| Category of requirement | Relevant information objects | Derived relation |
| Strategic orientation | Strategy, Goal, Guideline, Control, Key Performance Indicator, Stakeholder | (B1) Control objectives are adjusted to the goals. |
| (B2) Business processes support goals being measured by key performance indicators. | ||
| (B3) Strategy and goals are oriented on stakeholders. | ||
| Integration | Control Objective, Risk, GRC Requirement, Key Performance Indicator, Assessment, Business Process, Control | (B4) Control objectives result from risks and GRC requirements. |
| (B5) Assessments measure through performance indicators conformance and performance of business processes. | ||
| (B6) Controls are realised during core business processes (operative integration). | ||
| Business process orientation | Control, Business Process, Implementation Logic, Role | (B7) Controls are implemented into business processes and with the help of an implementation logic are automated within the business process. |
| (B8) The responsible role (ownership) is determined by business processes. | ||
| Management systems | Assessment, Key Performance Indicator, Business Process | (B9) Business processes are controlled by assessments and through key performance indicators with view to GRC. |
| Automation | Control, Business Process, IT Component, Implementation Logic | (B10) IT components are directly affected by controls. |
| (B11) Controls are automated by an implementation logic. | ||
| Flexibilisation | All, especially Business Process, IT component, GRC Requirement, Risk | (B12) A direct relation between IT components and risks is necessary to make a control of the risks during IT-related adjustments possible. |
| Human factors | Control, Business Process, Role | (B13) Controls have a direct relation to the information object “role”. |