While Treasury has established many of the capabilities needed to select, control, and evaluate its IT investments, the department has significant weaknesses that hamper its ability to effectively manage its investments.
Treasury does not have an executive investment review board—a group of executives from IT and business units that is intended to be the final decision-making authority—that is actively engaged in the investment management process. In addition, the department does not have any policies and procedures for managing its nonmajor investments, although they represent almost 70 percent of the total number of investments. Until the department addresses these weaknesses, it will not have the investment management structure needed to effectively assess and manage the risks associated with its multibillion-dollar portfolio.
According to the report, the Treasury Department spends fully 25% of its overall budget on IT projects, yet it has no executive-level investment review committee.
Sorry, guys, but as far as I'm concerned, this is outrageous.
In contrast, let me describe IT investment governance at a large European company, where I know the guy responsible for IT. They've got an executive review committee consisting of key internal people joined by senior folks from their major vendors. Every IT initiative must presented to this committee for approval, before an investment is made. The committee therefore maintains oversight, ensuring that IT projects are set up to succeed. This is a good system because it works.
Now, I ask you: how can an organization spend $2.8 billion on IT without having a similar review structure? It just makes no sense.