{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,8]],"date-time":"2026-06-08T19:08:07Z","timestamp":1780945687034,"version":"3.54.1"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2015,6,23]],"date-time":"2015-06-23T00:00:00Z","timestamp":1435017600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1007\/s10796-015-9572-3","type":"journal-article","created":{"date-parts":[[2015,6,21]],"date-time":"2015-06-21T21:27:55Z","timestamp":1434922075000},"page":"1251-1263","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":38,"title":["Understanding governance, risk and compliance information systems (GRC IS): The experts view"],"prefix":"10.1007","volume":"18","author":[{"given":"Anastasia","family":"Papazafeiropoulou","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Konstantina","family":"Spanaki","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2015,6,23]]},"reference":[{"issue":"2","key":"9572_CR1","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1007\/s10796-009-9183-y","volume":"14","author":"S Ali","year":"2012","unstructured":"Ali, S., & Green, P. (2012). Effective information technology (IT) governance mechanisms: an IT outsourcing perspective. Information Systems Frontiers, 14(2), 179\u2013193.","journal-title":"Information Systems Frontiers"},{"key":"9572_CR2","doi-asserted-by":"crossref","first-page":"4405","DOI":"10.1109\/HICSS.2013.107","volume-title":"System Sciences (HICSS), 2013 46th Hawaii International Conference on","author":"PM Asprion","year":"2013","unstructured":"Asprion, P. M., & Knolmayer, G. F. (2013). Assimilation of compliance software in highly regulated industries: An empirical multitheoretical investigation. In System Sciences (HICSS), 2013 46th Hawaii International Conference on (pp. 4405\u20134414). New York: IEEE."},{"key":"9572_CR3","volume-title":"Thematic analysis: Coding as a process for transforming qualitative information","author":"RE Boyatzis","year":"1998","unstructured":"Boyatzis, R. E. (1998). Thematic analysis: Coding as a process for transforming qualitative information. Thousand Oaks: Sage Publications."},{"issue":"2","key":"9572_CR4","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1191\/1478088706qp063oa","volume":"3","author":"V Braun","year":"2006","unstructured":"Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77\u2013101.","journal-title":"Qualitative Research in Psychology"},{"issue":"2","key":"9572_CR5","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1007\/s10796-009-9197-5","volume":"14","author":"T Butler","year":"2012","unstructured":"Butler, T., & McGovern, D. (2012). A conceptual model and IS framework for the design and adoption of environmental compliance management systems. Information Systems Frontiers, 14(2), 221\u2013235.","journal-title":"Information Systems Frontiers"},{"issue":"1","key":"9572_CR6","first-page":"27","volume":"12","author":"RP Dameri","year":"2009","unstructured":"Dameri, R. P. (2009). Improving the benefits of IT compliance using enterprise management information systems. Electronic Journal Information Systems Evaluation Volume, 12(1), 27\u201338.","journal-title":"Electronic Journal Information Systems Evaluation Volume"},{"issue":"8","key":"9572_CR7","first-page":"20","volume":"90","author":"ML Frigo","year":"2009","unstructured":"Frigo, M. L., & Anderson, R. J. (2009). A strategic framework for governance, risk, and compliance. Strategic Finance, 90(8), 20\u201361.","journal-title":"Strategic Finance"},{"issue":"2","key":"9572_CR8","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1007\/s10796-009-9180-1","volume":"14","author":"GR Gangadharan","year":"2012","unstructured":"Gangadharan, G. R., D\u2019Andrea, V., De Paoli, S., & Weiss, M. (2012). Managing license compliance in free and open source software development. Information Systems Frontiers, 14(2), 143\u2013154.","journal-title":"Information Systems Frontiers"},{"key":"9572_CR9","first-page":"24","volume-title":"Proceedings of the 4th international conference on design science research in information systems and technology","author":"A Gericke","year":"2009","unstructured":"Gericke, A., Fill, H. G., Karagiannis, D., & Winter, R. (2009). Situational method engineering for governance, risk and compliance information systems. In Proceedings of the 4th international conference on design science research in information systems and technology (p. 24). New York: ACM."},{"key":"9572_CR10","unstructured":"Gill, S., & Purushottam, U. (2008). Integrated GRC-is your organization ready to move. Governance, risk and compliance. SETLabs Briefings, 37\u201346."},{"issue":"2","key":"9572_CR11","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1007\/s10796-009-9179-7","volume":"14","author":"J Hoffmann","year":"2012","unstructured":"Hoffmann, J., Weber, I. M., & Governatori, G. (2012). On compliance checking for clausal constraints in annotated process models. Information Systems Frontiers, 14(2), 155\u2013177.","journal-title":"Information Systems Frontiers"},{"key":"9572_CR12","doi-asserted-by":"crossref","first-page":"67","DOI":"10.2307\/249410","volume":"23","author":"HK Klein","year":"1999","unstructured":"Klein, H. K., & Myers, M. D. (1999). A set of principles for conducting and evaluating interpretive field studies in information systems. MIS Quarterly, 23, 67\u201393.","journal-title":"MIS Quarterly"},{"issue":"2","key":"9572_CR13","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1007\/s10796-009-9185-9","volume":"14","author":"LT Ly","year":"2012","unstructured":"Ly, L. T., Rinderle-Ma, S., Goeser, K., & Dadam, P. (2012). On enabling integrated process compliance with semantic constraints in process management systems. Information Systems Frontiers, 14(2), 195\u2013219.","journal-title":"Information Systems Frontiers"},{"key":"9572_CR14","volume-title":"Qualitative data analysis: an expanded sourcebook","author":"MB Miles","year":"1994","unstructured":"Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: an expanded sourcebook. Thousand Oaks: Sage."},{"issue":"4","key":"9572_CR15","doi-asserted-by":"crossref","first-page":"279","DOI":"10.1057\/palgrave.jdg.2050066","volume":"4","author":"SL Mitchell","year":"2007","unstructured":"Mitchell, S. L. (2007). GRC360: a framework to help organizations drive principled performance. International Journal of Disclosure and Governance, 4(4), 279\u2013296.","journal-title":"International Journal of Disclosure and Governance"},{"issue":"3","key":"9572_CR16","doi-asserted-by":"crossref","first-page":"182","DOI":"10.1080\/10580530.2013.794601","volume":"30","author":"J Mundy","year":"2013","unstructured":"Mundy, J., & Owen, C. A. (2013). The use of an ERP system to facilitate regulatory compliance. Information Systems Management, 30(3), 182\u2013197.","journal-title":"Information Systems Management"},{"key":"9572_CR17","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/CBI.2013.9","volume-title":"Business Informatics (CBI), 2013 I.E. 15th Conference on","author":"V Nissen","year":"2013","unstructured":"Nissen, V., & Marekfia, W. (2013). Towards a research agenda for strategic governance, risk and compliance (GRC) management. In Business Informatics (CBI), 2013 I.E. 15th Conference on (pp. 1\u20136). New York: IEEE."},{"issue":"02","key":"9572_CR18","doi-asserted-by":"crossref","first-page":"63","DOI":"10.4236\/jssm.2014.72007","volume":"7","author":"V Nissen","year":"2014","unstructured":"Nissen, V., & Marekfia, W. (2014). The development of a data-centred conceptual reference model for strategic GRC-management. Journal of Service Science and Management, 7(02), 63.","journal-title":"Journal of Service Science and Management"},{"key":"9572_CR19","unstructured":"OCEG (2007). Key findings report. The 2007 GRC strategy study. http:\/\/www.oceg.org . Accessed 14 Apr 2010."},{"key":"9572_CR20","unstructured":"Paulus, S. (2009). A GRC reference architecture. Kuppinger Cole overview report [Online]. http:\/\/www.kuppingercole.com\/report\/sp_overview_repo_grc_arch_051009 . Accessed 25 Nov 2012."},{"key":"9572_CR21","volume-title":"Driven performance: A New strategy for success through integrated governance, risk and compliance management. A white paper","author":"PricewaterhouseCoopers","year":"2004","unstructured":"PricewaterhouseCoopers. (2004). Driven performance: A New strategy for success through integrated governance, risk and compliance management. A white paper. Frankfurt: PricewaterhouseCoopers International Limited."},{"key":"9572_CR22","unstructured":"Racz, N., Panitz, J.C., Amberg, M., Weippl, E., & Seufert, A. (2010a). Governance, risk & compliance (GRC) status quo and software use: results from a survey among large enterprises. In ACIS 2010 Proceedings, Paper 21. http:\/\/aisel.aisnet.org\/acis2010\/21 . Accessed 7 May 2011."},{"key":"9572_CR23","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1007\/978-3-642-13241-4_11","volume-title":"Communications and multimedia security","author":"N Racz","year":"2010","unstructured":"Racz, N., Weippl, E., & Seufert, A. (2010b). A frame of reference for research of integrated governance, risk and compliance (GRC). In Communications and multimedia security (pp. 106\u2013117). Berlin: Springer Berlin Heidelberg."},{"key":"9572_CR24","unstructured":"Racz, N., Weippl, E., & Seufert, A. (2010c). A process model for integrated IT governance, risk, and compliance management. In J. Barzdins & M. Kirikova (Eds.), Databases and information systems. Proceedings of the ninth international Baltic conference, Baltic DB&IS 2010 (pp. 155\u2013170). Riga: University of Latvia Press."},{"key":"9572_CR25","unstructured":"Rasmussen, M. (2009). An enterprise GRC framework. Internal Auditor, 66(5), pp. 61,63,65."},{"key":"9572_CR26","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/s10796-011-9320-2","volume":"14","author":"S Sadiq","year":"2012","unstructured":"Sadiq, S., Muehlen, M., & Indulska, M. (2012). Governance, risk and compliance: applications in information systems (editorial). Information Systems Frontiers, 14, 123\u2013124.","journal-title":"Information Systems Frontiers"},{"issue":"2","key":"9572_CR27","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1007\/s10796-009-9223-7","volume":"14","author":"SV Scott","year":"2012","unstructured":"Scott, S. V., & Perry, N. (2012). The enactment of risk categories: the role of information systems in organizing and re-organizing risk management practices in the energy industry. Information Systems Frontiers, 14(2), 125\u2013141.","journal-title":"Information Systems Frontiers"},{"key":"9572_CR28","unstructured":"Spanaki, K., & Papazafeiropoulou, A. (2013). Analysing the governance, risk and compliance (GRC) implementation process: primary insights. Proceedings of the 21st European conference on information systems (ECIS). Utrecht, Netherlands"},{"issue":"4","key":"9572_CR29","doi-asserted-by":"crossref","first-page":"595","DOI":"10.1007\/s10796-010-9235-3","volume":"13","author":"S Strecker","year":"2011","unstructured":"Strecker, S., Heise, D., & Frank, U. (2011). RiskM: a multi-perspective modeling method for IT risk assessment. Information Systems Frontiers, 13(4), 595\u2013611.","journal-title":"Information Systems Frontiers"},{"key":"9572_CR30","unstructured":"Tapscott, D. (2006). Trust and competitive advantage: an integrated approach to governance, risk & compliance. New Paradigm Learning Corporation [Online] . http:\/\/204.154.71.138\/pdf\/Trustand-Competitive-Advantage.pdf. Accessed 25 Nov 2012."},{"key":"9572_CR31","doi-asserted-by":"crossref","unstructured":"Vicente, P., & da Silva, M. M. (2011). A conceptual model for integrated governance, risk and compliance. Advanced Information Systems Engineering, 6741, 199\u2013213.","DOI":"10.1007\/978-3-642-21640-4_16"},{"key":"9572_CR32","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1007\/978-3-642-24148-2_9","volume-title":"Governance and sustainability in information systems. Managing the transfer and diffusion of IT","author":"M Wiesche","year":"2011","unstructured":"Wiesche, M., Schermann, M., & Krcmar, H. (2011). Understanding the role of information technology for organizational control design: Risk control as new control mechanism. In Governance and sustainability in information systems. Managing the transfer and diffusion of IT (pp. 135\u2013152). Berlin: Springer Berlin Heidelberg."},{"key":"9572_CR33","first-page":"382","volume-title":"Proceedings of the 2013 15th International Conference on Advanced Communication Technology (ICACT)","author":"YR Yu","year":"2013","unstructured":"Yu, Y. R., Seo, S. C., & Kim, B. K. (2013). IT GRC-based IT internal control framework. In Proceedings of the 2013 15th International Conference on Advanced Communication Technology (ICACT) (pp. 382\u2013385). New York: IEEE."}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-015-9572-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10796-015-9572-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-015-9572-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-015-9572-3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,3,26]],"date-time":"2019-03-26T18:53:31Z","timestamp":1553626411000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10796-015-9572-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,6,23]]},"references-count":33,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2016,12]]}},"alternative-id":["9572"],"URL":"https:\/\/doi.org\/10.1007\/s10796-015-9572-3","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,6,23]]}}}