The answers to these questions are not straightforward, but the definition of GRC that makes most business sense is the one developed by the Open Compliance and Ethics Group. It adds value by helping understand the real-life problems that can inhibit the delivery of optimized value by an organization. It discusses risk management and compliance within the context of governance, and when it talks about GRC it is talking about all the processes within an organization that have to function effectively to ensure optimized, sustainable, agile, long-term, compliant, and responsible performance.
The processes include effective board operations, performance management, and other aspects of organizational governance together with risk management, compliance, and internal audit - with the shared objective of delivering sustained, ethical, optimized value to stakeholders.
