Analysing The Governance, Risk And Compliance (Grc) Implementation Process: Primary Insights

Governance, Risk and Compliance (GRC) as an integrated concept has gained great interest recently among researchers in the Information Systems (IS) field. The need for more effective and efficient business processes in the area of financial controls drives enterprises to successfully implement GRC systems as an overall goal when they are striving for enterprise value of their integrated systems. The GRC implementation process is a significant parameter influencing the success of operational performance and financial governance and supports the practices for competitive advantage within the organisations. However, GRC literature is limited regarding the analysis of their implementation and adoption success. Therefore, there is a need for further research and contribution in the area of GRC systems and more specifically their implementation process. The research at hand recognizes GRC as a fundamental business requirement and focuses on the need to analyse the implementation process of such enterprise solutions. The research includes theoretical and empirical investigation of the GRC implementation within an enterprise and develops a framework for the analysis of the GRC adoption. The approach suggests that the three success factors (integration, optimisation, information) influence the adoption of the GRC and more specifically their implementation process. The proposed framework followed a case study approach to confirm its functionality and is evaluated through interviews with stakeholders involved in GRC implementations. Furthermore, it can be used by the organisations when considering the adoption of GRC solutions and can also suggest a tool for researchers to analyse and explain further the GRC implementation process.

[1]  Edgar R. Weippl,et al.  A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC) , 2010, Communications and Multimedia Security.

[2]  M. Markus,et al.  The Enterprise System Experience— From Adoption to Success , 2000 .

[3]  Jeanne W. Ross,et al.  Learning to Implement Enterprise Systems: An Exploratory Study of the Dialectics of Change , 2002, J. Manag. Inf. Syst..

[4]  Robert Winter,et al.  Situational method engineering for governance, risk and compliance information systems , 2009, DESRIST.

[5]  Edgar Weippl,et al.  A process model for integrated IT governance , risk , and compliance management , 2010 .

[6]  Scott L Mitchell,et al.  GRC360: A framework to help organisations drive principled performance , 2007 .

[7]  Shan Ling Pan,et al.  Understanding the influences of social integration in enterprise systems use , 2008, J. Enterp. Inf. Manag..

[8]  Miguel Mira da Silva,et al.  A Conceptual Model for Integrated Governance, Risk and Compliance , 2011, CAiSE.

[9]  G. M. Gross A Defining Moment , 1992 .

[10]  Helmut Krcmar,et al.  Exploring the Contribution of Information Technology to Governance, Risk Management, and Compliance (GRC) Initiatives , 2011, ECIS.

[11]  Jeanne Harris,et al.  Enterprise systems and ongoing process change , 2004, Bus. Process. Manag. J..

[12]  V. Braun,et al.  Using thematic analysis in psychology , 2006 .

[13]  Jeanne W. Ross,et al.  The ERP Revolution: Surviving vs. Thriving , 2000, Inf. Syst. Frontiers.

[14]  Richard Hunt,et al.  An introduction to Continuous Controls Monitoring , 2010 .

[15]  Edgar R. Weippl,et al.  Questioning the Need for Separate IT Risk Management Frameworks , 2010, GI Jahrestagung.

[16]  Richard E. Boyatzis,et al.  Transforming Qualitative Information: Thematic Analysis and Code Development , 1998 .

[17]  Matthew B. Miles,et al.  Qualitative Data Analysis: An Expanded Sourcebook , 1994 .

[18]  Michael Amberg,et al.  Governance, Risk & Compliance (GRC) Status Quo and Software Use: Results from A Survey Among Large Enterprises , 2010 .