Abstract Requirements for increased IT quality, decreased delivery time and continuously improving service levels are receiving higher emphasis within tighter cost constraints. Information and the technology that supports it represent many organizations' most valuable asset. Therefore, effective corporation governance and risk management need effective IT governance and the risk management of IT. However, the awareness of IT governance is not widespread in the Asia region. Organizations couldn’t take advantage of effective management to earn profits. This research uses the framework of internal control of IT to analyze the phenomenon and the questions of enterprises’ information governance by case study and provides related suggestions of information management to the industry on the basis of the five areas of IT governance. This research interviewed five different companies in five industries including hotel industry, medical biochemistry industry, machinery industry, electronics industry, and government departments. The interview result points out those enterprises pay much attention to risk management but do not concern with performance evaluation. Every director of the information department in all companies I have interviewed has common consensus on the risk management and spends much time and cost on this field. But they do not establish the standard of effectiveness level for the system service and even do not evaluate the actual performance periodically. This research provides five suggestions of business information governance through the result: 1.Ascertaining that IT strategy is aligned with enterprise strategy. 2. Stressing importance of the effectiveness evaluation of IT investment. 3. Enhancing the IT-related expertise of internal auditors. 4. Emphasizing the training of IT staffs and providing reasonable promotion policy. 5. Setting up some effective indexes for performance measurement and measuring the performance periodically.