Complex Systems Informatics and Modeling Quarterly

Enterprise Governance, Risk and Compliance (GRC) systems are key to managing risks threatening modern enterprises from many different angles. Key constituent to GRC systems is the definition of Controls that are implemented on the different layers of an Enterprise Architecture (EA). Controls become part of a “Concern” of the EA, which allows to use an EA viewpoint to cover Control compliance assessments. In this article we explore this relationship further, derive a metamodel linking Control and EA, and elicit how this linkage give rise to a hierarchic understanding of the viewpoint concept for EAs. We complement these considerations with an expository instantiation in a cockpit for Control compliance applied in an international enterprise in the insurance industry.