With Sarbanes-Oxley Act (SOX) and other legislation enacted worldwide, effective information technology (IT) governance has become an imperative for many companies. To maintain effective supervision for keeping their organisation on track with its business strategy, top management need to understand their evolving roles in governance over IT by adopting relevant frameworks to assist the design and evaluate the performance of the company’s IT systems. One commonly used framework is COBIT (control objectives for information and related technology) which provides guidelines and best practices to design and evaluate the performance of IT systems. The purpose of this paper is to evaluate the general status of IT governance in Taiwan’s small and medium enterprises (SMEs) and examine whether the key components necessary for achieving effective IT governance are in place.
Keywords: IT governance, control objectives for information and related technology, COBIT, small and medium enterprise, SME, information security, technology management, internal control framework