Home > Risk > How do you spell GRC?

How do you spell GRC?

When I was a small child of about 9, growing up (allegedly – many say I never grew up) in England, I had a long car trip with my parents and younger brother.

He had just started kindergarten school and was upset that we had excluded him from our game of “I Spy”. For those of you with incomplete educations, this is a game where one person sees something and announces “I spy, with my little eye, something beginning with the letter….”. Then everybody gets to guess what it is. “I Spy” is a game that helps young children improve their language and spelling skills.

Anyway, my brother was going to throw a fit so we let him play. He started: “I spy, with my little eye, something beginning with the letter L”.

All three of us guessed repeatedly, only to hear that we didn’t have the right answer. After a while, we gave up and asked him what the correct answer was. He shouted “window” with a laugh.

We were stunned and tried to explain that ‘window’ didn’t start with the letter L. I told him that the word ‘window’ didn’t even have an L in it. My smart little brother replied that the L was ‘silent’!

So what does this all have to do with GRC?

Well, sometimes I feel like people believe that GRC starts with the letter R, and that the G is silent. I received this in an email today from a PhD student studying GRC:

“Looking at the common GRC understanding, compliance deals with the reporting of company risks and how they are assessed. Governance (in the GRC-context) ranges from frameworks and measures for a GRC strategy to creating a risk-awareness in the company. From this perspective, risk management can be seen as the fundamental part of GRC, or at least as the first step, gathering the relevant information (i.e. risks) for the following compliance and governance measures.”

No, GRC starts with the letter G – and Governance is arguably the most important part of GRC. It is where oversight of the company exists, where strategies and goals are defined, where risk appetite is established, and where performance is monitored. Risks should be defined within the context of their potential to impair the achievement of strategies and goals. Compliance is something that has to be achieved, and is potentially both a constraint on performance and a risk that has to be managed.

  1. Girma Bersisa
    March 14, 2010 at 9:41 PM

    Rather the goverance(G) should be spelt out loud. In the absence of goal one can not even think of risk management.

  2. May 5, 2010 at 7:21 AM

    Although I definitely agree that governance must align with the vision, strategy and plans of any organization, risk awareness and risk appetite are surely the drivers that allow governance and compliance objectives to be met appropriately and efficiently?

    I am an advocate of gRc (with a capital R for Risk Management).

  3. Girma Bersisa
    August 3, 2010 at 5:58 AM

    Which on should comes first? setting the objective and then think of the possible risk that checks the company to achive its objective. I still highlight the G.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: