A conceptual model for integrated governance, risk and compliance

Authors:
Pedro Vicente;Miguel Mira da Silva
Affiliations:
Instituto Superior Técnico, Universidade Técnica de Lisboa, Lisboa, Portugal;Instituto Superior Técnico, Universidade Técnica de Lisboa, Lisboa, Portugal
Venue:
CAiSE'11 Proceedings of the 23rd international conference on Advanced information systems engineering
Year:
2011

Citing 10
Cited 1

The sciences of the artificial (3rd ed.)

The sciences of the artificial (3rd ed.)
Information Integration: Conceptual Modeling and Reasoning Support

COOPIS '98 Proceedings of the 3rd IFCIS International Conference on Cooperative Information Systems
Evaluating the quality of information models: empirical testing of a conceptual model quality framework

Proceedings of the 25th International Conference on Software Engineering
Improving the quality of data models: empirical validation of a quality management framework

Information Systems
Using ontology to validate conceptual models

Communications of the ACM - Service-oriented computing
Design Science Research Methods and Patterns: Innovating Information and Communication Technology

Design Science Research Methods and Patterns: Innovating Information and Communication Technology
Design and natural science research on information technology

Decision Support Systems
Governance, Risk & Compliance (GRC) Software - An Exploratory Study of Software Vendor and Market Research Perspectives

HICSS '11 Proceedings of the 2011 44th Hawaii International Conference on System Sciences
Design science in information systems research

MIS Quarterly
A frame of reference for research of integrated governance, risk and compliance (GRC)

CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security

Measures and mechanisms for process monitoring in evolving business networks

Data & Knowledge Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

As integrated Governance, Risk and Compliance (GRC) becomes one of the most important business requirements in organizations, the market is incongruously struggling to satisfy organizations' needs. The absence of scientific references regarding GRC is leading to a dispersion of concepts involving this topic. Without boundaries and correct domain definition, poor implementation of GRC solutions can lead to low performances and high vulnerabilities for organizations. This paper proposes a set of high level concepts covering the GRC domain. Through literature review and framework research we propose key functions of governance, risk and compliance and their associations, resulting in a reference conceptual model for integrated GRC. The model was evaluated by comparing the GRC capability model from OCEG with a quality model evaluation framework. We concluded that the proposed model is valid and complete.