The Formal Definition of GRC
My thanks to my friend and colleague Michael Rasmussen for his blog today on "Why GRC and What is it?" It includes not only a discussion, perhaps stimulated by activity here, but also spells out the OCEG definition:
GRC is a system of people, processes, and technology that enables an organization to:
- Understand and prioritize stakeholder expectations.
- Set business objectives that are congruent with values and risks.
- Achieve objectives while optimizing risk profile, and protecting value.
- Operate within legal, contractual, internal, social, and ethical boundaries.
- Provide relevant, reliable, and timely information to appropriate stakeholders.
- Enable the measurement of the performance and effectiveness of the system.
I am sharing this for those who have not seen it before, in the hope that it will bring clarity to the discussion of whether the OCEG definition has value, or whether GRC is simply hype.
Posted on Sep 22, 2010 by Norman Marks
Share This Article: