• DocumentCode
    3203816
  • Title

    IT Governance, Risk & Compliance (GRC) Status Quo and Integration: An Explorative Industry Case Study

  • Author

    Racz, Nicolas ; Weippl, Edgar ; Bonazzi, Riccardo

  • Author_Institution
    Inst. of Software Technol. & Interactive Syst., Tech. Univ. Vienna, Vienna, Austria
  • fYear
    2011
  • fDate
    4-9 July 2011
  • Firstpage
    429
  • Lastpage
    436
  • Abstract
    The integration of governance, risk, and compliance (GRC) activities has gained importance over the last years. This paper presents an analysis of the GRC integration efforts in information technology departments of three large enterprises. Action design research is used to organize the research in order to assess IT GRC activities based on a model with five dimensions. By means of semi-structured interviews key findings concerning the status quo of the three IT GRC disciplines, their integration and their relation to GRC on the corporate level are identified and rated. Five key findings explain the main commonalities and differences observed.
  • Keywords
    DP management; information technology; risk management; GRC integration; IT GRC activities; IT compliance; IT governance; IT risk; information technology;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Services (SERVICES), 2011 IEEE World Congress on
  • Conference_Location
    Washington, DC
  • Print_ISBN
    978-1-4577-0879-4
  • Electronic_ISBN
    978-0-7695-4461-8
  • Type

    conf

  • DOI
    10.1109/SERVICES.2011.78
  • Filename
    6012770
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3203816