Abstract
Companies face a plethora of regulations, standards, and best practice frameworks for governance, risk management and compliance. Information systems (IS) for planning, controlling, and reporting on the compliance with these requirements are known as governance, risk management, and compliance (GRC) IS. However, the challenge lies in mapping control requirements with functionality of GRC IS. In this paper, we review existing regulations and derive a framework for key control requirements. We develop a pattern-based approach that allows to systematically evaluate GRC IS based on the current regulatory situation. We evaluate the pattern catalogue by classifying an existing GRC portfolio. As implications for research, we associate existing control requirements and GRC information systems. As implications for practice, we provide decision support for the selection of GRC IS, depending on situational factors and the expected value proposition. In sum, our framework adds to the understanding of the effects of GRC IS.
Chapter PDF
Similar content being viewed by others
References
Parry, E.: SOX Wars: CIOs share ideas, fears on Sarbanes-Oxley compliance. SearchCIO.com (7) (2004)
Ashbaugh-Skaife, H., Collins, D., Kinney Jr., W., LaFond, R.: The effect of SOX internal control deficiencies and their remediation on accrual quality. The Accounting Review 83(1), 217–250 (2008)
Volonino, L., Gessner, G.H., Kermis, G.F.: Holistic Compliance with Sarbanes-Oxley. Communications of the Association for Information Systems 14 (2004)
Fisher, J.: Compliance in the Performance Management Context: What technologies could simplify compliance and automate information gathering? Bank, Accounting & Finance 20(4), 41–49 (2007)
Wiesche, M., Schermann, M., Krcmar, H.: Exploring the contribution of information technology to Governance, Risk, and Compliance (GRC) initiatives. Paper to be presented at the 19th European Conference on Information Systems (ECIS), Helsinki, Finland (2011)
Hagerty, J., Kraus, B.: GRC in 2010: $29.8B. In: Spending Sparked by Risk, Visibility, and Efficiency, Boston, MA, p. 12 (2009)
OpenPages, Risk Management Investments to Rise in 2010 (2009)
Syed Abdullah, S.N.H., Induslka, M., Shazia, S.: A study of compliance management in information systems research. In: ECIS 2009 Proceedings (2009)
Heiser, J.: Hype Cycle for Governance, Risk and Compliance Technologies. In: Gartner Hype Cycles (2010), Gartner Research Report G00205229
Teubner, R.A., Feller, T.: Informationstechnologie, Governance und Compliance. Wirtschaftsinformatik 50(5), 400–407 (2008)
Shleifer, A., Vishny, R.W.: A survey of corporate governance. Journal of Finance 52(2), 737–783 (1997)
Alexander, C.: The timeless way of building. Oxford University Press, New York (1979)
Buschmann, F., et al.: A System of Patterns: Pattern-Oriented Software Architecture: A System of Patterns. John Wiley & Sons Inc., Chichester (1996)
Fowler, M.: Analysis Patterns: reusable object models. Addison-Wesley, Reading (1997)
Brown, W.J. (ed.): AntiPatterns: refactoring software, architectures, and projects in crisis, vol. 20. Wiley, Chichester (1998)
Pree, W., Sikora, H.: Design patterns for object-oriented software development. In: ICSE 1997 Proceedings of the 19th International Conference on Software Engineering. ACM, New York (1997)
Ignatiadis, I., Nandhakumar, J.: The Effect of ERP System Workarounds on Organizational Control: An interpretivist case study. Scandinavian Journal of Information Systems 21(2), 3 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wiesche, M., Berwing, C., Schermann, M., Krcmar, H. (2011). Patterns for Understanding Control Requirements for Information Systems for Governance, Risk Management, and Compliance (GRC IS). In: Salinesi, C., Pastor, O. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2011. Lecture Notes in Business Information Processing, vol 83. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22056-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-22056-2_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22055-5
Online ISBN: 978-3-642-22056-2
eBook Packages: Computer ScienceComputer Science (R0)