IT Governance and Management Framework
The IT Governance and Management Framework (PDF, 264 KB) defines the structures and processes that support and enable the governance and management of IT across Information Technology Services (ITS) and IT departments within faculties and institutes.
The framework aims to:
- Provide a consistent approach to IT governance across UQ.
- Define governance structures and decision-making models to ensure that IT-related decisions and processes are effectively overseen, fit for purpose, and aligned to UQ’s Strategic Plan.
- Define principles for IT governance.
- Ensure compliance with legal, contractual and policy requirements that impact IT.
- Support the efficient and effective management of IT services.
- Enable IT to effectively engage with stakeholders, manage risks, optimise resources and deliver benefits to the University.
Governance principles
IT governance at UQ is based on a number of key principles.
- One UQ approach: IT governance decisions are made holistically and applied consistently, transparently, flexibly (if required) and equitably across the University.
- Strategic alignment: IT priorities, decisions and investments are aligned to UQ’s Strategic Plan and informed by stakeholder requirements to deliver optimal benefits for the University.
- Industry alignment: IT will align with industry best practices, frameworks, and standards where appropriate.
- Continuous improvement: IT will monitor the effectiveness and performance of its governance structures and management processes to inform decision-making and ensure IT continues to deliver value to the University.
- Prioritise sustainability: IT governance decisions are made with consideration of fiscal and environmental sustainability to reduce waste, complexity, and overlap of services. IT will align with the UN sustainable development goals where possible.
- Informed decision-making: IT governance decisions are informed by UQ’s risk appetite and any investment or resource considerations.
IT governance and management structures
IT governance involves:
• evaluating stakeholder requirements to determine IT strategic objectives and priorities
• setting direction through prioritisation and decision-making
• monitoring performance and compliance against the agreed direction and objectives.
IT governance aligns with the UQ Governance and Management Framework and UQ-wide decision-making bodies and authorities.
IT management plans, acquires/implements, runs and monitors activities in support of the direction and objectives set by IT governance.
Strategy, master planning and investment
The diagram below defines the links between IT and UQ committees.
A summary of key governance processes:
- The Technology Master Planning Committee (TMPC) endorses the Technology Master Plan, which is approved by University Senior Executive Team (USET).
- The TMPC monitors the execution of the Master Plan, including reviewing IT portfolios to ensure they're aligned to the plan.
- The Capital Management Group (CMG) reviews all capital proposals that require Vice-Chancellor or Senate approval. Once funding is approved, the IT Project Approval Board (IT PAB) approves project business cases and oversees project execution and closure.
- IT projects are managed in line with UQ's Project Governance and Management Framework.
For more information, read the IT Governance and Management Framework (PDF, 264 KB).
Policy, risk and compliance
The diagram below defines the links between IT and UQ committees.
A summary of key governance processes:
- IT reports on risk to the Vice-Chancellor’s Risk and Compliance Committee (VCRCC) and the Senate Risk and Audit committee.
- The Provost (via the VCRCC) or the Vice-Chancellor (via the University Senior Executive Team) approve new or updated ICT policies.
- The Chief Information Officer approves changes to IT procedures, guidelines, technical standards, local frameworks and local operating procedures.
- The IT Policy, Risk and Assurance Committee (IT PRAC) reviews and endorses new or updated IT policy documents, monitors IT compliance, and oversees IT risk management.
For more information read the IT Governance and Management Framework (PDF, 264 KB).
IT management committees
The Chief Information Officer (CIO) is accountable for the IT function at UQ. The CIO is supported by three committees, who are authorised to either act on behalf of the CIO, or who make recommendations to the CIO. The committee structure is defined below.
- View the IT Policy, Risk and Assurance Committee terms of reference.
- View the IT Change Advisory Board terms of reference.
- View the IT Project Approval Board terms of reference.
- Read more about IT advisory and working groups.