2. What is GRC
Governance, Risk, and Compliance (GRC) is a structured
way to align IT with business goals while managing risks
and meeting all industry and government regulations. It
includes tools and processes to unify an organization's
governance and risk management with its technological
innovation and adoption
Corporate Governance Policies
Enterprise Risk Management programs
Regulatory and Company compliance
3. GRC History
GRC emerged as a discipline in the early 21st century when
companies recognized that coordinating the people,
processes and technologies.
Three Components of GRC :
• Governance refers to the ethical management of an
organization by its leaders in accordance with approved
business plans and strategies.
• Risk management refers to an organization's process for
identifying, categorizing, assessing and enacting
strategies to minimize risks that would hinder its
operations and to control risks that enhance operations.
• Compliance refers to the level of adherence an
organization has to the standards, regulations and best
practices mandated by the business and by relevant
governing bodies and laws.
4. Skills
Required in
GRC
• Strong understanding of fundamental information
security concepts and technology.
• Experience with IT governance, risk, and
compliance management in a large global
environment. Excellent written and oral
communication skills.
7. Internal
Auditing
• An internal audit, which preserves its objectivity is
carried out by company personnel reporting to :
• The Audit committee of the Board of Directors
• Top Management
• Concerns compliance to company policies &
Procedures
• Involves an evaluation of internal controls and
fraud
• Tests for efficiency , effectiveness, and economy
8. External
Auditing
• The external audit, is carried out independent
accountants
• Has a secondary purpose to test that internal
controls are strong and can be relied on to catch
errors and fraud