GRC delivered with insight and integrity

Home  /  Community  /  Latest News  /  What is GRC?

What is GRC?

(with thanks to Norman Marks, SAP GRC VP- http://normanmarks.wordpress.com)

GRC is how the various parts of the organisation work together, in an orchestrated fashion, to deliver value and optimize performance, through the management of risk and uncertainty, while remaining in compliance.

Some useful concepts here:-

  • GRC is about the whole, not the parts – not even the sum of the parts! It’s about how they work together to achieve organistional success, which may involve sub-optimising individual pieces so that the whole is optimised.
  • GRC is a perspective, a way of looking at the organisation and identifying issues around silos, fragmentation, poor information, and a failure to collaborate.
  • GRC is a capability set. In essence it enables an organisation to establish and strive towards its objectives while staying within established legal and voluntary boundaries.
  • Being ethical is doing the right thing for the right reason even when no one is watching.
  • Governance Risk and Control is the new “Mantra” for the business and economic environment. Repeated corporate failures, frauds, accounting irregularities are all a result of inadequate governance, risk and control mechanisms. All global economies both in the east and west are suffering from this inadequacy. But the fundamental and root cause of all these is basic human greed! So besides GRC we also need to have personal integrity and honesty and discipline which are fundamental traits of good citizens of society. Society and Culture determines these values, and I do believe that economic growth and opportunities have eroded social and human values too. Everybody needs to do some introspection and decide what one wants from life. Time for a revolution in thinking!
  • What I tell organisations is that they have GRC whether they like it or not. GRC is part of business.
  • From a simple definition, to me good GRC is about INTEGRITY. The organisation has made statements and commitments to how it is governed, complies with laws, and manages risks. There are contractual obligations, corporate social responsibility statements, etc. Good GRC is about making sure that the organisation has integrity – that what it has committed to in reports, policies, contracts, and commitments is a reality in the organisation and we can measure and model it.

Governance = Right people taking the Right decisions

Risk Management = Informing the Right people what are the Best Options

Compliance = Informing the Right people that they took the Correct decision

Share via Twitter Share via LinkedIn Share via Email
Sign up for our newsletters and further information
  • captcha
  • * Mandatory

  • Services

    Take a look at the services Integrc offers

  • Community

    Read the news about Integrc and more
Staff Login