Dragon1 Icon for
GRC
CREATED BY , CREATIVE COMMONS LICENSEDragon1 Definition for
GRC:
GRC is the integrated collection of capabilities to achieve Principled Performance in an organization. GRC integrates governance, management, and assurance of performance, risk, and compliance activities.
What is GRC meaning?
GRC is short for Governance, Risk, and Compliance or Governance, Risk Management and Compliance.
It is the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty, and act with integrity.
The acronym GRC was invented as a shorthand reference to the critical capabilities that must work together to achieve Principled Performance — the capabilities that integrate the governance, management, and assurance of performance, risk, and compliance activities.
This includes the work done by departments like internal audit, compliance, risk, legal, finance, IT, and HR as well as the lines of business, executive suite, and the board itself.
The acronym was used already in 2003, but the first academic paper on the topic came in 2007 by Scott L. Mitchell in the International Journal of Disclosure and Governance. This was a groundbreaking paper that may have influenced an entire industry of software and services.
Using Dragon1 as GRC Tool
Here you can see an interactive example blueprint that is used for Governance Risk Management Compliance GRC in organizations. With it, you can visualize, analyze, and manage the (non)compliance of the organization on standards.
If you have comments or remarks about this Dragon1 term or definition, please mail to specs@dragon1.com.