At the Ninth International Baltic Conference for Databases and Information Systems in Riga last month we presented our latest publication. ISO/IEC 38500, COSO ERM and a compliance process model were merged in a process model for integrated IT GRC management. The conceptual paper describes the selection of standards and best practices, their touching points, the two-fold relation of IT governance to IT risk management and IT compliance, and finally the integrated IT GRC management process model:
The whole paper was published as:
Racz, N., Weippl, E. & Seufert, A. (2010): A process model for integrated IT governance, risk, and compliance management. In: J. Barzdins & M. Kirikova (eds.), Databases and Information Systems. Proceedings of the Ninth International Baltic Conference, Baltic DB&IS 2010, pp. 155-170.
Finally the research community starts to consider the integrated approach to GRC. The Munich University of Technology organises the workshop “Risk Management, Compliance and Governance for resilient Information Systems” as part of the “Informatik 2010″ conference next autumn. Papers can be handed in until April 25.
The purpose of the workshop is to introduce and discuss current research trends in the fields of IT-Risk Management, IT-Compliance, and IT-Governance. Furthermore, it aims at identifying starting-points for methods and tools needed for the development and the operation of resilient Information Systems. The workshop addresses researchers and practitioners with academic interests in the field of Risk Management, Compliance, and Governance.
More information can be found here: http://grc.winfobase.de