The document discusses IT governance and risk management. It defines governance and risk management, and explains that governance deals with connecting business focus to IT management, while risk management involves identifying, assessing, and prioritizing risks. It also classifies different types of IT risks, discusses how IT risk fits into enterprise risk management, and outlines the IT governance process and methods for evaluating, defining scenarios for, setting tolerance for, and controlling IT risks.