Information and technology (IT) governance is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization’s strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system.
The primary goals for information and technology (IT) governance are to :
(1) assure that the use of information and technology generate business value,
(2) oversee management’s performance and
(3) mitigate the risks associated with using information and technology.

It has long been accepted that continuous process improvement is based on many small evolutionary steps rather than larger revolutionary innovations. The Capability Maturity Model (CMM) provides a framework for organising these evolutionary steps into five maturity levels that lay successive foundations for continuous process improvement.

This methodology is at the heart of most management systems which are designed to improve the quality of the development and delivery of all products and services. Please see ITG Management Frameworks.

The governance of ICT is a key contributor to strategic organisational success. Internal auditors therefore have a key role to play in terms of giving top management assurance that IT governance is effective in their organisation.