What risk does IT governance specifically manage in internal auditing?

IT governance specifically manages risks related to IT resources because it encompasses the frameworks and practices that ensure an organization effectively and efficiently uses its IT resources to achieve its goals. This includes aligning IT strategies with business objectives, managing IT investments, and ensuring that IT resources are used responsibly and securely.

When internal auditors evaluate IT governance, they assess how well risks associated with IT infrastructure, applications, data management, and information security are identified and mitigated. This involves ensuring that IT resources are reliable, that data integrity is maintained, and that systems operate securely in accordance with relevant policies and regulations.

The other options focus on narrower scopes of risk management. Financial risks primarily pertain to fiscal responsibilities and may not cover the broader IT implications. Operational risks often concern processes and personnel but do not specifically address the unique aspects of IT resources. External regulatory compliance, while important, is only one facet of the overall governance framework and does not encompass the comprehensive management of risks associated with all IT resources. Thus, the focus on IT resources highlights the specific domain that IT governance oversees within the internal auditing process.