GRC Definition

Dragon1 Icon for GRC
Dragon1 Icon for GRC
CREATED BY , CREATIVE COMMONS LICENSE

Dragon1 Definition for GRC:
GRC is the integrated collection of capabilities to achieve Principled Performance in an organization. GRC integrates governance, management and assurance of performance, risk, and compliance activities.

GRC

GRC is short for Governance Risk and Compliance.

It is the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity.

The acronym GRC was invented as a shorthand reference to the critical capabilities that must work together to achieve Principled Performance — the capabilities that integrate the governance, management and assurance of performance, risk, and compliance activities.

This includes the work done by departments like internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.

The acronym was used already in 2003, but the first academic paper on the topic came in 2007 by Scott L. Mitchell in the International Journal of Disclosure and Governance. This was a groundbreaking paper that may have influenced an entire industry of software and services.

Using Dragon1 as GRC Tool

Here you can see an interactive example blueprint that is used for Governance Risk Management Compliance GRC in organizations. With it you can visualize, analyze and manage the (non)compliance of the organization on standards.

Governance Risk Management Compliance GRC


If you have comments or remarks about this Dragon1 term or definition, please mail to specs@dragon1.com.