Is there value in talking about GRC? – II
The debate, primarily on LinkedIn, continues. I am interested in whether you agree with the breadth and depth of GRC as portrayed by the list of processes OCEG includes in GRC:
- Strategy and Business Performance Management
- Risk Management
- Internal Control
- Corporate Security
- Information Technology
- Business Ethics
- Sustainability and Corporate Social Responsibility
- Quality Management
- Human Capital and Culture
- Audit and Assurance
Governance by itself is huge, and several commenters have used the same expression as me – that when you look at solutions, most vendors offer gRC products. In other words, very little is done for governance
Performance management is also huge, and you might consider the provision of reliable and timely information (e.g., through BI) as part of GRC.
I like to think of GRC as how a company is managed and directed to achieve the strategies and goals of the stakeholders, considering risks and staying within compliance boundaries of applicable laws and regulations.