​​Is There Value in the Term "GRC"?

Comments Views

​I have blogged frequently about the concept of GRC, the definition I use (from OCEG), and why I believe there is value. 

The IIA, ISACA, and several others have GRC conferences. But, having attended and spoken at several, I am not sure there is a common understanding of what GRC represents. Is it something separate from its component parts: governance, risk management, and compliance? Is it really about risk and compliance? Is it about technology, or how to run the business better? Do oganizations have to "impro​ve GRC" (and what does that mean)? Do they need a GRC function?

Now I want to get your views — in fact, as many views as possible on whether "GRC" is hype or real, whether you agree with the OCEG definition, and more.​​



Comment on this article

comments powered by Disqus
  •  	Galvanize-July-2021-Blog-1
  • CRMA-July-2021-Blog-2
  • Bookstore-July-2021-Blog-3