Abstract
Governance, Risk and Compliance (GRC) has become critical for organizations and so is the need to support this by ICT. This paper positions GRC into an integrated strategic perspective, providing guidelines to assess maturity and defining paths for achieving strategic alignment. The approach is applied to two case studies, clarifying the organizations’ GRC maturity “as is” and “to be”. These cases were studied in the utilities and financial sectors, both show that organizations can have similar GRC maturity levels but follow quite different paths to achieve alignment with regard to GRC. While the Dutch utility company stuck to a path where the organizational strategy with respect to GRC was taken as a starting point, the financial institution followed a path in which the IT solution strategy was leading. In interpreting this result, it appears that the existing IT assets are strongly impacting the selection of the alignment path. More case studies are advocated to further validate the approach and contribute to optimize the strategic and integrated perspective on GRC.
Chapter PDF
Similar content being viewed by others
References
Chandler, A.D.: Strategy and Structure: Chapters in the history of American Enterprise. The MIT Press, Cambridge (1962)
Dupuis, M., Endicott-Popovsky, B., Wang, H., Subramaniam, I., Du, Y.: Top-down mandates and the need for organizational governance, risk management, and compliance in China: A discussion, Asia-Pacific Economic Association (APEA). In: Sixth Annual Conference, Hong Kong (July 2010)
Frigo, M.L., Anderson, R.J.: A strategic framework for governance, risk and compliance. Strategic Finance 90(8), 20–61 (2009)
Henderson, J.C., Venkatraman, N.: Strategic alignment: Leveraging Information Technology for transforming organizations. IBM Systems Journal 32(1), 472–484 (1999)
Koenig, D.R.: Enterprise risk management: A 360 degree review, Ductilibility, LLC, September 11 (2008)
KPMG: Survival of the most informed: GRC comes of age – How to envision, strategize, and lead to achieve enterprise resilience. KPMG International Cooperative (2010)
Madlener, J.J.: The implications of integrating governance, risk and compliance in business intelligence systems on corporate performance management. Erasmus University Rotterdam (2008)
Marks, N.: What is GRC and why does it matter? SAP, London (2010)
Mitchell, S.L., Stern Switzer, C.: GRC capability model Red Book 2.0. Open Compliance & Ethics Group, OCEG (April 2009)
MHI: Collaborative accountability in governance, risk, & compliance: Creating harmony across business roles, White Paper, MHI (2010)
OCEG: OCEG Corporate Compliance and Ethics Maturity ModelTM (2007a), http://www.oceg.org/Download/OCCEMM
OCEG: OCEG Corporate Governance Maturity ModelTM (2007b), http://www.oceg.org/Download/CGMM
OCEG: OCEG Matrix Adapted from RIMS ERM Risk maturity Model (2007c), http://www.oceg.org/Download/RIMSERMM
Racz, S., Weippl, E., Seufert, A.: A frame of reference for research of integrated governance, risk and compliance (GRC). International Federation for Information Processing (IFIP) (2010)
Robb, D.: IT-business alignment takes a step forward with GRC, CIO Update (March 9, 2010)
Sarbanes, P., Oxley, M.: Text of the Sarbanes Oxley Act. US Congress, Washington (2002)
Scheper, W.: Business IT Alignment: oplossing voor de productiviteitsparadox. Information Science. Utrecht University, Utrecht (2002)
Streng, R.J.: Corporate governance, internal control and risk management: The key role of information systems. Bertius Publishers, Moordrecht (2010)
Tarantino, A.: Governance, risk and compliance handbook: Technology, finance, environmental, and international guidance and best practices. John Wiley & Sons, Inc., Hoboken (2008)
Tiazkun, S., Borovick, L.: Governance, risk and compliance. White Paper. IDC (2007)
Vemuri, A.: Strategic themes in risk and compliance. FINSight 2, 2–5 (2008)
Venkatraman, N., Henderson, J.C., Oldach, S.: Continuous Strategic Alignment: Exploiting Information Technology Capabilities for Competitive Success. European Management Journal 11(2), 139–149 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Shahim, A., Batenburg, R., Vermunt, G. (2012). Governance, Risk and Compliance: A Strategic Alignment Perspective Applied to Two Case Studies. In: Hercheui, M.D., Whitehouse, D., McIver, W., Phahlamohlaka, J. (eds) ICT Critical Infrastructures and Society. HCC 2012. IFIP Advances in Information and Communication Technology, vol 386. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33332-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-33332-3_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33331-6
Online ISBN: 978-3-642-33332-3
eBook Packages: Computer ScienceComputer Science (R0)