Governance, Risk and Compliance for Information Systems

Governance, Risk & Compliance (GRC) is an important topic in the worlds of business and technology. The dominant notion of the acronym - an integrated approach to the three disciplines of GRC - has been ignored by scientific research so far. The research presented in this book for the first time describes GRC integration from a scientific perspective. Both "GRC for IT" (known as IT GRC) and "IT for GRC" (GRC software) are analysed. From literature reviews, surveys and case studies a GRC definition and a high-level process model for integrated GRC in IT management are derived. This book provides useful, practical insights for both academics and professionals dealing with GRC.