​​The Formal Definition of GRC

Comments Views

​My thanks to my friend and colleague Michael Rasmussen for his blog today on "Why GRC and What is it?" It includes not only a discussion, perhaps stimulated by activity here, but also spells out the OCEG definition:​

GRC is a system of people, processes, and technology that enables an organization to:

  • Understand and prioritize stakeholder expectations.  
  • Set business objectives that are congruent with values and risks.  
  • Achieve objectives while optimizing risk profile, and protecting value.  
  • Operate within legal, contractual, internal, social, and ethical boundaries.  
  • Provide relevant, reliable, and timely information to appropriate stakeholders.  
  • Enable the measurement of the performance and effectiveness of the system.


I am sharing this for those who have not seen it before, in the hope that it will bring clarity to the discussion of whether the OCEG definition has value, or whether GRC is simply hype.


 

 

Comment on this article

comments powered by Disqus
  • TeamMate_Blog 1
  • IIA IPPF PreOrder_Blog 2
  • IIA_CybersecurityWeb_Blog 3