Blog article
See all stories ยป

Another 3 letter acronym we should all know - GRC

Late last week I was at a 1-day conference on "GRC" in I.T.  

For the uninitiated; Governance, Risk , and Compliance or "GRC" is a term that reflects a new way in which organizations adopt an integrated approach to these three interrelated areas. However, GRCis often positioned as a single business activity, when in fact, it includes multiple overlapping and related activities within an organization such as internal audit, compliance programs (i.e. SOX, Basel II, AML) enterprise risk management (ERM), operational risk, incident management, etc.

One of the speakers at the GRC conference started on a funny note. He said that we know there was no GRC management in the Garden of Eden. Had there been, The snake wouldn't have gotten as far as he had and we wouldn't be in the mess we are now. I don't know about that, nor would I want to debate the theology of it. What I do know is this. That if back in 2006 we put as much effort into GRC that we put into chasing profits, we wouldn't be in the situation we are today. If we start to treat GRC with the importance it deserves, we'll reduce the next economic down turn in the cycle to managable levels. Where does that start? It starts with all of us learning basic GRC and our personal responsibity towards managing it.

2787

Comments: (1)

Kumar Jm
Kumar Jm - Indian Fortune 500 - India 02 February, 2009, 04:55Be the first to give this comment the thumbs up 0 likes

Agreed. GRC must be looked at a process driven activity and must be imbibed as an organisation wide culture.

It must not be viewed within the narrow framework of regulatory and compliance exercise.