Abstract
Abstract: The study delves into the intricacies of IT Governance, Risk, and Compliance (IT GRC) in modern organisations, emphasising its significance amidst evolving regulatory landscapes and increased reliance on IT systems. IT GRC is an integrated framework combining IT governance, risk management, and compliance, ensuring alignment with business goals, mitigating risks, and adhering to regulations. The paper outlines the theoretical foundation of IT GRC and highlights the challenges and gaps in the current literature, underscoring the need for further research and understanding. It discusses the components and importance of IT GRC, illustrating how effective implementation enhances operational efficiency and reduces vulnerability to threats. Key frameworks such as COBIT and ISO 27001 are examined for their roles in establishing IT GRC standards. The study also explores the challenges in implementing IT GRC systems, recommending best practices for successful integration. Emerging technologies and future trends in IT GRC are analysed, projecting the domain's evolution in response to dynamic business environments. The research underscores modern organisations' need to adopt a holistic and integrated approach to IT GRC, aligning it with broader corporate governance to achieve sustainable performance and compliance.
References
Sikdar, P. (2021). Strong Security Governance Through Integration and Automation: A Practical Guide to Building an Integrated GRC Framework for Your Organization. [HTML]
Zammit, C., Grima, S., & Kizilkaya, Y. M. (2021). A Maturity Evaluation of Governance, Risk Management and Compliance (GRC) within the Maltese Public Sector. In Contemporary Issues in Public Sector Accounting and Auditing (pp. 219-255). Emerald Publishing Limited. [HTML]
Chergui, M., & Chakir, A. (2020). IT GRC smart adviser: Process driven architecture applying an integrated framework. Advances in Science, Technology and Engineering Systems, 5(6), 247-255. researchgate.net
Alharbi, F., Sabra, M. N. A., Alharbe, N., & Almajed, A. A. (2022). Towards a strategic it grc framework for healthcare organizations. International Journal of Advanced Computer Science and Applications, 13(1). academia.edu
Chhetri, I. T. (2022). Cybersecurity and governance, risk and compliance (grc). Australian Journal of Wireless Technologies, Mobility and Security, 1. researchgate.net
Kjærvik, S. B. (2023). Utilization of ServiceNow's Risk Management Functionality Within the GRC Module: A Case Study. ntnu.no
Michelberger, P., & Kemendi, Á. (2020). Data, information and it security-software support for security activities. Problems of Management in the 21st Century, 15(2), 108-124. semanticscholar.org
Massicotte, S. & Henri, J. F. (2021). The use of management accounting information by boards of directors to oversee strategy implementation. The British Accounting Review. [HTML]
Aspan, H. (2022). Ocdy Amelia, William Lam (2022). Re-Appointment of Directors and Commissioners in the Same Position in a Limited Liability Company. Sch Int J Law Crime Justice. saudijournals.com
Aboud, A., & Yang, X. (2022). Corporate governance and corporate social responsibility: new evidence from China. International Journal of Accounting & Information Management, 30(2), 211-229. port.ac.uk
Hartmann, C. C. & Carmenate, J. (2021). Academic research on the role of corporate governance and IT expertise in addressing cybersecurity breaches: Implications for practice, policy, and research. Current issues in auditing. [HTML]
Kalsum, U. (2021). Factors affecting the disclosure of corporate social responsibility. International Journal of Business Economics (IJBE). umsu.ac.id
Kuchma, O. & Kotukh, Y. (2023). INSTITUTING A ROBUST RISK MANAGEMENT FRAMEWORK FOR THE STATE-OWNED IT GOVERNANCE. Матеріали конференцій МЦНД. mcnd.org.ua
Makaš, A. (2023). Governance, risk and compliance frameworks applicability in the organizations. International Journal of Science and Research Archive. ijsra.net
Fischer, M., Imgrund, F., Janiesch, C., & Winkelmann, A. (2020). Strategy archetypes for digital transformation: Defining meta objectives using business process management. Information & Management, 57(5), 103262. sciencedirect.com
Atmaja, D. S., Fachrurazi, F., Abdullah, A., Fauziah, F., Zaroni, A. N., & Yusuf, M. (2022). Actualization Of Performance Management Models For The Development Of Human Resources Quality, Economic Potential, And Financial Governance Policy In Indonesia Ministry Of Education. iainptk.ac.id
Hu, X., Yan, H., Casey, T., & Wu, C. H. (2021). Creating a safe haven during the crisis: How organizations can achieve deep compliance with COVID-19 safety measures in the hospitality industry. International Journal of Hospitality Management, 92, 102662. nih.gov
Pererva, P., Kobielieva, T., Kuchinskyi, V., Garmash, S., & Danko, T. (2021). Ensuring the Sustainable Development of an Industrial Enterprise on the Principle of Compliance-Safety. Studies of Applied Economics, 39(5). ual.es
Thabit, T. H. (2021). The Impact of Implementing COBIT 2019 Framework on Reducing the Risks of e-Audit. Buhuth Mustaqbaliya. researchgate.net
Almusawi, I. G. (2021). Using COBIT Framework for Reducing the Audit Risks of Accounting Information Systems. Akkad Journal of Contemporary Accounting Studies. acefs.org
Al-Fatlawi, Q. A., Al Farttoosi, D. S., & Almagtome, A. H. (2021). Accounting information security and it governance under cobit 5 framework: A case study. Webology. webology.org
Alsaleem, E. A., & Husin, N. M. (2023). The Impact of Information Technology Governance Under Cobit-5 Framework on Reducing the Audit Risk in Jordanian Companies. International Journal of Professional Business Review: Int. J. Prof. Bus. Rev., 8(2), 4. unirioja.es
De Haes, S., Van Grembergen, W., Joshi, A., Huygh, T., De Haes, S., Van Grembergen, W., ... & Huygh, T. (2020). COBIT as a Framework for Enterprise Governance of IT. Enterprise Governance of Information Technology: Achieving Alignment and Value in Digital Organizations, 125-162. [HTML]
Fonseca-Herrera, O. A., Rojas, A. E., & Florez, H. (2021). A model of an information security management system based on NTC-ISO/IEC 27001 standard. IAENG Int. J. Comput. Sci, 48(2), 213-222. researchgate.net
Al Faruq, B., Herlianto, H. R., Simbolon, S. H., Utama, D. N., & Wibowo, A. (2020). Integration of ITIL V3, ISO 20000 & iso 27001: 2013forit services and security management system. International Journal, 9(3). academia.edu
Fathurohman, A., & Witjaksono, R. W. (2020). Analysis and design of information security management system based on ISO 27001: 2013 using Annex Control (Case Study: District of Government of Bandung City). Bulletin of Computer Science and Electrical Engineering, 1(1), 1-11. bcsee.org
Alexei, A. (2021). Ensuring information security in public organizations in the Republic of Moldova through the ISO 27001 standard. Journal of Social Sciences. idsi.md
Aquino Cruz, M., Huallpa Laguna, J. N., Huillcen Baca, H. A., Carpio Vargas, E. E., & Palomino Valdivia, F. D. L. (2020, October). Implementation of an Information Security Management System based on the ISO/IEC 27001: 2013 standard for the information technology division. In The International Conference on Advances in Emerging Trends and Technologies (pp. 264-272). Cham: Springer International Publishing. [HTML]
Sanz, J. L., & Zhu, Y. (2021, September). Toward scalable artificial intelligence in finance. In 2021 IEEE International Conference on Services Computing (SCC) (pp. 460-469). IEEE. [HTML]
Antunes, M., Maximiano, M., & Gomes, R. (2022). A client-centered information security and cybersecurity auditing framework. Applied Sciences. mdpi.com
Katuu, S. (2021). Trends in the enterprise resource planning market landscape. Journal of Information and Organizational Sciences. srce.hr
Kwong, J. & Pearlson, K. (2024). Supply Chain Cybersecurity and Small and Medium-Sized Enterprises (SMEs): Exploring Shortcomings in Third Party Risk Management of SMEs. hawaii.edu
Norimarna, S. (2021, November). Conceptual Review: Compatibility of regulatory requirements of FSA to Insurance industry in Indonesia for Integrated GRC. In RSF Conference Series: Business, Management and Social Sciences (Vol. 1, No. 5, pp. 105-115). researchsynergypress.com
Abdurrahman, A., Gustomo, A., & Prasetio, E. A. (2024). Enhancing banking performance through dynamic digital transformation capabilities and governance, risk management, and compliance: Insights from the Indonesian context. The Electronic Journal of Information Systems in Developing Countries, 90(2), e12299. [HTML]
Cu, M., Peko, G., Chan, J., & Sundaram, D. (2023). … -based Governance, Risk Management, and Compliance for Fractional Ownership: Design and Implementation of A Decentralized Autonomous Agent System. hawaii.edu
PUDJIANTO, W. (2021). Process mining in governance, risk management, compliance (grc), and auditing: A systematic literature review. Journal of Theoretical and Applied Information Technology, 99(18). researchgate.net
Adisuria, K. F., & Jayadi, R. (2023). Analysis Of The Implementation GRC Information System in Supporting Performance Optimization. Journal of Information System Management (JOISM), 4(2), 97-106. amikom.ac.id
Mahendra, I., Prabowo, H., & Hidayanto, A. N. (2022, August). Information technology challenges for integrated governance, risk and compliance (grc). In 2022 1st International Conference on Smart Technology, Applied Informatics, and Engineering (APICS) (pp. 79-84). IEEE. [HTML]
Madkhali, A. & Sithole, S. T. M. (2023). Exploring the role of information technology in supporting sustainability efforts in Saudi Arabia. Sustainability. mdpi.com
McIntosh, T., Liu, T., Susnjak, T., Alavizadeh, H., Ng, A., Nowrozy, R., & Watters, P. (2023). Harnessing GPT-4 for generation of cybersecurity GRC policies: A focus on ransomware attack mitigation. Computers & security, 134, 103424. sciencedirect.com
Butler, T., Gozman, D., & Lyytinen, K. (2023). The regulation of and through information technology: Towards a conceptual ontology for IS research. Journal of Information Technology, 38(2), 86-107. [HTML]
Manhart, P., Summers, J. K., & Blackhurst, J. (2020). A meta‐analytic review of supply chain risk management: assessing buffering and bridging strategies and firm performance. Journal of Supply Chain Management, 56(3), 66-87. [HTML]
Keith, D. A., Ferrer-Paris, J. R., Nicholson, E., Bishop, M. J., Polidoro, B. A., Ramirez-Llodra, E., ... & Kingsford, R. T. (2022). A function-based typology for Earth’s ecosystems. Nature, 610(7932), 513-518. nature.com
Faulkner, E., Holtorf, A. P., Liu, C. Y., Lin, H., Biltaj, E., Brixner, D., ... & Payne, K. (2020). Being precise about precision medicine: what should value frameworks incorporate to address precision medicine? A report of the personalized precision medicine special interest group. Value in Health, 23(5), 529-539. sciencedirect.com
Eling, M., McShane, M., & Nguyen, T. (2021). Cyber risk management: History and future research directions. Risk Management and Insurance Review, 24(1), 93-125. [HTML]
Boiral, O., Talbot, D., & Brotherton, M. C. (2020). Measuring sustainability risks: A rational myth?. Business Strategy and the Environment, 29(6), 2557-2571. researchgate.net
Apeh, A. J., Hassan, A. O., Oyewole, O. O., Fakeyede, O. G., Okeleke, P. A., & Adaramodu, O. R. (2023). GRC strategies in modern cloud infrastructures: a review of compliance challenges. Computer Science & IT Research Journal, 4(2), 111-125. fepbl.com
Chakir, A., Chergui, M., & Andry, J. F. (2020). A smart updater it governance platform based on artificial intelligence. risk. researchgate.net
Kravariti, F. & Johnston, K. (2020). Talent management: a critical literature review and research agenda for public sector human resource management. Public Management Review. researchgate.net
Lapuente, V. & Van de Walle, S. (2020). The effects of new public management on the quality of public services. Governance. wiley.com
Neumann, O., Guirguis, K., & Steiner, R. (2024). Exploring artificial intelligence adoption in public organizations: a comparative case study. Public Management Review. tandfonline.com
Di Vaio, A., Hassan, R., & Alavoine, C. (2022). Data intelligence and analytics: A bibliometric analysis of human–Artificial intelligence in public sector decision-making effectiveness. Technological Forecasting and Social Change, 174, 121201. e-tarjome.com