commonly run under the label of Governance, Risk Management, and Compliance (GRC IS). We apply a grounded theory approach to … Management, and Compliance information systems and establishes a potentially fruitful research agenda for GRC IS as a highly …