Projects selected for IT Governance must meet specific criteria and go through the established process. Campus and System Administration leadership will report out quarterly to the Board of Regents on the status of all IT Governance projects.  

Criteria for IT Governance Projects

Large, strategic projects involving multiple campuses and significant funding will follow the project management standards established under IT Governance. 

How are IT Governance projects identified?

Projects will be identified initially by campus IT organizations or UIS. The Annual and Strategic Plans will also inform which projects require IT Governance oversight. While most IT Governance projects will be multi-campus initiatives, a single campus may elect to use the IT Governance project management process, if the campus CIO or campus stakeholder decides it prudent to do so based on risks, impacts or other factors.

What criteria determines whether projects are subject to IT Governance oversight?

Projects must meet three criteria: scope, risk and budget.

Scope Criteria: Does the project ultimately provide service to multiple campuses or CU System departments, even if managed by a single campus or UIS?

Risk Criteria: Does the project expose CU to a high level of risk?

The level of risk will be calculated via a standard risk assessment tool to be completed through the local project management office. Characteristics indicative of high risk include the following:

  • The project will impact how a large user population (1,000+) interacts with tools essential to their work.
  • The project will introduce new tools, applications and technologies that could have a significant impact on CU.
  • The project budget is anticipated to be over $2 million.
  • The project will require significant support from external consultants.
  • The project includes new initiatives in domains where CU has limited experience.

Budget Criteria: Does the project require a significant budget?

If the project is $5 million or above in cost, it must go through the IT Governance project management process and be approved by the Board of Regents.

The exceptions to this are projects that fall into the following categories: 

  • Hardware Renewal and Replacement
  • Projects funded exclusively through research or clinical sources

Process Deliverables

Initiating Phase

  • Risk Assessment
  • Project Cost Workbook
  • Project Proposal
  • Project Proposal Summary Presentation

Planning Phase

  • Kickoff Meeting
  • Project Charter
  • Roles & Responsibilities Matrix
  • Work Breakdown Structure
  • Risk Assessment
  • Risk Register
  • Budget Plan
  • Resource Plan
  • Transition to Service Plan
  • Project Plan Summary
  • Go/No-Go Readiness Assessment
  • Lessons Learned
  • Status Reports
  • Organizational Change Management Plan
  • Stakeholder Analysis
  • Communications Plan
  • Training Plan
  • Architecture Design Diagrams
  • Business Process Map
  • Functional and Technical Requirements
  • Requirements Traceability Matrix
  • Test Plan
  • Test Cases/Scripts for Quality Assurance


  • Accessibility Review
  • Architecture Review
  • Data Governance Review
  • Security Review

Executing Phase

  • Executing Kickoff Meeting
  • Work Breakdown Structure (updated)
  • Risk Assessment (updated)
  • Risk Register (updated)
  • Status Reports
  • Organizational Change Management Plan (continuous)
  • End-User Support Plan
  • Monitoring for Effectiveness and Issues
  • Test Cases/Script Report
  • Defect Report
  • Test Metrics
  • Test Closure Report

Closing Phase

  • Lessons Learned
  • Project Metrics

For details on the inputs for each deliverable, see the IT Governance Input Summary.
For a visual of the workflow through the phases, see the IT Governance Process Flow.
For a visual of how recommendations are received and decisions made, see the IT Governance Strategic Decision Process.