Abstract
Governance, Risk and Compliance (GRC) is an emerging topic in the business and information technology world. However to this day the concept behind the acronym has neither been adequately researched, nor is there a common understanding among professionals. The research at hand provides a frame of reference for research of integrated GRC that was derived from the first scientifically grounded definition of the term. By means of a literature review the authors merge observations, an analysis of existing definitions and results from prior surveys in the derivation of a single-phrase definition. The definition is evaluated and improved through a survey among GRC professionals. Finally a frame of reference for GRC research is constructed.
Chapter PDF
Similar content being viewed by others
References
PricewaterhouseCoopers: 8th annual global CEO survey, http://www.globes.co.il/Serve/Researches/documents/8thAnnualGlobalCEOSurvey.pdf
Leibs, S.: One for three. CFO Magazine (September 2007), http://www.cfo.com/article.cfm/9689509
Dittmar, L.: Demystifying GRC. Business Trends Quarterly 2(4), 16–18 (2007)
Kahn Consulting: GRC, E-Discovery, and RIM: state of the industry, http://www.kahnconsultinginc.com/library/KCI-GRC-RIM-EDD-survey.pdf
Rasmussen, M.: 2008 GRC drivers, trends & market directions, http://www12.sap.com/community/showdetail.epx?ItemID=11997
Ahlemann, F., Gastl, H.: Process Model for an Empirically Grounded Reference Model Construction. In: Fettke, P., Loos, P. (eds.) Reference Modelling for Business Systems Analysis, pp. 77–97. Idea Group, Hershey (2007)
Broady, D.V., Roland, H.A.: SAP GRC for dummies. Wiley, Indianapolis (2008)
Fettke, P.: State-of-the-Art des State-of-the-Art. Eine Untersuchung der Forschungsmethode ‘Review’ innerhalb der Wirtschaftsinformatik. Wirtschaftsinformatik 48/4, 257–266 (2006)
Schlagheck, B.: Object-oriented reference models for process and project controlling. In: Foundation-construction-fields of application. Deutscher Univ.-Verlag, Wiesbaden (2000)
Mitchell, S.L.: GRC360: A framework to help organisations drive principled performance. International Journal of Disclosure and Governance 4(4), 279–296 (2007)
Tapscott, D.: Trust and competitive advantage: an integrated approach to governance, risk & compliance (2006), http://www.findwhitepapers.com/whitepaper1714/
Kelly, J.: Risk management surpasses compliance as top GRC priority, http://go.techtarget.com/r/3484977/6129174
Banham, R.: Is ERM GRC? Or vice versa? Treasury & Risk 2(6), 48–50 (2007)
Mitchell, S.L.: GRC – more than three letters, http://grc360.blog.oceg.org/2007/08/grc-more-than-three-letters.html
Hoffmann, M.: Governance, Risk und Compliance (GRC) – ein integrierter Ansatz. IM 24(1), 74–81 (2007)
Switzer, C.S.: Integration innovation. Business Trends Quarterly 2(4), 26–32 (2007)
Curran, B.: Defragmenting GRC. Pharmaceutical Technology 4(16), 20–23 (2007)
KPMG: Governance, risk, and compliance. Driving value through controls monitoring, http://www.kpmg.ca/en/services/advisory/documents/GovernanceRiskCompliance.pdf
Economist Intelligence Unit: Managing risk through financial processes. Embedding governance, risk and compliance, http://graphics.eiu.com/marketing/pdf/SAP%20GRC.pdf
Wechsler, P.: The GRC harmony. Treasury & Risk 2(6), 13 (2008)
Corporate Integrity: What is GRC?, http://www.corp-integrity.com/about/grc.html
Hovis, J.J.: CIO at the center, http://www.oracle.com/dm/08q3field/ogec_wp_cio.pdf
OCEG: GRC capability model. Red Book 2.0 (2009), http://www.oceg.com
Vemuri, A.: Strategic themes in risk and compliance. FINsights 2, 2–5 (2008)
Frigo, M.L., Anderson, R.J.: A strategic framework for governance, risk, and compliance. Strategic Finance 90(8), 20–61 (2009)
Approva Corporation: 2007 Approva GRC survey (2007), http://www.approva.net/survey
Teubner, A., Feller, T.: Informationstechnologie, Governance und Compliance. Wirtschaftsinformatik 50(5), 400–407 (2008)
IT Policy Compliance Group: 2008 Annual Report. IT Governance, Risk, and Compliance (2008), http://www.itpolicycompliance.com/pdfs/ITPCGAnnualReport2008.pdf
Rath, M., Sponholz, R.: IT-Compliance: Erfolgreiches Management regulatorischer Anforderungen. Schmidt, Berlin (2009)
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Quarterly 28(1), 75–105 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Racz, N., Weippl, E., Seufert, A. (2010). A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC). In: De Decker, B., Schaumüller-Bichl, I. (eds) Communications and Multimedia Security. CMS 2010. Lecture Notes in Computer Science, vol 6109. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13241-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-13241-4_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13240-7
Online ISBN: 978-3-642-13241-4
eBook Packages: Computer ScienceComputer Science (R0)