Publicatie

Publicatie datum

Governance, risk and compliance: a strategic alignment perspective applied to two case studies.

Shahim, A., Batenburg, R., Vermunt, G. Governance, risk and compliance: a strategic alignment perspective applied to two case studies. In: M.D. Hercheui, D. Whitehouse, W. McIver, J. Phahlamohlaka. ICT critical infrastructures and society: IFIP advances in information and communication technology. Berlin/Heidelberg: Springer, 2012. p. 202-212.
Governance, Risk and Compliance (GRC) has become critical for organizations and so is the need to support this by ICT. This paper positions GRC into an integrated strategic perspective, providing guidelines to assess maturity and defining paths for achieving strategic alignment. The approach is applied to two case studies, clarifying the organizations’ GRC maturity “as is” and “to be”. These cases were studied in the utilities and financial sectors, both show that organizations can have similar GRC maturity levels but follow quite different paths to achieve alignment with regard to GRC. While the Dutch utility company stuck to a path where the organizational strategy with respect to GRC was taken as a starting point, the financial institution followed a path in which the IT solution strategy was leading. In interpreting this result, it appears that the existing IT assets are strongly impacting the selection of the alignment path. More case studies are advocated to further validate the approach and contribute to optimize the strategic and integrated perspective on GRC. (aut.ref.)