All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. This domain addresses performance management, monitoring of internal control, regulatory compliance and governance. It typically addresses the following management questions:
• Is IT’s performance measured to detect problems before it is too late?
• Does management ensure that internal controls are effective and efficient?
• Can IT performance be linked back to business goals?
• Are adequate confidentiality, integrity and availability controls in place for information security?