Academic Conferences and Publishing International Limited
Abstract
IT GRC is an approach that addresses not only the establishment of business rules, but, more importantly, how those rules are put forth into effective organisational structures and embedded into day-to-day business processes while considering organisation’s unique cultures, subcultures, and groups, which can possess their own attitudes and patterns of behaviour. This paper proposes a novel assessment model for the management of IT GRC with respect to closely-meshed organisational and social structures within enterprises and among their stakeholders. The assessment model contributes effectively to those rules are adopted into sensible organisational structures and embedded into day-to-day the planning and implementation of IT GRC initiatives by taking timely steps against the resistance of stakeholders toward change. The model user is provided with a loose enough approach to utilise individual strategies in dealing with established management and diverse behavioural styles. In order to make a profound statement about the value proposition of the new model and its related concepts, a case study from the Swiss hospital environment is presented
