IT Portfolio Management fall within CobiT's process PO5: Effectively Manage IT Investments. CobiT defines this process as "Establish and maintain a framework to manage IT-enabled investment programs that encompasses cost, benefits, prioritization within budget, a formal budgeting process and management against the budget."
I mention good practices for Portfolio Management Versus best practices because there are many ways to do this and many companies have different cultures so this is not one process where we can apply a cookie cutter approach. Based on my experience and research I would offer the following as a list of good practices for an effective IT portfolio management governance process:
- Decisions of what project is worth doing and where in a prioritization grid it falls are made by business partners according to well defined decision structures and rights.
- Project ideas are in alignment with a roadmap of strategic business capabilities.
- There is a target portfolio mix describing how assets should be allocated. All projects and candidates are categorized accordingly and the desired versus actual mix is analyzed.
- The criteria for assessing the value of a project candidate is defined and agreed upon. The level of analytical complexity and precision matches the company culture. The value should include monetary and non-monetary benefits and costs.
- The criteria for assessing the risks of a project candidate is defined and agreed upon.
- The decision criteria, including hurdle levels, is defined and agreed upon. I suggest that decisions be made based on how candidates fall on a value versus risk matrix.
- Decisions are made in context of the whole portfolio and not in isolation.
- Resource capacity management and forecasting is in control, since this is typically the Achilles' heel for portfolio management.
- Value realization is captured and reported after project completion.
We can definitely spend time exploring in depth each one of these practices, but I hope this list helps.