An ISO Compliant and Integrated Model for IT GRC (Governance, Risk Management and Compliance)
نویسندگان
چکیده
GRC (Governance, Risk and Compliance) is an umbrella acronym covering the three disciplines of governance, risk management and compliance. The main challenge behind this concept is the integration of these three areas, generally dealt with in silos. At the IT level (IT GRC), some research works have been proposed towards integration. However, the sources used for the construction of the resulting models are generally mixing formal standards, de facto standards arising from industrial consortia, and research results. In this paper, we specifically focus on defining an ISO compliant IT GRC integrated model, ISO standards representing by nature an international consensus. To do so, we analyse the ISO standards related to the GRC field and propose a way of integration. The result of this paper is an ISO compliant integrated model for IT GRC, aiming at improving the efficiency when dealing with the three disci-
منابع مشابه
A process model for integrated IT governance, risk, and compliance management
Governance, Risk, and Compliance (GRC) is an emerging topic in the world of business and information technology. However to date there is a lack of research on an integrated approach to GRC has hardly been researched. In this paper we construct an integrated process model for high-level IT GRC management. First, we discuss existing process models for integrated GRC. Then we set the scope of our...
متن کاملMagic Quadrant for Enterprise Governance, Risk and Compliance Platforms
Governance, risk and compliance (GRC) as a marketplace can be broadly divided between GRC management (GRCM) products for the oversight and operation of risk management and compliance programs, and other GRC products for the automation and monitoring of controls. For a comprehensive description of the GRC marketplace, see "A Comparison Model for the GRC Marketplace, 2011 to 2013," which addresse...
متن کاملWhat Is Grc and Where Is It Heading? a Briefing Paper
Well established governance, risk and compliance functions have for many years formed a key part of management practice in both the private and public sectors in Australia. A relatively new concept, " GRC " , has emerged, which emphasises on building a closer interrelationship between governance, risk and compliance, and how these functions can be further integrated to increase their effectiven...
متن کاملTowards a Reference Model for Integrated Governance, Risk and Compliance
More regulations are on the way, along with demanding transparency, accurate information about company operations, robust and comprehensive risk management, regulatory compliance and efficient governance. Consequently, organizations are seeking to improve their GRC activities, by implementing integrated GRC solutions that provide a holistic view of the organization and help in the automation of...
متن کاملA Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC)
Governance, Risk and Compliance (GRC) is an emerging topic in the business and information technology world. However to this day the concept behind the acronym has neither been adequately researched, nor is there a common understanding among professionals. The research at hand provides a frame of reference for research of integrated GRC that was derived from the first scientifically grounded de...
متن کامل