Model of governance, risk and compliance using modeling of business processes - Ietec

Model of governance, risk and compliance using modeling of business processes

Daniel Massiére Birchal

Following the scandal of Enron and the global financial crisis of 2008, demands for transparency and new regulations, such as the Sarbanes-Oxley (SOX), Basel and anti-money laundering laws, have made Governance, Risks and Compliance (GRC) a priority in organisations’ agenda. In this context, the objective of this dissertation is to present an integrated GRC model, using business process modeling that eases the planning of GRC implementation in organizations through the visualization of their processes and interactions. The research method used was the Design Science Research (DSR), which aims at creating knowledge from the design of artifacts. In this work the integrated GRC model materialized in a business process model. A bibliographic review was carried out to obtain models that used GRC, which served as a basis for the foundation of this work, as well as the creation of business process models for GRC and integrated GRC. The notation used for modeling was the Object Management Group’s (OMG) and the Business Process Model and Notation (BPMN). The models were developed separately in each one of the GRC domains and were validated comparing it with models proposed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the International Organization for Standardization (ISO), as suggested by DSR. Following, the models were integrated and a new validation was performed comparing the obtained integrated model to an integrated GRC maturity model, which was adapted for this purpose. The integrated GRC business process model obtained in this work allows a view of the GRC process as a whole, thus contributing to a better understanding of processes related to the integrated GRC and its inherent interdependencies to a multidisciplinary and complex process such as the integrated GRC.

Keywords: GRC, Integrated GRC, Business Process Model, BPMN.

Baixar dissertação completa

Data: 07/12/2018

Banca avaliadora: Prof. Dr. Fernando Hadad Zaidan - Ietec (Orientador), Prof. Dr. José Luis Braga - Ietec , Prof. Dr Edson Marchetti da Silva - CEFET MG

I would like to thank Prof. Dr. Fernando Hadad Zaidan for his supervision, teachings, dedication, and friendship and for having identified my potential and invited me to engage in this outstanding master program. Prof. Dr. José Luís Braga also helped me immensily with his teachings, his supervision, support, dedication, professionalism and objectivity. Mr. Ronaldo Gusmão and the IETEC College deserve a special mention for their support to the Brazilian technological development, granting scholarships, such as the one that made this research feasible