Governance, risk and compliance: A strategic alignment perspective applied to two case studies

5Citations
Citations of this article
48Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Governance, Risk and Compliance (GRC) has become critical for organizations and so is the need to support this by ICT. This paper positions GRC into an integrated strategic perspective, providing guidelines to assess maturity and defining paths for achieving strategic alignment. The approach is applied to two case studies, clarifying the organizations' GRC maturity "as is" and "to be". These cases were studied in the utilities and financial sectors, both show that organizations can have similar GRC maturity levels but follow quite different paths to achieve alignment with regard to GRC. While the Dutch utility company stuck to a path where the organizational strategy with respect to GRC was taken as a starting point, the financial institution followed a path in which the IT solution strategy was leading. In interpreting this result, it appears that the existing IT assets are strongly impacting the selection of the alignment path. More case studies are advocated to further validate the approach and contribute to optimize the strategic and integrated perspective on GRC. © 2012 IFIP International Federation for Information Processing.

Cite

CITATION STYLE

APA

Shahim, A., Batenburg, R., & Vermunt, G. (2012). Governance, risk and compliance: A strategic alignment perspective applied to two case studies. In IFIP Advances in Information and Communication Technology (Vol. 386 AICT, pp. 202–212). https://doi.org/10.1007/978-3-642-33332-3_19

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free