Skip to main content

Advertisement

SpringerLink
  • Log in
Book cover

IFIP International Conference on Communications and Multimedia Security

CMS 2010: Communications and Multimedia Security pp 106–117Cite as

  1. Home
  2. Communications and Multimedia Security
  3. Conference paper
A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC)

A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC)

  • Nicolas Racz18,
  • Edgar Weippl18 &
  • Andreas Seufert19 
  • Conference paper

  • 7113 Accesses

  • 36 Citations

  • 1 Altmetric

Part of the Lecture Notes in Computer Science book series (LNSC,volume 6109)

Abstract

Governance, Risk and Compliance (GRC) is an emerging topic in the business and information technology world. However to this day the concept behind the acronym has neither been adequately researched, nor is there a common understanding among professionals. The research at hand provides a frame of reference for research of integrated GRC that was derived from the first scientifically grounded definition of the term. By means of a literature review the authors merge observations, an analysis of existing definitions and results from prior surveys in the derivation of a single-phrase definition. The definition is evaluated and improved through a survey among GRC professionals. Finally a frame of reference for GRC research is constructed.

Keywords

  • governance
  • risk
  • compliance
  • GRC
  • integrated
  • definition

Download conference paper PDF

References

  1. PricewaterhouseCoopers: 8th annual global CEO survey, http://www.globes.co.il/Serve/Researches/documents/8thAnnualGlobalCEOSurvey.pdf

  2. Leibs, S.: One for three. CFO Magazine (September 2007), http://www.cfo.com/article.cfm/9689509

  3. Dittmar, L.: Demystifying GRC. Business Trends Quarterly 2(4), 16–18 (2007)

    Google Scholar 

  4. Kahn Consulting: GRC, E-Discovery, and RIM: state of the industry, http://www.kahnconsultinginc.com/library/KCI-GRC-RIM-EDD-survey.pdf

  5. Rasmussen, M.: 2008 GRC drivers, trends & market directions, http://www12.sap.com/community/showdetail.epx?ItemID=11997

  6. Ahlemann, F., Gastl, H.: Process Model for an Empirically Grounded Reference Model Construction. In: Fettke, P., Loos, P. (eds.) Reference Modelling for Business Systems Analysis, pp. 77–97. Idea Group, Hershey (2007)

    Google Scholar 

  7. Broady, D.V., Roland, H.A.: SAP GRC for dummies. Wiley, Indianapolis (2008)

    Google Scholar 

  8. Fettke, P.: State-of-the-Art des State-of-the-Art. Eine Untersuchung der Forschungsmethode ‘Review’ innerhalb der Wirtschaftsinformatik. Wirtschaftsinformatik 48/4, 257–266 (2006)

    Google Scholar 

  9. Schlagheck, B.: Object-oriented reference models for process and project controlling. In: Foundation-construction-fields of application. Deutscher Univ.-Verlag, Wiesbaden (2000)

    Google Scholar 

  10. Mitchell, S.L.: GRC360: A framework to help organisations drive principled performance. International Journal of Disclosure and Governance 4(4), 279–296 (2007)

    CrossRef  Google Scholar 

  11. Tapscott, D.: Trust and competitive advantage: an integrated approach to governance, risk & compliance (2006), http://www.findwhitepapers.com/whitepaper1714/

  12. Kelly, J.: Risk management surpasses compliance as top GRC priority, http://go.techtarget.com/r/3484977/6129174

  13. Banham, R.: Is ERM GRC? Or vice versa? Treasury & Risk 2(6), 48–50 (2007)

    Google Scholar 

  14. Mitchell, S.L.: GRC – more than three letters, http://grc360.blog.oceg.org/2007/08/grc-more-than-three-letters.html

  15. Hoffmann, M.: Governance, Risk und Compliance (GRC) – ein integrierter Ansatz. IM 24(1), 74–81 (2007)

    Google Scholar 

  16. Switzer, C.S.: Integration innovation. Business Trends Quarterly 2(4), 26–32 (2007)

    Google Scholar 

  17. Curran, B.: Defragmenting GRC. Pharmaceutical Technology 4(16), 20–23 (2007)

    Google Scholar 

  18. KPMG: Governance, risk, and compliance. Driving value through controls monitoring, http://www.kpmg.ca/en/services/advisory/documents/GovernanceRiskCompliance.pdf

  19. Economist Intelligence Unit: Managing risk through financial processes. Embedding governance, risk and compliance, http://graphics.eiu.com/marketing/pdf/SAP%20GRC.pdf

  20. Wechsler, P.: The GRC harmony. Treasury & Risk 2(6), 13 (2008)

    Google Scholar 

  21. Corporate Integrity: What is GRC?, http://www.corp-integrity.com/about/grc.html

  22. Hovis, J.J.: CIO at the center, http://www.oracle.com/dm/08q3field/ogec_wp_cio.pdf

  23. OCEG: GRC capability model. Red Book 2.0 (2009), http://www.oceg.com

  24. Vemuri, A.: Strategic themes in risk and compliance. FINsights 2, 2–5 (2008)

    Google Scholar 

  25. Frigo, M.L., Anderson, R.J.: A strategic framework for governance, risk, and compliance. Strategic Finance 90(8), 20–61 (2009)

    Google Scholar 

  26. Approva Corporation: 2007 Approva GRC survey (2007), http://www.approva.net/survey

  27. Teubner, A., Feller, T.: Informationstechnologie, Governance und Compliance. Wirtschaftsinformatik 50(5), 400–407 (2008)

    CrossRef  Google Scholar 

  28. IT Policy Compliance Group: 2008 Annual Report. IT Governance, Risk, and Compliance (2008), http://www.itpolicycompliance.com/pdfs/ITPCGAnnualReport2008.pdf

  29. Rath, M., Sponholz, R.: IT-Compliance: Erfolgreiches Management regulatorischer Anforderungen. Schmidt, Berlin (2009)

    Google Scholar 

  30. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Quarterly 28(1), 75–105 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Software Technology and Interactive Systems, TU Vienna, Favoritenstr. 9-11, 1040, Vienna, Austria

    Nicolas Racz & Edgar Weippl

  2. Institut für Business Intelligence, Steinbeis Hochschule Berlin, Gürtelstr. 29A/30, 10247, Berlin, Germany

    Andreas Seufert

Authors
  1. Nicolas Racz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Edgar Weippl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Seufert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, K.U. Leuven, DistriNet, Celestijnenlaan 200A, 3001, Leuven, Belgium

    Bart De Decker

  2. School of Informatics, Communications and Media, Upper Austria University of Applied Sciences, Softwarepark 11, 4232, Hagenberg, Austria

    Ingrid Schaumüller-Bichl

Rights and permissions

Reprints and Permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Racz, N., Weippl, E., Seufert, A. (2010). A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC). In: De Decker, B., Schaumüller-Bichl, I. (eds) Communications and Multimedia Security. CMS 2010. Lecture Notes in Computer Science, vol 6109. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13241-4_11

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/978-3-642-13241-4_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13240-7

  • Online ISBN: 978-3-642-13241-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Over 10 million scientific documents at your fingertips

Switch Edition
  • Academic Edition
  • Corporate Edition
  • Home
  • Impressum
  • Legal information
  • Privacy statement
  • California Privacy Statement
  • How we use cookies
  • Manage cookies/Do not sell my data
  • Accessibility
  • FAQ
  • Contact us
  • Affiliate program

Not logged in - 34.239.152.207

Not affiliated

Springer Nature

© 2023 Springer Nature Switzerland AG. Part of Springer Nature.