Governance Risk & Compliance
Any organization seeking to meet its business objectives continues to face a myriad of challenges owing to the ever-changing complexity of the business environment:
- Regulation (e.g. SOX, HIPAA, GDPR, PCI-DSS,)
- People (diversity, millennials, skills gap, etc.)
- Technology (IoT, AI)
- Many more aspects.
For this reason, there is an increasing need for enterprises to put in place mechanisms to ensure that the business can successfully ride the wave of these complexities. GRC—Governance, Risk, and Compliance—is one of the most important elements any organization must put in place to achieve its strategic objectives and meet the needs of stakeholders.
GRC is the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty, and act with integrity. This includes the work done by departments like internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite, and the board itself.
The components outlined in an iterative continuous improvement process to achieve principled performance and are further decomposed into elements that are then supported by practices, actions, and controls. The actions and controls are classified into three types, which organizations can select a mix dependent on their context: