Emerging Standards and Protocols for Governance, Risk, and Compliance Management

Author(s):  
Marcus Spies ◽  
Said Tabet

Effective Governance, Risk, and Compliance Management (GRC) software tools and software services need standards – for reasons of technical interoperability as well as reviewing, reporting, and auditing purposes. This chapter introduces an emerging standard for GRC metadata and metadata exchange, GRC-XML, on the background of standard frameworks for IT governance and risk management. This specification is then further analyzed with regard to its integration capabilities into the Object Management Group’s GRC related standards covering business motivation, management of regulation and compliance, business vocabularies, policies, and rules. Finally, the authors discuss in more detail the challenges to business rules applications and automated inferencing when governance, risk, and compliance issues need to be verified in practice.

2011 ◽  
Vol 12 (1) ◽  
pp. 115-125 ◽  
Author(s):  
Sam Lubbe ◽  
Osden Jokonya

The relationship between Information Technology (IT) Governance, Risk Management and Compliance (GRC) and organisation business values continues to interest academics and practitioners (IT Governance Institute, 2003). Like governance, risk management and compliance generally, IT GRC is about the decision rights and accountabilities that encourage desirable behaviour in the use of IT (IT Governance Institute, 2003). A case study approach was used in an organisation with many business units. The organisation selected is a mining company, RioZim, situated in Zimbabwe. Data was collected from business units on IT issues and business values. The interviews centred on the IT GRC practices based on responsibility and authority for IT decision making. The results suggest that IT GRC does not adequately support business values. The study revealed that business values should drive IT GRC and IT GRC should be the responsibility of executives and all business units.


2014 ◽  
Author(s):  
Kilian Bizer ◽  
Martin Führ

Dieser Leitfaden beschreibt in kompakter Form, wie eine „interdisziplinäre Institutionenanalyse“ praktisch anzulegen ist: Welche Analyse- und Prüfungsschritte sind zu durchlaufen? Um welche Fragen geht es jeweils und welche Rolle spielen empirische Befunde dabei? Die Darstellung orientiert sich an der Aufgabenstellung, vor der der Gesetzgeber im Rahmen einer Gesetzesfolgenabschätzung (wie sie etwa in § 44 der Gemeinsamen Geschäftsordnung der Bundesministerien oder in den Leitlinien der Europäischen Kommission vorgeschrieben ist) steht. Die Analyse- und Prüfungsschritte sind in gleicher Weise aber auch nutzbar, wenn es um Gestaltungsprobleme in Unternehmen (etwa Fortschreibung der Rahmenbedingungen im Kontext von „Governance, Risk Management, Compliance“ – GRC), Kammern und anderen Vereinigungen sowie in Behörden geht. Am Ende des Kompaktleitfadens erläutert ein Glossar Schlüsselbegriffe der Institutionenanalyse. Dort finden sich auch „Lesetipps“ zu weiterführender Literatur.


2021 ◽  
Vol 10 (03) ◽  
pp. 342-366
Author(s):  
Shayan Khan Kakar ◽  
Javed Ali ◽  
Muhammad Bilal ◽  
Yasmeen Tahira ◽  
Muhammad Tahir ◽  
...  

2019 ◽  
Vol 8 (1) ◽  
pp. 1-24
Author(s):  
Rubeena Tashfeen ◽  
Saud Hayat ◽  
Afreen Mallik

This study examines the effectiveness of the corporate governance structure when coping with any potentially unexpected events. For the purpose of this research, an event study has been conducted in order to investigate the market responses of various firms through the Cumulative Average Abnormal Return (CAAR) of the stocks listed on the Pakistan Stock Exchange (PSX). The stocks data under consideration is that which was presented after the assassination of Benazir Bhutto in 2007. The overall results indicate that firms that are governed conventionally do not perform well in the markets during a crisis situation. In our comparison of conventionally, and non-conventionally governed firms, the overall pooled results show that the former record a lower CAAR. This, in short, indicates that conventional corporate governance structures may not be equipped to take timely and dynamic actions that are deemed necessary in the face of a crisis. Moreover, our results suggest that firms which have less diversified ownership, and governance mechanisms are less vulnerable to such unanticipated events. There are two reasons that support our hypotheses: first, strict governance mechanisms, and a resultant cautious/conservative approach may not allow firms to take timely and proactive decisions during these situations and second, there is a lower chance of existing agency problems, as family owners would be working for the protection of their own wealth during these events. Therefore, our findings ultimately reveal that the conventional corporate governance structures that work during normal time period, may become ineffective during a crisis. This study, aims to fill a gap in the literature in order to provide fresh insights into the stock market dynamic, and corporate governance risk management. Furthermore, it also highlights the benefits of family owned structures, and unconventional corporate governance systems, that may outperform conventional governance structure in some situations. This, however, raises the question whether one governance framework could be the correct fit in all the situations.


2021 ◽  
Vol 14 (1) ◽  
pp. 281-295
Author(s):  
Irene Tangkawarow ◽  
◽  
Riyanarto Sarno ◽  
Daniel Siahaan ◽  
◽  
...  

The Semantics of Business Vocabulary and Rules (SBVR) standard was developed by the Object Management Group (OMG) for business purposes. SBVR is used for transformation of business vocabulary and business rules into business processes. Gateways are used for regulating the divergence and convergence of flow objects in the business process. The existing business rules in SVBR do not support all gateways in BPMN, whereas there are conditions where branching situations in business rules occur. This article introduces parallelism rules (OR rules) and complex rules to increase 50.6% usage of the existing AND rules and XOR rules in SBVR. The main contribution of this research is to introduce new formal model of inclusive gateway (OR) and complex gateway that allow parallelism and branching to be modeled using SBVR. Thus, this study increases coverage of the usage gateway in SBVR achieved 66.7%. The authors provide branching cases with various levels of complexity, i.e. nested conditions and non-free choice conditions, using the formal description of SBVR.


Sign in / Sign up

Export Citation Format

Share Document