Understanding governance, risk and compliance information systems (GRC IS): The experts view
Tóm tắt
Từ khóa
Tài liệu tham khảo
Ali, S., & Green, P. (2012). Effective information technology (IT) governance mechanisms: an IT outsourcing perspective. Information Systems Frontiers, 14(2), 179–193.
Asprion, P. M., & Knolmayer, G. F. (2013). Assimilation of compliance software in highly regulated industries: An empirical multitheoretical investigation. In System Sciences (HICSS), 2013 46th Hawaii International Conference on (pp. 4405–4414). New York: IEEE.
Boyatzis, R. E. (1998). Thematic analysis: Coding as a process for transforming qualitative information. Thousand Oaks: Sage Publications.
Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77–101.
Butler, T., & McGovern, D. (2012). A conceptual model and IS framework for the design and adoption of environmental compliance management systems. Information Systems Frontiers, 14(2), 221–235.
Dameri, R. P. (2009). Improving the benefits of IT compliance using enterprise management information systems. Electronic Journal Information Systems Evaluation Volume, 12(1), 27–38.
Frigo, M. L., & Anderson, R. J. (2009). A strategic framework for governance, risk, and compliance. Strategic Finance, 90(8), 20–61.
Gangadharan, G. R., D’Andrea, V., De Paoli, S., & Weiss, M. (2012). Managing license compliance in free and open source software development. Information Systems Frontiers, 14(2), 143–154.
Gericke, A., Fill, H. G., Karagiannis, D., & Winter, R. (2009). Situational method engineering for governance, risk and compliance information systems. In Proceedings of the 4th international conference on design science research in information systems and technology (p. 24). New York: ACM.
Gill, S., & Purushottam, U. (2008). Integrated GRC-is your organization ready to move. Governance, risk and compliance. SETLabs Briefings, 37–46.
Hoffmann, J., Weber, I. M., & Governatori, G. (2012). On compliance checking for clausal constraints in annotated process models. Information Systems Frontiers, 14(2), 155–177.
Klein, H. K., & Myers, M. D. (1999). A set of principles for conducting and evaluating interpretive field studies in information systems. MIS Quarterly, 23, 67–93.
Ly, L. T., Rinderle-Ma, S., Goeser, K., & Dadam, P. (2012). On enabling integrated process compliance with semantic constraints in process management systems. Information Systems Frontiers, 14(2), 195–219.
Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: an expanded sourcebook. Thousand Oaks: Sage.
Mitchell, S. L. (2007). GRC360: a framework to help organizations drive principled performance. International Journal of Disclosure and Governance, 4(4), 279–296.
Mundy, J., & Owen, C. A. (2013). The use of an ERP system to facilitate regulatory compliance. Information Systems Management, 30(3), 182–197.
Nissen, V., & Marekfia, W. (2013). Towards a research agenda for strategic governance, risk and compliance (GRC) management. In Business Informatics (CBI), 2013 I.E. 15th Conference on (pp. 1–6). New York: IEEE.
Nissen, V., & Marekfia, W. (2014). The development of a data-centred conceptual reference model for strategic GRC-management. Journal of Service Science and Management, 7(02), 63.
OCEG (2007). Key findings report. The 2007 GRC strategy study. http://www.oceg.org . Accessed 14 Apr 2010.
Paulus, S. (2009). A GRC reference architecture. Kuppinger Cole overview report [Online]. http://www.kuppingercole.com/report/sp_overview_repo_grc_arch_051009 . Accessed 25 Nov 2012.
PricewaterhouseCoopers. (2004). Driven performance: A New strategy for success through integrated governance, risk and compliance management. A white paper. Frankfurt: PricewaterhouseCoopers International Limited.
Racz, N., Panitz, J.C., Amberg, M., Weippl, E., & Seufert, A. (2010a). Governance, risk & compliance (GRC) status quo and software use: results from a survey among large enterprises. In ACIS 2010 Proceedings, Paper 21. http://aisel.aisnet.org/acis2010/21 . Accessed 7 May 2011.
Racz, N., Weippl, E., & Seufert, A. (2010b). A frame of reference for research of integrated governance, risk and compliance (GRC). In Communications and multimedia security (pp. 106–117). Berlin: Springer Berlin Heidelberg.
Racz, N., Weippl, E., & Seufert, A. (2010c). A process model for integrated IT governance, risk, and compliance management. In J. Barzdins & M. Kirikova (Eds.), Databases and information systems. Proceedings of the ninth international Baltic conference, Baltic DB&IS 2010 (pp. 155–170). Riga: University of Latvia Press.
Rasmussen, M. (2009). An enterprise GRC framework. Internal Auditor, 66(5), pp. 61,63,65.
Sadiq, S., Muehlen, M., & Indulska, M. (2012). Governance, risk and compliance: applications in information systems (editorial). Information Systems Frontiers, 14, 123–124.
Scott, S. V., & Perry, N. (2012). The enactment of risk categories: the role of information systems in organizing and re-organizing risk management practices in the energy industry. Information Systems Frontiers, 14(2), 125–141.
Spanaki, K., & Papazafeiropoulou, A. (2013). Analysing the governance, risk and compliance (GRC) implementation process: primary insights. Proceedings of the 21st European conference on information systems (ECIS). Utrecht, Netherlands
Strecker, S., Heise, D., & Frank, U. (2011). RiskM: a multi-perspective modeling method for IT risk assessment. Information Systems Frontiers, 13(4), 595–611.
Tapscott, D. (2006). Trust and competitive advantage: an integrated approach to governance, risk & compliance. New Paradigm Learning Corporation [Online] . http://204.154.71.138/pdf/Trustand-Competitive-Advantage.pdf. Accessed 25 Nov 2012.
Vicente, P., & da Silva, M. M. (2011). A conceptual model for integrated governance, risk and compliance. Advanced Information Systems Engineering, 6741, 199–213.
Wiesche, M., Schermann, M., & Krcmar, H. (2011). Understanding the role of information technology for organizational control design: Risk control as new control mechanism. In Governance and sustainability in information systems. Managing the transfer and diffusion of IT (pp. 135–152). Berlin: Springer Berlin Heidelberg.
Yu, Y. R., Seo, S. C., & Kim, B. K. (2013). IT GRC-based IT internal control framework. In Proceedings of the 2013 15th International Conference on Advanced Communication Technology (ICACT) (pp. 382–385). New York: IEEE.