What is GRC?

Governance, risk & compliance (GRC) is a term that encompasses an organisation’s approach to three key areas: Governance management, risk management, and compliance management.

Governance, Risk & Compliance is inexorably bound to the other making it difficult or impossible to manage one area without considering the other.

What is Governance Management?
Governance Management is how senior management direct and control the organisation.

What is Risk management?
Risk management is how an organisation identifies, monitors and plans how an organisation responds to risk. Risk is assessed and rated according to severity & occurrence, then an appropriate response is identified usually in the form of controlling, avoiding, accepting or transferring (to a third party).

What is Compliance management?
All organisations will need to comply to some form of official body, whether governmental laws & regulations, or standards (such as ISO), contracts, strategies and policies. Organisations will need to assess the compliance, the risks and consequences of noncompliance.