Information Technology Reference
In-Depth Information
Fig. 5.
Integrated GRC Conceptual Model
Finally, we opted to include policies into this crucial group that represents the
integration of the three areas. On the one hand, because they are linked to con-
trols that help ensure the fulfilment of policies, and on the other hand, because
policies articulate culture and accountability at the level of governance, risk and
compliance, consequently having an impact across the entire organization.
The integrated conceptual model in Fig. 5 shows the information with cen-
tral roles in integrated GRC, thus it should be centralized and properly
associated.
4 Evaluation
4.1 OCEG Capability Model
We opted to map the relations between the concepts of the model with OCEG
Capability Model components (Fig. 6), a recognized framework that provides
eight components that gather detailed practices (Fig. 7).
The components contain 32 associated elements with 132 practices. The re-
lations that cover elements and practices of the component have been coloured
with the according shade attributed to the component(Fig. 7).
