AwesomeFinTech

 

Companies

Investors

VC

Blog

Add

 

Join

Log In

Governance, Risk Management, and Compliance (GRC)

Governance, Risk Management, and Compliance (GRC)

All topicsBusinessBusiness Essentials

Governance, risk management, and compliance (GRC) is a relatively new corporate management system that integrates these three crucial functions into the processes of every department within an organization. Governance, risk management, and compliance (GRC) is a relatively new corporate management system that integrates these three crucial functions into the processes of every department within an organization. The three elements of GRC are: Governance, or corporate governance, is the overall system of rules, practices, and standards that guide a business. Risk, or enterprise risk management, Some highly-regarded software packages, according to CIO.com, include the IBM OpenPage GRC Platform, MetricStream, and Rsam's Enterprise GRC. Compliance, or corporate compliance, is the set of processes and procedures that a company has in place in order to make certain that the company and its employees are conducting business in a legal and ethical manner.

GRC is a system intended to correct the "silo mentality" that leads departments within an organization to hoard information and resources.

More in Business

What Is Governance, Risk Management, and Compliance (GRC)?

Governance, risk management, and compliance (GRC) is a relatively new corporate management system that integrates these three crucial functions into the processes of every department within an organization.

GRC is in part a response to the "silo mentality," as it has become disparagingly known. That is, each department within a company can become reluctant to share information or resources with any other department. This is seen as reducing efficiency, damaging morale, and preventing the development of a positive company culture.

GRC is a system intended to correct the "silo mentality" that leads departments within an organization to hoard information and resources.
Governance, risk management, and compliance systems are integrated into every department for greater efficiency.
The overall purpose is to reduce risks, costs, and duplication of effort.

Understanding GRC

Governance, risk management, and compliance have been key elements of company management for a long time. But the concept of GRC has been around only since about 2007.

The overall purpose of GRC is to reduce risks and costs as well as duplication of effort. It is a strategy that requires company-wide cooperation to achieve results that meet internal guidelines and processes established for each of the three key functions.

The three elements of GRC are:

Adopting a GRC System

An entire industry has emerged to provide companies with the consulting services necessary to implement a GRC system.

GRC proponents argue that increased regulation, demands for transparency, and the growth of third-party relationships make the traditional siloed approach too risky.

GRC software is also available. Some highly-regarded software packages, according to CIO.com, include the IBM OpenPage GRC Platform, MetricStream, and Rsam's Enterprise GRC. The article notes that more affordable and even free GRC software is available, though with fewer features.

Advantages of GRC

Its proponents argue that increasing government regulation, greater demands for corporate transparency, and the growth of third-party business relationships have made the traditional siloed approach to these activities risky and expensive.

Instead, GRC focuses on integrating certain key capabilities and functions across an organization. These capabilities and functions may include information technology, human resources, finance, and performance management, among many others.

As an integrated approach, GRC can mean different things to different businesses. However, it generally requires each department within a business to gather, share, and use information and internal resources more efficiently for the company as a whole.

Related terms:

Commodity Futures Trading Commission (CFTC)

The CFTC is an independent U.S. federal agency established by the Commodity Futures Trading Commission Act of 1974. read more

Corporate Governance : How It Works

Corporate governance is the set of rules, practices, and processes used to manage a company. Learn how corporate governance impacts your investments. read more

Efficiency

Efficiency is defined as a level of performance that uses the lowest amount of inputs to create the greatest amount of outputs. read more

Enterprise Risk Management (ERM)

Enterprise risk management (ERM) is a holistic, top-down approach. It assesses how risks affect not just specific siloed units, but also how risks develop across units and operations of an organization. read more

Enterprise Resource Planning (ERP)

Enterprise resource planning (ERP) is used by a company to manage key parts of its business such as accounting, manufacturing, sales, and marketing. read more

Human Resources (HR)

Human resources (HR) is the company department charged with finding, screening, recruiting, and training job applicants, as well as administering benefits. read more

Mergers and Acquisitions (M&A)

Mergers and acquisitions (M&A) refers to the consolidation of companies or assets through various types of financial transactions. read more

Outsourcing

Outsourcing is a practice used by different companies to reduce costs by transferring portions of work to outside suppliers rather than completing it internally.  read more

Product Lifecycle Management (PLM)

Product lifecycle management refers to the handling of a good as it moves through five typical stages of its lifespan, from development to decline. read more

Silo Mentality

A silo mentality is a reluctance to share information with employees of different divisions in the same company. read more