INFORMATION TECHNOLOGY GOVERNANCE
Information technology (IT) governance is a relatively new subset of corporate governance that focuses on the management and assessment of strategic IT resources. Key objectives of IT governance are to reduce risk and ensure that investments in IT resources add value to the corporation. Prior to the Sarbanes-Oxley (SOX) Act, the common practice regarding IT investments was to defer all decisions to corporate IT professionals. Modern IT governance, however, follows the philosophy that all corporate stakeholders, including boards of directors, top management, and departmental users (i.e., accounting and finance) be active participants in key IT decisions. Such broad-based involvement reduces risk and increases the likelihood that IT decisions will be in compliance with user needs, corporate policies, strategic initiatives, and internal control requirements under SOX