IT governance is often confused with IT management, compliance and IT controls. The problem is increased by terms such as "governance, risk and compliance (GRC)" that establish a link between governance and compliance. The primary focus of IT governance is the stewardship of IT resources on behalf of various stakeholders whose ranking is established by the organisation's governing body. A simple way to explain IT governance is: what is to be achieved from the leveraging of IT resources. While IT management is about "planning, organizing, directing and controlling the use of IT resources" (that is, the how), IT governance is about creating value for the stakeholders based on the direction given by those who govern. ISO 38500 has helped clarify IT governance by describing a model to be used by company directors.
While directors are responsible for this stewardship it is not unusual that will delegate this responsibility to management (business and IT) who are expected to develop the necessary capability to deliver the performance expected. Whilst managing risk and ensuring compliance are essential components of good governance, the primary focus is on delivering value and managing performance (i.e. "Governance, Value delivery and Performance management" (GVP)).