GRC is an abbreviation for Governance, Risk Management, and Compliance Management.
IT GRC is often perceived to have two meanings:
Using IT to manage the various Governance, Risk Management, and Compliance Management processes of an organization.
Ensuring proper governance, risk management, and compliance management of all IT systems and processes that support the business operations.
Michael Rasmussen at Corporate Integrity, LLC defines GRC as follows:
- Governance is the culture, policies, processes, laws, and institutions that define the structure by which companies are directed and managed.
- Risk Management is the coordinated activities to direct and control an organization to realize opportunities while managing negative events.
- Compliance is the act of adhering to and demonstrating adherence to, external laws and regulations as well as corporate policies and procedures.
Tool to manage your Governance, Risk, and Compliance by NorthGRC