IT Governance Framework

IT Governance at UQ

Information Technology is a critical enabler of the University’s current and future success. Established in November 2016, the role of the Chief Information Officer is to ensure that the University's IT environment is fit for purpose and designed for agility and efficiency.

IT governance will support the evolution of University-wide IT planning, IT assurance and IT operations towards a model that best aligns the IT function to the University Strategy in an environment where planning, investment, and priority setting is transparent and coordinated. To achieve this, clear authorities, mandates and visibility of IT delivery University-wide will be required.

IT governance will continue to adapt to the changing strategic drivers that influence UQ objectives responding to changes in the business and regulatory environment, and the development of new technologies.

Governance Objectives

IT Governance at UQ is designed to support the University in achieving its objectives. It must support agility and enable staff to explore opportunities that create value and improve UQ’s competitive advantage. IT Governance at UQ will be lightweight and adaptable, evolving with the Institution to deliver the following objectives:

  • Provide IT architectural guidelines and principles that underpin the development of IT capabilities at UQ.
  • Align Information Technology with UQ’s strategy and support the advancement of organisational priorities.
  • Enhance and communicate the performance of Information Technology.
  • Maximise the value of Information Technology resources to provide stakeholder value.
  • Ensure compliance and Information Technology Risk is identified and mitigated appropriately.

To ensure the IT environment is fit for purpose, and designed for agility and efficiency, the IT Governance Framework will be managed by an Information Technology Governance Committee (ITGC) chaired by the Chief Information Officer (CIO).

IT Governance Principles

IT governance at UQ is based on a number of key principles.

Governance Principles

Balance of Needs
IT governance aims to provide mechanisms to balance short-term local needs with the long-term needs of the whole institution.
Federated and Integrated
UQ IT services are delivered under a partly federated model. This model makes effective use of the Information Technology Services Division for the provision of services and technology of both scale and ubiquity to provide an IT environment that meets the needs of the UQ community.
University-Driven IT Investments
IT investments are prioritised and selected based on the institutional benefit.

Governance and Management Areas

 

Governance ensures that stakeholder needs, conditions, and options are evaluated.

IT governance is influenced and supported by the Strategic Information Technology Council (SITC) and the Information Technology Governance Committee (ITGC).

Strategic Information Technology Council

The Strategic Information Technology Council (SITC) replaces the former Strategic Information Management Committee (SIMC) with a mandate to provide University-wide recommendations and direction on IT strategy. The SITC is a critical nexus between Information Technology and the core operations of the University. Appendix B contains the Terms of Reference for the SITC.

Information Technology Governance Committee

The scope and purpose of the Information Technology Governance Committee (ITGC) is to ensure IT objectives and delivery are in line with the Universities’ strategic direction and to ensure that agreed stakeholder needs are met by governing benefit realisation, risk optimisation and resources optimisation. Appendix B contains the Terms of Reference for the ITGC.

Governance Priorities

The ITGC aims to achieve the following objectives:

  • Strategic alignment involves aligning the IT function with University strategy to meet defined university goals and objectives.
  • Risk management involves examining IT risks and security objectives across the institution and implementing mitigating measures that reduce the university’s risk profile. Compliance with government guidelines and legislation, and with good procurement practice is also monitored.
  • Value delivery ensures economic and other benefits are realised in all IT investments, from project selection to implementation to ongoing management throughout the life cycle. 
  • Performance measurement includes determining and establishing performance measures that define the success of IT projects and services. Measurement of alignment with University strategy, funding allocation and project results are also considered.
  • Resource management includes optimising IT resource capacity and performance while forecasting future needs, including the appropriate IT staffing profile. 

 

Governance Enablers

ITGC will deliver on the Governance Priorities through effective management of the Information Technology Function. Frameworks, management committees and effective communications to the communities that deliver and use Information Technology are utilised to monitor, evaluate and improve the IT Function performance.

Frameworks are policies, standards and guidance that create a consistent approach to managing each of the IT Management Functions and include:

  • IT Reporting Framework
  • IT Architecture Framework
  • Information Management Framework
  • Security Management Framework
  • Project Management Framework 
  • Category Management Framework
  • IT Contract Management Framework
  • Change Management Framework
  • Incident Management Framework

Management Committees are the collaborative decision-making power that provides assurance over a subset of the IT Management Function. Management Committees also provide appropriate prioritisation and direction to ensure the IT Management Function is meeting the needs of stakeholders. Current Management Committees include:

  • Project Advisory Board
  • Change Advisory Board
  • Information Security Group
  • IT Asset Management Advisory Group
  • IT Service Management
  • Financial Systems Management Advisory Group
  • Student Systems Steering Committee
  • Customer Experience Steering Committee
  • Enterprise Support Systems Portfolio Planning Group

A number of communities support UQ in delivering on the Functions of Information Technology, following the direction of management in delivering value for the UQ community. These communities communicate and share information and include:

  • Information Technology Relationship Officers
  • Information Technology Leaders Forum
  • The IT Category Manager
  • Financial Systems Operational Forum
  • Student Systems Operational Forum
  • UQ IT Architecture Community

Management Functions of IT

Management plans, provisions, runs and monitors activities in alignment with the direction set by the Chief Information Officer to achieve UQ enterprise objectives.

The management functions of IT at UQ can be categorised into five functions in accordance with the University needs and priorities (described below). Management regularly reports on these activities to the appropriate governance body.

Investment management

The focus of Investment Management is to:

  • Ensure that IT investments are prioritised to deliver on the University's strategic objectives, and are based on sound business decision-making investment principles.
  • Ensure intended benefits are derived from investments undertaken.

Investment Management consists of the following disciplines:

  • Financial Management
  • Pipeline Management
  • Resource Management
  • Benefits Realisation

The CIO has tasked the Project Advisory Board (PAB) to oversee the responsible allocation of investment for IT Programs and Projects under the ICT investment plan. Appendix C contains the Terms of Reference for the Project Advisory Board.

Architecture management

The focus of Architecture Management is to:

  • Work towards a mature practice where Enterprise Architecture (EA) is an enabler of efficient and effective IT capability development and service delivery
  • Build roadmaps and mechanisms that lead to the desired future state
  • Ensure alignment of IT to the institutional strategy

Architecture Management as a whole consists of the following disciplines:

  • Business Architecture
  • Data Architecture
  • Application Architecture
  • Technology Architecture
  • Security Architecture

IT Architecture is a new capability being implemented at UQ; the ITGC will oversee the function of Architecture Management.

Risk and security management

The focus of Risk and Security Management is to:

  • To enable world-class information technology services whilst protecting the University from increasingly aggressive and sophisticated cyber threats.
  • Align information security with the objectives of the University, providing visibility of key risks and issues to enable ownership by the governing bodies of the University
  • Manage the risk of uncertainty in delivering objectives through appropriate identification and mitigation of risks

Risk and Security Management as a whole consists of the following disciplines:

  • Data Classification
  • Application Security
  • Infrastructure Security
  • Business Continuity Planning
  • Disaster Recovery Planning
  • Project Risk Management
  • Enterprise Risk Management

The CIO has tasked the Information Security Group (ISG) to oversee this function, with regular updates to the ITGC.

Service management

The focus of Service Management is to:

  • Align the delivery of IT services with needs of the University, underlining benefits to customers
  • Monitor the effectiveness of end-to-end services
  • Improve quality and reliability of IT services offered

Service Management consists of the following disciplines:

  • Service Support
    • Change Management
    • Problem Management
    • Incident Management
    • Availability Management
    • Release Management
    • Configuration Management
    • Capacity Management                 
  • Service Delivery
    • Service Level Management
    • Financial Management for IT Services
    • IT Service Continuity Management

The IT Service Management Committee will monitor the functions of service delivery reporting regularly to ITGC. The Change Advisory Board (CAB) will oversee the service support discipline of Service Management.

Category management

The focus of IT Category Management is to:

  • Provide a strategic IT purchasing and procurement approach that supports the IT Strategic Plan, drives value for UQ and responds to the UQ community’s expectations.
  • Develop an IT purchasing and procurement framework for use consistently across UQ.
  • Establish supply arrangements for commonly purchased items that leverage UQ’s collective buying power.
  • Advise purchasers in relation to meeting custom requirements and provide assistance in preparing and publishing tenders for significant procurements.
  • Maintain the purchasing and procurement lifecycle for IT products and services.
  • Identify, manage and strengthen vendor relationships to support effective contract management and benefits realisation, and to identify future opportunities.

IT Category Management consists of the following disciplines:

  • Procurement Analysis
  • Procurement Planning
  • Tender Management
  • Vendor Management
  • Asset Management
  • Contract Management

IT Category Management is a new capability being developed at UQ; the ITGC will oversee the function of IT Category Management with the IT Asset Management Advisory Group (reporting to ITGC) continuing to oversee software compliance and asset management.