GRC (Governance, Risk and Compliance)

Governance, Risk and Compliance, the abbreviation GRC is used. It is a set of tools and processes of e-Discovery, which are used when the expected case or legal proceedings are initiated. These tools and processes are equally effective in the management, risk management and regulatory compliance, which compliance is in the responsibility of the government and the private sector.

Use of GRC in practice: In organizations GRC is an umbrella term covering the organization’s approach to these three areas. Each area is increasingly being integrated and aligned to avoid conflicts and inefficiencies. GRC usually involves activities such as corporate governance, enterprise risk management (ERM) and corporate compliance with applicable laws and regulations.

Individual states could benefit from the use of e-Discovery in information management, auditing, and especially in relation to their anti-corruption strategies. In particular, internal and external auditors should be able to effectively use the tools in their audit procedures to detect fraud and bribery.

Great interest in GRC was sparked by the Sarbanes-Oxley Act (SOX) and due to the need of U.S. listed companies to properly implement and control the elements of SOX. Currently, the focus of GRC shifted towards adding business value through improving operational decision making and strategic planning.