GRC stands for Governance, Risk and Compliance, although some organizations may use the acronym to stand for “Governance, Risk and Control.”
It is a strategy for managing an organization’s overall governance, enterprise risk management and compliance with regulations. The capabilities of GRC are often spread over different departments: internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board. However it broadly covers these three areas:
- Governance: Ensuring that organizational activities support the organization’s business goals.
- Risk: The identification, classification and addressing of any risk associated with organizational activities.
- Compliance: Ensuring that an organization is meeting compliance with all legal and regulatory requirements.