IT governance, IT risk management and IT compliance are individual elements run by organizations. However, most organizations no longer consider them as independent, one-time projects carried out by different people under the IT structure. Studies on different projects conducted in various organizations reveal a large number of convergences, common aspects and interrelations in these areas.

IT-GRC (Information Technologies Governance, Risk and Compliance) refers to IT Governance, risk and compliance activities at organizations. Successful IT-GRC efforts compel an integrated approach to IT Governance.

An Integrated Approach to IT provides the following:

  • Consistently efficient results from risk management, compliance approach and related activities
  • A holistic outlook about the IT environment
  • Clear description of responsibilities

By addressing the IT governance under a unified roof, organizations centrally manage efforts to achieve compliance with standards such as COBIT, ITIL, ISO 20000, ISO 27001, ISO 22301, and BS 25777.

This allows;

  • Getting the joint efforts in relevant projects done right and so as to fulfill all requirements at the first time,
  • Related documentation to be developed in accordance with all requirements,
  • Coordination of efforts between IT units, along with productive operation of the units.

Key words: GRC, IT-GRC, IT Governance, governance, risk management