​​Is There Value in the Term "GRC"?

Comments Views

​I have blogged frequently about the concept of GRC, the definition I use (from OCEG), and why I believe there is value. 

The IIA, ISACA, and several others have GRC conferences. But, having attended and spoken at several, I am not sure there is a common understanding of what GRC represents. Is it something separate from its component parts: governance, risk management, and compliance? Is it really about risk and compliance? Is it about technology, or how to run the business better? Do oganizations have to "impro​ve GRC" (and what does that mean)? Do they need a GRC function?

Now I want to get your views — in fact, as many views as possible on whether "GRC" is hype or real, whether you agree with the OCEG definition, and more.​​



Comment on this article

comments powered by Disqus
  • Your-Voices-Recruitment-January-2022-Blog-1
  • Fraud-Virtual-Conference-January-2022-Blog-2
  • IT-General-Controls-Certificate-January-2022-Blog-3