The discipline of information technology governance first emerged in 1993 as a derivative of corporate governance and deals primarily with the connection between strategic objectives and IT management of anorganization. It highlights the importance of IT-related matters in contemporary organizations and states that strategic IT decisions should be owned by the corporate board, rather than by the chief information officeror other IT managers.

The primary goals for information technology governance are to (1) assure that the investments in IT generate business value, and (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, ICT infrastructure, etc.

Accountability is the key concern of IT governance.

After the widely reported collapse of Enron in 2000 and the alleged problems within Arthur Andersen and WorldCom, the duties and responsibilities of auditors and the boards of directors for public and privately held corporations were questioned. As a response to this, and to attempt to prevent similar problems from happening again, the US Sarbanes-Oxley Act was written to stress the importance of business control and auditing. Although not directly related to IT governance, Sarbanes-Oxley and Basel-II in Europe have influenced the development of information technology governance since the early 2000s.

Following corporate collapses in Australia around the same time, working groups were established to develop standards for corporate governance. A series of Australian Standards for Corporate Governance were published in 2003, these were:

AS8015 Corporate Governance of ICT was published in January 2005. It was fast-track adopted as ISO/IEC 38500 in May 2008.Introduction to ISO 38500