Which statement BEST distinguishes IT governance from IT management within an enterprise?
- AIT governance is the daily oversight of IT operations by the chief information officer, while IT management is the strategic stewardship exercised by the audit committee.
- BIT governance is performed only by external auditors providing assurance over IT, while IT management is performed by internal audit through control self-assessment.
- CIT governance is identical to IT management once a control framework such as COBIT 2019 has been adopted across the enterprise.
- DIT governance directs and evaluates the enterprise so that IT supports strategic objectives, while IT management plans, builds and runs IT services to deliver agreed outcomes. Correct
Why A is wrong: This inverts the recognised roles. The board and its committees govern, and the chief information officer manages; conflating the two undermines the separation of decision rights established by COBIT 2019.
Why B is wrong: Assurance providers do not govern or manage IT; they evaluate it. Treating audit as the governance function removes accountability from those charged with governance and is a common candidate trap.
Why C is wrong: Adopting a framework does not collapse the distinction. COBIT 2019 explicitly separates the governance objectives from the management objectives precisely to preserve segregation of decision rights.
Why D is correct: This reflects the ISO/IEC 38500 and COBIT 2019 distinction: governance sets direction, evaluates performance, and monitors compliance through the board, whereas management executes the plans within governance constraints.