Which framework is primarily associated with enterprise IT governance and management?

Managing and governing IT across an organization requires a framework that ties IT activities to business goals, provides governance structures, and offers process objectives and metrics. COBIT is designed for this role. It’s a framework created by ISACA specifically to govern and manage enterprise IT, covering governance goals (Evaluate, Direct, Monitor) and management domains (Plan, Build, Run, Monitor) with detailed control objectives, performance metrics, and capability assessments. This makes it the go-to framework for aligning IT with business strategy, optimizing processes, and overseeing risk and resource use at the enterprise level. COSO focuses on internal control and enterprise risk management more broadly, not IT-specific governance. PCI-DSS is a security standard aimed at protecting payment card data, not a framework for overall IT governance. ISO/IEC 27002 provides a code of practice for information security controls, but again it’s about security controls rather than the overarching governance and management of IT.