Towards a Reference Model for Integrated Governance, Risk and Compliance

More regulations are on the way, along with demanding transparency, accurate information about company operations, robust and comprehensive risk management, regulatory compliance and efficient governance. Consequently, organizations are seeking to improve their GRC activities, by implementing integrated GRC solutions that provide a holistic view of the organization and help in the automation of activities. After analysing and researching the emerging domain of integrated GRC, the lack of references that provide guidance to organizations in the implementation and optimization of processes, activities and information is an alarming issue. In this paper we propose a reference model for GRC, combining two architectural layers Business and Information Systems modelled with ArchiMate. The reference model is presented and described through several viewpoints. We then apply a framework to evaluate the quality of the reference model and discuss the obtained results.