Abstract
The relationship between Information Technology (IT) Governance, Risk Management and Compliance (GRC) and organisation business values continues to interest academics and practitioners (IT Governance Institute, 2003). Like governance, risk management and compliance generally, IT GRC is about the decision rights and accountabilities that encourage desirable behaviour in the use of IT (IT Governance Institute, 2003). A case study approach was used in an organisation with many business units. The organisation selected is a mining company, RioZim, situated in Zimbabwe. Data was collected from business units on IT issues and business values. The interviews centred on the IT GRC practices based on responsibility and authority for IT decision making. The results suggest that IT GRC does not adequately support business values. The study revealed that business values should drive IT GRC and IT GRC should be the responsibility of executives and all business units.
Highlights
Background to the studyCorporate executives and boards of directors look at information technology (IT) as they would any other business unit, and they expect the same level of efficiency, reliability and economic return from IT as they do from other parts of their organisations
The resulting IT complexity drives up redundancy and cost, but is detrimental to the organisation’s competitive advantage
The case study approach was found to be more appropriate for the study of a single organisation with many business units
Summary
Background to the studyCorporate executives and boards of directors look at IT as they would any other business unit, and they expect the same level of efficiency, reliability and economic return from IT as they do from other parts of their organisations. IT is a broad subject concerned with technology and other aspects of managing and processing information, especially in large organisations. Silk (1991) classifies the generic IT impact, which he refers to as “benefit classes”. These classes are efficiency, effectiveness and competitive advantage. A strategic advantage impact can be detected where IT has changed some aspect of what a business does, by improving that business. This results in growth, defined as an increase in revenue, throughput or profit or whatever the relevant indicator is for the given organisation
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call