An organization’s top executives, board of directors and audit committee members look to information technology (IT) management for effective oversight of IT risks. The controls in place to manage these risks are an essential part of the internal control environment and structure. These same executives look to internal audit to evaluate whether IT risks are appropriately understood, managed and controlled, and whether the activities of the IT organization support the vision and strategy of the business (a process known today as IT governance). This important check and balance, or creative tension, forms an integral part of today’s corporate governance process.