The IT governance process begins with setting objectives for the enterprise's IT, providing the initial direction. From then on, a continuous loop is established: performance is measured and compared to objectives, resulting in redirection of activities where necessary and change of objectives where appropriate. While objectives are primarily the responsibility of the board and performance measures that of management, it is evident they should be developed in concert so that the objectives are achievable and the measures represent the objectives correctly.
In response to the direction received, the IT function needs to focus on realizing benefits by increasing automation and making the enterprise more effective, and by decreasing cost and making the whole enterprise more efficient; and on managing risks (security, reliability and compliance). The IT governance framework then can be completed as indicated below:
For a complete overview of the role of IT governance in an enterprise, the responsibilities of boards of directors and executive management for IT governance, and tools to begin implementing effective IT governance, see the IT Governance Institute's publication, Board Briefing on IT Governance, 2nd Edition (now also available in German).