Which process should an IS auditor follow when assessing IT governance?

When assessing IT governance, the primary focus is on ensuring that IT strategies align closely with the organization’s business objectives. This alignment is crucial because it helps to ensure that IT investments deliver value and support the overall strategic goals of the organization. By assessing the alignment of IT with business objectives, an IS auditor evaluates whether IT initiatives are effectively contributing to the organization’s mission and whether they are fostering business growth and innovation.

In addition, this assessment typically involves analyzing how well IT resources and processes help achieve business goals, how risk is managed within IT operations, and whether compliance with laws and regulations is maintained. Therefore, emphasizing the alignment ensures that IT governance is not merely about managing resources but also about enabling the success of the business overall.

While reviewing strategic plans, evaluating the effectiveness of IT operations, and monitoring performance metrics are important tasks, they support the broader goal of ensuring that IT activities are directly supporting the business's strategic direction and objectives. Therefore, aligning IT with business objectives is foundational in assessing IT governance.