Posted by Nicolas on Aug 18, 2010
At the Ninth International Baltic Conference for Databases and Information Systems in Riga last month we presented our latest publication. ISO/IEC 38500, COSO ERM and a compliance process model were merged in a process model for integrated IT GRC management. The conceptual paper describes the selection of standards and best practices, their touching points, the two-fold relation of IT governance to IT risk management and IT compliance, and finally the integrated IT GRC management process model:
The whole paper was published as:
Racz, N., Weippl, E. & Seufert, A. (2010): A process model for integrated IT governance, risk, and compliance management. In: J. Barzdins & M. Kirikova (eds.), Databases and Information Systems. Proceedings of the Ninth International Baltic Conference, Baltic DB&IS 2010, pp. 155-170.