Blog Single FullWidth | Enar


Demystifying Governance Risk and Compliance (GRC)
July 7, 2017
Blog post image


In a company, there are generally a few people, who are often the leaders of the organisations, who look after the way in which a company is run. They are entrusted the task of running the company in an ethical way, making sure that the company establishes appropriate objectives and shows measured achievements toward those objectives. This is Governance.

Risk management refers to all those efforts, practices and procedures which could effectively mitigate any risks the company may face. This includes identifying, measuring, reporting on and appropriately managing the risks that could impact the company’s governance objectives. Risk managers are usually the people who actively look out for change in government policy, analyse political situations and intercept any incidents that may impact the business. They study the known risks and come up with ways to mitigate them.

Compliance, the third angle of GRC, has recently taken centre stage. Companies, both small and large, dealing with a range of industries are required by law, to comply with a specific set of rules to ensure they run their business in a legally approved format. Now, it has become imperative that a company proves that they are adhering to all the compliance guidelines to stay in business. In some cases, there are severe penalties for non-compliance with regulations.

Governance, Risk management and Compliance were unique disciplines that were managed by unique individuals and departments, existing independent of each other. In other words, they were silos. Each silo had its own set of tools and software applications to assist with its specific management and reporting requirements.

Today, that silo strategy is changing to one of an integrated framework called GRC with the purpose of providing a holistic view of a company’s health and well-being. This is actually a welcome move since the three are quite interconnected.

So what does GRC mean to us (as per the OCEG)?



GRC is an integrated, holistic approach to organisation-wide governance, risk, and compliance ensuring that “an organisation acts ethically correct and in accordance with its risk appetite, internal policies, and external regulations through the alignment of strategy, processes, technology, and people, thereby improving efficiency and effectiveness”.

Frame of reference for integrated GRC



Originally published at LinkedIn