GRC Means Governance, Risk & Compliance

GRC is an abbreviation for Governance, Risk and Compliance. These three functions are put together to increase efficiency and efficacy. Governance is responsible for overseeing the implementation of decisions made by the board of directors. Risk is responsible for analyzing all risks that impact revenue and operations. Compliance is responsible for meeting regulatory requirements to reduce, primarily, legal exposure. So, protect the integrity of management decisions, protect the business that makes the organization successful, and protect the organization from unnecessarily dealings with governments.

Going Through TSA
Going Through TSA

Depending on the industry, an organization maybe have licensed attorneys as heads of each of these areas. Other times, a separate legal department is created not just to deal with litigation issues but advising the organization on any combination of these three issues, there by allowing the organization to have functional and industry experts lead these areas. Governance can be lead by MIS or Audit professional – MIS means Management Information Systems. Risk can be lead by IT or operations professional – IT means Information Technology. Compliance can be led by Audit or front-office professional.

Front-office is a term used for the area of an organization that focuses on revenue and sales. Bankers in a bank are front-office professionals.

All three areas require a combinations of special knowledge.
Governance covers management issues, an understanding of operations, concerns of investors and shareholders and information being shared within the organization, both how and what. This person must have a strong understanding of the organization’s structure.

Risk covers capital requirements (if a bank), supply chain, losses from inefficiencies in the operations and the like. This person must have a strong understanding of how the business operates.

Compliance covers regulatory exams and responses, investigation, surveillance, monitoring, controls and policies and procedures, and sanctions (if a bank). This person must have a strong understanding of expectations by regulators as well as be a person who can persuade line-of-business professionals to buy-in to a set of rules for the whole organization to play by.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s