Here are some commonly used terms and acronyms in the context of GRC.
Governance: Gartner clarifies the definition of “governance” as a function that helps CIOs and IT leaders define and implement governance to achieve targeted business outcomes. Key focus here is achievement of business objectives.
Example: A Board of Directors is a governing body.
Management: Management, on the other hand, is the system of controls and processes required to achieve the strategic objectives set by the organization’s governing body. Simply speaking, Management is the execution of business processes and capabilities in order to ensure achievement of business objectives.
Example: A Director IT is an example of a management entity.
Risk: As defined by ISO, Risk is the effect of uncertainty on objectives, and an effect is it positive or negative deviation from what is expected. Simply speaking, Risk is an impedance to achieving business objectives.
Example: Loss of Business Reputation.
Compliance: On the other hand, compliance, is the act of adhering to Business requirements. These requirements could be internal or external, and are considered as bare minimum set of mandates that apply to everything an organization must do to survive and be profitable.
Example: PCI DSS Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
About the Author:
Faisal Ansari is a senior executive, a keynote speaker, and most importantly, an experienced practitioner in the domains of Information Privacy, Enterprise Risk, Cybersecurity, and Compliance. Having served global clients across a wide spectrum of industries, Mr. Ansari has also contributed to authorship of several international standards and frameworks from ISO, ISACA, and NIST.
Your Thoughts and Comments:
Author of this Trusted Insight would love to hear from you, and welcomes your feedback, comments, and suggestions to improve this article for the greater good of the business community. You can reach the author at [email protected]
Thanks for visiting this Trusted Insight. Check out our other articles on this topic, as well as relevant service offering pages displayed on the right side of this article for more information on how we can be a catalyst to the success of your business initiatives.