Home > Risk > Another rant on the misuse and abuse of “GRC”

Another rant on the misuse and abuse of “GRC”

January 18, 2010 Leave a comment Go to comments

Rants should be short and to the point. So:

  • If the G portion of GRC meant only those aspects of governance (for example culture, policies, and audit) that relate to risk and compliance (as postulated by Mr. FC of GR) then we should be talking about RC and not GRC. Any halfway-knowledgeable person could tell you that there are elements of governance in every risk framework, whether you like ANZ 4350, ISO 31000, or COSO ERM. You don’t need to add a G to RC to bring them in. If you want to talk about GRC, then talk about Governance
  • If we are at the point where a vendor is marketing a spreadsheet management solution (however valuable) as a GRC solution, then the term is out of control. It may perhaps be a GRC application, like GL is a financial application, but we are really stretching a point. After all, most controls are actually resident in the ERP – so SAP Business Suite and Oracle Financials are both GRC apps, right?

When a term is misused like this, it starts to have negative value. If I had my way, I would stop SAP from using the term and focus them on the real business problems we are helping with – and we address more GRC processes than any other, with possibly one exception.

  1. No comments yet.
  1. March 8, 2011 at 9:39 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: