A Frame of Reference for Research of Integrated Governance, Risk

Loading...

A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC) IFIP International Conference on Communications and Multimedia Security CMS 2010: Communications and Multimedia Security pp 106-117 | Cite as Nicolas Racz (1) Edgar Weippl (1) Andreas Seufert (2) 1. Institute for Software Technology and Interactive Systems, TU Vienna, Vienna, Austria 2. Institut für Business Intelligence, Steinbeis Hochschule Berlin, Berlin, Germany Conference paper 9 Citations 27 Readers 3.2k Downloads Part of the Lecture Notes in Computer Science book series (LNCS, volume 6109)

Abstract Governance, Risk and Compliance (GRC) is an emerging topic in the business and information technology world. However to this day the concept behind the acronym has neither been adequately researched, nor is there a common understanding among professionals. The research at hand provides a frame of reference for research of integrated GRC that was derived from the first scientifically grounded definition of the term. By means of a literature review the authors merge observations, an analysis of existing definitions and results from prior surveys in the derivation of a single-phrase definition. The definition is evaluated and improved through a survey among GRC professionals. Finally a frame of reference for GRC research is constructed.

Keywords governance risk compliance GRC integrated definition Download to read the full conference paper text

References 1.

PricewaterhouseCoopers: 8th annual global CEO survey, http://www.globes.co.il/Serve/Researches/documents/8thAnnualGlobalCEOSurvey.pdf (http://www.globes.co.il/Serve/Researches/documents/8thAnnualGlobalCEOSurvey.pdf)

2.

Leibs, S.: One for three. CFO Magazine (September 2007), http://www.cfo.com/article.cfm/9689509 (http://www.cfo.com/article.cfm/9689509)

3.

Dittmar, L.: Demystifying GRC. Business Trends Quarterly 2(4), 16–18 (2007) Google Scholar (http://scholar.google.com/scholar_lookup? title=Demystifying%20GRC&author=L..%20Dittmar&journal=Business%20Trends%20Quarterly&volume=2&issue=4&pages=1618&publication_year=2007)

4.

Kahn Consulting: GRC, E-Discovery, and RIM: state of the industry, http://www.kahnconsultinginc.com/library/KCI-GRC-RIM-EDDsurvey.pdf (http://www.kahnconsultinginc.com/library/KCI-GRC-RIM-EDD-survey.pdf)

5.

Rasmussen, M.: 2008 GRC drivers, trends & market directions, http://www12.sap.com/community/showdetail.epx?ItemID=11997 (http://www12.sap.com/community/showdetail.epx?ItemID=11997)

6.

Ahlemann, F., Gastl, H.: Process Model for an Empirically Grounded Reference Model Construction. In: Fettke, P., Loos, P. (eds.) Reference Modelling for Business Systems Analysis, pp. 77–97. Idea Group, Hershey (2007) Google Scholar (http://scholar.google.com/scholar_lookup? title=Process%20Model%20for%20an%20Empirically%20Grounded%20Reference%20Model%20Construction&author=F..%20Ahlemann& author=H..%20Gastl&pages=77-97&publication_year=2007)

7.

Broady, D.V., Roland, H.A.: SAP GRC for dummies. Wiley, Indianapolis (2008) Google Scholar (http://scholar.google.com/scholar_lookup? title=SAP%20GRC%20for%20dummies&author=D.V..%20Broady&author=H.A..%20Roland&publication_year=2008)

8.

Fettke, P.: State-of-the-Art des State-of-the-Art. Eine Untersuchung der Forschungsmethode ‘Review’ innerhalb der Wirtschaftsinformatik. Wirtschaftsinformatik 48/4, 257–266 (2006) Google Scholar (http://scholar.google.com/scholar_lookup?title=State-of-the-Art%20des%20State-of-theArt.%20Eine%20Untersuchung%20der%20Forschungsmethode%20%E2%80%98Review%E2%80%99%20innerhalb%20der%20Wirtschafts informatik&author=P..%20Fettke&journal=Wirtschaftsinformatik&volume=48&pages=257-266&publication_year=2006)

9.

Schlagheck, B.: Object-oriented reference models for process and project controlling. In: Foundation-construction-fields of application. Deutscher Univ.-Verlag, Wiesbaden (2000) Google Scholar (http://scholar.google.com/scholar?q=Schlagheck%2C%20B.%3A%20Objectoriented%20reference%20models%20for%20process%20and%20project%20controlling.%20In%3A%20Foundation-constructionfields%20of%20application.%20Deutscher%20Univ.-Verlag%2C%20Wiesbaden%20%282000%29)

10.

Mitchell, S.L.: GRC360: A framework to help organisations drive principled performance. International Journal of Disclosure and Governance 4(4), 279–296 (2007) CrossRef (http://doi.org/10.1057/palgrave.jdg.2050066) Google Scholar (http://scholar.google.com/scholar_lookup? title=GRC360%3A%20A%20framework%20to%20help%20organisations%20drive%20principled%20performance&author=S.L..%20Mitche ll&journal=International%20Journal%20of%20Disclosure%20and%20Governance&volume=4&issue=4&pages=279296&publication_year=2007)

11.

Tapscott, D.: Trust and competitive advantage: an integrated approach to governance, risk & compliance (2006), http://www.findwhitepapers.com/whitepaper1714/ (http://www.findwhitepapers.com/whitepaper1714/)

12.

Kelly, J.: Risk management surpasses compliance as top GRC priority, http://go.techtarget.com/r/3484977/6129174 (http://go.techtarget.com/r/3484977/6129174)

13.

Banham, R.: Is ERM GRC? Or vice versa? Treasury & Risk 2(6), 48–50 (2007) Google Scholar (http://scholar.google.com/scholar_lookup? title=Is%20ERM%20GRC%3F%20Or%20vice%20versa%3F&author=R..%20Banham&journal=Treasury%20%26%20Risk&volume=2&issu e=6&pages=48-50&publication_year=2007)

14.

Mitchell, S.L.: GRC – more than three letters, http://grc360.blog.oceg.org/2007/08/grc-more-than-three-letters.html (http://grc360.blog.oceg.org/2007/08/grc-more-than-three-letters.html)

15.

Hoffmann, M.: Governance, Risk und Compliance (GRC) – ein integrierter Ansatz. IM 24(1), 74–81 (2007) Google Scholar (http://scholar.google.com/scholar_lookup? title=Governance%2C%20Risk%20und%20Compliance%20%28GRC%29%20%E2%80%93%20ein%20integrierter%20Ansatz&author=M.. %20Hoffmann&journal=IM&volume=24&issue=1&pages=74-81&publication_year=2007)

16.

Switzer, C.S.: Integration innovation. Business Trends Quarterly 2(4), 26–32 (2007) Google Scholar (http://scholar.google.com/scholar_lookup? title=Integration%20innovation&author=C.S..%20Switzer&journal=Business%20Trends%20Quarterly&volume=2&issue=4&pages=2632&publication_year=2007)

17.

Curran, B.: Defragmenting GRC. Pharmaceutical Technology 4(16), 20–23 (2007) Google Scholar (http://scholar.google.com/scholar_lookup? title=Defragmenting%20GRC&author=B..%20Curran&journal=Pharmaceutical%20Technology&volume=4&issue=16&pages=2023&publication_year=2007)

18.

KPMG: Governance, risk, and compliance. Driving value through controls monitoring, http://www.kpmg.ca/en/services/advisory/documents/GovernanceRiskCompliance.pdf (http://www.kpmg.ca/en/services/advisory/documents/GovernanceRiskCompliance.pdf)

19.

Economist Intelligence Unit: Managing risk through financial processes. Embedding governance, risk and compliance, http://graphics.eiu.com/marketing/pdf/SAP%20GRC.pdf (http://graphics.eiu.com/marketing/pdf/SAP%20GRC.pdf)

20.

Wechsler, P.: The GRC harmony. Treasury & Risk 2(6), 13 (2008) Google Scholar (http://scholar.google.com/scholar_lookup? title=The%20GRC%20harmony&author=P..%20Wechsler&journal=Treasury%20%26%20Risk&volume=2&issue=6&pages=13&publication _year=2008)

21.

Corporate Integrity: What is GRC?, http://www.corp-integrity.com/about/grc.html (http://www.corp-integrity.com/about/grc.html)

22.

Hovis, J.J.: CIO at the center, http://www.oracle.com/dm/08q3field/ogec_wp_cio.pdf (http://www.oracle.com/dm/08q3field/ogec_wp_cio.pdf)

23.

OCEG: GRC capability model. Red Book 2.0 (2009), http://www.oceg.com (http://www.oceg.com)

24.

Vemuri, A.: Strategic themes in risk and compliance. FINsights 2, 2–5 (2008) Google Scholar (http://scholar.google.com/scholar_lookup? title=Strategic%20themes%20in%20risk%20and%20compliance&author=A..%20Vemuri&journal=FINsights&volume=2&pages=25&publication_year=2008)

25.

Frigo, M.L., Anderson, R.J.: A strategic framework for governance, risk, and compliance. Strategic Finance 90(8), 20–61 (2009) Google Scholar (http://scholar.google.com/scholar_lookup? title=A%20strategic%20framework%20for%20governance%2C%20risk%2C%20and%20compliance&author=M.L..%20Frigo&author=R.J.. %20Anderson&journal=Strategic%20Finance&volume=90&issue=8&pages=20-61&publication_year=2009)

26.

Approva Corporation: 2007 Approva GRC survey (2007), http://www.approva.net/survey (http://www.approva.net/survey)

27.

Teubner, A., Feller, T.: Informationstechnologie, Governance und Compliance. Wirtschaftsinformatik 50(5), 400–407 (2008) CrossRef (http://doi.org/10.1007/s11576-008-0081-6) Google Scholar (http://scholar.google.com/scholar_lookup? title=Informationstechnologie%2C%20Governance%20und%20Compliance&author=A..%20Teubner&author=T..%20Feller&journal=.%20 Wirtschaftsinformatik&volume=50&issue=5&pages=400-407&publication_year=2008)

28.

IT Policy Compliance Group: 2008 Annual Report. IT Governance, Risk, and Compliance (2008), http://www.itpolicycompliance.com/pdfs/ITPCGAnnualReport2008.pdf (http://www.itpolicycompliance.com/pdfs/ITPCGAnnualReport2008.pdf)

29.

Rath, M., Sponholz, R.: IT-Compliance: Erfolgreiches Management regulatorischer Anforderungen. Schmidt, Berlin (2009) Google Scholar (http://scholar.google.com/scholar?q=Rath%2C%20M.%2C%20Sponholz%2C%20R.%3A%20ITCompliance%3A%20Erfolgreiches%20Management%20regulatorischer%20Anforderungen.%20Schmidt%2C%20Berlin%20%282009%29)

30.

Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Quarterly 28(1), 75–105 (2004) Google Scholar (http://scholar.google.com/scholar_lookup? title=Design%20science%20in%20information%20systems%20research&author=A.R..%20Hevner&author=S.T..%20March&author=J..%20P ark&author=S..%20Ram&journal=MIS%20Quarterly&volume=28&issue=1&pages=75-105&publication_year=2004)

Copyright information © Springer-Verlag Berlin Heidelberg 2010

About this paper Cite this paper as: Racz N., Weippl E., Seufert A. (2010) A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC). In: De Decker B., Schaumüller-Bichl I. (eds) Communications and Multimedia Security. CMS 2010. Lecture Notes in Computer Science, vol 6109. Springer, Berlin, Heidelberg DOI (Digital Object Identifier) http://doi.org/10.1007/978-3-642-13241-4_11 Publisher Name Springer, Berlin, Heidelberg Print ISBN 978-3-642-13240-7 Online ISBN 978-3-642-13241-4 eBook Packages Computer Science About this book Reprints and Permissions

Personalised recommendations

© 2017 Springer International Publishing AG. Part of Springer Nature. Not logged in Not affiliated 185.191.229.108

Loading...

A Frame of Reference for Research of Integrated Governance, Risk

A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC) IFIP International Conference on Communications and Multimedia S...

56KB Sizes 6 Downloads 22 Views

Recommend Documents

A Frame of Reference for Research of Integrated - HAL-Inria
Aug 18, 2014 - Abstract. Governance, Risk and Compliance (GRC) is an emerging topic in the business and information tech

A Frame of Reference for Research of Integrated - IFIP Digital Library
Abstract. Governance, Risk and Compliance (GRC) is an emerging topic in the business and information technology world. H

Governance in Disaster Risk Management - Integrated Research on
Risk governance is mostly viewed through the lens of disaster or emergency management ...... “Principles for Sustainab

Redalyc.Thermal performance of novel frame-integrated unitised
Chile. Cordero, Belarmino; García-Santos, Alfonso; Overend, Mauro. Thermal performance of novel frame-integrated unitis

A Method for Integrated Management of Process-risk
19439, ISO/IEC 15414, CIMOSA, GRAI, GERAM etc. (2) ISO/DIS 19440 associates an organizational role to each enterprise co

risk governance - International Risk Governance Council
Dr. Fotis Kafatos, Chair Professor, Insect Immunogenetics, Imperial College of Science,. Technology and ..... agent and

Risk and Governance: A Framework for Banking Organisations - Risk
Apr 26, 2013 - Governance is defined as the way in which a company is controlled, through principles like the equitable

promoting the development of students' individual frame of reference
Jun 30, 2015 - dengan realitas pembelajaran di kelas atau tidak guna perbaikan dan saran untuk implementasi berikutnya.

A special case of cultural frame switching - Online Research Consortium
Nov 21, 2004 - significant main effect indicates the existence of a uniform bias (Mellenbergh, 1982). This means that th

A framework for integrated risk management for international - IEI
May 6, 2013 - to incorporate within the company's capital structure-are made independently ... on their exposures as det