Multiple-perspective Visual Analytics for GRC Platforms

Vagner F. de Santana, David Byman, Nathaniel Mills, Beatriz S. Ribeiro, Rogério de Paula


GRC (Governance, Risk, and Compliance) data is voluminous and highly interrelated, yet sparsely populated. This fact represents one of the biggest challenges when creating visualizations for such datasets: the data does not align well in a tabular structure typically used to populate displays and reports. GRC Platforms provide reporting capabilities and data visualization techniques to summarize data, yet most common GRC visualizations are restricted to certain inflexible perspectives, e.g., Risk Matrix. This work presents a Visual Analytics system that provides multiple visual perspectives over GRC data. The evaluation of the system involved four GRC specialists. The results show that the multiple perspectives approach supports the summarization of different portions of the GRC data, especially regarding business process and business entity taxonomies, and risk/control relationships. The results provide useful insights for specialists working to explore and summarize GRC data and to integrate Visual Analytics Systems with GRC platforms. In addition, the multiple-perspective approach presented could also be applied in systems sharing the same data structure GRP Platforms use.


  1. BWise, 2015,
  2. Compliance 360, 2012.
  3. D3 - Data Driven Documents. 2016.
  4. IBM Open Pages, 2015. software/products/en/openpages-grc-platform/
  5. jQuery.js, 2016.
  6. Lewis, C. and Mack, R. 1982. Learning to use a text processing system: Evidence from “thinking aloud” proto- cols. In Proceedings of the 1982 Conference on Human Factors in Computing Systems (CHI 7882). ACM, New York, NY, USA, 387-392.
  7. MetricStream Enterprise GRC, 2015. www.metricstream .com/industries/banking/enterprise-grc-solutions.htm.
  8. N. Y. Times. 2015. Former Petrobras Executive Held in Brazil Corruption Probe. online/2015/01/14/world/americas/ap-lt-brazil-petrobr as.html?_r=0.
  9. OneSumX GRC, 2015. onesumx/risk/GRC.aspx.
  10. Pernice, K. and Nielsen, J. 2009. How to Conduct Eyetracking Studies. NNGroup.
  11. RequireJS - A module loader. 2016.
  12. RSA Archer GRC Platform, 2015. rity/rsa-archer-governance-risk-compliance/rsa-archerplatform.htm.
  13. Rubin, J. 1994. Handbook of usability testing: how to plan, design, and conduct effective tests. John Wiley & Sons.
  14. SAP GRC, 2015a.
  15. SAS GRC, 2015b. software/ risk-management/enterprise-grc.html.
  16. Shneiderman, B. 1996. The eyes have it: A task by data type taxonomy for information visualizations. In Visual Languages, 1996. Proceedings, IEEE Symposium on (pp. 336-343). IEEE.
  17. Stasko, J. and Zhang, E. 2000. Focus+Context Display and Navigation Techniques for Enhancing Radial, SpaceFilling Hierarchy Visualizations Proceedings of the IEEE Symposium on Information Vizualization.
  18. Tarantino, A. 2008. Governance, Risk, and Compliance Handbook. John Wiley & Sons.
  19. The Eye Tribe Eye Tracker. 2016.

Paper Citation

in Harvard Style

Santana V., Byman D., Mills N., Ribeiro B. and Paula R. (2017). Multiple-perspective Visual Analytics for GRC Platforms . In Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-758-249-3, pages 41-52. DOI: 10.5220/0006285900410052

in Bibtex Style

author={Vagner F. de Santana and David Byman and Nathaniel Mills and Beatriz S. Ribeiro and Rogério de Paula},
title={Multiple-perspective Visual Analytics for GRC Platforms},
booktitle={Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 3: ICEIS,},

in EndNote Style

JO - Proceedings of the 19th International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - Multiple-perspective Visual Analytics for GRC Platforms
SN - 978-989-758-249-3
AU - Santana V.
AU - Byman D.
AU - Mills N.
AU - Ribeiro B.
AU - Paula R.
PY - 2017
SP - 41
EP - 52
DO - 10.5220/0006285900410052