A process model for integrated IT governance , risk , and compliance management

Governance, Risk, and Compliance (GRC) is an emerging topic in the world of business and information technology. However to date there is a lack of research on an integrated approach to GRC has hardly been researched. In this paper we construct an integrated process model for high-level IT GRC management. First, we discuss existing process models for integrated GRC. Then we set the scope of our research within the GRC domain and offer an explanation of it. We select and discuss frameworks for the separate topics of IT governance, IT risk management, and IT compliance management. Finally, these frameworks are merged into a single integrated process model for IT GRC management.

[1]  Martin Bichler,et al.  Design science in information systems research , 2006, Wirtschaftsinf..

[2]  Edgar R. Weippl,et al.  A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC) , 2010, Communications and Multimedia Security.

[3]  Alexander Teubner,et al.  Informationstechnologie, Governance und Compliance , 2008, Wirtschaftsinf..

[4]  Eijiroh Ohki,et al.  Information security governance framework , 2009, WISG '09.

[5]  W. Edwards Deming,et al.  Out of the Crisis , 1982 .

[6]  Edward Lewis,et al.  The Viable Governance Model - A Theoretical Model for the Governance of IT , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[7]  Pieter M. A. Ribbers,et al.  Designing information technology governance processes: diagnosing contemporary practices and competing theories , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[8]  Isaca The Risk IT Framework , 2009 .

[9]  Robert R. Moeller,et al.  COSO Enterprise Risk Management: Understanding the New Integrated ERM Framework , 2007 .

[10]  L. Leaverton Internal control. , 2018, Journal of the Iowa Medical Society.

[11]  Carla Wiggins,et al.  Sustaining and extending organization strategy via information technology governance , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[12]  M. Oliverio Internal control—integrated framework: who is responsible? , 2001 .

[13]  Scott L Mitchell,et al.  GRC360: A framework to help organisations drive principled performance , 2007 .

[14]  Sue White,et al.  Six Sigma: SPC and TQM in Manufacturing and Services , 2001 .