A Framework for Assessing Organisational IT Governance, Risk and Compliance

Today, enterprises have reached to understanding that Information Technology (IT) is more than just a technical issue. Disciplines such as IT governance, (IT) risk management and (IT) compliance have been established to steer it. Though, there has been some improvements, these domains are usually focused separately in silos, which raises a problem of performance and efficiency, where less business value is created due to complexity of the process flows. In order to cure it, there has been an adoption from business world, referred as “GRC” which covers all the three disciplines of governance, risk management and compliance. The paper conducts a systematic review on the discipline of IT GRC, taking out best practices. Researching what has been done to integrate them and proposing an synthesized framework from the review results. The framework, unifying the disciplines is supposed to ease the adoption of IT GRC in an enterprise, providing a structure to manage the IT and business together, thereby improve business performance. In addition to proposing an IT GRC framework, the paper presents a web application to support the framework adoption. The proposed model is based on the scientifically proven best practices of the state of the art which would give a certainty of its value. The empirical study will help to contribute to improving the effectiveness IT GRC compared to traditional approach which is commonly practiced in enterprises.