The meaning of GRC (Governance Risk and Compliance) is the integrated collection of capabilities that helps organisations address uncertainty, act with integrity, and achieve objectives reliably. The acronym GRC was first coined by the OCEG (Open Compliance and Ethics Group).
GRC is a shorthand reference to the important capabilities that need to work together to attain principled performance. Principled performance refers to the capabilities that integrate the governance, assurance, and management of risk, performance, and compliance activities.
While there are many GRC courses now available, the first academic paper on GRC was published as early as 2007 by OCEG founder Scott L. Mitchell. The groundbreaking paper was the first-reviewed academic paper and it influenced an industry of services and software.
Organisations have been managing risk and compliance for a long time so GRC is not really new. However, the difference now is that those activities were not handled in a mature way before and efforts did not enhance the reliability to achieve organisational objectives.
Nowadays, any forward-thinking organisation views GRC as an integrated collection of all the capabilities needed to support principled performance. In essence, GRC won’t burden the organisation. On the contrary, it supports and improves it. In this manner, GRC can be considered revolutionary.
Drivers of GRC
- Organisations need to address the challenging business climate of today. Even nonprofits, small businesses, and government agencies are facing issues only established organisations faced in the past. Below are some of the factors organisations have to deal with:
- The scary and harsh impact when opportunities and threats are not determined
- The costs of addressing requirements and risks are spinning out of control
- Stakeholders are demanding high performance along with higher transparency levels
- Enforcement and regulations are unpredictable and constantly evolving
The Universal Outcomes of Principled Performance
One way to look at the benefits provided by principled performance is through the lens of outcomes of high-performing GRC capabilities that organisations seek to achieve:
- Achievement of business objectives. You need to ensure that all parts of the organisation work together towards the achievement of their objectives.
- Ensure strategic planning and risk aware setting of objectives. You need to provide useful, reliable, and timely information about the rewards, risks, and responsibilities to the strategic partners, business managers, and governing authorities.
- Improve organisational culture. Promote and inspire a culture of accountability, integrity, performance, communication, and trust.
- Increase confidence of stakeholders. You need to ensure trust of stakeholders in the organisation.
- Protect and prepare the organisation. You need to prepare the organisation to address requirements and risks while protecting the organisation from adversities.
- Prevent, reduce, and detect weaknesses and adversities. You need to establish controls and actions that will detect potential problems, minimise impact, prevent negative outcomes, and address any issues as they arise.
- Inspire and motivate desired conduct. You need to provide reward and incentives for desirable conduct. This is especially necessary in the face of challenging circumstances.
- Stay ahead of the game. You need to be aware of information needed to support quick changes in tactical and strategic direction while avoiding pitfalls and obstacles.
- Improve efficiency and responsiveness. You need to establish capabilities that can make the organisation more efficient and responsive as a whole so it gains a competitive advantage.
- Optimise values and economic return. You need to allocate financial and human resources in a way that will maximise the economic return generated for the organisation while maximising its values at the same time.