During the latest years, IT governance has become more and more important. More of the attention on IT Governance is captured by compliance, owing to the recent financial scandals and the severe rules regarding information systems audit and control. Companies need to comply with these rules, but it requires important investments, considered not only strategic but necessary (Remenyi et. al. 2000). However, companies should analyse the compliance requirements to implement an IT governance system, not only to comply with legal rules, but also to improve the strategic alignment between IT and business and to optimise value creation by IT compliance investments (Ventrakaman and Henderson 1996, Van Grembergen 2003). However, companies have difficulties in implementing IT compliance initiatives, because they are complex and require an integrated approach all over the organization. But IT compliance initiatives often lack an integrated, strategic approach: they only try to comply with the increasing rules affecting IT operations, thereby limiting the value of compliance investments. To optimise IT compliance, companies should develop an IT compliance strategy, aiming not only to accomplish with regulations, but also to bring processes into compliance. That is, to realise a full integration between operations, risk control, data reliability. To reach this result, compliance automated solutions are indicated, like GCR (Governance, Risk and Compliance) applications. However, standard solutions fail to support specific problems and the individual value proposition of each company: an EIMS (Enterprise Information Management Systems), developed in house, allows automatically managed processes, data and information security, to access control and system performance and to improve data usability, in accordance with company specific organisation and needs. In this paper, IT compliance is introduced, to define how to orient it to value creation; GRC systems. EIM systems are described, with their different cost and benefits for companies. The aim of the paper is to define how to develop compliance automated systems, to save money and enhance information integration and value. Observations and conclusions derive from practical experience of the author, participating to a project of EIM implementation in a major Italian company.

There is evidence in the IT literature indicating that IT management is one factor that influences IT success. In addition, there is much literature indicating that IT management is important in the SME context. However, much of this literature has focused on the important role of the owner and/or other senior managers. For example, Thong et al (1996) focused on top management support and its influence on IT success. This paper argues that top management support is only one aspect of IT management and other aspects of IT management have received little attention in studies of SMEs. The study commenced with a review of the literature which identified many different definitions of IT management. However, the broader management literature indicated that the classical functions of planning, organising, controlling and leading provide an excellent way of conceptualising the many activities involved in managing (Carroll and Gillen, 1987). The management literature also provided working definitions for the four management functions. A multiple‑case study approach was then used to collect evidence from four SMEs (with between four and 50 employees). The data identified IT management practices associated with each of the four IT functions, ie, IT planning, IT organising, IT controlling and IT leading. For example, one firm had an IT committee made up of staff from different levels of the firm. Some on the committee would be assigned specific IT responsibilities, eg, training of other staff. This practice provided an example of IT organising, ie, of defining tasks and assigning personnel. Similarly, many other IT management practices were both identified and classified. The results provide a significant foundation for researchers of IT management in SMEs. For example, the conceptualisation indicates four IT management functions. Also, the definitions clarify important aspects of IT management. The study also indicated that some aspects of IT management have received little attention in prior studies. For example, while IT planning has received considerable attention, IT leading in SMEs has only been examined in the narrower context of top management support. Furthermore, few studies have examined the role and importance of IT organising and IT controlling in the SME context. Thus the study also indicates directions for future research, including the identification of IT management best practices.

This paper shows, which concepts and frameworks currently exist to measure the performance of the IT de‑partment and its delivered IS services. We discuss how a performance management system might be designed and im‑ plemented with the purpose to monitor and improve the IT function. A performance metrics catalogue has been elabo‑ rated to document and to enable a common understanding of the individual metrics. Finally, this paper provides lessons learned and some recommendations for further research in the area of IT performance management.