Information Technology Reference
In-Depth Information
Fig. 2.
Conceptual Model for Governance
through the close proximity that governance should have with risk management,
which may provide very useful information in strategy setting and decision mak-
ing. We will address the relation with risk management in Sect. 3.2.
Controlling the organization over intelligent, reliable and real-time informa-
tion that is available through dashboards, appropriate reporting and monitoring
mechanisms, provides C-level executives a paramount tool for an effective and
ecient supervision of the performance of all GRC activities.
3.2 Risk Management
Risk management is more than to just identify and respond to risks. Risk man-
agement enables us to predict and avoid risk taking consequently decreasing the
possibility of unexpected events to occur. A well-structured risk management
must be aligned and linked with both governance and compliance information
in order to attain advantages (Fig. 3).
According to OCEG [15], risk management is “the systematic application of
processes and structure that enable an organization to identify, evaluate, analyse,
optimize, monitor, improve, or transfer risk while communicating risk and risk
