Governance, Risk, and Compliance (GRC)

An integrated set of capabilities that enables an organization to achieve reliability in accomplishing objectives, deal effectively with uncertainty, and operate with integrity—thereby serving as the pathway to disciplined performance.

By adopting disciplined performance and a Governance, Risk, and Compliance model, organizations can transition from fragmented and siloed departments to integrated capabilities; from disconnected individuals to teamwork and interconnected relationships; from isolated objectives to an intentional institutional culture; and from scattered skills and short-sightedness to a multidisciplinary approach. These disciplines fall under the GRC umbrella, including governance and oversight, strategy and performance, risk and decision support, compliance and ethics, security and resilience, and audit and assurance.

The GRC capability model is applied to achieve the following integrated, overarching outcomes:

• Achieving objectives that create and preserve value.

• Balancing risks and rewards.

• Enhancing organizational culture.

• Strengthening stakeholder trust.

• Integrating and improving decision-making processes.

• Preventing, detecting, and correcting undesirable behavior and weaknesses.

• Promoting, monitoring, and rewarding desirable behavior and strengths.

• Monitoring and responding to the internal and external context.

• Improving overall performance.

• Upholding and expressing organizational values.