“GRC is an abbreviation for Governance, Risk and Compliance.”
G represents Governance
Basically this means running your business as usual (BAU) and ensuring that things are done according to the standards, rules and regulations in the environment in which your business operates. It also means defining your expectations of what should be done in a clear and concise manner, so that everybody (employees, shareholders, public, partners, etc) knows how your company is run.
R represents Risk
In pretty much all that we do there is an element of risk. This is no different in running a business too. Risk becomes a method to help you both in protecting value i.e. what you have, and creating value, i.e. strategically growing your business or developing new products and services to existing ones.
C represents Compliance
Nowadays all companies need to abide by many laws and directives affecting businesses (as well as citizens). For compliance to add value and be effective, certain controls and limits should be in put into place to ensure that the compliance is transpiring. This might mean monitoring your company’s transactions or ensuring that your IT systems and services are in order. It might even simply mean that the same employee is not creating suppliers and deceitfully making payments out to their friend or family member. The C relates to laws such as Sarbanes-Oxley (SOX).
In actual fact, GRC is meant to aid growth in your business in the best possible way, and should thus be given high prominence in your strategic and operational goals.