ICT Governance, Risks and Compliance - A Systematic Quasi-review

Claudio Junior Nascimento da Silva, Denise Xavier Fortes, Rogério Patrício Chagas do Nascimento


The present study aims to conduct a quasi-systematic review in a structured way to identify, evaluate and summarize the main evidence on Governance, Risk Management and Compliance in the area of Information Technology and Communication (ICT) of companies. The objective is to analyze the existing methods and / or techniques, characterizing their application in an ICT environment so as to enable the reader to be assisted through a secondary study. Thus, a research question was adopted to guide the quasi-systematic review that conducted an initial study of 47 articles, among which 18 were selected for the construction of this work through a selection that included ICT Governance, Risk Management and Compliance.


  1. Basili, V.R.; Weiss, D.M. A Methodology for Collecting Valid Software Engineering Data. 1983.
  2. Becker, C. Et Al. Control Objectives for DP: Digital preservation. 48. 2011.
  3. Gregory, A. Data governance Protecting and unleashing the value of your customer data assets: Stage 1: Understanding data governance and your current data management capability. Data and Digital Marketing Practice. 12 (3); pp. 230-248. 2011.
  4. ITG Institute. (2003). Board Briefing on IT Governance. Rolling Meadows, IL 60008 USA: ITGI.
  5. Kitchenham, B. Procedures for Performing Systematic Reviews, 2004.
  6. Kitchenham, B.; Mendes, E.; Travasso, G. Protocol for Systematic Review of Within - and Cross - Company Estimation Models 1. 2007.
  7. Krey, M. Significance and Current Status of Integrated IT GRC in Health Care: An Explorative Study in Swiss Hospitals. System Sciences (HICSS), 2015 48th Hawaii International Conference on, Kauai, HI, 2015, pp. 3002-3012. 2015a.
  8. Krey, M. Next word prediction for phonetic typing by grouping language models. 2016 2nd International Conference on Information Management (ICIM), London, 2016, pp. 121-126. 2016b.
  9. Krey. M. Et Al. IT governance and its spread in Swiss hospitals. Part of the IADIS Multi Conference on Computer Sci. MCCSIS 2010. pp. 52-60. 2010a.
  10. Krey M. Et Al. Approach to the Evaluation of a Method for the Adoption of Information Technology Governance, Risk Management and Compliance in the Swiss Hospital Environment. System Science (HICSS), 2012 45th Hawaii International Conference on, Maui, HI, 2012, pp. 2810-2819. 2012b.
  11. Kul, A. Regulatory compliance to ensure information security: Financial supervision perspective. ECIW 2011; pp. 298-306.2011.
  12. Mafra, S.N. Protocolo de Revisão Sistemática. Grupo de Engenharia de Software Experimental, Programa de Engenharia de Sistemas e Computação (COPPER/UFRJ), 2005a.
  13. Mafra, S.N.; Travassos, G.H. Técnicas de Leitura de Software: Uma Revisão Sistemática. 2007b.
  14. Maidin, S.S.; Arshad, N.H. Information Technology Governance Practices in Malaysian Public Sector. In 2010 International Conference on Financial Theory and Engineering (pp. 281-285). Dubai, UAE, 2010.
  15. Papazafeiropoulou, A.; Spanaki, K. Understanding governance, risk and compliance information systems (GRC IS): The experts view. Information Systems Frontiers, 1-13, 2015.
  16. Patrick, C. “Embrace This Acronym: IT GRC. It Could Save Banks a Bundle. U.S. Banker. Nov2007, Vol. 117 Issue 11, p62. 2007.
  17. Puspasari, D. Et Al. Designing a tool for IT Governance Risk Compliance: A case study. Advanced Computer Science and Information System (ICACSIS), 2011 International Conference on, Jakarta, 2011, pp. 311- 316.
  18. Racz, N.; Weippl E.R.; Seufert A. A process model for integrated IT governance, risk, and compliance management. In Proceedings of the 9ª Conference on Databases and Information Systems, 2010.
  19. Racz, N.; Weippl, E.R.; Bonazzi, R. IT Governance Risk & Compliance (GRC) Status Quo and Integration: An Explorative Industry Case Study. SERVICES 2011, pp. 429-436, July 4-9, 2011.
  20. Rubino, M.; Vitolla, F. Internal control over financial reporting: opportunities using the COBIT framework. Managerial Auditing Journal. Vol. 29 Iss: 8; pp.736 - 771. 2014.
  21. Saha P. Et Al. Ontology Based Modeling for Information Security Management. Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on, Sydney, NSW, 2011, pp. 73-80.
  22. Spies, M. "A Software Assurance Evidence Approach to Cloud Security," 2011 22nd International Workshop on Database and Expert Systems Applications, Toulouse, 2011, pp. 39-43.
  23. Solingen, R.V. Et Al. Goal question metric (gqm) approach Encycl. Softw. Eng., 2002.
  24. Tan, K.S.; Eze, U.C.; Teo W.L. Information technology governance in the Malaysian electronics manufacturing industry. 1-2; pp. 587-593. 2008.
  25. Tang, Z; Meng, J.; Wu, Y. The core components and conceptual framework of IT governance based on quantitative content analysis. pp. 196-204.2012.
  26. Vicente, P.; Silva M.M. "A Business Viewpoint for Integrated IT Governance, Risk and Compliance," 2011 IEEE World Congress on Services, Washington, DC, 2011, pp. 422-428.
  27. Vukovic, D.; Fertalj. F. Information system quality assurance in finances building the quality assurance into information system architecture. ICSOFT 2008 - Proceedings of the 3rd Intern; ISDM (ABF/-); pp. 355- 360. 2008.
  28. Wiesche, M.; Schermann, M.; Krcmar, H. When IT Risk Management Produces More Harm than Good: The Phenomenon of 'Mock Bureaucracy'. System Sciences (HICSS), 2013 46th Hawaii International Conference on, Wailea, HI, USA, 2013, pp. 4502-4511.

Paper Citation

in Harvard Style

Junior Nascimento da Silva C., Xavier Fortes D. and Chagas do Nascimento R. (2017). ICT Governance, Risks and Compliance - A Systematic Quasi-review . In Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-758-249-3, pages 417-424. DOI: 10.5220/0006317804170424

in Bibtex Style

author={Claudio Junior Nascimento da Silva and Denise Xavier Fortes and Rogério Patrício Chagas do Nascimento},
title={ICT Governance, Risks and Compliance - A Systematic Quasi-review},
booktitle={Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 3: ICEIS,},

in EndNote Style

JO - Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - ICT Governance, Risks and Compliance - A Systematic Quasi-review
SN - 978-989-758-249-3
AU - Junior Nascimento da Silva C.
AU - Xavier Fortes D.
AU - Chagas do Nascimento R.
PY - 2017
SP - 417
EP - 424
DO - 10.5220/0006317804170424