In this chapter, you learned about the important aspects of enterprise governance and related frameworks that an IS auditor is expected to use during audit assignments. You also explored the practical aspects of IT standards, policies, and procedures. The most important benefit of audit planning is that it helps the auditor focus on high-risk areas. Further, you studied organizational structure, enterprise architecture, and enterprise risk management. The following is a recap of the important topics learned about in this chapter: • EGIT is a process used to monitor and control IT activities. Information security governance is an integral part of overall IT governance. Information security governance addresses concerns regarding the protection of information assets, in other words, the confidentiality, integrity, and availability of the information. • The primary responsibility and accountability for setting up the IS security policy reside with the Board of Directors. • An organization's mission, vision, and goals can be achieved by creating and implementing strategic plans. Top management should be involved in developing strategic plans, ensuring that plans are aligned with business goals. • It is important for the EA to consider the entire future outcome because IT strategic and tactical plans will be determined by the difference between the present state and the future state. If a future-state description is not included in the EA, it is not complete, and this problem should be identified as an observation. • To be successful in managing risk, IT management must be matched with business objectives. This can be achieved by using appropriate terminology that is known by everyone, and the best way to do this is to present IT risks in business terms. In the next chapter, you will learn about IT management with respect to the auditing of resource management processes, third-party suppliers, and performance monitoring processes.