Redirecting GRC Resource » New Resources

Collected GRC publications available as book

Posted by Nicolas on Nov 30, 2011

The six first-author publications of Nicolas Racz are now available in consolidated form, including an extended introduction to GRC. The book can be purchased from Amazon [Buy from Amazon].

Research publication: GRC vendor survey presented at ACIS 2010

Posted by Nicolas on Dec 25, 2010

The Australasian Conference on Information Systems (ACIS), primary conference in the region, in 2010 featured a GRC track with several interesting contributions . We used the opportunity to present our latest research, carried out in collaboration with the University of Erlangen-Nuremberg. In a survey among 48 large enterprises we identified the status quo of GRC and GRC software. Implications for research were derived. You can download the presentation here.

Kuppinger Cole GRC Reference Architecture

Posted by Nicolas on Oct 30, 2009

Kuppinger Cole, a German analyst company focusing primarily on identity management, has recently published a reference architecture for GRC. The report was composed by Prof. Dr. Sachar Paulus, who formerly held the position of SAP’s vice president of product security. Due to its strong  security / IDM background Kuppinger Cole promotes a rather technology-oriented view of GRC. They go as far as putting “security” on the same level as governance, risk management and compliance. Consequently the report claims that GRC should not cover financial risk; while the reference architecture proposed “allows to cover all [types of risks], typically the operational risks (and within them, the IT risks) will be at the center of GRC activities.”

The 14-page report breaks down GRC into four core phases: requirements modeling, status investigation, situation improvement activities and crisis & incident management. These four phases are the thread that is followed throughout the report, when the involved processes are described in more detail. The report is clearly written from a practicioner’s point of view, mainly building on his own experience while renouncing to deliver empirical evidence. It may be useful as a high-level guideline for holistic GRC, giving a lot of hints on what to consider in GRC projects. Notes on the organisational setup, the managerial view and GRC software round up an interesting report that comes at a cheap price.

“A GRC Reference Architecture” can be purchased from Kuppinger Cole at

Protiviti survey answers

Posted by Nicolas on Jul 9, 2009

Next in our weekly publication of answers to a recent survey is the global business consulting and internal audit firm Protiviti. Get informed about their perspective on GRC and their product portfolio.

New Forrester Wave on GRC causes a stir

Posted by Nicolas on Jul 8, 2009

The recently published “Forrester Wave:  Enterprise Governance, Risk, and Compliance Platforms, Q3 2009” has led to interesting discussions in the GRC community following a severe critique of Forrester’s methodology by Michael Rasmussen. The analyst, who originally developed and wrote the Wave report himself, calls the “wave” a “ripple” and attacks his former employer severely. Build your own opinion by reading the blog comment and the reactions it caused.

The Forrester Wave can be purchased directly from Forrester, or you can download it from after free registration.

MetricStream survey answers

Posted by Nicolas on Jul 2, 2009

MetricStream is the second vendor presented in our weekly survey answer series.

CA answers to vendor survey

Posted by Nicolas on Jun 25, 2009

Over the last months we conducted a small vendor survey to find out more about software companies’ idea of GRC, their products and future developments. From now on we are going to publish the answers of a new company each week. You can find them in the GRC Technology / Software Vendors category. The first vendor presented is CA.

Why GRC makes sense in a down economy

Posted by Nicolas on Apr 5, 2009

CA’s Christopher Fox explains why investments in GRC pay off even in times of a recession.

[Why GRC makes sense in a down economy]

Who is the largest GRC vendor?

Posted by Nicolas on Mar 27, 2009

Check out Michael Rasmussen’s new blog entry on the largest GRC software vendor. He is giving away some interesting facts on GRC market size  and definition and comes up with an answer that might surprise you.

[Who is the largest GRC vendor?]

Podcast: Best Practices in Enterprise IT-GRC

Posted by Nicolas on Mar 11, 2009

Aberdeen Group’s Stephen Walker recently moderated a podcast featuring prominent participants from three major IT-GRC vendors: Chris Fox (Senior Principal of GRC at CA), John DiMaria (Director of Professional Services at eFortresses) and Roland Mosimann (CEO of Aline) discussed best practices in Enterprise IT-GRC. You can listen to the podcast after free registration at or download the transcript directly from GRC Resource. also offers the opportunity to ask questions to the participants of the panel discussion.