Using information technology governance, risk management and compliance (GRC) as a creator of business values – a case study

Sam Lubbe; Osden Jokonya

doi:10.4102/sajems.v12i1.264

Original Research

Using information technology governance, risk management and compliance (GRC) as a creator of business values – a case study

Sam Lubbe, Osden Jokonya

About the author(s)

Sam Lubbe,
Osden Jokonya, University of South Africa

Full Text:

PDF (240KB)

Abstract

The relationship between Information Technology (IT) Governance, Risk Management and Compliance (GRC) and organisation business values continues to interest academics and practitioners (IT Governance Institute, 2003). Like governance, risk management and compliance generally, IT GRC is about the decision rights and accountabilities that encourage desirable behaviour in the use of IT (IT Governance Institute, 2003). A case study approach was used in an organisation with many business units. The organisation selected is a mining company, RioZim, situated in Zimbabwe. Data was collected from business units on IT issues and business values. The interviews centred on the IT GRC practices based on responsibility and authority for IT decision making. The results suggest that IT GRC does not adequately support business values. The study revealed that business values should drive IT GRC and IT GRC should be the responsibility of executives and all business units.

Keywords

No related keywords in the metadata.

Metrics

Total abstract views: 5388
Total article views: 4012

Crossref Citations

1. IT governance matter: A structured literature review
Nariman Osama Kandil, Ehab Kamel Abou-Elkheir, Amr M. Kotb
Corporate Ownership and Control vol: 20 issue: 3, special issue first page: 408 year: 2023
doi: 10.22495/cocv20i3siart14

2. Information security failures identified and measured – ISO/IEC 27001:2013 controls ranked based on GDPR penalty case analysis
M. Suorsa, P. Helo
Information Security Journal: A Global Perspective vol: 33 issue: 3 first page: 285 year: 2024
doi: 10.1080/19393555.2023.2270984

3. The paradox of IT governance: Enhancing or suppressing corporate risk-taking?
Nadia Anridho, Sahrian Aditya Rahmatulloh, Alfa Rahmiati, Anna Retnawati, Dicky Andriyanto
Asian Review of Accounting first page: 1 year: 2025
doi: 10.1108/ARA-02-2025-0058

4. Cybersecurity Risks and Defense for a European Energy Retail Business: A Case Study Using FMEA and Bowtie Incident Analysis
Mikko Suorsa, P. Helo
Information Security Journal: A Global Perspective first page: 1 year: 2025
doi: 10.1080/19393555.2025.2489421

African Online Scientific Information Systems (Pty) Ltd t/a AOSIS
Reg No: 2002/002017/07
International Tel: +27 21 975 2602
5 Hafele Street, Durbanville, Cape Town, 7550, South Africa
publishing(AT)aosis.co.za replace (AT) with @

All articles published in this journal are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license, unless otherwise stated.
Website design & content: ©2026 AOSIS (Pty) Ltd. All rights reserved. No unauthorised duplication allowed.
By continuing to use this website, you agree to our Privacy Policy, Terms of Use and Security Policy.

________

Subscribe to our newsletter

Get specific, domain-collection newsletters detailing the latest CPD courses, scholarly research and call-for-papers in your field.

South African Journal of Economic and Management Sciences | ISSN: 1015-8812 (PRINT) | ISSN: 2222-3436 (ONLINE)