​​Is There Value in the Term "GRC"?

Comments Views

​I have blogged frequently about the concept of GRC, the definition I use (from OCEG), and why I believe there is value. 

The IIA, ISACA, and several others have GRC conferences. But, having attended and spoken at several, I am not sure there is a common understanding of what GRC represents. Is it something separate from its component parts: governance, risk management, and compliance? Is it really about risk and compliance? Is it about technology, or how to run the business better? Do oganizations have to "impro​ve GRC" (and what does that mean)? Do they need a GRC function?

Now I want to get your views — in fact, as many views as possible on whether "GRC" is hype or real, whether you agree with the OCEG definition, and more.​​


 

 

Comment on this article

comments powered by Disqus
  • TeamMate_June2017_Blog 1
  • IIA CEN-ACGA Web Event_JUN2017_Blog 2
  • IIA_QIAL_June2107_Blog 3