Too many requestsToo many requests
The six first-author publications of Nicolas Racz are now available in consolidated form, including an extended introduction to GRC. The book can be purchased from Amazon [Buy from Amazon].
The Australasian Conference on Information Systems (ACIS), primary conference in the region, in 2010 featured a GRC track with several interesting contributions . We used the opportunity to present our latest research, carried out in collaboration with the University of Erlangen-Nuremberg. In a survey among 48 large enterprises we identified the status quo of GRC and GRC software. Implications for research were derived. You can download the presentation here.
This week we presented the publication that is the foundation of the research carried out by GRC Resource at the 11th IFIP TC 6/ TC 11 International Conference in Linz, Austria. The publication’s core is a single-phrase GRC definition derived from a literature review and validated with GRC professionals. The definition was translated into a frame of reference that can be applied by researchers when approaching GRC.
The definition reads as follows: “GRC is an integrated, holistics approach to organisation-wide governance, risk and compliance ensuring that an organisation acts ethically correct and in accordance with its risk appetite, internal policies and external regulations through the alignment of strategy, processes, technology and people, thereby improving efficiency and effectiveness.”
More on the definition and the frame of reference will soon be published on GRC-Resource.com.
The work was published in the conference proceedings:
Racz, N., Weippl, E. & Seufert, A. (2010): A frame of reference for research of integrated GRC. In: Bart De Decker, Ingrid Schaumüller-Bichl (Eds.), Communications and Multimedia Security, 11th IFIP TC 6/TC 11 International Conference, CMS 2010 Proceedings. Berlin: Springer, pp. 106-117.
Do you remember being challenged to define GRC in a few words – in meetings, lunch discussions or at the water cooler? “It’s Governance, Risk and Compliance” might be an easy answer, but it does not draw out the underlying concept.
Through a review of over 100 GRC publications we have developed a single-phrase definition of GRC we would like to validate with your help. We invite you to take part in our anonymous, two-minute GRC definition survey: http://survey.grc-resource.com
Feel free to share the survey link with other GRC professionals!
Thank you & regards,
GRC Resource recently created a group about integrated GRC within the social business network XING.com. XING is still dominated by German-speaking users, but it is strongly expanding to other language areas these days. Feel free to join the group and take part in discussions with other GRC experts.
As always in IT projects, it lasted longer than planned, but GRC Resource is finally online! The resources linked are still a bit scarce, but you can be sure that new resources are added in regular intervals. All information provided on this website is free – assembled for research and educational purposes. You can find out more about the website and the author in the “About” section.