Governance, Risk Management, and Compliance

Governance, Risk, and Compliance or "GRC" is an increasingly recognized term that reflects a new way organizations focus on and manage an integrated approach to these three areas.

According to Michael Rasmussen, an industry analyst at Forrester Research, the challenge in defining GRC is that individually each term has "many different meanings within organizations. There is corporate governance, IT governance, financial risk, strategic risk, operational risk, IT risk, corporate compliance, Sarbanes-Oxley (SOX) compliance, employment/labor compliance, privacy compliance . . . you get the picture."

According to Scott L. Mitchell, Chairman & CEO of the Open Compliance and Ethics Group (OCEG), there "are substantially more processes than governance, risk and compliance playing critical roles in GRC. But 13-letter acronyms rarely catch on

Typically GRC solutions are Enterprise Software that enables businesses to comply with legal requirements. Examples for such requirements are regulation like the Sarbanes-Oxley Act, Basel II and local requirements for occupational health and safety. Failure to meet these standards can lead to severe legal penalties or civil liability.

Initial interest in GRC was driven by the Sarbanes-Oxley Act, but GRC software requirements have changed and now are seen as a means to achieve Enterprise Risk Management. Specifically to evolve from managing risk as a transaction or compliance activity to adding business value by improving operational decision making and strategic planning.

GRC software becomes the governance platform for defining, maintaining, and monitoring risk.
OCEG, a non-profit organization that provides a performance framework for integrating governance, compliance, risk management and culture, is one of the leading voices for GRC.[citation needed] OCEG has developed a Measurement and Metrics Guide (MMG) for assisting in measuring and reporting on the performance of compliance and ethics programs. This measurement platform advocates that program objectives be aligned with and contribute to the enterprise objectives in a tangible way. In order to achieve desired program outcomes, an organization should design processes and practices that effectively measure program dimensions on three key dimensions: effectiveness, efficiency and responsiveness.

i-flex solutions, is the first company to issue a GRC Framework for the financial services industry, according to BobsGuide, an industry news site.

http://en.wikipedia.org/wiki/Governance%2C_Risk_Management%2C_and_Compliance