IT Governance is the ability for IT to deliver value to a business and to mitigate the inherent risk, allowing the business to achieve its goals. (IT Governance Institute, 2007)

Key concept:

Controls Based, COBIT has 34 processes that contain the information for the control objectives. COBIT defines Control “as policies, procedures, practices, and organizational structure designed to provide reasonable assurance that business objectives will be achieved, and undesired events will be prevented.” (IT Governance Institute, 2007) The control objectives are the set of requirements that are considered by leadership for effective control of each of the IT process. COBIT defines the IT control objectives as “statements of managerial actions to increase value or reduce risk and are designed to provide reasonable assurance that businesses objective will be achieved, and undesired events will be prevented.” (IT Governance Institute, 2007) Having an effective control will decrease the risk of not being able to deliver value by reducing the amount of errors that could occur.

As more auditors and assurances professionals continue to evaluate how useful different approaches are being developed. Recently, the controls-based approach has been slowly being phased out for a risk-based approach. The controls-based approach “is well-defined in the audit and assurance discipline.” (ISACA, 2019) The role of the investigator is to review the list of control objectives and to make sure that the controls are being met. Many of the criteria that the auditors are evaluating for has already happened and so the controls are reactive to the past.

Key method:

Balanced Scorecard, is described in COBIT4 as being able to "translate strategy into action to achieve goals with a performance measurement system that goes beyond conventional accounting, measuring those relationships and knowledge-based assets necessary to compete in the information age (customer focus, process efficiency, and the ability to learn and grow).” (IT Governance Institute, 2007)

The Balanced Scorecard method is used by COBIT4 to illustrate best practices of IT Governance. ISACA recommends in COBIT (IT Governance Institute, 2007) that the IT BSC could be used to bridge together the business strategy, productiveness, and processes of the organization. This is accomplished through the proper management of IT resources. Performance drivers are the metrics that are utilized by the balanced scorecards to allow IT professionals to visualize and reports how effective the IT resources are to achieve IT and business goals. There are two metric types that are evaluated on the scorecards. Indicators that are captured and reviewed after the fact are lag indicators and metrics that are reviewed before the outcome is known are lead indicators.

IT Governance Institute states, “Value delivery is one of the five focus areas of IT governance.” (2007) IT Governance is one of the areas that drives the ability for IT to meet the business needs and functional requirements that any enterprise seeks to implement. In most cases, “IT is essential to manage the transactions, information and knowledge necessary to initiate, sustain, support and develop economic activities and businesses.” (Afzali, 2010) IT governance is a concept that provides the structure that aligns the IT strategy of the company with the enterprise’s business strategy. IT governance allows for IT strategy and IT policy to come together. It is one of the key ideas that help enterprise achieve and understand the value created through their IT investments.