With the help of an IT governance maturity assessment the processes, control mechanisms and responsibilities of an IT organization are analyzed on the basis of COBIT. Today, statutory regulatory mechanisms such as the Sarbanes-Oxley Act, Corporate Governance Code or Basel II also require corresponding accountability reports on the efficiency and effectiveness of IT process controls and monitoring from the business management and technical viewpoints. The task in this respect is to create transparency in the IT service management and consequently to significantly reduce operational risks, the objective being to establish IT governance.