Define the role of IT governance within the organization's overall corporate governance; and specify the roles and interfaces between IT and business management and the organization's ultimate governing body (e.g. the board).
Adopt a set of principles for good governance of IT that define preferred behaviour within the organization to guide decision-making and the organization's governance mechanisms for IT.
Establish organizational structures and roles (e.g. committees, executive teams, business/IT relationship managers) to guide and oversee the governance of IT, and promote behaviour that will lead to the achievement of business goals. Define their composition and scope and set out protocols for coherence and escalation across governance bodies and business organizational units.
Determine what major IT domain decisions need to be made. Define the decision-making boundaries for each decision type, including the inputs and decision rights of different stakeholders, and the rules and procedures for making and monitoring those decisions.
Define roles and responsibilities, and delegate authority and accountability for aspects of the governance of IT. Establish mechanisms to hold such individuals or groups accountable for decisions, actions, and performance.