In this course you will dive into the fast-evolving world of digital governance, where technology meets responsibility. Whether you’re passionate about digital transformation, AI ethics, cybersecurity, or organizational strategy, this course provides the foundations to leverage your impact.

Why it matters?

In today’s information society, organizations live and breathe data. This course empowers you to be the strategist behind responsible tech use —balancing innovation with accountability. 

These topics you will explore: 

- The essentials of Governance, Risk, and Compliance (GRC) in the digital age

- How global initiatives like the EU AI Act are reshaping tech regulation

- Real-world frameworks for risk assessment, auditing, and compliance

What you will do in the course:

- Interactively tackle current industry challenges

- Collaborate on a capstone GRC project that simulates real-world implementation

- Build practical skills to lead digital governance initiatives in an organization

• Understand internal and external compliance requirements for organizations operating in cyberspace
• Know the regulatory landscape relevant to the cyberspace
• Apply risk management methods and GRC tools in an organization
• Understand organizational culture and institutional structure as key success factors for GRC initiatives in organizations operating in cyberspace
• Being able to introduce and operate management systems for controlling risks and chances of  the organization in cyberspace
• Acquire communication skills necessary for implementing a GRC initiative in an organization

Attendance in the first unit and overall for 80% of the time is required. Attendance in the first unit is mandatory (unqualified absence will result in deregistration from the course).

The course will include interactive teaching, video expert interviews and group work. Moreover, students will work on a GRC project applying the knowledge acquired throughout the course to a coherent corporate case. Teaching will be research-driven based on multiple levels of analysis:

Theoretical level: Discussing theories with underlying cause and effect relationships for explaining and predicting the agency of organizations and regulatory bodies in cyberspace.

Social level: Discussing models of organizational culture and social norms related to GRC in cyberspace and video interviews with experts in politics, of regulatory bodies, and NGOs.

Institutional level: Discussion on standards, regulation, management frameworks and best practices for implementing GRC initiatives in organizations.

Pragmatic level: Application of selected management systems in a contextualized corporate GRC project. Working on case studies in groups.

The grade will be based upon the following components:

55% Deliverables on applied GRC project
35% Exam on the concepts discussed in class
10% In-class exercises and participation

Grading system

87.5% - 100%             = "Sehr gut" (Excellent)
75% - 87.49%             = "Gut" (Good)
62.5% - 74.99%          = "Befriedigend" (Satisfactory)
50% - 62.49%             = "Genügend" (Sufficient)
Below 50%                 = "Nicht Genügend" (Fail)

Please log in with your WU account to use all functionalities of read!t. For off-campus access to our licensed electronic resources, remember to activate your VPN connection connection. In case you encounter any technical problems or have questions regarding read!t, please feel free to contact the library at readinglists@wu.ac.at.

Nonaka, I. (1991). The knowledge creating company. Harvard Business Review, 69, 96–104.

Nonaka, I., & Takeuchi, H. (2011). The wise leader. Harvard Business Review, 89(5), 58-67.