What is Governance, Risk, and Compliance Management (GRC)?

  • August 6, 2013
  • Andy Vanderhoff

“What is Governance, Risk, and Compliance Management (GRC)?”

I receive this question a lot; many have recognized the importance of governance and associated issues of risk management and compliance in enterprise systems. But defining and understanding the term can be challenging. So, here’s a simple explanation:

Corporate Governance is a broad term that covers a number of different aspects about the way in which an organization is governed. As an example, governance deals with developing and maintaining policies or guidelines by which organizations are directed.

Risk Management is the organization’s efforts to address potential risks and threats, by developing and maintaining controls to mitigate risks.

Compliance is the act of adhering to external laws and regulations as well as organization’s internal policies (FDIC, NCUA, OCC, CFPB, etc.)