MODEL OF GOVERNANCE, RISK AND COMPLIANCE USING BUSINESS PROCESS MODELING
Following the scandal of Enron and the global financial crisis of 2008, demands for transparency and new regulations, such as the Sarbanes-Oxley (SOX), Basel and anti-money laundering laws, have made Governance, Risks and Compliance (GRC) a priority in organisations’ agenda. In this context, the objective of this dissertation is to present an integrated GRC model, using business process modeling that eases the planning of GRC implementation in organizations through the visualization of their processes and interactions. The research method used was the Design Science Research (DSR), which aims at creating knowledge from the design of artifacts. In this work the integrated GRC model materialized in a business process model. A bibliographic review was carried out to obtain models that used GRC, which served as a basis for the foundation of this work, as well as the creation of business process models for GRC and integrated GRC. The notation used for modeling was the Object Management Group’s (OMG) and the Business Process Model and Notation (BPMN). The models were developed separately in each one of the GRC domains and were validated comparing it with models proposed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the International Organization for Standardization (ISO), as suggested by DSR. Following, the models were integrated and a new validation was performed comparing the obtained integrated model to an integrated GRC maturity model, which was adapted for this purpose. The integrated GRC business process model obtained in this work allows a view of the GRC process as a whole, thus contributing to a better understanding of processes related to the integrated GRC and its inherent interdependencies to a multidisciplinary and complex process such as the integrated GRC.