{"title":"IT治理、风险与合规(GRC)现状与整合:一个探索性行业案例研究","authors":"N. Racz, E. Weippl, R. Bonazzi","doi":"10.1109/SERVICES.2011.78","DOIUrl":null,"url":null,"abstract":"The integration of governance, risk, and compliance (GRC) activities has gained importance over the last years. This paper presents an analysis of the GRC integration efforts in information technology departments of three large enterprises. Action design research is used to organize the research in order to assess IT GRC activities based on a model with five dimensions. By means of semi-structured interviews key findings concerning the status quo of the three IT GRC disciplines, their integration and their relation to GRC on the corporate level are identified and rated. Five key findings explain the main commonalities and differences observed.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"IT Governance, Risk & Compliance (GRC) Status Quo and Integration: An Explorative Industry Case Study\",\"authors\":\"N. Racz, E. Weippl, R. Bonazzi\",\"doi\":\"10.1109/SERVICES.2011.78\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The integration of governance, risk, and compliance (GRC) activities has gained importance over the last years. This paper presents an analysis of the GRC integration efforts in information technology departments of three large enterprises. Action design research is used to organize the research in order to assess IT GRC activities based on a model with five dimensions. By means of semi-structured interviews key findings concerning the status quo of the three IT GRC disciplines, their integration and their relation to GRC on the corporate level are identified and rated. Five key findings explain the main commonalities and differences observed.\",\"PeriodicalId\":429726,\"journal\":{\"name\":\"2011 IEEE World Congress on Services\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-07-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE World Congress on Services\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SERVICES.2011.78\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE World Congress on Services","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERVICES.2011.78","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
IT Governance, Risk & Compliance (GRC) Status Quo and Integration: An Explorative Industry Case Study
The integration of governance, risk, and compliance (GRC) activities has gained importance over the last years. This paper presents an analysis of the GRC integration efforts in information technology departments of three large enterprises. Action design research is used to organize the research in order to assess IT GRC activities based on a model with five dimensions. By means of semi-structured interviews key findings concerning the status quo of the three IT GRC disciplines, their integration and their relation to GRC on the corporate level are identified and rated. Five key findings explain the main commonalities and differences observed.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
