Abstract
As integrated Governance, Risk and Compliance (GRC) becomes one of the most important business requirements in organizations, the market is incongruously struggling to satisfy organizations’ needs. The absence of scientific references regarding GRC is leading to a dispersion of concepts involving this topic. Without boundaries and correct domain definition, poor implementation of GRC solutions can lead to low performances and high vulnerabilities for organizations. This paper proposes a set of high level concepts covering the GRC domain. Through literature review and framework research we propose key functions of governance, risk and compliance and their associations, resulting in a reference conceptual model for integrated GRC. The model was evaluated by comparing the GRC capability model from OCEG with a quality model evaluation framework. We concluded that the proposed model is valid and complete.
Chapter PDF
Similar content being viewed by others
References
PricewaterhouseCoopers: 8th annual global CEO survey (2004), http://www.grc-resource.com/resources/pwc-integritydrivenperformance.pdf
Racz, N., Weippl, E., Seufert, A.: A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC). In: De Decker, B., Schaumüller-Bichl, I. (eds.) CMS 2010. LNCS, vol. 6109, pp. 106–117. Springer, Heidelberg (2010)
Hagerty, J., Kraus, B.: GRC in 2010: $29.8B in Spending Sparked by Risk, Visibility, and Efficiency (2009)
Racz, N., Weippl, E., Seufert, A.: Governance, Risk & Compliance (GRC) Software An Exploratory Study of Software Vendor and Market Research Perspectives. In: Proceedings of the 44th Hawaii International Conference on System Sciences (2011)
Gill, S., Purushottam, U.: Integrated GRC - Is your Organization Ready to Move? In: Governance, Risk and Compliance. SETLabs Briefings, PP. 37–46 (2008)
Moody, D.L., Shanks, G.G.: Improving the Quality of Data Models: Empirical Validation of a Quality Management Framework. Inf. Syst. 28, 619–650 (2003)
Frank, U.: Conceptual Modelling as the Core of the Information Systems Discipline: Perspectives and Epistemological Challenges. In: Proceedings of the Fifth America’s Conference on Information Systems (AMCIS 1999), Milwaukee, Association for Information Systems, pp. 695–698 (1999)
Recker, J.C.: Conceptual Model Evaluation. Towards more Paradigmatic Rigor. In: Halpin, T., Siau, K., Krogstie, J. (eds.) Proceedings of the Workshop on Evaluating Modeling Methods for Systems Analysis and Design (EMMSAD 2005), Held in Conjunctiun with the 17th Conference on Advanced Information Systems (CAiSE 2005), Porto, Portugal, EU, FEUP (2005)
Jeusfeld, M.A., Jarke, M., Nissen, H.W., Staudt, M.: ConceptBase: Managing Conceptual Models about Information Systems. In: Bernus, P., Mertins, K., Schmidt, G. (eds.) Handbook on Architectures of Information Systems. International Handbooks Information System, pp. 273–294. Springer, Heidelberg (2006)
Schermann, M., Böhmann, T., Krcmar, H.: Explicating Design Theories with Conceptual Models: Towards a Theoretical Role of Reference Models. In: Becker, J., Krcmar, H., Niehaves, B. (eds.) Wissenschaftstheorie und Gestaltungsorientierte Wirtschaftsinformatik, pp. 175–194. Physica-Verlag, HD (2009)
Schon, D.A.: The reflective practitioner: how professionals think in action. Basic Books, New York (1983)
Simon, H.A.: The Sciences of the Artificial - 3rd Edition, 3rd edn. The MIT Press, Cambridge (1996)
Shanks, G., Tansley, E., Weber, R.: Using Ontology to Validate Conceptual Models. Commun. ACM 46, 85–89 (2003)
Järvelin, K., Wilson, T.D.: On Conceptual Models for Information Seeking and Retrieval Research. Information Research 9 (2003)
OCEG: GRC Capability Model (2009), http://www.oceg.com
March, S.T., Smith, G.F.: Design and natural science research on information technology. Decis. Support Syst. 15, 251–266 (1995)
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design Science in Information Systems Research. MIS Quarterly 28, 75–106 (2004)
Vaishnavi, V.K., Kuechler, W.: Design Science Research Methods and Patterns: Innovating Information and Communication Technology, 1st edn. Auerbach Publications, Boca Raton (2008)
Moody, D.L., Sindre, G., Brasethvik, T., Sølvberg, A.: Evaluating the Quality of Information Models: Empirical Testing of a Conceptual Model Quality Framework. In: Proceedings of the 25th International Conference on Software Engineering. ICSE 2003, pp. 295–305. IEEE Computer Society, Los Alamitos (2003)
Calvanese, D., de Giacomo, G., Lenzerini, M., Nardi, D., Rosati, R.: Information Integration: Conceptual Modeling and Reasoning Support. In: IFCIS International Conference on Cooperative Information Systems, P. 280 (1998)
Mitchell, S.L.: GRC360: A Framework to help Organisations drive Principled Performance. International Journal of Disclosure and Governance 4, 279–296 (2007)
Tarantino, A.: Governance, Risk and Compliance Handbook: Technology, Finance, Environmental and International Guidance and Best Practices. John Wiley & Sons, Hoboken (2008)
Rasmussen, M.: Defining a Policy Management Lifecycle. (2010), http://www.corp-integrity.com/Compliance-management/defining-a-policy-management-lifecycle
Chatterjee, A., Milam, D.: Gaining Competitive Advantage from Compliance and Risk Management. In: Pantaleo, D., Pal, N. (eds.) From Strategy to Execution, pp. 167–183. Springer, Heidelberg (2008)
Brache, A.P.: How Organizations Work: Taking a Holistic Approach to Enterprise Health. Wiley, Chichester (2001)
Rasmussen, M.: Achieve GRC Value: Efficient Business Process and Application Monitoring (2010), http://www.corp-integrity.com/wp-Content/uploads/2010/12/Achieve-GRC-Value-Efficient-Business-Process-and-Application-Monitoring.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vicente, P., Mira da Silva, M. (2011). A Conceptual Model for Integrated Governance, Risk and Compliance. In: Mouratidis, H., Rolland, C. (eds) Advanced Information Systems Engineering. CAiSE 2011. Lecture Notes in Computer Science, vol 6741. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21640-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-21640-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21639-8
Online ISBN: 978-3-642-21640-4
eBook Packages: Computer ScienceComputer Science (R0)