Governance, risk and compliance (GRC) are three pillars to attaining corporate objectives.
- Governance refers to the management of a company, including executives, management and even the guiding principles or ethics that govern the company or processes.
- Risk implicitly means risk management. Risk management is the way a company analyzes, accounts and prepares for risks and the measures they put into place to prevent the impact of business risks, both financial and operational.
- Compliance is a company’s ability to monitor, adapt and adhere to standards set by regulators and the government.
GRC crosses departments, LoBs, and the entire organization. GRC policies require cross functional communication, unity and internal controls that include IT, security, and auditing. Gartner research defines GRC as a verb, a term of action, describing it as enabling “ the simplification, automation, and integration of enterprise, operational, and IT risk management processes and data.”
They also include the following processes in the GRC spectrum:
- IT Risk Management
- Operational Risk Management
- IT Vendor Risk Management
- Business Continuity Management Planning
- Audit Management
- Corporate Compliance and Oversight
- Enterprise Legal Management