Knowledge Hub 
FAQ 
Definitions 
Remote Support 
Videos Demos
Governance, Risk and Compliance
Governance, Risk and Compliance
Governance, Risk and Compliance (GRC) is the collective focus on these three factors within an organization as a result of the interconnected nature of each factor. Governance, Risk and Compliance generally involve organizational operations such as corporate governance, enterprise risk management, and corporate compliance with relevant laws and regulations.
Governance
Governance is the methods by which top management, or executive boards set the goals and operational objectives for an organization and oversees progress toward those objectives. Governance comprises of knowing the organization’s overall goal and being flexible to the challenges and changes that occur when working towards obtaining the goal.
Governance is meant to see that all stakeholders’, including shareholders, donors, partners, the public, to name a few, needs are understood and systems are in place to meet these expectations, while moving towards the organizations overall goal. Thus, governance actions make sure that vital management information is complete, precise and timely to enable appropriate decision making, and provide proper controls to ensure that strategies, objectives and instructions from management are systematic and effective.
Risk Management
Risk management is the processes, or controls, put into place by management to identify, analyze, and respond in an appropriate manner to threats, risk, and incidents that can be harmful to business assets and operations.
From the assessment of risk, organizations then put controls into action that either avoid risk, accept risk, or transfer the risk to a third party, such as an insurance agency. External legal and regulatory compliance risk are considered the key issue with GRC, however, organizations routinely manage other risks, including technological risks, financial risks and information security risks.
Compliance
Compliance is an organizations willingness to implement and follow requirements set by third parties, such as certifying agents, government bodies, and/or internal standards.
