[摘要] ENGLISH ABSTRACT: Software as a Service (SaaS) – which is a deployment model of cloud computing – is adeveloping trend in technology that brings with it new potential opportunities andconsequently potential risk to enterprise. These incremental risks need to be identified in orderto assist in risk management and therefore information technology (IT) governance.IT governance is a cornerstone of enterprise-wide corporate governance. For many entitiescorporate governance has become a statutory requirement, due to the implementation oflegislation such as Sarbanes-Oxley Act of the United States of America.The research aims to assist in the IT governance of SaaS, by identifying risks and possiblecontrols.By means of an in-depth literature review, the study identified 30 key risks relating to the useand implementation of SaaS from the user's perspective. Different governance and riskframeworks were considered, including CobiT and The Risk IT Framework. In the extensiveliterature review, it was found that CobiT would be the most appropriate framework to use inthis study. Mapping the risks and technologies from the user's perspective to one or more ofthe processes of the CobiT framework, the research found that not all processes whereapplicable. Merely 18 of 34 CobiT processes where applicable.The study endeavoured to identify possible controls and safeguards for the risks identified. Byusing the technologies and risks that were mapped to the CobiT processes, a control frameworkwas developed which included 11 key controls to possibly reduce, mitigate or accept the risksidentified. Controls are merely incidental if it is not linked to a framework.