Loughborough University

File(s) under permanent embargo

Reason: This item is currently closed access.

Analysing the governance, risk and compliance (GRC) implementation process: primary insights

conference contribution
posted on 2017-11-07, 09:02 authored by Konstantina Spanaki, Anastasia Papazafeiropoulou
Governance, Risk and Compliance (GRC) as an integrated concept has gained great interest recently among researchers in the Information Systems (IS) field. The need for more effective and efficient business processes in the area of financial controls drives enterprises to successfully implement GRC systems as an overall goal when they are striving for enterprise value of their integrated systems. The GRC implementation process is a significant parameter influencing the success of operational performance and financial governance and supports the practices for competitive advantage within the organisations. However, GRC literature is limited regarding the analysis of their implementation and adoption success. Therefore, there is a need for further research and contribution in the area of GRC systems and more specifically their implementation process. The research at hand recognizes GRC as a fundamental business requirement and focuses on the need to analyse the implementation process of such enterprise solutions. The research includes theoretical and empirical investigation of the GRC implementation within an enterprise and develops a framework for the analysis of the GRC adoption. The approach suggests that the three success factors (integration, optimisation, information) influence the adoption of the GRC and more specifically their implementation process. The proposed framework followed a case study approach to confirm its functionality and is evaluated through interviews with stakeholders involved in GRC implementations. Furthermore, it can be used by the organisations when considering the adoption of GRC solutions and can also suggest a tool for researchers to analyse and explain further the GRC implementation process.



  • Business and Economics


  • Business

Published in

21st European Conference on Information Systems (ECIS)


SPANAKI, K. and PAPAZAFEIROPOULOU, A., 2013. Analysing the governance, risk and compliance (GRC) implementation process: primary insights. IN: Proceedings of 2013 21st European Conference on Information Systems (ECIS), Utrecht, Netherlands, 6-8 June 2013.


  • VoR (Version of Record)

Publisher statement

This work is made available according to the conditions of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) licence. Full details of this licence are available at: https://creativecommons.org/licenses/by-nc-nd/4.0/

Publication date



  • en


Utrecht, the Netherlands

Usage metrics

    Loughborough Publications


    Ref. manager