Answer: GRC as an acronym stands for governance, risk, and compliance, but the term GRC means much more than that. The OCEG (formerly known as “Open Compliance and Ethics Group”) states that the term GRC was first referenced as early as 2003 but was mentioned in a peer reviewed paper by their co-founder in 2007.
The OCEG views GRC as a well-coordinated and integrated collection of all the capabilities necessary to support principled performance at every level of the organization. These capabilities include:
- The work done by internal audit, compliance, risk, legal, finance, IT and HR
- The work done at boardroom level, by the executive team and their departments
- The outsourced work done by other parties and carried out by external stakeholders.
Principled Performance is a key term used here and refers to a point of view and approach to business that helps organizations reliably achieve objectives while addressing uncertainty and acting with integrity.
Governance refers to how an organization is directed and controlled. In GRC, governance is necessary for setting direction (through strategy and policy), monitoring performance and controls, and evaluating outcomes.
Risk considers possible events that could cause harm or loss or make it more difficult to achieve objectives. In GRC, risk management ensures that the organization identifies, analyses, and controls risk that can derail the achievement of strategic objectives.
Compliance is the act of ensuring that a standard or set of guidelines is followed, or that proper, consistent accounting or other practices are being employed. In GRC, compliance ensures that depending on the context, the organization takes measures and implements controls to assure that compliance requirements are met consistently.
Without a doubt, the biggest driver for GRC is regulation. While traditional industries such as banking, insurance, healthcare, and telecoms have borne the brunt of regulation in the past, today’s digital age is powering a risk in regulation that touches all entities, large or small.
The use of data, particularly personally identifiable information, has huge business potential as well as risk of abuse. Therefore, governments and international agencies are paying a closer eye to how digital businesses manage data. The rise in cyber-attacks, which expose personal data, as well as growing awareness by individuals and civil rights organizations have shed new light into how companies manage information and technology through processes, people and culture.
Benefits of GRC include:
- Improved decision-making
- More optimal IT investments
- Elimination of silos
- Reduced fragmentation among divisions and departments
A collective approach is the best approach for any organization seeking to get to grips with the ever-changing regulatory landscape. When GRC is done right across the whole organization, and the right people get the right information at the right time, and the right objectives and controls are established, then OCEG states that we can expect reduction in costs, duplication, and impacted operations.
The organization can also benefit through better decision-making agility and confidence, as well as sustained, reliable performance, and delivery of value.
GovernmentFrameworks.com, GRC and our Local Government Framework
There has been a tendency in more recent years to displace “government” (in the sense of the act or process of governing), with the word “governance” as a more fashionable meaning and for good reason. The term “government” was reminiscent of old colonial-style authoritarian mechanisms of directing society, whereas “governance” suggested a broader “steer” of society through framework-setting, communications and leadership-style. It appears to be more politically-correct in a post-modern society.
When it comes to the public sector, good governance means a responsible handling of public funds. In this sense, good governance is about both performance (how an agency delivers goods or services) and conformance (how an organisation meets its legal requirements and community expectations).
GovernmentFrameworks.com has its focus on good governance and our design, technology solution and executive and management support services assist your organisation with the efficient use of resources and equally to require accountability for the stewardship of those resources.
Technology is a very good enabler in reducing the “compliance” congestion that comes with gathering and managing records required to prove that the organization is meeting GRC requirements, without overburdening employees who should be focused on generating value instead. Having a tool alone is not enough though to guarantee effective GRC. Technology does not have ethics; people do. Hence GRC must be addressed from a people and process perspective, even before technology is considered.
Please reach out to our team at GovernmentFrameworks.com either though our Contact Us page or Demo Request & Free Trial forms to view how we have designed and implemented our Governance Framework relevant and local to your needs.