GRC is commonly known in the industry as governance, risk, and compliance. However, if you break down this term word for word, GRC truly stands for “governance of” risk and compliance.
As we all know, governance is an executive management function (ISO 38500: Evaluate, Direct, Monitor), and since we are focused on the topics of risk and compliance within the context of GRC, the true meaning of GRC is really about ensuring the presence of an effective governance layer for an organization to manage its risk and compliance portfolios.
Refer to article titled “GRC Definitions and Acronyms” for details.
From a business perspective, GRC is a business function that has three distinct purposes:
- Evaluation of business context (both internal and external) in order for executive leadership to set the strategic direction for the business
- Dissemination of business directives to operational teams for management of business functions
- Monitoring, measurement, and reporting of business performance of each function back to the executive leadership to ascertain alignment, visibility, and performance of each function
Simply speaking, GRC is so much more than just the platform acronym. It is a means to ensure alignment, provide visibility, and measure performance of business as it relates to board-level directives.
About the Author:
Faisal Ansari is a senior executive, a keynote speaker, and most importantly, an experienced practitioner in the domains of Information Privacy, Enterprise Risk, Cybersecurity, and Compliance. Having served global clients across a wide spectrum of industries, Mr. Ansari has also contributed to authorship of several international standards and frameworks from ISO, ISACA, and NIST.
Your Thoughts and Comments:
Author of this Trusted Insight would love to hear from you, and welcomes your feedback, comments, and suggestions to improve this article for the greater good of the business community. You can reach the author at [email protected]
Thanks for visiting this Trusted Insight. Check out our other articles on this topic, as well as relevant service offering pages displayed on the right side of this article for more information on how we can be a catalyst to the success of your business initiatives.