Using information technology governance, risk management and compliance (GRC) as a creator of business values – a case study

Sam Lubbe, Osden Jokonya

Abstract


The relationship between Information Technology (IT) Governance, Risk Management and Compliance (GRC) and organisation business values continues to interest academics and practitioners (IT Governance Institute, 2003). Like governance, risk management and compliance generally, IT GRC is about the decision rights and accountabilities that encourage desirable behaviour in the use of IT (IT Governance Institute, 2003). A case study approach was used in an organisation with many business units. The organisation selected is a mining company, RioZim, situated in Zimbabwe. Data was collected from business units on IT issues and business values. The interviews centred on the IT GRC practices based on responsibility and authority for IT decision making. The results suggest that IT GRC does not adequately support business values. The study revealed that business values should drive IT GRC and IT GRC should be the responsibility of executives and all business units.


Full Text:

PDF


DOI: http://dx.doi.org/10.4102/sajems.v12i1.264

Submitted: 11 August 2011
Published: 12 August 2011



RSA Tel: 086 1000 381
International Tel: +27 21 975 2602
15 Oxford Street, Durbanville, Cape Town, 7550, South Africa
publishing(AT)aosis.co.za replace (AT) with @

All articles published in this journal are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license, unless otherwise stated.
Website design & content: ©2017 AOSIS (Pty) Ltd. All rights reserved. No unauthorised duplication allowed.
By continuing to use this website, you agree to our Privacy Policy.

Subscribe to our newsletter

Get specific, domain-collection newsletters detailing the latest CPD courses, scholarly research and call-for-papers in your field.

Subscribe

South African Journal of Economic and Management Sciences | ISSN: 1015-8812 (PRINT) | ISSN: 2222-3436 (ONLINE)