful projects, NTU created the position of business relationship manager. The person in this position was the IS department’s “eyes and ears” to the rest of the university. This manager’s role was to provide communication links in both directions.

Next, the department strengthened its steering team. Previously, it had focused on the allocation of capital funding but had no controls to ensure the money was spent as the steering team specified. Now, both a sponsor and a statement of business benefits were required for all new projects.

Finally, NTU recognized that project management was vital to project success. The goals of the IS department were to deliver projects on time, on budget, and at an agreed-upon quality level. In the past, all three goals were missed consistently. NTU now trained project managers in the PRINCE2 project management methodology. This methodology provides proven processes for every project, from start to finish. It defines the required competencies, duties, and behaviors of eight types of people involved in a project. In sum, it changes project management from a “seat of the pants” activity to a systematic one. It helps projects stay on track and ensures that scope changes are well documented and properly agreed upon, and it provides evidence that risks and issues are well managed. NTU uses project boards (committees) for high-level control, with weekly or monthly highlight reports circulated to the IS management team.

Eade summarized NTU’s new governance with, “Ensuring that IT systems are fit for the purpose, are well managed, and can be relied upon means that we must undertake more effective measures to identify that appropriate strategies, policies, procedures, and controls are in place to bring risks and problems to our attention. NTU senior managers have identified the role the IT systems play —and will continue to play—in taking the university forward. They now expect the principles of IT governance to be in place to ensure that IT remains strong.”

Suppose NTU, instead of arising from a recent merger, had been one institution for over a century but had the same problems, how might that difference affect its approach to information systems governance?