[7] The research referred to common "keep the company on track" activities conducted in departments such as internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.
Governance, risk, and compliance (GRC) are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity.
GRC supposes that this approach, like a badly planned transport system, every individual route will operate, but the network will lack the qualities that allow them to work together effectively.
A fully integrated GRC uses a single core set of control material, mapped to all of the primary governance factors being monitored.
The AICD (Australian Institute of Company Directors) however splits risk into three super groups Analysts disagree on how these aspects of GRC are defined as market categories.
Broadly, the vendor market can be considered to exist in three segments: Integrated GRC solutions attempt to unify the management of these areas, rather than treat them as separate entities.
However, because they tend to have been designed to solve domain specific problems in great depth, they generally do not take a unified approach and are not tolerant of integrated governance requirements.
Further benefits to this approach include (i) it allows existing, specialist and high value applications to continue without impact (ii) organizations can manage an easier transition into an integrated GRC approach because the initial change is only adding to the reporting layer and (iii) it provides a real-time ability to compare and contrast data value across systems that previously had no common data scheme.'
Each of the core disciplines – Governance, Risk Management and Compliance – consists of the four basic components: strategy, processes, technology and people.
In applying this approach, organisations long to achieve the objectives: ethically correct behaviour, and improved efficiency and effectiveness of any of the elements involved.