Knowledge Center
 White Papers
 Data Sheets
 Advisors Research

Thursday, September 07, 2006

GRC Emerges From the Shadow of Compliance

Myriad compliance requirements, over the years, have caused most companies to initially jump through hoops when a new one comes along, with the most visible (and some might also say painful) concern being Sarbanes-Oxley (SOX) compliance. In time, panic was replaced with rational thought and a workable plan of how to meet the legal and regulatory requirements while streamlining business processes and mitigating risk.

With such intense focus on short-term concerns, companies sometimes miss the real long-range objective: a better-managed and optimally performing organization.

Emergence of GRC as discipline and software category

Governance, risk management, and compliance (GRC) as a term has been bandied about for a few years. AMR Research defines each component of GRC as follows:

* Governance is the oversight role and part and parcel of setting strategic objectives.
* Risk management evaluates all relevant business and regulatory risks and controls and monitors mitigation actions in a structured way.
* Compliance is the execution of these objectives, based on risk tolerance.

posted by Brian Moran @ 8:35 AM   0 comments


Post a Comment

<< Home


Powered by Blogger