A Metamodel to Integrate Control Objectives into Viewpoints for EA Management

Enterprise Governance, Risk and Compliance (GRC) systems are key to managing risks threatening modern enterprises from many different angles. Key constituent to GRC systems is the definition of Controls that are implemented on the different layers of an Enterprise Architecture (EA). As part of the compliance aspect of GRC, the effectiveness of these Controls is assessed and reported to relevant management bodies within the enterprise. In this paper we present a metamodel which links Controls to the affected elements of an EA and supplies a way of expressing associated assessment techniques and results. We complement the metamodel with an expository instantiation in a cockpit for Control compliance applied in an international enterprise in the insurance industry.