Information and technology (IT) governance is a subset discipline of corporate governance,

focused on information and technology (IT) and its performance and risk management.

Various definitions of IT governance exist. While in the business world the focus has been on
managing performance and creating value, in the academic world the focus has been on
"specifying the decision rights and an accountability framework to encourage desirable behavior
in the use of IT."

The primary goals for information and technology (IT) governance are to (1) assure that the use
of information and technology generate business value, (2) oversee management's
performance and (3) mitigate the risks associated with using information and technology

Information technology (IT) governance has taken on greater importance in the global economy.
With the globalization of many industries and financial markets, developed and developing
economies are recognizing the importance of effective governance and controls to the success
of organizations

Control Objectives for Information and Related Technology (COBIT) is becoming a global
standard for IT governance and controls. COBIT provides an excellent framework for
implementing controls in IT to comply with SarbanesOxley and other global governance
standards..

Same survey noted that the higher the level of IT governance maturity, the higher the return on
IT investment. To achieve IT governance maturity and a higher return on IT investment requires
a close partnership between IT and business management. Close alignment of the IT strategy
with the business strategy is essential to the success of a well-functioning partnership. It is
important for IT to understand the business it supports and for the business to understand IT

IT management must also have a clear understanding of their current strengths and
weaknesses and be able to honestly communicate this information to the business
management. IT governance provides the structure to achieve the alignment of the IT strategy
with the business strategy, incorporate IT into the enterprise risk management (ERM) program,
manage the performance of IT and ensure delivery of value, and ensure adequate internal
controls and regulatory compliance.

----

COBIT Monitor and Evaluate IT Performance domain (Exhibit 8.1) addresses IT governance
and performance management facilitated by reporting and measurement. Effectively managing
an IT organization requires a solid foundation of governance and control over IT resources.
Governance guides the decision rights, accountability, and behaviours of an organization.

IT governance can improve organizational performance by Ensuring decisions and

investments are aligned with organizational objectives Integrating IT into the ERM program
Improving oversight and control of organizational requirements, process proposal decisions, as
well as implementation planning and support Establishing a framework for managing IT to
deliver value to the organization Ensuring adequate internal controls and regulatory
compliance Defining roles and responsibilities across the organization to support the
identification and assignment of appropriate resources for development, implementation,
compliance, and management efforts