A Business Viewpoint for Integrated IT Governance, Risk and Compliance

Abstract

Due to increasing requirements, standards and tight oversight from governments, along with the immediate need to effectively manage the increasing business and operational risks inherent to competing in a complex global market, integrated Governance, Risk and Compliance (GRC) is becoming one of the most important business requirements for organizations. In particular, IT requirements, standards and best practices play a crucial role in IT organizations/departments. The lack of guidance in this domain, namely scientific research, results in unaided attempts to improve efficiency and effectiveness in organizations. In this paper we propose a business architecture that describes the integration of the main processes for IT Governance, IT Risk Management and IT Compliance (IT GRC). Based on a process model for IT GRC and a conceptual model for GRC, we use ArchiMate to model the behavioural, structural and informational structure of the business viewpoint - business processes, roles and business objects respectively. To end with, we discuss the final result and draw some conclusions about the constructed artifact.