Governance, Risk Management, and Compliance (GRC)

Governance, Risk Management, and Compliance (GRC) refers to the integration of corporate governance, risk management, and compliance principles, structures, and practices. It provides a comprehensive mechanism to develop and sustain the elements that have been identified as essential for long term value preservation and enhancement, while addressing the needs of multiple stakeholders. The principles of GRC are aligned with the Institute of internal auditors (IIA) professional standards and should be referred to in the context of a common language established within the organization. While internal auditors have historically emphasized financial and compliance requirements, the focus expanded to include risk management and corporate governance in the early and mid 2000s. GRC refers to the collection of overlapping elements related to corporate governance, culture, leadership and management of people, processes, and technology. Internal auditors can help their clients eliminate the silos that often limit the effectiveness of GRC initiatives.