Governance, risk, compliance and controlling: Institutional, cultural and instrumental interdependencies from a German perspective

Download This Article

This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

This study analyzes interdependencies among governance, risk, compliance, and controlling (GRC²) functions in German companies, assessing cultural, institutional, and instrumental factors. Through an empirical survey of 247 companies conducted in late 2021, the study investigates the positioning of risk management, especially in relation to compliance and controlling. The results provide insights into how the maturity of risk management and cultural openness to risk affect the integration of governance, risk, and compliance (GRC) practices, supporting a decision-oriented approach to risk governance. These findings are critical for enhancing GRC² frameworks in firms aiming to optimize decision-making under risk.

Keywords: Risk Management, Compliance, Governance, Controlling, GRC, Business Decisions, Empirical Study

Authors’ individual contribution: Conceptualization — W.G.; Methodology — P.U.; Formal Analysis — W.G.; Investigation — P.U.; Data Curation — P.U.; Writing — Original Draft — P.U.; Writing — Review & Editing — W.G.; Visualization — W.G. and P.U.; Supervision — W.G.; Project Administration — P.U.

Declaration of conflicting interests: The Authors declare that there is no conflict of interest.

JEL Classification: G32, M14, M48

Received: 14.05.2024
Revised: 26.12.2024; 18.04.2025
Accepted: 08.05.2025
Published online: 12.05.2025

How to cite this paper: Gleißner, W., & Ulrich, P. (2025). Governance, risk, compliance and controlling: Institutional, cultural and instrumental interdependencies from a German perspective. Corporate Ownership & Control, 22(2), 41–52. https://doi.org/10.22495/cocv22i2art4