Governance, Risk and Compliance (GRC) are the three methods taken to ensure an organization meets its objectives whilst protecting itself from enterprise risk and ensuring regulatory compliance. The discipline aims to have information and activities across governance, risk and compliance in order to improve efficiency and enable more effective information sharing and reporting.
Watch the Governance, Risk & Compliance Video
Governance, Risk and Compliance (GRC) management is important for ensuring organizations realize their strategy and meet their objectives.
Governance and compliance provide the structure and oversight to ensure the operations and activities of the organization are carried out in accordance with strategic objectives, defined business processes and policies, and that operations are using the business systems as intended. A key outcome of governance and compliance is stakeholder assurance of compliance with policies in the form of governance and compliance reporting.
Organizations that are required to comply with legislation and various industry regulations are often required to provide evidence of compliance. This type of reporting and assurance also falls within the GRC discipline.
Enterprise risk and risk management ensures that risks to the business are identified timeously, properly defined and understood, and mitigated. Risk mitigation may involve a number of responses including avoiding the risk, controlling the outcome of the risk or accepting the risk.
Documenting controls associated with identified risks is also an important activity of risk management.