The Development of a Data-Centred Conceptual Reference Model for Strategic GRC-Management

Abstract

Until now there are only few ideas for an integrated governance, risk and compliance (GRC) management available with these referring to the management process of GRC only. In literature, mainly specific questions at a detailed level, like the automation of different controls, are discussed in the GRC context. To be in the position to entirely realise benefit potentials (e.g. improvement of processes), it is necessary to have an integrated GRC-Management focusing on the strategic business objectives. Starting from the requirements, this article deals with general guidelines for strategic GRC-Management showing which aspects have to be considered in terms of an integral approach. On this basis, a data-centred reference model explicates the structural connections of GRC-related data, and lays the basis for the implementation in practice.