Compliance Week - Common Questions About GRC, and Some Answers

Compliance Week - Common Questions About GRC, and Some Answers

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Common Questions About GRC, and Some Answers Richard M. Steinberg August 24, 2010 Earlier this summer I participated on a panel at the Institute of Internal Auditors international conference, held this year in Atlanta. The subject of the panel was governance, risk, and compliance, covering a range of matters raised by the moderator and enthusiastic participants. Compliance Week readers often have similar issues on their minds, so I’d like to share my responses to some of the questions raised. Since I don’t have notes, I’ll do my best in reconstructing my remarks. Q: GRC is an acronym used by many people, but with many different meanings. What does it mean to you? A: The term “GRC”—standing for governance, risk, and compliance—came from the management consulting world several years ago, with technology firms and others quickly picking it up. The term has served a useful purpose communicating available services and software solutions. At the same time, there wasn’t anything called a “GRC” unit in businesses then, and there still isn’t today. And while the term sometimes is used by compliance officers, risk officers, or internal auditors, it’s seldom used or readily understood by line executives or board members. As for what GRC means, to me it’s a combination of related (although somewhat disparate) concepts. The term “governance” traditionally has been used in context of a company’s board of directors. A definition I particularly like is: “the allocation of power among the board, management, and shareholders.” Now the term is used by many professionals to encompass how senior management runs a company, indeed even referring to activities downstream in the management ranks. The “R” is for “risk management.” That term is used in many different ways, from a simple risk assessment to a full-blown enterprise risk management process. And “compliance” initially meant
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 2

Compliance Week - Common Questions About GRC, and Some Answers

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online