Patterns for Understanding Control Requirements for Information Systems for Governance, Risk Management, and Compliance (GRC IS)

Authors

Manuel Wiesche
Carolin Berwing
Michael Schermann, Santa Clara UniversityFollow
Helmut Krcmar

Document Type

Book Chapter

Publication Date

2011

Publisher

Springer

Abstract

Companies face a plethora of regulations, standards, and best practice frameworks for governance, risk management and compliance. Information systems (IS) for planning, controlling, and reporting on the compliance with these requirements are known as governance, risk management, and compliance (GRC) IS. However, the challenge lies in mapping control requirements with functionality of GRC IS. In this paper, we review existing regulations and derive a framework for key control requirements. We develop a pattern-based approach that allows to systematically evaluate GRC IS based on the current regulatory situation. We evaluate the pattern catalogue by classifying an existing GRC portfolio. As implications for research, we associate existing control requirements and GRC information systems. As implications for practice, we provide decision support for the selection of GRC IS, depending on situational factors and the expected value proposition. In sum, our framework adds to the understanding of the effects of GRC IS.

Chapter of

Advanced Information Systems Engineering Workshops: CAiSE 2011 International Workshops, London, UK, June 20-24, 2011. Proceedings

Part of

Lecture Notes in Business Information Processing

Editor

Camille Salinesi
Oscar Pastor

Recommended Citation

Wiesche, M., Berwing, C., Schermann, M., and Krcmar, H. (2011): ”Patterns for Understanding Control Requirements for Information Systems for Governance, Risk Management, and Compliance (GRC IS)” in Advanced Information Systems Engineering Workshops, Salinesi, C. and Pastor, O. (eds.). Berlin, Germany: Springer, pp. 208-217.