IT Governance and Compliance Management

IT in business is facing new requirements driven by simultaneously occurring forces. IT should deliver its mission to contribute to corporate success and add measurable and traceable business value. IT organisations and departments are constantly challenged to meet an increasing number of regulations and conformance criteria and have to assist in establishing compliance in other business areas.
Besides this, IT should keep track of technical innovations and make use of them in accordance with business goals.

A methodologically sound approach of IT governance helps to meet these requirements. IT governance is part of the enterprise management and has to ensure that IT supports business strategy and business goals in the best possible way.

Several frameworks and best practices for IT governance have been evolved over the last few years. While assisting in the control and coordination tasks these frameworks also include the permanent alignment of IT with the tactical and strategic business goals – while simultaneously minimising the IT risks.


Core Course

Should be visited: FT: 1st
PT: 3rd
Academic Module Coordinator Dr. Petra Asprion
Lecturers Dr. Petra Asprion


Overall hours Contact hours: 60 h
Self-Study: 120 h
Outline Content Overview:
  • Understand the difference and relationship between (IT) governance, risk and compliance and the role of (IT) audit
  • Understand various external and internal regulatory requirements affecting IT organizations
  • Knowledge about "IT governance, risk and compliance" frameworks and reference material
  • Evaluate reference models e.g. ISACA frameworks and standards against the real life risks
  • Overview on Regulations and Trends
  • Risk Management (Reference Models (e.g. ISACA Risk IT)
  • Internal Controls Framework applied to IT Organisations (e.g. COBIT, ITIL, ISO/IEC 20000/2700x)
  • Aspects and procedures of an IT audit (Set the scene / IT general controls, application controls, configurable controls / Scoping and approach / Executing and reporting)
  • Area of special interests of compliance and IT risk management (Practical examples such as Fraud investigation, Assurance Cases, etc.)
Teaching and Learning Methods
  • Plenary lectures to introduce and (partially) deepen selected themes
  • To detail and deepen selected themes: Case studies in (1) group work, (2) group presentations followed by question and answer session and constructive feedback session, and, (3) provisioning of documentation / qualified hand-out
  • In addition during the semester a group work is done by the students which cover topics introduced in the plenary lectures (see Assessment).
Informationen für: