A critical evaluation of the importance of a governance, risk and compliance software in the GRC process
Thesis (MBA)--Stellenbosch University, 2012.
Governance Risk and Compliance (GRC) software applications are designed to facilitate the GRC process. GRC software inherently faces the same implementation challenges as any other Enterprise Resource Planning (ERP) software. The design and usability of GRC software contribute substantially to how much value is added to the GRC process and as GRC is still in its infancy; it is likely to keep evolving as this process matures. Due to the inconstant nature of the GRC process, GRC software applications require a large amount of customisation to meet the special requirements of each organisation. The objective of this research was to establish the extent to which GRC software applications add value to the GRC process. The researcher also tried to establish whether organisations, that are currently using GRC software applications, gain more value from the GRC process than before they implemented GRC software applications. He conducted the research by presenting research questions, in the form of a questionnaire, to the risk executives of three Western Cape companies. The author of this research paper collected the responses from each company by conducting one-on-one interviews with each of the executives concerned and then reviewed and analysed the interview results of each company. Finally, the author completed a cross case analysis, by comparing GRC software application dimensions and characteristic ratings across the three companies concerned. The research indicated that there is not a great difference in importance between the five GRC design dimensions because they all received high performance ratings. There were some differences, however, in the perceived performance of each dimension, when analysing the dimension characteristics ratings. The research showed that the greatest benefit, of the use of GRC software applications, is the ability to add structure and consistency to the GRC process.