Integrating IT Governance, Risk, and Compliance Management Processes

Even though the field of Governance, Risk, and Compliance (GRC) has witnessed increased attention over the last years, there is a lack of research on the integrated approach to GRC. This research suggests an integrated process model for high-level IT GRC management. After a discussion of existing process models for integrated GRC, the scope of the research within GRC is defined and explained. Frameworks for the separate topics of IT governance, IT risk management, and IT compliance management are selected and discussed. Finally these frameworks are merged into a single integrated process model. The model is then validated through a comparison to IT GRC processes of three multinational companies.