IT governance, IT risk management and IT compliance are individual elements run by organizations. However, most organizations no longer consider them as independent, one-time projects carried out by different people under the IT structure. Studies on different projects conducted in various organizations reveal a large number of convergences, common aspects and interrelations in these areas.
IT-GRC (Information Technologies Governance, Risk and Compliance) refers to IT Governance, risk and compliance activities at organizations. Successful IT-GRC efforts compel an integrated approach to IT Governance.
An Integrated Approach to IT provides the following:
By addressing the IT governance under a unified roof, organizations centrally manage efforts to achieve compliance with standards such as COBIT, ITIL, ISO 20000, ISO 27001, ISO 22301, and BS 25777.
Key words: GRC, IT-GRC, IT Governance, governance, risk management