I have blogged frequently about the concept of GRC, the definition I use (from OCEG), and why I believe there is value.
The IIA, ISACA, and several others have GRC conferences. But, having attended and spoken at several, I am not sure there is a common understanding of what GRC represents. Is it something separate from its component parts: governance, risk management, and compliance? Is it really about risk and compliance? Is it about technology, or how to run the business better? Do oganizations have to "improve GRC" (and what does that mean)? Do they need a GRC function?
Now I want to get your views — in fact, as many views as possible on whether "GRC" is hype or real, whether you agree with the OCEG definition, and more.