Public sector ICT Steering Committees (ICTSCs) are meant to direct technology governance, yet too often they only witness failure after the fact.
Auditor-General South Africa reporting continues to point to ICT projects that do not meet key objectives, such as time, cost, quality and business expectations. This raises a legitimate question: are ICTSCs consistently playing the strategic governance role expected of them?
My last article discussed signal tests on information systems implementations. This article focuses on the ICT governance signal test in relation to ICTSC failures and proposes a practical governance response to strengthen oversight.
ICT governance failures also arise from broader institutional conditions, but the emphasis here is on the contribution and responsibilities of ICTSCs themselves.
Public sector ICT governance remains critical for transparency, accountability, value for public funds and improved service delivery. South African public institutions must comply with the Corporate Governance of ICT Policy Framework.
Despite this framework, ICT programmes continue to fail. This is often best understood as paper governance: governance arrangements formally exist, but are not effectively operationalised.
ICTSCs are intended to ensure ICT strategy is aligned with organisational strategic objectives, that ICT investments are prioritised in terms of value realisation, and that ICT project delivery is monitored with appropriate attention to risk.
In principle, this should place ICTSCs at the centre of strategic technology oversight rather than at the edge of compliance administration.
Why some ICTSCs fail
One recurring weakness is that some ICTSCs become compliance-driven committees. They exist to satisfy formal governance expectations, yet operate mainly as advisory forums instead of exercising strategic direction, prioritising investments and enforcing corrective action.
This gap between formal governance structures and actual delivery outcomes is one of the clearest signs that compliance has not translated into effective oversight. When this happens, projects can continue without sufficient governance challenge.
A second weakness is capability. ICTSC members need enough understanding of digital transformation, ICT risks, enterprise architecture and information systems delivery to evaluate complex proposals properly. Without this, important decisions may be reviewed superficially rather than interrogated strategically.
The real test of an ICT Steering Committee is not whether it exists, but whether it changes outcomes.
A third weakness is accountability. Where ICT project failures attract little consequence, governance weaknesses can persist without institutional learning. Committees may continue to receive updates, but the underlying quality of challenges and interventions remains low.
A fourth weakness is the quality of oversight. Some ICTSCs focus too heavily on reporting progress and too lightly on interrogating delivery risk, unresolved dependencies and mitigation actions. This allows project problems to remain hidden until they become critical failures.
Practical governance response
A stronger response should be practical rather than merely procedural. Four governance elements matter most.
First, there must be an enabling institutional governance environment. Executive leadership should create the conditions for ICT governance to function properly, including embedding relevant ICT governance responsibilities into senior leaders’ performance agreements and supporting an organisational culture that allows disciplined innovation and controlled risk-taking.
Second, ICT strategy must be tightly integrated with organisational strategy. Effective governance requires ICT planning to be part of the wider strategic planning cycle so that ICT investments support organisational priorities, deliver measurable value and improve service delivery outcomes.
Third, ICTSCs should operate through an approved charter that defines authority, composition, decision rights, project prioritisation responsibilities and escalation procedures for unresolved ICT risks.
The charter should also clarify the supporting and oversight roles of executive leadership, audit and risk structures, enterprise architecture and ICT governance functions. Where critical skills are lacking, institutions should be willing to source them externally.
Fourth, ICTSCs need access to sound business analysis capability. Business analysis helps connect strategy to implementation through requirements engineering, business process analysis and stronger business cases. It also improves post-implementation assessment by making solution performance and value realisation easier to evaluate.
These governance elements should be supported by simple measures rather than a complex scoring system. Institutions should be able to assess whether the ICTSC charter is being implemented, whether ICT strategy is aligned with organisational strategy, whether projects are being delivered with effective risk management, and whether ICT investments are producing value for stakeholders.
Annual maturity assessment can also help institutions determine whether their ICTSCs remain compliance-driven, or are evolving towards more strategic governance.
Final takeaway
AGSA reporting continues to indicate that ICT strategic plans are often misaligned with organisational objectives, with the result that technology initiatives fail to deliver as intended.
Public institutions cannot afford to maintain dysfunctional ICT governance structures while an established policy framework already exists.
The central issue is therefore not whether an ICT governance framework exists, but whether it is being translated into disciplined oversight, credible challenge and measurable accountability.
The real test of an ICT Steering Committee is not whether it exists, but whether it changes outcomes. ICTSCs should not function as symbolic governance structures. They should serve as strategic mechanisms that connect ICT strategy to organisational objectives and improve the chances of successful digital transformation.
Three questions remain useful for debate:
- Do public institutions know the maturity levels of their ICTSCs, and are there plans to improve them?
- Are ICTSCs sufficiently capable of including project indicators linked to value realisation for stakeholders?
- And what critical ICT project information should be reported by ICTSCs to executive leadership?
Share
