Late last week I was at a 1-day conference on "GRC" in I.T.
For the uninitiated; Governance, Risk , and Compliance or "GRC" is a term that reflects a new way in which organizations adopt an integrated approach to these three interrelated areas. However, GRCis often positioned as a single business
activity, when in fact, it includes multiple overlapping and related activities within an organization such as internal audit, compliance programs (i.e. SOX, Basel II, AML) enterprise risk management (ERM), operational risk, incident management, etc.
One of the speakers at the GRC conference started on a funny note. He said that we know there was no GRC management in the Garden of Eden. Had there been, The snake wouldn't have gotten as far as he had and we wouldn't be in the mess we are now. I don't
know about that, nor would I want to debate the theology of it. What I do know is this. That if back in 2006 we put as much effort into GRC that we put into chasing profits, we wouldn't be in the situation we are today. If we start to treat GRC with the importance
it deserves, we'll reduce the next economic down turn in the cycle to managable levels. Where does that start? It starts with all of us learning basic GRC and our personal responsibity towards managing it.