Exploring the contribution of information technology to Governance, Risk, and Compliance (GRC) initiatives

Manuel Wiesche
Michael Schermann, Santa Clara University


Information technology (IT) has a tremendous impact on the discipline of accounting by introducing new ways of retrieving and processing information about performance deviations and control effectiveness. This paper explores the role of IT for managing organizational controls by analyzing value drivers for particular accounting information systems that commonly run under the label of Governance, Risk Management, and Compliance (GRC IS). We apply a grounded theory approach to structure the value drivers of GRC IS into a research framework. In order to understand the impact of IT, we relate the GRC IS value drivers to control theories. Practical implications include understanding GRC IS benefits beyond compliance and providing clear strategic reasoning for GRC IS depending on the individual company’s situation. Research implications include the fact that integrating IT into the context of accounting leaves several unsolved yet promising issues in theory which future research might address. This paper is the first to use the lens of organizational control theories on Governance, Risk Management, and Compliance information systems and establishes a potentially fruitful research agenda for GRC IS as a highly relevant topic for information systems research.