Governance, risk management and compliance

Governance, risk management and compliance (GRC) is an umbrella term covering an organisation’s approach to corporate governance, risk management and regulatory compliance.

  1. Governance means all the processes established by the Board with respect to how an organisation is managed, as reflected in the governance structure.
  2. Risk management means identifying, managing and prioritising risks faced by an organisation such as risks to the health and wellbeing of employees, risks of breaching laws and regulations, cybersecurity and IT risks and so on.
  3. Compliance management means the process of identifying and adhering to all laws, regulations, policies, procedures, internal codes of conduct and other commitments of the organisation.