Information is a powerful asset that governments seek to control through legislation and regulatory frameworks. Management is responsible for establishing effective internal controls and financial management systems to meet objectives such as supporting efficient operations and safeguarding assets. A governance, risk, and compliance (GRC) approach provides a comprehensive strategy to strengthen controls, improve efficiency and effectiveness, and better manage risks through enterprise-wide risk management and governance. GRC emphasizes ownership and accountability across the organization to help reduce risks and costs associated with traditional control testing.