Using information technology governance, risk management and compliance (GRC) as a creator of business values - A case study

Jokonya O.; Lubbe S.

UnisaIR Home
→
Unisa Research Output
→
Work in progress
→
Scopus
→
View Item

dc.contributor.author	Jokonya O.	en
dc.contributor.author	Lubbe S.	en
dc.date.accessioned	2012-11-01T16:31:22Z
dc.date.available	2012-11-01T16:31:22Z
dc.date.issued	2009	en
dc.identifier.citation	South African Journal of Economic and Management Sciences	en
dc.identifier.citation	12	en
dc.identifier.citation	1	en
dc.identifier.issn	10158812	en
dc.identifier.uri	http://hdl.handle.net/10500/7119
dc.description.abstract	The relationship between information technology (IT) governance, risk management and compliance (GRC) and organisation business values continues to interest academics and practitioners (IT Governance Institute, 2003). Like governance, risk management and compliance generally, IT GRC is about the decision rights and accountabilities that encourage desirable behaviour in the use of IT (IT Governance Institute, 2003). A case study approach was used in an organisation with many business units. The organisation selected is a mining company, RioZim, situated in Zimbabwe. Data was collected from business units on IT issues and business values. The interviews centred on the IT GRC practices based on responsibility and authority for IT decision-making. The results suggest that IT GRC does not adequately support business values. The study revealed that business values should drive IT GRC and IT GRC should be the responsibility of executives and all business units.	en
dc.language.iso	en	en
dc.title	Using information technology governance, risk management and compliance (GRC) as a creator of business values - A case study	en
dc.type	Article	en