What Is GRC?
Few of us have the patience for dealing with technical definitions, so if you'd rather skip to the next section, no problem. But if you've heard about GRC1 and would like a better a sense of its genesis and what it is, read on.
Some months ago I spoke at a conference where the moderator turned to me saying, “GRC is an acronym used by many people, but with many different meanings—what does it mean to you?” Here's my response.
GRC originated in the management consulting world several years ago. Technology firms and others quickly picked it up and used it to describe available services and software solutions. And while sometimes the term is used by compliance officers, risk officers, or internal auditors, it is rarely used by line executives or board members.
As for what it means, GRC is a combination of related although somewhat disparate concepts. The term governance traditionally has been used in the context of a company's board of directors. A definition of governance I particularly like is: the allocation of power among the board, management, and shareholders. But today the term is used also to encompass an array of actions taken by management in running a company, from senior levels down throughout the management ranks.
The R is for risk management. This term is used in many different ways, from a simple risk assessment to a full-blown enterprise risk management process. The C stands for compliance, initially meaning adherence to applicable laws and regulations, ...