A frame of reference for research of integrated governance, risk and compliance (GRC)

Authors:
Nicolas Racz;Edgar Weippl;Andreas Seufert
Affiliations:
Institute for Software Technology and Interactive Systems, TU Vienna, Vienna, Austria;Institute for Software Technology and Interactive Systems, TU Vienna, Vienna, Austria;Institut für Business Intelligence, Steinbeis Hochschule Berlin, Berlin, Germany
Venue:
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Year:
2010

Citing 1
Cited 2

Design science in information systems research

MIS Quarterly

A conceptual model for integrated governance, risk and compliance

CAiSE'11 Proceedings of the 23rd international conference on Advanced information systems engineering
Architecting a security strategy measurement and management system

Proceedings of the Workshop on Model-Driven Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Governance, Risk and Compliance (GRC) is an emerging topic in the business and information technology world. However to this day the concept behind the acronym has neither been adequately researched, nor is there a common understanding among professionals. The research at hand provides a frame of reference for research of integrated GRC that was derived from the first scientifically grounded definition of the term. By means of a literature review the authors merge observations, an analysis of existing definitions and results from prior surveys in the derivation of a single-phrase definition. The definition is evaluated and improved through a survey among GRC professionals. Finally a frame of reference for GRC research is constructed.