[摘要] ENGLISH ABSTRACT: In today's technologically advanced business environments, Information Technology (IT) has become the centre of most, if not all businesses' strategic and operational activities. It is for this reason that the King III report has dedicated a chapter to IT governance principles, in effect making the board of directors and senior management responsible for implementing such principles. King III's guidance on these principles is only described in broad terms and lack sufficient detail as how to implement these principles. Though various guidelines, in the form of IT control frameworks, -models and -standards exist, it remains highly theoretical in nature and companies tend to view these control frameworks, -models and -standards on an individual basis, implementing them in an ad hoc manner, resulting in the implementation of an inefficient IT governance system, that does not address the key strategic areas and risks in a business.The purpose of this study is to develop an IT best practices integrated framework which can assist management in implementing an effective IT governance system at both a strategic and operational level. The integrated framework was developed by performing a detailed literature review of a best practice control framework, -model and -standard, including its underlying processes.By combining and aligning the relevant processes of the control framework, -model and -standard to the business' imperatives, a framework was developed to implement IT governance principles at a strategic level. The integrated framework is extended to provide guidance on how to implement good IT controls at an operational level. The control techniques, of the applicable processes identified at a strategic level, are implemented as well as the controls around a company's various access paths, which are affected by a company's business imperatives. These access paths are controlled through the implementation of applicable configuration controls. By making use of the integrated framework which was developed, an effective and efficient IT governance system can be implemented, addressing all applicable IT risks relevant to the key focus areas of a business.