Original Research

Using information technology governance, risk management and compliance (GRC) as a creator of business values – a case study

Sam Lubbe, Osden Jokonya
South African Journal of Economic and Management Sciences | Vol 12, No 1 | a264 | DOI: https://doi.org/10.4102/sajems.v12i1.264 | © 2011 Sam Lubbe, Osden Jokonya | This work is licensed under CC Attribution 4.0
Submitted: 11 August 2011 | Published: 12 August 2011

About the author(s)

Sam Lubbe,
Osden Jokonya, University of South Africa

Full Text:

PDF (240KB)

Abstract

The relationship between Information Technology (IT) Governance, Risk Management and Compliance (GRC) and organisation business values continues to interest academics and practitioners (IT Governance Institute, 2003). Like governance, risk management and compliance generally, IT GRC is about the decision rights and accountabilities that encourage desirable behaviour in the use of IT (IT Governance Institute, 2003). A case study approach was used in an organisation with many business units. The organisation selected is a mining company, RioZim, situated in Zimbabwe. Data was collected from business units on IT issues and business values. The interviews centred on the IT GRC practices based on responsibility and authority for IT decision making. The results suggest that IT GRC does not adequately support business values. The study revealed that business values should drive IT GRC and IT GRC should be the responsibility of executives and all business units.


Keywords

No related keywords in the metadata.

Metrics

Total abstract views: 4204
Total article views: 3398

 

Crossref Citations

1. IT governance matter: A structured literature review
Nariman Osama Kandil, Ehab Kamel Abou-Elkheir, Amr M. Kotb
Corporate Ownership and Control  vol: 20  issue: 3, special issue  first page: 408  year: 2023  
doi: 10.22495/cocv20i3siart14