Information Technology Reference
In-Depth Information
rapid globalization, increasing regulations like BASEL II, the Sarbanes-Oxley
Act (SOX), Anti-Money Laundering (AML), etc., and growing demands of trans-
parency for companies [5].
Traditionally, governance, risk and compliance activities were scattered in
silos all over the organization, which has a negative impact on transparency
and decision making. GRC activities are important in organizations, not only to
boost their performance, but above all, to protect organizations from the inside
and the outside. To accomplish this objective, organizations need to shift these
activities from niche groups to business units [5] in order to improve these same
activities.
Although many organizations agree on the benefits that arise from integrating
GRC processes, there is no congruence between software vendors, organizations
and market research [4].
In this paper we use conceptual modelling to define the domain of integrated
GRC. It is widely accepted that conceptual models are a prerequisite for suc-
cessfully planning and designing complex systems, particularly information sys-
tems [6,7,8,9]. Over the last decades, conceptual modelling has been employed to
facilitate, systematize, and aid the process of information system engineering [8].
Based on the four design artefacts produced by design science research in
information systems - constructs , models , methods and instantiations - we will
focus on constructs and models. Constructs are necessary to describe certain as-
pects of a problem domain and allow the development of the research project's
terminology [10]. In other words, they provide the language in which problems
and solutions are defined and communicated [11]. Models use constructs to rep-
resent a real world situation, the design problem and the solution space [12].
A conceptual reference model, a specific type of conceptual models, is a “claim
that the model comprises knowledge that is useful in the design of specific solu-
tions for a particular domain” [10]. A conceptual model is a typically graphical
representation, hence can provide limited vocabulary [10], constructed by IS pro-
fessionals of someone's or some group's perception of a real-world domain [13].
Conceptual modelling may be used to ease the implementation of an infor-
mation system or to provide a common understating between the organization's
needs and an enterprise application [13]. It is also suitable to systematize knowl-
edge, provide guiding research and map a portion of reality [14].
In this paper, we use conceptual modelling to supply a reference model to
the scientific community that can lead to a common understanding of what
constitutes the universe of integrated GRC. Currently, the most complete and
recognized framework for integrated GRC was developed by the “Open Compli-
ance & Ethics Group”(OCEG). OCEG is a non-profit organization that uniquely
helps other organizations to enhance corporate culture and integrate governance,
risk management, and compliance processes. The GRC Capability Model [15] is
the central piece of the OCEG framework and describes practices to implement
and manage GRC activities.
Our approach is to design a conceptual model that contains domain level con-
cepts, representing a high level of integration between the following sub-domains:
 
Search WWH ::




Custom Search