Nowadays, companies are facing a rather harsh competition and faster changing business environment. So company runners must find ways to better utilize their IT functions to support their business running and management, and hence strengthen their competition advantages. Companies are spending more and more on their IT investment, so their IT structures are getting more and more complicated, and it becomes harder and harder to manage them. And hence building a proper IT governance framework for a company becomes a must. An effective IT governance strategy could help a company to promptly respond to market changes, enhance management effectiveness, improve business processes, strengthen customer relationship, and provide IT innovation applications to business development. IT can directly affect business competency and revenue, so IT governance becomes an important topic when talking about running a successful business. A mature IT governance strategy can help a company to make use of its IT resources efficiently, and therefore gaining the greatest benefits from them. The structure of this paper is based on COBIT’s four main IT processes, combining IT operation practices from a financial holding company. It also merges 34 operation steps into 17 key procedures, and tries to achieve the goal of IT governance within a financial holding company by connecting these key procedures with 5 structural attributes in IT governance. This paper tries to demonstrate the feasibility of the said governance framework based on the case study of Financial Holding Company A. In the aspects of IT’s roles and responsibilities and its value related to an enterprise, it also suggests that in order for a company to respond fast and correctly, the roles and responsibilities within the IT governance structure plus an efficient decision making channel must first be defined and established. There should be a thoroughly cost-effective analysis before an IT system is built. This analysis shall draw up the investment plan based on the original investment purpose and hence making the IT resources most efficient. Besides, an examination mechanism should be put in place after the system is established to evaluate the difference between its expected and real value, hence becomes the foundation for improvement and IT development experience for future use. In the aspect of IT performance assessment, all four dimensions of excellence in operation, contribution to the company, customer orientation, and future perspective should be included. So the IT strategy can now be evaluated by quantifiable targets and actions. By using this method, it also increases the value and displays the performance of IT department. In the aspect of information security, there are some well recognized international information security standards which could be introduced to build up a suitable information security management system. Setting up the standard of IT structure, controlling the core skills, and increasing the system scalability. A standard, which includes system framework and management procedures, is especially critical when a company is expending its business internationally. This kind of standard can consolidate resources, quickly build up systems, and then manage them efficiently. Actively raising the skills of IT personnel; understanding your company's business, customers, and strategy; approaching issues with strategic thinking and driving new business models with IT resources.