The ability to meet all business and regulatory requirements at all times requires an integrated management system coordinated throughout all parts of the enterprise. These management principles are also called governance. Corporate governance ensures that fair and transparent bases for decision-making and responsibilities apply throughout the company.

IT governance is one part of this and on the management level includes the responsibilities in respect of management, organizational structure and processes for implementing the corporate strategy via the IT and achieving or even exceeding the targets. Today, various frameworks, models, standard and quality systems are available on the market to facilitate the monitoring and fulfillment of these governance and compliance requirements.

The main objective of IT governance is to understand the requirements of the IT as well as IT’s strategic importance from the viewpoint of the core and management processes in the company in order to ensure that the business operates to optimum effect so as to achieve the corporate objectives and create strategies for the future expansion of the business operation. The purpose of IT governance is to ensure that the expectations demanded of the IT are known and that the IT is also in a position to fulfill these expectations. In this context any potential risks must be reduced. In this sense it would be more accurate to talk about enterprise governance over IT than about IT governance as IT governance does not take place within but outside the IT organization.

The IT Governance essentially creates a balance between two areas:

• the creation of corporate value
• minimizing IT risks

The aims of IT governance are defined by analysts as follows:

• Strategic orientation, focusing on corporate solutions.
• Creation of benefits, focusing on optimizing the tasks and assessing the benefit of the IT.
• Risk management which relates to the protection of the IT assets taking account of disaster recovery and continuation of the corporate processes in the event of a crisis.
• Resource management, optimization of knowledge and infrastructure.
• Performance measurement and consequently the creation of the bases for continual improvement.

The COBIT approach to controlling must essentially be applied on a top-down basis. Corporate objectives form the basis for the definition of IT objectives which in turn influence the IT architecture. In this respect, IT processes which are suitably defined and operated, ensure that information is processed, IT resources managed (personnel, technology, data, applications) and services delivered. Measurement and target parameters are defined respectively for these levels (company-wide basis, IT, process and activities) for the purpose of assessing the results and performance drivers. Target attainment is measured on a bottom-up basis, producing a defined control cycle.