Which entity has primary responsibility for IT governance within an organization?

The board of directors holds the primary responsibility for IT governance within an organization. This responsibility is rooted in their role as the ultimate decision-making body that ensures the organization's strategic direction aligns with its goals and objectives, including those related to IT. The board oversees management activities and establishes the frameworks within which IT governance operates, ensuring that IT investments are aligned with business strategies, risks are managed appropriately, and value is derived from IT resources.

By having the board of directors involved in IT governance, organizations can ensure that there is accountability and alignment between IT initiatives and the overall business strategy. The board's involvement helps to set a culture of governance that emphasizes the importance of IT in driving business success. Furthermore, effective IT governance requires oversight of policies, and the board plays an essential role in approving these policies and ensuring compliance with regulations and ethical standards.

In contrast, the chief executive officer and the IT steering committee play supporting roles in IT governance. The CEO is typically responsible for the day-to-day management of the organization and may implement the strategies approved by the board, while the IT steering committee focuses on advising and supporting IT-related decisions without the same level of authority as the board. The audit committee manages oversight functions related to financial reporting and compliance but does not take the primary