Wentz’s Governance Model is a generic governance model derived from the concept of GRC (Governance, Risk Management, and Compliance). It highlights the philosophy of governance for values and introduces seven risk-aware governance practices reorganized per the definition of governance by the IT Governance Institute.
Sound governance achieves the ultimate goals of creating and delivering values while considers risk and compliance. That relies on three crucial factors: risk-aware governance practices, well-crafted strategy and well-structured organization, which can be examined from the perspectives of the static organizational structure and dynamic organizational processes and the holistic view of enterprise architecture.
The seven risk-aware governance practices derived from the definition of governance by the IT Governance Institute and the discipline of GRC are listed as follows:
- Institute the organization to support the mission
- Communicate the vision to guide the strategic direction for value delivery
- Derive goals and intended outcomes to align strategies
- Allocate and optimize resources to maximize values
- Measure and monitor performance to achieve objectives
- Manage risks to respond to changes and ensure success
- Behave responsibly to maintain integrity and compliance
They can be mapped into the following diagram: