I have been blogging about what GRC is, advocating the definition developed by the Open Compliance and Ethics Group, OCEG (see this and subsequent posts). But, I haven’t really talked about why the concept of GRC has value.
I see two primary themes. Note that these are business and not technology-related:1. The inter-relationship of Governance, Risk Management, and Compliance2. The need for ‘GRC Convergence’
These are discussed in my latest blog, and I welcome your comments. Do you agree with these two themes as the primary value-driver for the concept of GRC?