Integrated Governance, Risk, and Compliance (GRC) and Combined Assurance: A Comparative Institutional Study

The combined assurance model plays a pivotal role in integrating a company’s governance, risk, and compliance (GRC) processes. More than a decade after the South African financial market initiated the model through King III Report in 2009, the Indonesian financial market strived to adopt it in 2013. However, very few companies in Indonesia have reported its implementation. We hypothesized that institutional theory could explain the phenomenon. This comparative study thus used qualitative and quantitative approaches to analyze the adoption of the combined assurance model in South African and Indonesian markets. Qualitative content analysis was employed to interrogate the annual reports of 130 companies listed on the Johannesburg Stock Exchange and the Indonesia Stock Exchange to identify professions and their activities in implementing the model. Afterwards, an estimation model was built using binary logistic regression based on the identified variables. It was found that regulative and normative pillars were the most determining factors in implementing a combined assurance model. In addition, it was found that the integrated report approach and market capitalization were associated with model implementation. These findings can be the basis for state and professions (i.e., authorities, regulators, and standard-setting bodies), especially in Indonesia, to enhance the companies’ integrated GRC. Keywords: combined assurance; corporate governance; institutional theory; risk management; internal audi

The Role of Boards in Reviewing Information Technology Governance (ITG) as Part of Organizational Control Environment Assessments

IT Governance (ITG) is an important topic as US companies must now monitor ITG under the provisions of the Sarbanes-Oxley Act (2002) (Hoffmann, 2003). Trites (2003) indicates that directors are responsible for strategic planning, internal control structures and business risk. The control environment is defined in Australian Auditing Standard AUS 402 to mean "the overall attitude, awareness and actions of management regarding internal control and its importance to the entity". This paper contributes to the knowledge of ITG by forming an integrated ITG Literature (IIL) which links prior research to four key dimensions of ITG. The paper presents a review of literature on ITG performance measurement systems which assess the ability of organizations to achieve these four ITG dimensions. A revised ITG Dimensions Model offered for consideration. The final contribution of the paper is to propose critical issues Boards should consider as part of their assessment of organizational control environments

Towards an integrated perspective on fleet asset management: engineering and governance considerations

The traditional engineering perspective on asset management concentrates on the operational performance the assets. This perspective aims at managing assets through their life-cycle, from technical specification, to acquisition, operation including maintenance, and disposal. However, the engineering perspective often takes for granted organizational-level factors. For example, a focus on performance at the asset level may lead to ignore performance measures at the business unit level. The governance perspective on asset management usually concentrates on organizational factors, and measures performance in financial terms. In doing so, the governance perspective tends to ignore the engineering considerations required for optimal asset performance. These two perspectives often take each other for granted. However experience demonstrates that an exclusive focus on one or the other may lead to sub-optimal performance. For example, the two perspectives have different time frames: engineering considers the long term asset life-cycle whereas the organizational time frame is based on a yearly financial calendar. Asset fleets provide a relevant and important context to investigate the interaction between engineering and governance views on asset management as fleets have distributed system characteristics. In this project we investigate how engineering and governance perspectives can be reconciled and integrated to enable optimal asset and organizational performance in the context of asset fleets

Business Process Risk Management, Compliance and Internal Control: A Research Agenda

Integration of risk management and management control is emerging as an important area in the wake of the Sarbanes-Oxley Act and with ongoing development of frameworks such as the Enterprise Risk Management (ERM) framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Based on an inductive methodological approach using literature review and interviews with managers engaged in risk management and internal control projects, this paper identifies three main areas that currently have management attention. These are business process risk management, compliance management and internal control development. This paper discusses these areas and identifies a series of research questions regarding these critical issuesRisk management; Internal control; Business processes; Compliance; Sarbanes-Oxley Act; ERP systems; COSO; COBIT

Responsible Research and Innovation between \u201cnew governance\u201d and fundamental rights

This chapter frames RRI as an emerging governance approach in the EU regulatory context. We argue that reference to fundamental rights makes RRI a distinctive approach to responsibility compared to other existing paradigms and that human rights, in particular those laid down in the Charter of Fundamental Rights of the European Union, are not necessarily a constraint but can instead be a catalyst of innovation. Eventually we maintain that a governance framework based on the complementarity between legal norms and voluntary commitments might successfully combine the respect of fundamental rights with the openness and flexibility of the innovation process

View from the Top: How Corporate Boards Can Engage on Sustainability Performance

Corporate boards are responsible for overseeing the interests of shareholders in the long term and have a critical role to play in championing sustainability across the enterprise. Over the years, Wall Street research, academic papers, corporate reports and trends from major investors have all underscored the same message: Companies that adopt sustainable practices deliver superior financial results and can face the future with more resilience.Based on interviews conducted with dozens of corporate directors, senior corporate leaders and governance experts, this Ceres report identifies key strategies for effective board engagement that can produce tangible environmental and social impacts. Specifically, the report recommends two inter-related approaches for weaving sustainability more deeply across board functions:Integrating sustainability into board governance systems, andIntegrating sustainability into board actions.By combining robust systems and meaningful actions, boards will have a far better chance of encouraging substantive performance improvements

Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

Evolving IT management frameworks towards a sustainable future

Information Technology (IT) Management Frameworks are a fundamental tool used by IT professionals to efficiently manage IT resources and are globally applied to IT service delivery and management. Sustainability is a recent notion that describes the need for economic, environmental and social development with- out compromising the ability of future generations to meet their own needs; this applies to businesses as well as society in general. Unfortunately, IT Management Frameworks do not take sustainability into account. To the practitioner this paper demonstrates sustainability integration thereby allowing CIOs and IT managers to improve the sustainability of their organisation. To the researcher this paper argues that sustainability concerns need to be provided to IT Management through its integration into the mainstream of IT Management Frameworks. This is demonstrated through the high-level integration of sustainability in Six Sigma, C OBI T, ITIL and PRINCE2