There are quite a few supporting references developed to guide the implementation of information technology governance. Some of them are:

Control Objectives for Information and related Technology (COBIT) is regarded as the worlds leading IT governance and control framework. This is done by providing tools to assess and measure the performance of 34 IT processes of an organization. Originally created by ISACA, COBIT is now the responsibility of the ITGI (IT Governance Institute).
The IT Infrastructure Library (ITIL) is a detailed framework with hands-on information on how to achieve a successful operational Service management of IT, developed and maintained by the United Kingdom's Office of Government Commerce, in partnership with the IT Service Management Forum.

The ISO/IEC 27001 (ISO 27001) is a set of best practices for organizations to follow to implement and maintain a security program. It started out as British Standard 7799 ([BS7799]), which was published in the United Kingdom and became a well known standard in the industry that was used to provide guidance to organizations in the practice of information security.

The IT Baseline Protection Catalogs, or IT-Grundschutz Catalogs, ("IT Baseline Protection Manual" before 2005) are a collection of documents from the German Federal Office for Security in Information Technology (FSI), useful for detecting and combating security-relevant weak points in the IT environment. The collection encompasses over 3000 pages with the introduction and catalogs.
The Information Security Management Maturity Model ISM3 is a process based ISM maturity model for security.
AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008
ISO/IEC 38500:2008 Corporate governance of information technology, (very closely based on AS8015-2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations.

Others include:

• BS7799 - focus on IT security
• CMM - The Capability Maturity Model - focus on software engineering

Non-IT specific frameworks of use include:

• The Balanced Scorecard (BSC) - method to assess an organization’s performance in many different areas.
• Six Sigma - focus on quality assurance