Category of requirement | Relevant information objects | Derived relation |
Strategic orientation | Strategy, Goal, Guideline, Control, Key Performance Indicator, Stakeholder | (B1) Control objectives are adjusted to the goals. |
(B2) Business processes support goals being measured by key performance indicators. | ||
(B3) Strategy and goals are oriented on stakeholders. | ||
Integration | Control Objective, Risk, GRC Requirement, Key Performance Indicator, Assessment, Business Process, Control | (B4) Control objectives result from risks and GRC requirements. |
(B5) Assessments measure through performance indicators conformance and performance of business processes. | ||
(B6) Controls are realised during core business processes (operative integration). | ||
Business process orientation | Control, Business Process, Implementation Logic, Role | (B7) Controls are implemented into business processes and with the help of an implementation logic are automated within the business process. |
(B8) The responsible role (ownership) is determined by business processes. | ||
Management systems | Assessment, Key Performance Indicator, Business Process | (B9) Business processes are controlled by assessments and through key performance indicators with view to GRC. |
Automation | Control, Business Process, IT Component, Implementation Logic | (B10) IT components are directly affected by controls. |
(B11) Controls are automated by an implementation logic. | ||
Flexibilisation | All, especially Business Process, IT component, GRC Requirement, Risk | (B12) A direct relation between IT components and risks is necessary to make a control of the risks during IT-related adjustments possible. |
Human factors | Control, Business Process, Role | (B13) Controls have a direct relation to the information object “role”. |