GORC - Governance, Risk, Compliance

Principle 1: Meeting Stakeholder Needs

Principle 2: Covering the Enterprise End-to-End

Principle 3: Applying a Single Integrated Framework

Principle 4: Enabling a Holistic Approach

Principle 5: Separating Governance and Management

1. Governance

2. Risk

3. Compliance

In der Mitte: Business Strategy

Plus Audit & Assurance

• Corporate Governance is an important input for defining IT Governance
• IT Governance must ensure that IT risks are effectively managed
• IT Governance requires senior business participation, especially at the board level

1. Achieve Business Objectives
2. Ensure Risk Aware Setting of Objectives & Strategic Planning
3. Enhance Organizational Culture
4. Increase Stakeholder Confidence
5. Prepare and Protect the Organization
6. Prevent, Detect, and Reduce Adversity & Weaknesses
7. Motivate and Inspire Desired Conduct
8. Stay Ahead of the Game
9. Improve Responsiveness and Efficiency
10. Optimize Economic Return and Values

1. Learn
2. Align
3. Perform
4. Review

1. Understand and prioritize stakeholder expectations
2. Set business objectives that are congruent with values and risks
3. Achieve objectives while optimizing the risk profile and protecting value
4. Operate within legal, contractual, internal, social, and ethical boundaries
5. Provide relevant, reliable, and timely information to stakeholders
6. Enable the measurement of a systems performance and effectiveness

1. Entscheidungen (Decisions&Accountability)

2. Integration

1. Structures: Organisationseinheiten, Rollen, um IT Entscheidungen zu tätigen. Gremien. Formale Festlegung von Rollen und Funktionen. Statisch, Aufbauorganisatorisch
2. Prozesse: dynamische Sicht. Formal Prozesse definieren.
3. Relational Mechanisms: Massnahmen, die dazu beitragen sollen, den Austausch zu fördern. Vertikale sowie horizontale Ausrichtung à Plattform / Rahmen schaffen