Governance, risk management, and compliance are three related facets that help assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity. Governance is the combination of processes established and executed by the directors (or the board of directors) that are reflected in the organization’s structure and how it is managed and led toward achieving goals. Risk management is predicting and managing risks that could hinder the organization from reliably achieving its objectives under uncertainty. Compliance refers to adhering with the mandated boundaries (laws and regulations) and voluntary boundaries (company’s policies, procedures, etc.)
IT governance, risk and compliance (GRC) tools help bring order to enterprises’ crazy quilt of overlapping regulations, redundant audit programs and manual processes.