GRC definitions
GRC is an abbreviation for Governance,
Risk Management and Compliance
Management.
IT GRC is often perceived to have
two meanings:
- Using IT to manage the various Governance, Risk Management and
Compliance Management processes of an organization.
- Ensuring proper governance, risk management and compliance
management of all IT systems and processes that support the
business operations.
GRC resources.
ISO 31000
This risk management standard defines risk as the effect of
uncertainty on business objectives
Wikipedia
Wikipedia about Governance, Risk and
Compliance..
Corporate Integrity
Michael Rasmussen at Corporate Integrity, LLC defines GRC as
follows:
- Governance is the
culture, policies, processes, laws, and institutions that define
the structure by which companies are directed and managed.
- Risk Management is the
coordinated activities to direct and control an organization to
realize opportunities while managing negative events.
- Compliance is the act of
adhering to, and demonstrating adherence to, external laws and
regulations as well as corporate policies and procedures.
(end of quote).
ISACA
The ISACA association has embraced IT Governance for several
years. The IT Goverance Institute - ITGI - is publishing COBIT 4.1, the widely adopted IT Governance
Framework, that is being used by many organizations to support
Sarbanes Oxley compliance. Risk IT is a recent risk management framework,
publiced by ISACA.
OGEC
OCEG is a nonprofit organization who is promoting governance, risk
management, and compliance processes