A process model for integrated IT governance, risk, and compliance management
نویسندگان
چکیده
Governance, Risk, and Compliance (GRC) is an emerging topic in the world of business and information technology. However to date there is a lack of research on an integrated approach to GRC has hardly been researched. In this paper we construct an integrated process model for high-level IT GRC management. First, we discuss existing process models for integrated GRC. Then we set the scope of our research within the GRC domain and offer an explanation of it. We select and discuss frameworks for the separate topics of IT governance, IT risk management, and IT compliance management. Finally, these frameworks are merged into a single integrated process model for IT GRC management.
منابع مشابه
An ISO Compliant and Integrated Model for IT GRC (Governance, Risk Management and Compliance)
GRC (Governance, Risk and Compliance) is an umbrella acronym covering the three disciplines of governance, risk management and compliance. The main challenge behind this concept is the integration of these three areas, generally dealt with in silos. At the IT level (IT GRC), some research works have been proposed towards integration. However, the sources used for the construction of the resulti...
متن کاملRelationship between Corporate Governance and Risk Management
Corporate governance of banks is one of the most important structures required by banks to maintain the health and stability of banks, which can play an important role in managing banks' risk. This paper examines the effect of corporate governance on liquidity risk management, credit risk management, and total bank risk management. We used board structure effectiveness, transparency, and respon...
متن کاملControl Objectives for DP: Digital Preservation as an Integrated Part of IT Governance
Digital Preservation, often seen as information management with a long-term mission, is recognized as an independent research area, but the field’s maturity is still evolving. Reference models and compliance criteria for archival systems are being developed, but the more general perspective of Governance, Risk and Compliance has yet to be fully considered. In particular, Digital Preservation ca...
متن کاملEnterprise Risk Management and Performance of Financial Institutions in Iraq: The Mediating Effect of Information Technology Quality
Enterprise risk management represents a process of assessing exposure to risks in an institution. It is a systematic mechanism and a comprehensive tool for predicting events, including unexpected events, and their impacts. This paper is a conceptual study. It aims at designing a model for testing the mediation effect of information technology (IT) quality on the relationship between the enterpr...
متن کاملWHITEPAPER Affordable Integrated Governance, Risk and Compliance: Wishful Thinking or Reality?
Introduction The rapidly changing regulatory environment across all industry sectors requires managers and their boards to be more anticipatory to the challenges of strong governance, effective enterprise-wide risk management and the implementation of an efficient and effective compliance regime. Many organisations have sought to create an integrated governance, risk and compliance (GRC) oversi...
متن کامل