Information Object | Synonym Terms (As Used in Literature) | Secondary Terms | No |
Control | Control Practices (1), Internal Control(s) (2, 5), Rule (4, 18), Procedures (5), Business Rule (11), Control (12, 19), Business Rule (20) | Risk Treatment Measure (3), Operational Business Rule (11), Declarative Business Rule (11), Company Level Control (12), IT Control (12), Application Control (12) | 14 |
Role | Responsibility and Accountability Chart (1), Person Profile (3), Organisational Unit (3), Functional Entity (3), Actor (4), Business Function (6), Agent (11, 13), Authority (13), Organisational Chart (16), Responsible (18) | N/A | 12 |
Business Process | Process (2), Process Model (6) | IT Processes (1), Key Activities (1), Task (2), Enterprise Activity (3), Process Structure (3), Activity (4, 6, 13), Process Fragment (6), Process Construct (6), Operation (11) | 12 |
Control Objective | Requirement (4, 18, 19), Rule Goal (7), Measures & Directives (16), Directive (20) | Application Control Strategy (13, 14) | 11 |
Guideline | Policy(ies) (4, 6, 11, 17), Standard Operating Procedure (18), Business Policy (20) | Meta-Policy (6) | 7 |
Risk | Risk (2, 3, 4, 11, 12) | Event (3), Vulnerabilities (15), Threats (15, 19) | 7 |
GRC Requirement | Source (4), Regulation (5, 6, 20), Authority (11), Laws and Regulations (17, 18) | N/A | 7 |
Resource | Asset (3, 19), Enterprise Object (3), Business Subject (Sub-subject) (4), Subject (6) | Product Group (18) | 5 |
Goal | Objective (3, 20), Desired Result (20) | Business Goals (1), IT Goals (1) | 5 |
Application Area | Domain (3), Jurisdiction (6), Scope (6, 7), Scope (14) | Control Domain (21) | 5 |
Documentation | Business Protocol (8), Business Document (13), Document Model (16) | N/A | 5 |
Assessment | Audit (17) | Control Outcome Tests (1), Control Design Tests (1), Risk Assessment (12) | 4 |
IT Component | IT Applications/IT Infrastructure (15, 21), IT-Architecture Model (16), Database Model (16), IT-System (17) | Packaged Service (21) | 4 |
KPI | Performance Indicator(s) (1, 3) | Risk Indicator (3) | 3 |
Stakeholder | Stakeholder (3, 18) | Indirect Stakeholder (18) | 2 |
Strategy | Strategy Model (16) | N/A | 2 |
Maturity Level | Maturity Model (1, 16) | N/A | 2 |
Framework | Compliance Framework (21) | N/A | 2 |
Performance | N/A | N/A | 2 |
Monitor | N/A | N/A | 2 |
Violation | N/A | Security Breach (19) | 2 |
Implementation Logic | Rule Logic (7) | N/A | 1 |