The Role of IT Governance Risk and Compliance (IT GRC) in Modern Organizations
Article Sidebar
Main Article Content
Abstract: The study delves into the intricacies of IT Governance, Risk, and Compliance (IT GRC) in modern organisations, emphasising its significance amidst evolving regulatory landscapes and increased reliance on IT systems. IT GRC is an integrated framework combining IT governance, risk management, and compliance, ensuring alignment with business goals, mitigating risks, and adhering to regulations. The paper outlines the theoretical foundation of IT GRC and highlights the challenges and gaps in the current literature, underscoring the need for further research and understanding. It discusses the components and importance of IT GRC, illustrating how effective implementation enhances operational efficiency and reduces vulnerability to threats. Key frameworks such as COBIT and ISO 27001 are examined for their roles in establishing IT GRC standards. The study also explores the challenges in implementing IT GRC systems, recommending best practices for successful integration. Emerging technologies and future trends in IT GRC are analysed, projecting the domain's evolution in response to dynamic business environments. The research underscores modern organisations' need to adopt a holistic and integrated approach to IT GRC, aligning it with broader corporate governance to achieve sustainable performance and compliance.
Downloads
Downloads
References
Sikdar, P. (2021). Strong Security Governance Through Integration and Automation: A Practical Guide to Building an Integrated GRC Framework for Your Organization. [HTML] DOI: https://doi.org/10.1201/9781003018100
Zammit, C., Grima, S., & Kizilkaya, Y. M. (2021). A Maturity Evaluation of Governance, Risk Management and Compliance (GRC) within the Maltese Public Sector. In Contemporary Issues in Public Sector Accounting and Auditing (pp. 219-255). Emerald Publishing Limited. [HTML] DOI: https://doi.org/10.1108/S1569-375920200000105016
Chergui, M., & Chakir, A. (2020). IT GRC smart adviser: Process driven architecture applying an integrated framework. Advances in Science, Technology and Engineering Systems, 5(6), 247-255. researchgate.net DOI: https://doi.org/10.25046/aj050629
Alharbi, F., Sabra, M. N. A., Alharbe, N., & Almajed, A. A. (2022). Towards a strategic it grc framework for healthcare organizations. International Journal of Advanced Computer Science and Applications, 13(1). academia.edu DOI: https://doi.org/10.14569/IJACSA.2022.0130125
Chhetri, I. T. (2022). Cybersecurity and governance, risk and compliance (grc). Australian Journal of Wireless Technologies, Mobility and Security, 1. researchgate.net
Kjærvik, S. B. (2023). Utilization of ServiceNow's Risk Management Functionality Within the GRC Module: A Case Study. ntnu.no
Michelberger, P., & Kemendi, Á. (2020). Data, information and it security-software support for security activities. Problems of Management in the 21st Century, 15(2), 108-124. semanticscholar.org DOI: https://doi.org/10.33225/pmc/20.15.108
Massicotte, S. & Henri, J. F. (2021). The use of management accounting information by boards of directors to oversee strategy implementation. The British Accounting Review. [HTML] DOI: https://doi.org/10.1016/j.bar.2020.100953
Aspan, H. (2022). Ocdy Amelia, William Lam (2022). Re-Appointment of Directors and Commissioners in the Same Position in a Limited Liability Company. Sch Int J Law Crime Justice. saudijournals.com DOI: https://doi.org/10.36348/sijlcj.2022.v05i09.006
Aboud, A., & Yang, X. (2022). Corporate governance and corporate social responsibility: new evidence from China. International Journal of Accounting & Information Management, 30(2), 211-229. port.ac.uk DOI: https://doi.org/10.1108/IJAIM-09-2021-0195
Hartmann, C. C. & Carmenate, J. (2021). Academic research on the role of corporate governance and IT expertise in addressing cybersecurity breaches: Implications for practice, policy, and research. Current issues in auditing. [HTML] DOI: https://doi.org/10.2308/CIIA-2020-034
Kalsum, U. (2021). Factors affecting the disclosure of corporate social responsibility. International Journal of Business Economics (IJBE). umsu.ac.id
Kuchma, O. & Kotukh, Y. (2023). INSTITUTING A ROBUST RISK MANAGEMENT FRAMEWORK FOR THE STATE-OWNED IT GOVERNANCE. Матеріали конференцій МЦНД. mcnd.org.ua
Makaš, A. (2023). Governance, risk and compliance frameworks applicability in the organizations. International Journal of Science and Research Archive. ijsra.net
Fischer, M., Imgrund, F., Janiesch, C., & Winkelmann, A. (2020). Strategy archetypes for digital transformation: Defining meta objectives using business process management. Information & Management, 57(5), 103262. sciencedirect.com DOI: https://doi.org/10.1016/j.im.2019.103262
Atmaja, D. S., Fachrurazi, F., Abdullah, A., Fauziah, F., Zaroni, A. N., & Yusuf, M. (2022). Actualization Of Performance Management Models For The Development Of Human Resources Quality, Economic Potential, And Financial Governance Policy In Indonesia Ministry Of Education. iainptk.ac.id
Hu, X., Yan, H., Casey, T., & Wu, C. H. (2021). Creating a safe haven during the crisis: How organizations can achieve deep compliance with COVID-19 safety measures in the hospitality industry. International Journal of Hospitality Management, 92, 102662. nih.gov DOI: https://doi.org/10.1016/j.ijhm.2020.102662
Pererva, P., Kobielieva, T., Kuchinskyi, V., Garmash, S., & Danko, T. (2021). Ensuring the Sustainable Development of an Industrial Enterprise on the Principle of Compliance-Safety. Studies of Applied Economics, 39(5). ual.es DOI: https://doi.org/10.25115/eea.v39i5.5111
Thabit, T. H. (2021). The Impact of Implementing COBIT 2019 Framework on Reducing the Risks of e-Audit. Buhuth Mustaqbaliya. researchgate.net
Almusawi, I. G. (2021). Using COBIT Framework for Reducing the Audit Risks of Accounting Information Systems. Akkad Journal of Contemporary Accounting Studies. acefs.org DOI: https://doi.org/10.55202/ajcas.v1i1.18
Al-Fatlawi, Q. A., Al Farttoosi, D. S., & Almagtome, A. H. (2021). Accounting information security and it governance under cobit 5 framework: A case study. Webology. webology.org DOI: https://doi.org/10.14704/WEB/V18SI02/WEB18073
Alsaleem, E. A., & Husin, N. M. (2023). The Impact of Information Technology Governance Under Cobit-5 Framework on Reducing the Audit Risk in Jordanian Companies. International Journal of Professional Business Review: Int. J. Prof. Bus. Rev., 8(2), 4. unirioja.es DOI: https://doi.org/10.26668/businessreview/2023.v8i2.1236
De Haes, S., Van Grembergen, W., Joshi, A., Huygh, T., De Haes, S., Van Grembergen, W., ... & Huygh, T. (2020). COBIT as a Framework for Enterprise Governance of IT. Enterprise Governance of Information Technology: Achieving Alignment and Value in Digital Organizations, 125-162. [HTML] DOI: https://doi.org/10.1007/978-3-030-25918-1_5
Fonseca-Herrera, O. A., Rojas, A. E., & Florez, H. (2021). A model of an information security management system based on NTC-ISO/IEC 27001 standard. IAENG Int. J. Comput. Sci, 48(2), 213-222. researchgate.net
Al Faruq, B., Herlianto, H. R., Simbolon, S. H., Utama, D. N., & Wibowo, A. (2020). Integration of ITIL V3, ISO 20000 & iso 27001: 2013forit services and security management system. International Journal, 9(3). academia.edu DOI: https://doi.org/10.30534/ijatcse/2020/157932020
Fathurohman, A., & Witjaksono, R. W. (2020). Analysis and design of information security management system based on ISO 27001: 2013 using Annex Control (Case Study: District of Government of Bandung City). Bulletin of Computer Science and Electrical Engineering, 1(1), 1-11. bcsee.org DOI: https://doi.org/10.25008/bcsee.v1i1.2
Alexei, A. (2021). Ensuring information security in public organizations in the Republic of Moldova through the ISO 27001 standard. Journal of Social Sciences. idsi.md DOI: https://doi.org/10.52326/jss.utm.2021.4(1).11
Aquino Cruz, M., Huallpa Laguna, J. N., Huillcen Baca, H. A., Carpio Vargas, E. E., & Palomino Valdivia, F. D. L. (2020, October). Implementation of an Information Security Management System based on the ISO/IEC 27001: 2013 standard for the information technology division. In The International Conference on Advances in Emerging Trends and Technologies (pp. 264-272). Cham: Springer International Publishing. [HTML] DOI: https://doi.org/10.1007/978-3-030-63665-4_21
Sanz, J. L., & Zhu, Y. (2021, September). Toward scalable artificial intelligence in finance. In 2021 IEEE International Conference on Services Computing (SCC) (pp. 460-469). IEEE. [HTML] DOI: https://doi.org/10.1109/SCC53864.2021.00067
Antunes, M., Maximiano, M., & Gomes, R. (2022). A client-centered information security and cybersecurity auditing framework. Applied Sciences. mdpi.com DOI: https://doi.org/10.3390/app12094102
Katuu, S. (2021). Trends in the enterprise resource planning market landscape. Journal of Information and Organizational Sciences. srce.hr DOI: https://doi.org/10.31341/jios.45.1.4
Kwong, J. & Pearlson, K. (2024). Supply Chain Cybersecurity and Small and Medium-Sized Enterprises (SMEs): Exploring Shortcomings in Third Party Risk Management of SMEs. hawaii.edu
Norimarna, S. (2021, November). Conceptual Review: Compatibility of regulatory requirements of FSA to Insurance industry in Indonesia for Integrated GRC. In RSF Conference Series: Business, Management and Social Sciences (Vol. 1, No. 5, pp. 105-115). researchsynergypress.com DOI: https://doi.org/10.31098/bmss.v1i5.456
Abdurrahman, A., Gustomo, A., & Prasetio, E. A. (2024). Enhancing banking performance through dynamic digital transformation capabilities and governance, risk management, and compliance: Insights from the Indonesian context. The Electronic Journal of Information Systems in Developing Countries, 90(2), e12299. [HTML] DOI: https://doi.org/10.1002/isd2.12299
Cu, M., Peko, G., Chan, J., & Sundaram, D. (2023). … -based Governance, Risk Management, and Compliance for Fractional Ownership: Design and Implementation of A Decentralized Autonomous Agent System. hawaii.edu DOI: https://doi.org/10.24251/HICSS.2023.473
PUDJIANTO, W. (2021). Process mining in governance, risk management, compliance (grc), and auditing: A systematic literature review. Journal of Theoretical and Applied Information Technology, 99(18). researchgate.net
Adisuria, K. F., & Jayadi, R. (2023). Analysis Of The Implementation GRC Information System in Supporting Performance Optimization. Journal of Information System Management (JOISM), 4(2), 97-106. amikom.ac.id DOI: https://doi.org/10.24076/joism.2023v4i2.975
Mahendra, I., Prabowo, H., & Hidayanto, A. N. (2022, August). Information technology challenges for integrated governance, risk and compliance (grc). In 2022 1st International Conference on Smart Technology, Applied Informatics, and Engineering (APICS) (pp. 79-84). IEEE. [HTML] DOI: https://doi.org/10.1109/APICS56469.2022.9918797
Madkhali, A. & Sithole, S. T. M. (2023). Exploring the role of information technology in supporting sustainability efforts in Saudi Arabia. Sustainability. mdpi.com DOI: https://doi.org/10.20944/preprints202307.0188.v1
McIntosh, T., Liu, T., Susnjak, T., Alavizadeh, H., Ng, A., Nowrozy, R., & Watters, P. (2023). Harnessing GPT-4 for generation of cybersecurity GRC policies: A focus on ransomware attack mitigation. Computers & security, 134, 103424. sciencedirect.com DOI: https://doi.org/10.1016/j.cose.2023.103424
Butler, T., Gozman, D., & Lyytinen, K. (2023). The regulation of and through information technology: Towards a conceptual ontology for IS research. Journal of Information Technology, 38(2), 86-107. [HTML] DOI: https://doi.org/10.1177/02683962231181147
Manhart, P., Summers, J. K., & Blackhurst, J. (2020). A meta‐analytic review of supply chain risk management: assessing buffering and bridging strategies and firm performance. Journal of Supply Chain Management, 56(3), 66-87. [HTML] DOI: https://doi.org/10.1111/jscm.12219
Keith, D. A., Ferrer-Paris, J. R., Nicholson, E., Bishop, M. J., Polidoro, B. A., Ramirez-Llodra, E., ... & Kingsford, R. T. (2022). A function-based typology for Earth’s ecosystems. Nature, 610(7932), 513-518. nature.com DOI: https://doi.org/10.1038/s41586-022-05318-4
Faulkner, E., Holtorf, A. P., Liu, C. Y., Lin, H., Biltaj, E., Brixner, D., ... & Payne, K. (2020). Being precise about precision medicine: what should value frameworks incorporate to address precision medicine? A report of the personalized precision medicine special interest group. Value in Health, 23(5), 529-539. sciencedirect.com DOI: https://doi.org/10.1016/j.jval.2019.11.010
Eling, M., McShane, M., & Nguyen, T. (2021). Cyber risk management: History and future research directions. Risk Management and Insurance Review, 24(1), 93-125. [HTML] DOI: https://doi.org/10.1111/rmir.12169
Boiral, O., Talbot, D., & Brotherton, M. C. (2020). Measuring sustainability risks: A rational myth?. Business Strategy and the Environment, 29(6), 2557-2571. researchgate.net DOI: https://doi.org/10.1002/bse.2520
Apeh, A. J., Hassan, A. O., Oyewole, O. O., Fakeyede, O. G., Okeleke, P. A., & Adaramodu, O. R. (2023). GRC strategies in modern cloud infrastructures: a review of compliance challenges. Computer Science & IT Research Journal, 4(2), 111-125. fepbl.com DOI: https://doi.org/10.51594/csitrj.v4i2.609
Chakir, A., Chergui, M., & Andry, J. F. (2020). A smart updater it governance platform based on artificial intelligence. risk. researchgate.net DOI: https://doi.org/10.25046/aj050507
Kravariti, F. & Johnston, K. (2020). Talent management: a critical literature review and research agenda for public sector human resource management. Public Management Review. researchgate.net DOI: https://doi.org/10.1080/14719037.2019.1638439
Lapuente, V. & Van de Walle, S. (2020). The effects of new public management on the quality of public services. Governance. wiley.com DOI: https://doi.org/10.1111/gove.12502
Neumann, O., Guirguis, K., & Steiner, R. (2024). Exploring artificial intelligence adoption in public organizations: a comparative case study. Public Management Review. tandfonline.com DOI: https://doi.org/10.1080/14719037.2022.2048685
Di Vaio, A., Hassan, R., & Alavoine, C. (2022). Data intelligence and analytics: A bibliometric analysis of human–Artificial intelligence in public sector decision-making effectiveness. Technological Forecasting and Social Change, 174, 121201. e-tarjome.com DOI: https://doi.org/10.1016/j.techfore.2021.121201
All articles published in our journal are licensed under CC-BY 4.0, which permits authors to retain copyright of their work. This license allows for unrestricted use, sharing, and reproduction of the articles, provided that proper credit is given to the original authors and the source.