Governance, risk and compliance: Applications in information systems

The importance of governance and associated issues of compliance and risk management is well recognized in enterprise systems. This importance has dramatically increased over the last few years as a result of numerous events that led to some of the largest scandals in corporate history. The governance, risk and compliance market is estimated to be worth over $32 billion. Tool support for governance, risk and compliance related initiatives is provided by over 100 software vendors, however, while the tools have on average tripled in price since 2003, they are often insufficient to meet organizational needs. At the same time, there is an increasing complexity in the facilitation of compliant business processes, which stems from an increasing number of regulations, frequent and dynamic changes, as well as shared processes and services executing in highly decentralized environments. In the age of outsourcing, dynamic business networks, and global commerce, it is inevitable that organizations will need to develop methods, tools and techniques to design, engineer, and assess processes and services that meet regulatory, standard and contractual obligations. Governance, Risk and Compliance (GRC) can be expected to play a significant part in several applications. This area is emerging as a critical and challenging area of research and innovation. It introduces, among others, the need for new or adapted modeling approaches for compliance requirements, extension of process and service modeling and execution frameworks for compliance and risk management, and detection of policy violations. In addition, it introduces questions relating specifically to the use of technology to support compliance management. For example, how auditors and regulators can put into use techniques like continuous monitoring and data analysis to assess whether an organization complies with relevant rules and regulations, or how technology can be used to support assessment of design and operational effectiveness of controls. This workshop will provide, for the fourth year running, a forum for researchers from diverse areas and make a consolidated contribution in the form of new and extended methods that address the challenges of governance, risk and compliance in information systems. Industry papers are also encouraged at this workshop.