Four pillars of effective IT program management--laying a foundation for successful project delivery


Failed IT projects in the public or private sector commonly yield the same predictable outcomes: the implemented technology does not work, does not produce the expected benefits or does not meet user requirements (Flint, 2005, p. 2). In many instances, users simply won't use the new system or application. Organizations can take steps to avoid these problems and enhance the probability for project success by building or reinforcing the four pillars of effective IT program management – IT Portfolio Management, Governance, Risk Management and Enterprise Architecture. When these foundational elements are managed cohesively across the realm of all active projects in an organization's IT portfolio, they help to ensure that each individual technology initiative will meet the needs and expectations of business users and can be effectively supported and maintained by the IT organization.

The presenter will review each pillar and discuss common issues and problems that arise when any of these four elements are not managed effectively. He will also review best practices, including selected findings/recommendations from Gartner Research on how to most effectively plan, develop and integrate frameworks across all of these four areas.


Imagine that you've been asked to conduct a peer review of an organization's Information Technology Program Management Office (IT PMO). After an initial round of interviews and a review of internal documentation, you discover that the PMO is suitably staffed with experienced, certified project managers (PMP's) and that a robust continuing education program has been established to further develop the organization's project management skills and capabilities. You also learn that the organization has developed and continually refined a flexible, pragmatic project management methodology and set of templates – and that these resources are consistently used in all of the organization's IT projects. Additionally, you determine that the organization has acquired a leading enterprise program/project management (PPM) software application and has successfully deployed this system and trained end users to take full advantage of its capabilities.

Using the custom reporting function in the organization's PPM software application, the PMO Manager is able to aggregate data from all current IT projects and provide reports for your review and analysis. Curiously, you find that despite having a well-organized, well-staffed PMO, sound project management practices and excellent enabling software, most of the organization's critical IT projects are seriously over budget and behind schedule. Additionally, an internal review conducted by the company's auditor several months earlier reveals that several newly installed IT systems are far more costly to maintain than anticipated. The auditor's report also indicates that many of these systems exhibit repeated performance problems and are the source of an increasing number of end-user complaints.

What might be happening? Why so many problems with this organization's IT program when it appears that the company IT project management capabilities are strong? There may be a number of possible root causes. But, a good starting point for assessing problems with IT program management is to evaluate four cross-cutting, fundamental elements that underlie and support effective IT project delivery:

  • IT Portfolio Management
  • Governance
  • Risk Management
  • Enterprise Architecture

When managed as related elements in a cohesive, integrated framework, these four “pillars” of IT program management enable an organization to more effectively manage and deliver successful IT projects.

IT Portfolio Management

Gartner defines IT project portfolio management as a “strategy for oversight of a portfolio of related or interdependent IT projects, with the intent of limiting duplicate work efforts and leveraging decision making and skills across projects” (Gartner Glossary, 2007). Portfolio management provides a disciplined approach for prioritizing IT initiatives within a program according to specific criteria and managing these projects as an interlinked group. Governance provides a critical underpinning for portfolio management – by presenting a decision-making framework for project prioritization and evaluation activities. Similarly, risk management and enterprise architecture are also pivotal as criteria supporting identification and prioritization processes for candidate projects considered for inclusion in the portfolio.

As Exhibit 1 illustrates, developing and managing an IT portfolio can be viewed as a four-step process (McClure, 2007, p. 2). In the first step, the organization develops a set of evaluation criteria that will be used as a guide in prioritizing potential IT investments. Criteria commonly used in this step include alignment with business objectives, return-on-investment (ROI) analysis results, enterprise architecture considerations and risk indexes. In the second step, the organization uses these criteria to evaluate competing IT investments and determine which projects will be added to the portfolio. Staffing resources and total budget available to implement proposed projects in a given period are also weighed in this optimization process. The third step involves recurring reviews to assess the status of all projects in the portfolio. Significant schedule or cost variances, major scope changes and critical risks or issues may signal the need to reevaluate and adjust the portfolio mix (e.g., cancel existing projects, delay other projects, reassign resources, etc.). The final step encompasses an ongoing review of the organization's portfolio management practices and use of defined metrics to assess portfolio performance.


Exhibit 1 Elements of IT Portfolio Management

Developing and sustaining a successful IT portfolio management framework and discipline can entail considerable effort and cost – including time for business and IT leaders involved in governance and project oversight activities, and costs to acquire and support enabling portfolio management software applications. The top four “most-pressing issues” reported to Gartner in a recent survey of IT program and portfolio management leaders were (Apfel, 2007, p. 7):

  • Prioritizing projects, programs and resources
  • Determining how to ensure ongoing business engagement, alignment and benefits realization
  • Defining value and the business case for different types of initiatives
  • Measuring outcomes against original project objectives

To help address these challenges and enhance the probability of success in implementing and maintaining effective IT portfolios, Gartner advises organizations to (Tucker & Rowsell-Jones, 2002, p. 6):

  • Proceed deliberately – organizations that have developed effective IT portfolio management practices typically become adroit at prioritization/optimization processes first, and subsequently work on improving their portfolio evaluation and assessment capabilities.
  • Establish governance and clear accountabilities – the CIO, business leadership, PMO staff and IT project managers must all understand their respective roles and responsibilities
  • Allocate sufficient resources to support the process – portfolio management requires dedicated resources to facilitate program prioritization activities, provide project/program oversight and reporting, maintain/support portfolio management tools and other ongoing tasks
  • Develop an objective prioritization framework – the prioritization criteria used to evaluate and select IT projects must fairly address business and IT requirements
  • Maintain communication and education programs – mutual trust between IT program staff and business partners in all portfolio management activities (evaluation, reporting, decision making) is enhanced through open communication and transparent processes
  • Support decision-making with credible portfolio management tools – many commercial off-the-shelf (COTS) applications are available to help facilitate portfolio management decision making and reporting processes

Note: for more information on leading IT portfolio management applications, see Gartner's 2006 Magic Quadrant for IT Project and Portfolio Management Applications (Light & Stang, 2006).


Governance is a framework of formally defined processes, standards and organizational elements established to ensure that the right decisions regarding an entity's IT investments are made by the right people – i.e., those who have the appropriate information and authority. In a sense, governance provides the “rules of engagement” for determining how IT projects within a corporate environment are evaluated, prioritized, funded and managed. And, because good governance is fundamental to developing an enterprise architecture and establishing strong risk management and portfolio management capabilities, it might be the most critical of the four “pillars” of effective IT program management.

Generally, the scope and magnitude of IT governance decisions will vary in line with the complexity of an organization's current business operations, its technical environment and the range of stakeholders providing input on the organization's technology investment and management decisions. Yet interestingly, in a recent Gartner survey of U.S. Chief Information Officers (Gerrard, 2005, p. 3), the issues with IT governance appear to be fairly consistent across the board:

  • Perceived value of IT governance, business engagement and commitment
  • IT governance avoidance, subversion and resistance
  • Business units that don't demonstrate the value of IT investments
  • IT governance awareness, recognition, education and understanding
  • Compensation misalignment with the goals of IT governance
  • Business/IT planning alignment
  • No business portfolio view of demand
  • Business case/plan quality
  • Lack of accountability and responsibility, as well as inconsistent prioritization
  • IT governance overhead, time and effort

The principal root cause for most of the above problems reported in this survey was “a lack of commitment, accountability, and full engagement by management.” Additionally, many respondents indicated “a lack of understanding and a lack of awareness by business management about the importance of IT governance.” (Gerrard, 2005, p. 3)

These complaints about IT governance are succinctly echoed in the following comment expressed during an interview with a client business leader in one of Gartner's recent consulting engagements:

“We've had a lot of projects going on for years. We've spent millions of dollars, with questionable ROI and no real measurable benefit to the organization. Lack of accountability from sponsors, plus the business owning these projects are both parts of problem. My big issue with this is the wasted money and wasted time.”

Unfortunately, there aren't any “silver bullets” for solving these common problems with IT governance. The best approach involves a coordinated strategy that includes the following key tactics:

  • Establish a clear link between governance and improved program performance – answer the focal question that business partners will ask about IT governance: “what's in it for me?”
  • Develop and sustain strong relationships between business partners, IT program/project staff and other stakeholders
  • Ensure that IT projects are focused on solving business problems – and not simply implementing technology for technology's sake
  • Develop specific and appropriate metrics to measure progress in meeting business and program goals
  • Continually monitor and report progress in attaining defined governance objectives
  • Use steering committees effectively by ensuring that members clearly understand their respective roles/responsibilities

Risk Management

Risk management is a systematic approach to identifying, assessing, monitoring and responding to potential negative impacts to a project or across a program. An effective risk management program can help provide a “reality check” for organizations considering proposed IT initiatives – by considering the things that might go wrong in a project, and not focusing solely on costs and benefits. Further, sound risk management practices can help ensure that each approved, active project within an IT program isn't derailed by unanticipated, though predictable problems.

In a January 2007 research report, Gartner predicts that “through 2010, IT organizations without stringent risk-assessment procedures and mitigation plans will cancel at least 10% of the projects initially budgeted at more than $200,000, and at least 20% of all projects. ” (Light & Gerrard, 2007, p. 1) Clearly the case for program-level risk management is strong. Yet it's unclear how many organizations have truly adopted this approach.

Implementing this program-level approach to risk management involves the following steps:

  • Develop a single approved risk management methodology for the organization's IT program – one that includes a common, accessible set of templates, guides and automated tools for use in all IT projects
  • Develop quality assurance review procedures to ensure that the methodology cited is used appropriately
  • As part of the close-out process for each IT project, conduct a review of risk management effectiveness – using results to modify/improve the organization's risk management methodology
  • Review completed projects to identify possible patterns in the occurrence and impact of commonly occurring risks, as well as the effectiveness of proposed mitigation strategies – and use these results as a resource in risk planning for new IT projects

Enterprise Architecture

Enterprise Architecture provides a framework for deciding how information technology might most effectively support an organization's business strategy and objectives. A well-developed enterprise architecture includes three crucial elements that together provide the context for how business strategy, information and technology are integrated within an organization. “Business architecture” considers the business strategy and its implications for technology and provides a functional model of the enterprise from which information and technical architectures can be derived. An organization's “information architecture” describes how information should optimally flow through and between applications and how data supports the business functions of the enterprise. Finally, the “technology architecture” provides guidelines and rules used to order the process of acquiring, building, modifying and interfacing elements of the organization's IT infrastructure. Every proposed project should be reviewed in the context of the organization's enterprise architecture to assess the degree to which the initiative will meet defined business and technology objectives.

Developing an Enterprise Architecture is a deliberate process that requires patience, determination and consistent effort. It is topic of myriad articles, reports and books of varying complexity and depth. Yet, at a high level, organizations should abide by the following guidelines to help ensure a successful enterprise architecture (Lapkin, 2005, p. 2):

  • Start your architecture development initiative with the organization's business strategy and work your way down to the technology.
  • Begin modestly and build upon successes, so as not to inflate your organization's expectations.
  • Communicate and validate progress along every step of the architecture development process
  • Be prepared to roll up your sleeves and work hard – you will be more successful when you dedicate fulltime staff to the effort
  • Plan to deliver the first iteration of the architecture within three months and target the business architecture for the first four weeks
  • Implement your architecture by inserting architectural control points into your development and investment management processes
  • Ensure that your architecture stays fresh by incorporating regular review cycles to accommodate changes in the environment

For more details on the above guidelines for developing an Enterprise Architecture, see Anne Lapkin's Research Report, “The Seven Fatal Mistakes of Enterprise Architecture (Lapkin, 2005, p. 2)”.


Each of the four “pillars” of effective IT program management reviewed in this paper are critical elements when considered individually. But, because they function as components of common foundation, when one or more “pillar” is missing or is not effectual, the IT program will not perform optimally.

Exhibit 2 presents an overview of this relationship between IT portfolio management, governance, risk management and enterprise architecture. The IT project portfolio is the focal point of the IT program, as it provides a framework for identifying and managing the “right” IT initiatives for the enterprise – i.e., those that are aligned with the organization's business and IT strategies. The business case is the nexus between the organization's business strategy and the IT project portfolio, as it provides an explanation of how each initiative will help achieve corporate objectives and goals. Correspondingly, the IT roadmap provides a link between the portfolio and the IT strategy, providing details on how the IT strategy will be carried out. Effective governance is required to ensure that the initiatives defined in the IT project portfolio are aligned with both of these strategies.


Exhibit 2 Relationship Between the Four “Pillars” of Effective IT Program Management

Governance is also critical as a mechanism for business and IT leadership to prioritize and select IT projects for implementation. Not all “aligned” projects can be completed immediately, given an organization's funding and resource (staffing) constraints. Governance provides a framework for assessing these constraints and determining which projects are more critical and should be implemented first (optimization).

An assessment of candidate projects should also encompass an evaluation of program and project level risks and a review of the proposed solution for compliance with the organization's enterprise architecture (EA). Without effective governance and reliable frameworks for assessing risk and EA compliance, the organization may select IT projects for implementation that will be more susceptible to failure.

Governance is also key to providing effective program oversight and change control – ensuring that any proposed change in the scope, schedule or budget of a project in the IT portfolio is reviewed with respect to other projects in the portfolio and with consideration for total available program funding and staff resources. Additionally, governance provides the framework for monitoring and managing program level risks and ensuring that the implementation of each IT project is compliant with EA standards.

Developing and maintaining a solid foundation is critical to the integrity of the structure that the foundation supports. This premise applies to building construction and IT programs alike. By fully considering the relevance and interrelationship of the four “pillars” of IT program management, an organization can better position itself to deliver successful IT projects.

Apfel, A. (2007, June). Researching the Research Agenda Survey, 2007: Key Implications for Program and Portfolio Management Leaders. Gartner Research Report ID Number: G00148551, Stamford, CT: Gartner.

Flint, D. (2005, February). The User's View of Why IT Projects Fail. Gartner Research Report ID No. G00124846, Stamford, CT: Gartner

Gerrard, M (2005, October). CIOs Reveal Their Issues With IT Governance. Gartner Research Report ID Number: G00131820, Stamford, CT: Gartner.

Gartner Glossary. Retrieved 6/2/2007 from

Lapkin, A. (2005, February). The Seven Fatal Mistakes of Enterprise Architecture. Gartner Research Report ID Number: G00126144, Stamford, CT: Gartner.

Light, M & Gerrard, M. (2007, January). Toolkit: How to Assess Project Risk. Gartner for IT Leaders Report ID Number: G00145436, Stamford, CT: Gartner

Light, M. & Stang, D. (2006, June). Magic Quadrant for IT Project and Portfolio Management Applications, 2006. Gartner Research Report ID Number: G00141469 Stamford, CT: Gartner.

McClure, D. (2007, February). Getting IT Portfolio Management to Work in Government. Gartner Industry Research Report ID Number: G00146321, Stamford, CT: Gartner

Tucker, C. & Rowsell-Jones, A. (2002, September). Getting Priorities Straight. Gartner EXP Premier Report, Stamford, CT: Gartner p. 6.

The commentary offered in this paper represents the author's perspective only and is not intended to reflect any formal position endorsed by Gartner.

© 2007, Bryan T. Groden, PMP
Originally published as a part of 2007 PMI Global Congress Proceedings – Atlanta, GA



Related Content

  • Project Management Journal

    Narratives of Project Risk Management member content locked

    By Green, Stuart D. | Dikmen, Irem The dominant narrative of project risk management pays homage to scientific rationality while conceptualizing risk as objective fact.

  • Project Management Journal

    Project-Based Organizations’ Pursuit of Production Efficiency and Legitimate Power member content locked

    By Wang, Rui | Lu, Wenxue | Wei, Yuxin This article aims to investigate how owners’ project-based organizations (PBOs) can promote production efficiency and legitimate power under the influence of legal enforceability.

  • Project Management Journal

    Seven Decades of Project Portfolio Management Research (1950–2019) and Perspectives for the Future member content locked

    By Hansen, Lars Kristian | Svejvig, Per We evaluate what has already happened in the field of project portfolio management (PPM) and what will most likely shape the future.

  • Project Management Journal

    Identifying Subjective Perspectives on Managing Underground Risks at Schiphol Airport member content locked

    By Biersteker, Erwin | van Marrewijk, Alfons | Koppenjan, Joop Drawing on Renn’s model and following a Q methodology, we identify four risk management approaches among asset managers and project managers working at the Dutch Schiphol Airport.

  • Project Management Journal

    Revisiting Organizational Design in the Light of Isomorphism and Equifinality member content locked

    By Aubry, Monique | Richer, Marie-Claire | Lavoie-Tremblay, Mélanie | Fortin, Claude | Fortin-Verreault, Jean-François This article examines how governance mechanisms were put in place in three organizational transformation projects undertaken in university hospital centers.